May 312010
 

So, we got hacked. It’s going to take a while to figure out all the things that got messed with. But I’ve now changed the permissions on the files on the servers so that they won’t be overwritten again.

One of the problems that’s lingering is that the text in the post composition window is white. While this probably doesn’t sound so bad, it makes it tricky to enter anything – because the background is also white!

Ok, so now I’ve resolved the background issue.  Not quite sure what caused that.

Anyway, it would appear that there are a few major security flaws in Word Press:

  1. All the files for the site are in the document tree for the web site
  2. they get installed as writable by the owner by default – tricky not to be otherwise you can’t upgrade
  3. there’s apparently some script that can be hijacked to overwrite a whole bunch of crap, and add stuff.  I found:
    1. multiple modified index.php files, with javascript tacked on the end
    2. all .js files had extra javascript tacked on the end
    3. a backup file that’s not even in the document tree for WP!

So this brings up an interesting point:  it’s cool and easy to use a hyper popular third party tool for stuff, but somebody out there knows all the weaknesses of the system.  If you write your own custom software, you really need to stick out to make it worthwhile for somebody to hack your site.  I’m 99% certain that this was an automatic hack-job, not somebody specifically targeting me.  If I’d written my own blogging tool, it wouldn’t necessarily be as easy to use and as slick (hey, I only have so many hours in a day) but it would be much less likely to get hacked by an automatic script.

Homogeneity across systems is a recipe for vulnerability – once a vulnerability is uncovered in one system, all others are vulnerable.

 Posted by at 9:57 pm
May 032010
 

DafodilsSo we just got back from an annual voyage to Germany.  It was nice.  It’s spring there, which means it’s getting warm.  Unlike Calgary, where spring means that it’s going to start snowing randomly and energetically.

On the flight over, I was struck by a few things in the airplane.  One was the backrest of my seat, the other a sign in the lavatory.

The backrest actually physically struck me, as the guy sitting behind me didn’t seem to realize that the thing in front of him was supporting me.  He apparently didn’t know that if you use somebody’s backrest as a prop to get out of your seat, and then let go quickly, that person gets catapulted out of their reclining position.  It turns out that the backrests are used for lots of different things.  They support tables, people getting up to go to the bathroom (which I’ll get to in a minute) and they also support touchscreens for the in-flight entertainment system.

Now, I’m sure it seemed like an obvious solution to somebody:  put touchscreen interfaces into the head-rests.  Brilliant, this way everybody gets to have a personalized entertainment experience.  This would be great if it wasn’t actually a head-rest.  In between getting catapulted out of my seat I was getting routinely boxed in the back of the head because the guy behind me kept fiddling with his screen.  Maybe they just need to turn up the sensitivity of the screens, but it seems to require an awful lot of force to get anything to register on those things.  Then they’re out of calibration, and the first attempt at hitting a button turns out to be wildly inaccurate and that has to be followed by a few more shots before the desired button is activated. I’ve even been on flights where it was impossible to use the touch interface because the mouse cursor was so far out of calibration that I simply couldn’t get to the button on the edge of the screen.

I haven’t looked into airplane entertainments systems enough, I guess, to understand the technical challenges.  Even the newest systems seem oddly primitive.  But this is probably easily explained by the fact that they’re in an airplane and there are 300 of them.  This means that the technology has to be sound enough to work for most people on the plane (though not necessarily for me), not too expensive and We respectfully close the eyes of the dead.  No less respectfully we should open the eyes of the living.probably the most complicated thing is that they have to be very very unlikely to light on fire or interfere with the communication or navigation systems for the plane.  For those of you who doubt that cellphones can cause problems with these systems, try plugging your iPhone into your auxiliary jack on your car stereo and then leave all cell phone towers behind as you drive into the mountains.  There’s a few minutes of plaintive ticking and burbling that feeds into the wire until the phone finally gives up making contact.  Now, consider 300 cell phones in symphony…

Perhaps I can suggest that Apple get involved in the Airplane entertainment systems market.   They could probably get their magical iPads to behave, you could play some games, as long as they don’t involve the accelerometers, watch videos, listen to audio… They could be mounted like the table top is, except they’d be able to pivot, so you could leave the screen up on the seat back in front of you for viewing, or you could swivel it down onto the table so that you can play a game of chess or something.  Probably have it lock into a few positions in between for reading or browsing the internet.  Presto.  The guy in front would get knocked around less than 50% as often!

Update Sept 20, 2011:  This just in, or at least I just noticed it in the news.  Qantas is going to trial iPads and WiFi streaming entertainment.  They won’t be anchored to anything as far as I can tell, so it’s not guaranteed to be comfortable to watch a movie.  So perhaps there’s going to be a market for iHangers to hang your iPad off the back of the seat in front of you so that you don’t have to hold onto it.

The bathroom issue on planes is a special one.  I’ve been in many airplane bathrooms, and generally they’re not bad if you’re the first one in.  After 7 hours of flying over the Atlantic however, they’re really nasty places.  What struck me about the lavatories this time was the sign that’s been in every airplane lavatory that I can ever remember:

May we suggest, as a courtesy to the next passenger, that you wipe the sink with your paper towel when you are finished.

Or something very much like that.  You know, I’ve never been bothered by a bit of water splashed on the sink, but perhaps some people make a lot of mess otherwise and since they follow the advice I’ve never seen the mess.  But what really struck me this time was that there’ s a sign missing.  I think there should be a sign that says:

As a courtesy to the rest of the passengers who’ll use this lavatory after you, please refrain from urinating all over the inside of the lavatory.

What is it about bathrooms that takes away from people the simplest courtesies, like leaving the place clean for the next person?  Now perhaps the lack of urinals and the presence of turbulence means that males with insufficient aim will have a hard time with things, and maybe that many people using bathrooms for 9 hours (here’s hoping you’re lucky and they actually cleaned the space before you embarked) is just a recipe for a sticky floor and a smell that makes me not want to stand in the place, never mind suggest that my 5 year old daughter should actually get close to the seat, but it feels wrong.

In Germany, and in fact in other parts of Europe I’ve been to, the bathrooms are often attended by somebody who at least pretends to keep them clean.  In some places it actually works.  It’s the one positive thing I can say about digging into your pocket and pulling out 50 cents – it appears to buy something.  Although I’m not sure it’s something that should have to be bought.

 Posted by at 9:40 pm
May 032010
 

Ah, at long last.  We got both the kids onto cross-country skis and headed out into the woods this winter.  It’s been an 8 year hiatus, really, and while we haven’t been back-country skiing, the world has moved past us.

The simple cross-country skiing was fun.  Vanja figured out how to move quite quickly on the flats, struggled a bit on the uphills, and did ok on the downhills as long as they weren’t too steep.  But this was all tracked skiing.  You don’t have to think too much about the direction your skis are pointing, as long as you don’t lift them too high!

We decided on a bit of adventure – back country skiing, with an overnight camp in a snow cave, or more precisely a quinzhee.  We went with Dan and Magda and Paul.

Despite the overall lack of snow at lower elevations, the trail up Mosquito Creek seemed to be well covered.   We got the kids light-weight gear, and since we already had boots that we’ve used for back country skiing for ever – we rented back country gear.

Back country gear appears to have changed.  You can see that Monika’s skis are about as wide as she is.  Turns out that works great if you have plastic boots.  Our leather boots are comfy and soft and just can’t dig the edges of these wide skis into hard packed trail.  On the way in – no problem.  On the way out – agony; snowplow to slow down?  not a chance.  Dig in an edge to turn?   No way – the skis stay flat on the snow and you simply go the direction of steepest descent.

The way in was fun.  It’s slightly uphill, which is where Vanja excels, Ronia packed it in and rode (and slept) in the pulk.

The pulks are fun too, basically a covered sled that’s strapped to your waist with two long bars.  The first time you go down a hill with one, you realize what the bars are for.  Side hills are exciting as Dan and Magda demonstrated, starting with and overturned pulk and ending up with both almost over their heads.  I couldn’t get the camera out in time to catch them at their most spectacular!

Dan and Magda dig out.

Once in camp, the quinzhees can actually be quite exhausting to build.  You have to understand that we’re basically standing on one to two meters of powder and you can’t just dig a snow cave.  You have to build it.

You start with stamping down an area of snow that’s roughly the size you want the cave to be inside plus a meter on either side.  Then you start piling snow on top of that.  You don’t have to pack too much.  In about an hour, the snow will have refrozen into a fairly rigid mass, by morning, you’ll have to work hard to move it.

So once you’ve refreshed yourself with some soup, and let the snow set up, you start digging.

Dan digging in for the night.

Dan digging in for the night.

Dan got stuck doing all the digging himself which explains the lack of photographs from his camera.  I on the other hand had a team that managed to stay fresh enough to do the digging for me.  I just needed to move the snow away from the door as fast as I could!

Vanja digging in

Vanja digging in

Anyway, Vanja says we can do it again next year.  The skiing wasn’t so good he said, but making the snow cave was fantastic!

Quinzhee

 Posted by at 7:42 pm