Some time in 2010, Google, Adobe, and "dozens of other high-profile companies" were hacked by the Chinese government. The attack was done through a previously unknown vulnerability in Internet Explorer and considered to be highly sophisticated. The attackers copied intellectual property of these companies and accessed Gmail accounts of human rights activists.
Rather than directly hack into the accounts of those activists, the entire e-mail provider was compromised.
Back when I used OpenBSD on my laptop and Pidgin for instant messaging, I wrote a D-Bus script to watch incoming messages and forward any to my cell phone that were received while my screen was locked. The script forwarded messages to Prowl's web API, which would forward them to my iPhone using push notifications.
The last time I switched back to a Mac desktop, I had to switch back to Adium and lost the ability to selectively forward messages. While Adium does have an event action to run an AppleScript, there's no way of passing the actual event text to the script, so it has to talk back to Adium and try to find the newest message. The only option was to generate Growl notifications for all messages and then configure Growl to forward them to Prowl. I got fed up with that pretty quickly, so I modified Adium to create a new event type for "messages received while away". That way I could have the Growl notification only on that event, so I would only get messages forwarded while away. That worked better, but it prevented me from being able to go away while still at my computer without getting a bunch of messages queued up on my phone.
At about 9am yesterday morning, I noticed on my server monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into /etc/idiots to block it and went back to my work.
A while later, I noticed the traffic still hadn't died down, so I reported the incident to Amazon and my server's network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance's owner (yeah, seriously) and the network provider said they wouldn't bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server's monthly bandwidth cap.
Since I will never be interviewed for The Setup, I have interviewed myself.
Update Feb 2015: Okay, I was interviewed for The Setup.
Update Feb 2023: I have a What I Use page that I keep up to date with my current setup.
I've always formatted my Mac OS partitions with case sensitivity enabled, which usually means formatting a new system and re-installing Mac OS X as soon as I get it. After installing the 10.6.2 update, I lost my system menu bar icons and was forced to restore from a 10.6.1 backup made the day before.
Following Apple's instructions, I booted to the Snow Leopard installation DVD, chose the "Restore System from Backup" option and thought I was on my way. About 50% into the recovery, the recovery application crashed:
The buzz around and traffic to goingtorain.com is slowing down now and I'm amazed how many people responded positively and thought it was actually useful.
While talking to Dave about it yesterday, he remarked something along the lines of, "of all the awesome, useful shit you've ever made, the thing that finally became famous was this stupid little site."
I've been using
mutt
as my MUA for over 8 years now.
Long ago I would ssh to my server and run it on local Maildirs, but as soon as I
started using smartphones and multiple computers I had to switch to an IMAP+SSL
setup.
Mutt's header_cache option has long made accessing large mailboxes snappy, and
the recent message_cachedir option available in 1.5 makes browsing through
messages with attachments equally snappy over IMAP.
A useful side effect of message body caching is that it provides an offline copy of entire mailboxes which get synchronized automatically and can easily be read in Mutt as a local mailbox… well, almost.
I received an e-mail asking me how I got started with OpenBSD, so I thought I'd write the answer here in case anyone else wanted to read it.
I started using OpenBSD in 1998 (version 2.3 or 2.4) to host a BBS that I was running. I chose OpenBSD because of its security record and because I was getting fed up with Linux (Slackware) at the time. I think the machine was a Pentium 75 or something, and OpenBSD worked quite well on it. During the course of building the BBS, I had to install some 3rd party software, so I got interested in OpenBSD's ports system to make installation of that software cleaner. I submitted some ports to the ports@ mailing list and got them committed by other developers. I tested others' ports and supplied feedback where I could. I hadn't done much unix development back then, so writing simple makefiles for ports was an easy way to get involved.
I started working on an ACPI driver this evening to make my ThinkPad X61 work
better under OpenBSD.
I just finished it and so far it matches on the IBM0068 ACPI HID device,
checks it for the appropriate version, enables the Bluetooth device (which is
required before the hardware toggle switch can power it on and let the ubt0
device show up), and sets up a callback to run whenever a special button (e.g.,
Fn+F[1-9], brightness, ThinkLight, etc.) is pressed.
I'm pretty sure it will work on most other ThinkPads but I haven't tried it on
my X40 yet.
I mapped out all of the events that get generated, which on my X61 Tablet include the screen rotating around, the lid opening and closing, and even the pen being ejected from its little slot. When the brightness buttons (Fn+Home and Fn+End) are pressed, it sends a CMOS command through ACPI to actually adjust the screen brightness accordingly, so now it's working just like my X40 did on its own. Being able to turn the brightness down when on battery is the main reason I wrote this.
Friday afternoon I decided to install a package on one of my OpenBSD servers,
but it was from a recent snapshot and the snapshot I was running on the server
was too old to run it.
No problem, I'll just upgrade the server. a usually quick task; just drop a new
kernel into /, reboot, untar the new disk sets over /, run mergemaster and
reboot again.
Remotely rebooting servers that are 350 miles away is always a nerve racking experience. You reboot it, your SSH connection drops, you start a ping waiting for it to reply as you visualize it booting up and thinking about how long each piece usually takes. Occasionally something takes longer than normal and you start to panic, but before you reach whoever you need to reach, it starts responding and suddenly a wave of relief comes over you and you resume your work.
I had to install an OpenBSD firewall at a customer's office yesterday and wanted to check that all of their VoIP phones still worked afterwards. Since everyone had left the office by the time I got there, it was a bit tricky testing all of the phones at the same time by myself.
I thought about writing a little routing snippet on the Asterisk server so I could dial a number at each phone and it would just play music until I hung up, but I wanted to make calls out to a PSTN number to double the bandwidth going out of the PBX server and make sure the voice quality was ok.
I bought a Sharp Zaurus and put OpenBSD on it with the intention of making a lap timer for my car. I tried to use this timer on my Treo in my R32, but it's so buggy and would crash the phone all the time, and trying to reboot a phone while racing around a track is not something I'd recommend.
There are of course some commercial timers but they are expensive and usually require a laptop running windows to be able to see the gps-acquired data. What's the fun in that?
The other day I thought about whether it would be possible to legally change my name to all lowercase letters. I did some research and found out a few things.
In the United States, changing one's name can be as easy as simply using the new name consistently in practice. It doesn't necessarily need to be done in court, and using a different name is not illegal as long as it's not being used for fraudulent purposes, or inconsistently (which would then be considered an "alias"). The most common reason to have it done in court is to have a formal record of the name change showing the new name for proof to other government agencies, companies, and universities that may require proof of that new name.
While doing some research for something, I came across a website still hosting a shareware windows application that I wrote a long time ago in Visual Basic. It was a stupid little utility that sat in the system tray by the clock and sent out data to a specified TCP/IP host at a specified interval to keep a dialup connection alive (I think I wrote it for someone to keep their ISDN line up).
Carl woke me up early this morning by jumping around on my chest. I got ready and drove back down to Chicago for day two of RailsConf.
The first session of the day for me was Obie Fernandez's Thoughtworks on Rails which was a broad overview of the rails projects that Thoughtworks has done for its customers after introducing it into their development environment. Nothing too technical, but useful to see the lifecycle for a rails app from the point of meeting with the customer to creating "stories" as they put it, to coding individual pieces, to quality assurance testing, to final deployment. I couldn't help but think about how many people are involved in these "normal" development processes versus things at DLS where one developer has to take a request from another staff member and develop, code, test, and deploy an entire app himself.