Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble


  • Content count

  • Joined

  • Last visited

Community Reputation

10 Good

About linuxwrangler

  • Rank
    Senior Member


  • Location
    Bay Area, California, USA
  • Interests
    family, Q, sailing, flying, computers, woodworking
  • Occupation
    Linux Geek
  1. We were hacked again.. ARGH..

    Re: We were hacked again.. ARGH.. Don't feel personally targeted - the attackers have little interest in the nature of your site. What they typically do want are resources and credentials. They use your resources to send spam - often making it look like it is coming from a legitimate source. They place malware on your site so the seemingly safe URL they include is actually a link to a virus - sometimes embedded in a PDF or similar file. And they want login credentials since lots of people use the same passwords on multiple sites. Attacks are automated - it's pretty easy to scan for vulnerable Wordpress (or Joomla, Drupal, etc.) sites and automatically compromise them. The compromised sites are then often sold to the evildoers on the black market. Lots of compromised sites are needed since many scams are hit-and-run. The "I hate to bother you but I was robbed in London and they won't let me leave. Please wire money..." type of scam needs to con its suckers over just a few hours or a day or two so they can clear the account and run before anyone complains. Lots of sites are also needed to launch certain large-scale distributed denial-of-service attacks where a site is slammed by too many requests coming from so many sources that they can't be easily identified and blocked by firewalls. Often the DDOS attacks are politically motivated. Wordpress, in particular, has been under heavy attack this year: http://ithemes.com/2013/04/15/ongoing-w ... solutions/ So what's a site-operator to do? 1. Apply security patches immediately and religously. 2. Read the security best-practices for your software and use them. Things like changing the path to the admin areas can help - not by actually fixing security holes but by making it harder to scan/attack your site perhaps buying you some time between discovery of a flaw and patching it. (Moving the SSH ports from the standard port 22 on my servers dropped the number of attacks from thousands/week to essentially zero. If nothing else, it makes it lots easier to scan my logs for real problems.) 3. Use an intrusion-detection-system so you can be notified of trouble immediately. 4. Backup, backup backup. And keep multiple rotating backups that go back a reasonable amount of time so you don't discover that your only backup is also compromised. What's a user to do? 1. Use a good password. Simple brute-force trial of the ones on this list will get you into an absurd percentage of accounts: http://www.symantec.com/connect/blogs/t ... s-all-time. I typically use a 15- to 25-character random string. 2. Don't use the same password on different sites. 3. Survive steps 1 and 2 by using a password manager. I like the free and open-source program "Keepass" but there are lots of others. At a minimum, don't use the same password you use for social-media and forums as your password for important sites like banking, medical or email. Email?!? Yes. Treat your email password with utmost care since almost every site including banking and finance have a "email my password" or "reset my password" feature. I'm sorry to hear you were hacked. It is a real PITA. Good luck in the cleanup and lockdown.
  2. Meat slicer advice

    Re: Meat slicer advice Not purchase advice but use advice...don't do what my former neighbor did. He washed the blade and put it in the drying rack but either due to weight or placement it rolled out and landed on his bare foot. I got out my first aid gear, bandaged him up and took him to the hospital to have the major tendons on the top of his foot reattached. (Twice, actually. First time they told him to wiggle his toes the fix popped loose and they had to go back in and try again.)
  3. Another argument for using grill-floss

    Re: Another argument for using grill-floss I have an old Wells waffle iron (actually from the kitchen of the Ambassador Hotel where Bobby Kennedy was shot though I can't prove it was there at the time). When I went to refurbish it I located information on decarbonizing the grills which involved soaking a cotton ball in ammonia and leaving it in the grids overnight then turning the baker on and, after it is hot, brushing off the carbon debris. It does work but takes a few applications for heavy buildup. The current manual recommends commercial chemicals (maybe they make more $$$ thate way).
  4. Birds crapping on my KK

    Re: Birds crapping on my KK Hmmmm, I must have more knowledgeable birds as they, er, "redecorate" my POSK every chance they get.
  5. Tri tip

    Re: Tri tip Be very careful not to overcook - for some reason it seem easier to overshoot in a couple minutes of inattenion than other meats. A Thermapen is your friend. Costco has some great tri-tip and a choise of meat-cabinet or pre-marinated. I find the pre-marninated a bit salty for my taste but my wife likes it so we switch off.
  6. New Grill - Concord, CA

    Re: New Grill - Concord, CA Wow, Concord is becoming a hotbed of KK goodness.
  7. Foreign objects in lump charcoal

    Re: Foreign objects in lump charcoal
  8. Just figured I would ask...

    Re: Just figured I would ask...
  9. Build Your Own BBQ Controller (w/Wifi)

    Re: Build Your Own BBQ Controller (w/Wifi) I've played with the Arduino I got at Maker Faire a year ago but haven't done much practical with it, yet. There was an Arduino intro class at Ace Monster Toys last week but my schedule didn't allow getting to it. Sounds like a controller would be a good Arduino project, though.
  10. My email has been hacked

    Re: My email has been hacked That scam has been going for a few months now. The first one I got was from a friend at the yacht club then another from a sailing friend at Cisco. Recipients of emails probably have little to worry about - the one's I've seen don't carry viruses but are just scams. An analysis I recently read said that most of these scams get the bulk of their victims in a very short time, often just hours, after being launched. The bad-guys are using all sorts of techniques to break into people's email to send convincing emails from the victim's account but the victims are making it very easy by using terrible passwords (http://www.whatsmypass.com/the-top-500- ... f-all-time) and by reusing the same password on lots of places. If you used the same password here or at other forums as you do on your email, all it takes is a bad apple at one of those forums and they have your password. Or maybe you were surfing at the coffee shop and somebody listened to your wifi traffic (it is really not rocket-science, trust me - even a newbie can download the Firesheep Firefox extension from http://codebutler.com/firesheep?c=1 and start getting into your Facebook and other sites). So you use an easy password for your email but you aren't worried because you, of course, use a good one for banking. But what about all the send-my-password or password-reset features that work by sending you an email? Oops. But with dozens of forum/mail/social/banking/investment/school/club/etc. sites, what is a good netizen to do? First, use a password vault of some sort. After reading about some recommended tools in a network trade magazine I started using KeepassX (http://www.keepassx.org/). You have one password you use to unlock the vault which is encrypted with good AES and/or Twofish encryption. Your good passwords are in the vault - a different one for every site. KeepassX will also generate good random passwords for you and can auto-type them into sites at the click of a mouse. A similar one is Password Safe written by security expert Bruce Schneier (http://passwordsafe.sourceforge.net/). Password Safe is Windows only while KeepassX has versions for Linux, Mac and Windows. Both are open-source and free to download and use. Second, use secure HTTP (so the site starts with https://) wherever possible. It doesn't protect against you if Mallory is working at the site your are visiting or if the site itself has been compromised but it does secure the communication between your computer and the server as well as helping validate that you are connected to the site you think instead of an impostor site - another pretty easy to accomplish trick. HTTPS is all that is needed to defeat Firesheep and other network-sniffing attacks. (Mallory and Eve are the standard example bad-guys in security examples while Alice and Bob are good guys). While HTTPS was originally reserved for banking and similar sites in part due to the extra server load imposed, it is now available on the biggest sites on the net, Google and Facebook (announced right after Zuckerberg's page was hacked), along with numerous others like Twitter, Wikipedia and New York Times. Firefox users can download HTTPS Everywhere (http://www.eff.org/https-everywhere) from the Electronic Frontier Foundation. This addon tries to automatically switch to using secure http where possible. Happy/safe surfing...
  11. Argh.. Haas Avocados @ $10.42 a pound...

    Re: Argh.. Haas Avocados @ $10.42 a pound... Man, that is *exactly* like my mother made them and how I remember them from childhood. If I didn't have to finish off the tri-tip, I'd be shopping for some avocado for lunch.
  12. Air Combat USA

    Re: Air Combat USA I only have a couple hundred hours but did do some aerobatics in gliders. I haven't flown recently, though. One thing they told my opponent is that sometimes pilots do worse than non-pilots because most pilots are taught to avoid unusual attitudes while unusual attitude is almost all they do at Air Combat. They seemed quite professional and take safety seriously. Something like 40,000+ "missions" without an accident. Their whole schedule was pushed back by heavy morning fog so we landed at sunset. Here's a pic: sunsetflight.jpg[/attachment:1014z28q]
  13. Air Combat USA

    Re: Air Combat USA My sneaky wife got me the package at our school auction and we went to Orlando and did that in early December. It was a lot of fun and I, too, broke even on "kills". They told me that only about 5% of people who fly with them are pilots. I have a little recording accelerometer that I took with me. Here's the trace from one of the fights: encounter4.png[/attachment:339hdaet]
  14. Stoker for Linux, any interest?

    Re: Stoker for Linux, any interest? Interested? Well, I guess my username says it all. Of course I would need a stoker. "Rock" came by my place to look at my mexi-K shortly after he released an early version. I like the open interfaces on the thing. I've just been fine so far running in manual mode without a guru/stoker/etc. Have you ever used RRD for storage/graphing? I use it for lots of custom system monitoring displays at work.
  15. How do people clean out their ashes

    Then there's this way... http://www.sfgate.com/cgi-bin/article.c ... 031D59.DTL