Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by linuxwrangler

  1. Re: We were hacked again.. ARGH..

    Don't feel personally targeted - the attackers have little interest in the nature of your site. What they typically do want are resources and credentials. They use your resources to send spam - often making it look like it is coming from a legitimate source. They place malware on your site so the seemingly safe URL they include is actually a link to a virus - sometimes embedded in a PDF or similar file. And they want login credentials since lots of people use the same passwords on multiple sites.

    Attacks are automated - it's pretty easy to scan for vulnerable Wordpress (or Joomla, Drupal, etc.) sites and automatically compromise them. The compromised sites are then often sold to the evildoers on the black market. Lots of compromised sites are needed since many scams are hit-and-run. The "I hate to bother you but I was robbed in London and they won't let me leave. Please wire money..." type of scam needs to con its suckers over just a few hours or a day or two so they can clear the account and run before anyone complains. Lots of sites are also needed to launch certain large-scale distributed denial-of-service attacks where a site is slammed by too many requests coming from so many sources that they can't be easily identified and blocked by firewalls. Often the DDOS attacks are politically motivated.

    Wordpress, in particular, has been under heavy attack this year:

    http://ithemes.com/2013/04/15/ongoing-w ... solutions/

    So what's a site-operator to do?

    1. Apply security patches immediately and religously.

    2. Read the security best-practices for your software and use them. Things like changing the path to the admin areas can help - not by actually fixing security holes but by making it harder to scan/attack your site perhaps buying you some time between discovery of a flaw and patching it. (Moving the SSH ports from the standard port 22 on my servers dropped the number of attacks from thousands/week to essentially zero. If nothing else, it makes it lots easier to scan my logs for real problems.)

    3. Use an intrusion-detection-system so you can be notified of trouble immediately.

    4. Backup, backup backup. And keep multiple rotating backups that go back a reasonable amount of time so you don't discover that your only backup is also compromised.

    What's a user to do?

    1. Use a good password. Simple brute-force trial of the ones on this list will get you into an absurd percentage of accounts: http://www.symantec.com/connect/blogs/t ... s-all-time. I typically use a 15- to 25-character random string.

    2. Don't use the same password on different sites.

    3. Survive steps 1 and 2 by using a password manager. I like the free and open-source program "Keepass" but there are lots of others.

    At a minimum, don't use the same password you use for social-media and forums as your password for important sites like banking, medical or email. Email?!? Yes. Treat your email password with utmost care since almost every site including banking and finance have a "email my password" or "reset my password" feature.

    I'm sorry to hear you were hacked. It is a real PITA. Good luck in the cleanup and lockdown.

  2. Re: Meat slicer advice

    Not purchase advice but use advice...don't do what my former neighbor did. He washed the blade and put it in the drying rack but either due to weight or placement it rolled out and landed on his bare foot.

    I got out my first aid gear, bandaged him up and took him to the hospital to have the major tendons on the top of his foot reattached. (Twice, actually. First time they told him to wiggle his toes the fix popped loose and they had to go back in and try again.)

  3. Re: Another argument for using grill-floss

    I've heard of enclosing metal in a bag with a bowl of ammonia (the gas does the work) as a way of power cleaning, including for BBQ grates. I have a grill-floss for regular use. Does any one have direct experience with ammonia?

    I have an old Wells waffle iron (actually from the kitchen of the Ambassador Hotel where Bobby Kennedy was shot though I can't prove it was there at the time). When I went to refurbish it I located information on decarbonizing the grills which involved soaking a cotton ball in ammonia and leaving it in the grids overnight then turning the baker on and, after it is hot, brushing off the carbon debris.

    It does work but takes a few applications for heavy buildup.

    The current manual recommends commercial chemicals (maybe they make more $$$ thate way).

  4. Re: Tri tip

    Be very careful not to overcook - for some reason it seem easier to overshoot in a couple minutes of inattenion than other meats. A Thermapen is your friend. Costco has some great tri-tip and a choise of meat-cabinet or pre-marinated. I find the pre-marninated a bit salty for my taste but my wife likes it so we switch off.

  5. Re: Foreign objects in lump charcoal

    The cleanest lump I have ever used was Lazarri. I have been through probably 1000 pounds of their foodservice bags of mesquite' date=' and never found a single foreign object in there. Too bad I can't get get their oak wholesale, too. I can get the mesquite for $13 per 40# bag, and no shipping since they keep it in a local distribution warehouse. To get the oak, I would have to pay to truck it in.[/quote']

    Fortunately I just have to cross the bridge to Lazarri's So. San Francisco place where I can pick up big bags of oak charcoal. They sometimes have other charcoal like orange wood and they carry as either firewood or smoking chips almond, apple, walnut, hickory, alder, and cherry. It's worth a trip if you are in the area on a weekday. Just don't expect a shiny retail place - it's a big dirt lot and tin warehouse.

  6. Re: My email has been hacked

    That scam has been going for a few months now. The first one I got was from a friend at the yacht club then another from a sailing friend at Cisco.

    Recipients of emails probably have little to worry about - the one's I've seen don't carry viruses but are just scams. An analysis I recently read said that most of these scams get the bulk of their victims in a very short time, often just hours, after being launched.

    The bad-guys are using all sorts of techniques to break into people's email to send convincing emails from the victim's account but the victims are making it very easy by using terrible passwords (http://www.whatsmypass.com/the-top-500- ... f-all-time) and by reusing the same password on lots of places.

    If you used the same password here or at other forums as you do on your email, all it takes is a bad apple at one of those forums and they have your password. Or maybe you were surfing at the coffee shop and somebody listened to your wifi traffic (it is really not rocket-science, trust me - even a newbie can download the Firesheep Firefox extension from http://codebutler.com/firesheep?c=1 and start getting into your Facebook and other sites).

    So you use an easy password for your email but you aren't worried because you, of course, use a good one for banking. But what about all the send-my-password or password-reset features that work by sending you an email? Oops.

    But with dozens of forum/mail/social/banking/investment/school/club/etc. sites, what is a good netizen to do?

    First, use a password vault of some sort. After reading about some recommended tools in a network trade magazine I started using KeepassX (http://www.keepassx.org/). You have one password you use to unlock the vault which is encrypted with good AES and/or Twofish encryption. Your good passwords are in the vault - a different one for every site. KeepassX will also generate good random passwords for you and can auto-type them into sites at the click of a mouse. A similar one is Password Safe written by security expert Bruce Schneier (http://passwordsafe.sourceforge.net/). Password Safe is Windows only while KeepassX has versions for Linux, Mac and Windows. Both are open-source and free to download and use.

    Second, use secure HTTP (so the site starts with https://) wherever possible. It doesn't protect against you if Mallory is working at the site your are visiting or if the site itself has been compromised but it does secure the communication between your computer and the server as well as helping validate that you are connected to the site you think instead of an impostor site - another pretty easy to accomplish trick. HTTPS is all that is needed to defeat Firesheep and other network-sniffing attacks. (Mallory and Eve are the standard example bad-guys in security examples while Alice and Bob are good guys).

    While HTTPS was originally reserved for banking and similar sites in part due to the extra server load imposed, it is now available on the biggest sites on the net, Google and Facebook (announced right after Zuckerberg's page was hacked), along with numerous others like Twitter, Wikipedia and New York Times.

    Firefox users can download HTTPS Everywhere (http://www.eff.org/https-everywhere) from the Electronic Frontier Foundation. This addon tries to automatically switch to using secure http where possible.

    Happy/safe surfing...

  7. Re: Air Combat USA

    I only have a couple hundred hours but did do some aerobatics in gliders. I haven't flown recently, though. One thing they told my opponent is that sometimes pilots do worse than non-pilots because most pilots are taught to avoid unusual attitudes while unusual attitude is almost all they do at Air Combat.

    They seemed quite professional and take safety seriously. Something like 40,000+ "missions" without an accident.

    Their whole schedule was pushed back by heavy morning fog so we landed at sunset. Here's a pic:



  8. Re: Air Combat USA

    My sneaky wife got me the package at our school auction and we went to Orlando and did that in early December. It was a lot of fun and I, too, broke even on "kills". They told me that only about 5% of people who fly with them are pilots. I have a little recording accelerometer that I took with me. Here's the trace from one of the fights:



  9. Re: Stoker for Linux, any interest?

    Interested? Well, I guess my username says it all. Of course I would need a stoker. "Rock" came by my place to look at my mexi-K shortly after he released an early version. I like the open interfaces on the thing. I've just been fine so far running in manual mode without a guru/stoker/etc.

    Have you ever used RRD for storage/graphing? I use it for lots of custom system monitoring displays at work.

  10. It's a beautiful evening so we went to the yacht club for the Friday races and BBQ. The beer was cold, the BBQ hot and the weather wonderful.

    Too bad someone didn't check the tide book:


    Despite full spinnaker, they are stuck in the mud within shouting distance of the bar. But only a couple minutes later, another J105 decided to provide them some company:


    One eventually got off, the other was still stuck an hour later waiting for the tide to rise. But it's not so bad when being stuck gives you front row seats to the crescent moon setting over the Golden Gate Bridge along with Venus, Mars and Spica making the other three points of a "kite":


  11. Re: scooters

    .....Another time I did exactly the same thing on a BMW R75/6. The cylinder actually acted like a crash bar and I slid to a stop from 70 mph with nary a scratch.

    After putting over 10k on a Honda CB200T I decided I needed something bigger and got a R75/6 which I rode for years. Great bike. And those cylinders were the best crash bars ever. Had a Volvo cut in front of me once. Almost no damage to me or the bike but tore up the side of the Volvo.

    Knew one guy who went down and slid fine till he hit a curb that tore off the cylinder. He was ok and the only repair necessary was replacing the cylinder bolts that sheared.

    Another friend laughed at the people who had the cylinder "protectors". He said that cylinder head covers were pretty inexpensive to replace if damaged and any protector strong enough to actually protect would likely bend the frame instead which was a far more expensive repair.

  12. This happened to me on my mexiK. If you have the newer style of propane tank with the required overflill prevention device (OPD-fitted tanks have a triangular valve knob) you may be being hit by the second feature of the device - preventing fuel from gushing out if the tank is not hooked up to something. I have found that I have to crack the tank-valve open very, very slowly to avoid activating the device.

    I originally tried to return the tank as defective but learned how to use it. I now know the teltale signs. If I open the valve too quickly I will hear a "click" and will get almost no gas flow. If I crack it slowly I can hear a rattle as I start to open the valve and the first bit of gas rushes into the line but the noise will stop after the line is filled.

    When I accidentally trip the device, I have to shut off the valve and wait a few seconds for a "click" as the device resets then reopen the valve.

    I probably have to be extra careful as I turn on the gas at the tank when lighting the burner and turn it off at the tank when done - the burner valve is always open. If I turned off the gas at the burner valve I might not need to be so careful.

    So try turning off your burner valve and tank valve then sloooooowly crack open the tank valve. Then try the burner again.

  13. Re: How to grill on a KK - a tutorial

    ...a hot cinder pops from the coal when I was lighting it and landed on my right shoulder...

    Could be worse. A number of years ago a pretty good sized glowing mesquite ember popped out of the Weber I had at the time and went straight for my eye where it adhered to my eyeball and lower lid.

    Fortunately it hit the white of my eye rather than a critical part so there is no lasting damage other than some now nearly invisible scarring. Still, it was not one of my more pleasant BBQ experiences. :reddot:

  • Create New...