Fresh, Hot Wastes of Time

So I forgot to buy Blue Man Group tickets. They’re sold out now. The professional ticket scalpers are selling them for $120 a piece, when they retailed at $35. Guess we’re going to miss out on the concert. Someone tell me how it was!

This summer was the first reported death in Travis County from West Nile Virus. We live in a particularly mosquito-y neighborhood. Last month I walked into the back yard at dusk. In the space of 90 seconds I had 13 mosquito bites.

Last night around midnight I let the dogs out and saw something moving around over by a bag of old dog food we have by the garage and keep forgetting to throw away. I eased closer and saw that it was a bird. Odd, I thought, to see a bird out and eating at night, but maybe he just had the munchies. Well, he ended up staying around all night long, eventually camping out on the back steps and occasionally nibbling on a bug. He didn’t really fly, he just hopped around occasionally. He let me get within 2 feet of him with a camera. Needless to say, something wasn’t right with him. It finally dawned on me that he might have West Nile. Looking up the virus on the Department of Health’s web page, it says they’re particularly interested in blue jays who are found dead.

This morning he was gone. I don’t know if he wandered off to die. Hub searched the yard and didn’t find anything. We’ll have to keep an eye out for him. All I know is that I’m not going out at dusk without a liberal slathering of Deet. My vet said he thinks that infected birds have symptoms such as muddy thinking and inability to fly. Sounds like our guy.

Geektalk alert!

Kenn asked if there was a way to patch against the hacks we’ve gotten. From the reading I did, nobody’s sure how the remote shell trojan gets onto the box. Some have speculated that it’s an ssh exploit. In our case, the mud binary was probably infected, and it got run. I don’t think there’s a patch against the trojan in particular, but here are my tips (I am not a linux guru by a long shot, keep that in mind!)

– Be careful of any binary you run. Make sure they come from trusted and clean sources.
– Do not run as root anything that you don’t need to. Log in as a regular user and sudo stuff if you need to.
– Keep a close eye on your /tmp directory. That’s where I found the installed hacks.
– Also keep a close eye on your logs, all of them.
– Also watch your lastlog. One of the mud people noticed that we had a user named “test” who logged on from AOL. He didn’t belong
– Check ‘netstat -l’ to see what ports are listening. Make sure there’s nothing listening that shouldn’t be.
– Download and run lsof. It’s a nifty program that tells you what processes are running, what ports they’re listening to, where the program is located, and what user started it.
– Try doing ‘find / -name “.*” -ls’. This command will search your computer for files that start with a dot, which don’t show up on a normal ls. It will come up with a ton of files, but just check to make sure there’s nothing that looks funny. I kept finding directories called ‘…’
– ‘ls -lat’ in your directories, especially /bin and /sbin, and make sure nothing has been modified recently.
– Take steps to harden your system, such as different partitions, noexec, denying users outside of the US (for example), and not running daemons that you don’t actually use.
– And of course make sure all your packages and your kernel are up to date.

There are tons of websites out there on linux security holes, as well as hardening your box. Glean information from them, and hit up your linuxgeek friends for tips. Just smile and nod when they tell you there’s no such thing as a linux virus.

I got the new linux box up and running and answering like it’s supposed to, and the coders got the mud moved over and working great.

Three days later I see we’ve been hacked again.

I have a sneaking suspicion that someone ran the binary from the old box, which was hacked. I don’t know if anyone will admit to it, but it’s my theory. I found out that we had one of the exceedingly rare linux viruses, a remote shell trojan. Then I had to go through the hassle of convincing linux people that yes, linux does have viruses, and the freaking reason why nobody talks about them is because of the hubris of the linux community who all says that linux can’t get viruses. Nobody ended up believing me, and implied that I did something wrong setting up the box. No matter of giving them links to the few summaries of RST.b would help, even though we had the classic symptoms (appearance of /dev/hdx1 and /dev/hdx2, a few binaries containing URLs to ping, etc.). So the virus gave someone root access, and then they ran a few scripts to do other shit to the machine (I really doubt that the actual clean binary /sbin/atd has “welcome bitch.” written in there, I really really do). Some penile AOL user had an IRC bot going. The list goes on and on.

So now the machine’s been wiped out and reinstalled, again. There was no real way to clean up the damage, and what’s more, the damned thing wouldn’t boot because of all the shit done to it. Hub did the installation this time. Now if something goes wrong everyone will shake their fingers at him. We’ve also got a hardware firewall which will hopefully help matters. If not, we’re saying fuggit to the box and someone else will have to host the mud.

Thanks to Chris at Quest 4 Treasure, I’ve found the site I was looking for. It’s ARGN, the Alternate Reality Gaming Network. Of course, the forums have been shut down. Still, there are some leads to interesting looking sites.

Speaking of, has anyone played The Stone?

I’m cleaning up the Austinbloggers webring. There are a bunch of sites that have been in the queue for months, whom I’ve sent the ring code a few times but it’s never been put on the pages. If your page is removed and you want to put it back, sign up again at http://www.austinbloggers.org/webring/. Please make sure to put the code on the URL you submit. If you don’t, I will either dig through your site to find the page that has the code on it (if I have time, which I usually don’t), or I will not add you until it’s fixed.

Sorry to be a hardass, but it’s not fair for other ring members when everyone doesn’t play by the rules.

I’m going absolutely nuts trying to remember this site I used to visit that had a forum which kept track of current web games being played. Like for example when the movie A.I. came out, there was a huge game associated with it on the web. Donnie Darko and The Matrix and The Ring all had games or puzzles on their sites, too. I had thought it was IGN, but I can’t find any reference to it on their forums. Please, I’m begging you – does anyone know what I’m talking about?

Nordstroms is opening their first store in Austin next weekend. It sounds like a really swank place. I’m particularly excited about the shoe department, which carries ladies’ shoes up to size 14. There’s only one store in Austin where I can get a decent selection in my size 11, and their styles aren’t really my bag.

Anyway, Nordstroms has a special room for mothers that’s set up with comfortable chairs for nursing. Here’s a picture of it. Does anyone see the irony of the picture?