Ping, Traceroute and Trinity’s Leather Clad Butt

Filed in Guest Post, WendiTags: , , , , ,

Over dinner one night, I tried to explain ping, traceroute and portscan to my wife.   This is what came from that conversation.   This is *her* interpretation and yes, I married her.  You can’t have her.*

(A guest post by my lovely wife: Wendi)

This is what happens when I ask Scott to explain something.

I am now going to horrify every honest to god computer geek I have that reads this.

…that, or you’re going to die laughing. At me, or with me, it’s all good.

I asked Scott about “tracert” and “ping” and “ports”; he tried to explain that. Unfortunately, my brain works best with some very visual metaphors. So this is what I came away from that conversation with, presented here for your amusement.

“Ping” is a chore. This chore is performed by Bit (the little Yes/No guy from the original Tron). You tell Bit to… say… drive to DismalLand, find out why the fuck the lines are so long, and come back. When Bit comes back and says”Because it’s DismalLand, the Tragic Kingdom, dummy. The lines are always long!” the Ping chore is complete.

Now, there are a lot of hazards between you and DismalLand. Some of it is bad road, some of it is bad drivers, some of it is that incredibly STUPID civil engineer who designed the fucking roads. I like to think that some of those hazards might include Jack Sparrow driving a parade float pirate ship, and he’s being chased by a other pirates – either the kinds with swords in their teeth, or the kinds who are busily downloading cars and purses and stuff off the intarwebs. And then there’s DHS, who are kind of like the Keystone Cops but with more guns and stuff.So to navigate all those things, Bit turns into Trinity from the Matrix. Probably on a motorcycle. I picked her because her leatherclad ass is amazing. Plus, she has guns and kung fu, and that picture is a lot more interesting.

Now, maybe you don’t trust Bit. Maybe Bit ran off with your best friend like a two dollar whore this onetime. Maybe Bit is a pathological liar. Maybe Bit is the Godspouse of Tinkerbell and easily distracted. Who knows? But you think Bit is really damn flaky. So you hire some guy named TraceRoute.

TraceRoute’s job is to follow Bit around EVERYWHERE AND REPORT EVERYTHING. “Bit’s left turn signal came on at 10:15:00. Bit merged into the left lane at 10:15:20. Bit took her hands off the handlebars and blew the living shit out of Jack Sparrow’s parade float at 10:16:31.” So when Bit comes back, Bit comes back with an attitude and a ream of paper that details every time she did anything, ever.

So then you ask about the “ports”. Ports are basically like doors.

I’m going to massively change metaphors here.

Say you’re in a whorehouse. There are many doors. And behind each door is a different thing. Blowjobs behind this door, handjobs behind that door, goatse behind the other door, and thank all the gods of network traffic that the Etsy Cupcake Circle Jerk door is always locked. Naturally, all these doors are closed. Some of them are locked all the time, some are unlocked all the time, some are only locked when something fun is happening, and sometimes some asshole with a master key runs through and just randomly locks and unlocks shit to piss you off.

You can make Bit go check this for you,too. That way, YOU don’t have to suffer surprise goatse. Bit deserves it, the bitch. There’s about three different ways this can happen,but they’re all called PortScan.

There’s a doorman/bouncer at all those ports.

This bouncer is called…

WAIT FOR IIIIIIIIIT!

 

A DAEMON (This part is an inside joke to a particular forum. Don’t worry about it if you don’t get why that is side splittingly funny)

 

*You can’t have her unless you ask her nicely.

Ebay hacked. Change your passwords.

Filed in SecurityTags: , ,

(edit: s/Changed/Change/g)

Maybe I should turn this into a security blog.  Seems I can’t go a week or three without a post about yet another major corporation getting hacked.  This time it’s Ebay.   Took them a couple of months to figure it out too.

What makes this one extra special is that it wasn’t through some SSL bug or other exploit.  It was through compromised (week?  social engineered?) employee passwords.

They got hacked back in March. and only discovered it a couple of weeks ago and announced it today.

Though no Credit card or bank info was in the compromised database, enough info on there for a good shot at identity theft was:

“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”

Ebay’s blog post about it at the link below.
http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

New GNU Screen – 4.2.1 – first in 6 years.

Filed in LinuxTags: , ,

For all you console junkies (the command console, not that WeePlayBOne thing), Amadeusz Sławiński and friends have released the first new update to GNU Screen in six years.  I’ve pulled the source and compiled it (under CentOS 6.5, GCC 4.4.7, Kernel 2.6.32, bash 4.1.2).

You can find the new source here: GNU Screen 4.2.1

I’ll be putting the new options and features through their paces over the next few days as I go about my day to day Ops duties.  I use screen much more now than in the past, so this should be an adventure.

I’m interested in hearing other’s take on the new features.  Drop them in the comments below.

Scott

 

 

And the hits keep on rolling.. AOL hacked; passwords taken.

Filed in SecurityTags: , ,

And the Internet Security Trifecta is complete.   AOL announced on their blog today that they have “determined that there was unauthorized access to information regarding a significant number of user accounts“.  The information access includes “users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions.

So head on out to AOL and change your passwords and sec questions.   Might want to change any passwords for any sites you use AOL email as the security contact for as well.

 

And… Another one. This time in Flash.

Filed in Linux, Microsoft, OS-X, SecurityTags: , , , , ,

Look.  Another security exploit.  This time in that bastion of ultimate security.. er.. hang on.. what’s this?  It’s in Flash?  This is news?  Oh, a *NEW* one in Flash.  Got it.

Ok.  Where were we?  Looks like another security vuln in the wild.  This one’s in Flash and effects all three major OSes.  Yep, that’s right you penguins..  Linux is included in this one.  So get your YUM and APT repos spun up and update those boxen.

Krebs has the details here: Adobe Update Nixes Flash Player Zero Day

So there you have it.  Two major web exploitable vulns in two days.  Waiting for the other two shoes to drop; Java and Acrobat.

PS: Is it strange that I’m using a terminal window to cut/paste text from websites to strip it of hidden formatting?  Yes?  It is?  Good.

Code execution flaw in ALL versions of IE since 6.

Filed in Microsoft, SecurityTags: , , , ,

April has been the month of monumental holes in security on the net.  First there was Heartbleed (and as always, XKCD has a great explanation of what the Heartbleed vulnerability is: http://xkcd.com/1353/)

Not to be outdone by a mere open source project, Microsoft has announced a new 0-day vulnerability in all versions of IE since IE 6.  How you can call something “0-day” when it’s been there 12 or 13 years I’m still kind of fuzzy on.

As I understand the bug, it allows an attacker to use a specifically crafted html page execute arbitrary code on the user’ machine under the credentials IE was assigned at launch.   If you’re running as an administrator (who does that in Windows??), you’re pretty much wide open.

Microsoft released a tech bulletin about the flaw over the weekend that goes into a bit of depth about the flaw and lists what versions of IE are vulnerable.  Basically all of them.  If you’re running Server 2008 R2 or later, you *should* be ok if you’re still running IE under limited credentials.

The bulletin is here: Microsoft Security Advisory 2963983

Microsoft hasn’t released a patch yet, but I suspect we’ll see something in a day or so as an out-of-band release.  I can’t imagine even Microsoft waiting around for this one.

 

A short rant about Amazon’s EC2.

Filed in Amazon EC2, CloudTags: , , ,

Intellectually I understand why, but “Why can’t I change the Security Group of an instance after I built it?”  WHY??????????????

It sucks working a couple of hours to troubleshoot a group of servers only to find that you picked the wrong sec group for them.  Kill em and start over is the only answer I can find.

If some of you big brains out there have a solution, drop me a hint in the comments.

 

About those Hugos.

Filed in Hugos, SF&F, UncategorizedTags: , , , ,

There has been quite kerfuffle going on all over the blogs and facebooks and twitters about this year’s Hugo Award nominations.   Rather than confine myself to short quips or not so short screeds buried in a dozen blogs or facebook threads, I’ll just leave my thoughts here.

Some links about the Hugo Kerfuffle.  From there you can dive as deep into this issue as you want.  Ultimately, it all started with a flare up over some presenter for the awards being not politically correct enough for a certain vocal minority of SF&F readers.

Ok, enough.  Links:

I’m sure there are other links out there.  Go google them for yourself.

Now my take on all of this:

Something that bears remembering is how the Hugo nominations work.    Anyone (and I do mean *anyone*) with $40 or $50 can purchase an associate level membership to WorldCon and nominate their choice for the Hugos.  That’s it.  It’s a popularity contest, decided by *the READERS and FANS* of the SF&F genre.

How did Vox Day and Larry Correia and other such “controversial” authors make it onto the ballot this year?   Fans.  Their fans voted them there.   That’s it.

Now, as to whether the Hugo administrators should *let* someone with controversial views onto a ballot, I am firmly in the camp of “if the votes are there, they’re on the list”.

Where has SF&F genre fiction gone when something as trivial as contrary political or social views of an author, or even a book, leads to such an outcry of “burn him!” within the fandom communities?

SF&F is about pushing boundaries, testing ideas, playing with mores and social constructs, expanding horizons.   It is also, and much more importantly, about entertainment.

Each of us, as a purchaser and reader, must make a value judgement when we set out to exchange our energy for the energy of the author.   Energy in the form of our money and his effort to put a story down on paper.   We have to ask ourselves if the return we get from this book, be it entertainment, education, etc..  is of more value to us than the energy (ie.. money, time to drive to library, etc..) we must expend to acquire it.

If not, then don’t.  The reason, outside your own decision, is irrelevant.  It simply does not and can not matter to another human why you made that choice.

The people screaming from the top of the blogosphere with all their voice and pageviews about these two and a few select other authors have done just the opposite of what they want to happen.  They’ve given them a platform and a notoriety they otherwise would have had to expend significant amounts of their own energy to attain.

Calls for boycotts, ‘approved’ and ‘disapproved’ lists for awards or conventions or panels, reeks of McCarthyism.  “He doesn’t toe the line on XYZ! Burn him!”.

I had hoped that in 2014, we were beyond that.  I had hoped that, finally, in an era of communications technologies undreamed of by the greats of SF&F just two generations ago, we had gone beyond the nanny-ism I’m seeing.   “He offended me!  Make him stop!”

So I say to you, read what you want to read.  Recommend what you want to recommend.  Complain about what you want to complain about.  I’ll defend you to any power you name.  But gods help you if you deny my right to do the same.

 

Where is everyone?

Filed in Uncategorized

I’ve always hated those “where have I been?” posts bloggers make when they don’t update for a while.  It is a new year, however,  and I have yet to inflict sufficient pain on all of your to get your brains moving. So, without further ado, here’s where I’ve been!

Since my last post in August, I’ve been laid off (something about not needing *two* linux/unix experts in a department almost entirely focused on Windows / HyperV virtualization) and had a 2 month vacation.

I’m still working in the VOIP world, but for a smaller, more agile company that doesn’t have a lot of legacy analog telco baggage in the way it does things.  It feels a lot like working for $weatherandclimatereportingwebsiteandtvnetwork.com again.

I’ll have a lost more to post as I dive deeper and deeper into the wonders that are Amazon private clusters, distributed storage, cloud front caching, and (joy of joys) wordpress (don’t ask).

So sit back, relax and enjoy the ride.  Or I’ll strap you to the fender and play bumper cars.

On shopping online and the shortsightedness of giants.

Filed in retailTags: , , , ,

Where’re JC Pennys and Sears when I need them? I have, for the first time in my 41+ years of life, ordered clothes from Amazon. I’ve bought dozens of geek-t-shirts and “specialty” adornments from online retails for years. But never have I bought something as plebeian and normal as blue-jeans online.

Back in the nascent days of the internet, both JCP and Sears were the gods of mail order retail. They had the store fronts, return depots, logistics, IT infrastructure, everything in place. All they needed was a way to efficiently put their catalogs online. A digital storefront.

They both had the trust of over 100 years of catalog sales. Sears would sell you a fraking HOUSE through their catalog at one point. Everything Amazon and other retailers had to struggle for years to do JPC and Sears already had in place.

What was their response to this new fad, the internet? They saw, for the first time, legitimate competition and market loss so they packed up their toys and went home. They gave up instead of competing. And now they’re both marginalized, inconsequential retailers struggling to stay open.

How different would the landscape online be if either or both of those retail giants had done something as simple as put their catalogs online?

Categories
Click to view/hide
Calendar
Click to view/hide
October 2018
M T W T F S S
« Sep    
1234567
891011121314
15161718192021
22232425262728
293031