Computers

xrayspx's picture

They Don't Make 'Em Like This Anymore

Music: 

Thu, 08/01/2013 - 7:33pm - It's the last of the big V8 Interceptors. csFlickr

Last of the big V8 Interceptors. I had to grab a new Pro before they decided only to sell those insane coffee magnets with no internal drive bays. Last one lasted 7 good years, here's to another computer in 2020.

Fixed Tags:

Attack me? Attack you.

Music: 

The computer in the top of this security video is infected with malware and is currently attacking Natalie's site. Also it's in Vietnam. There were more exciting things happening earlier, but it never occurred to me to screen grab them. Since that one sucks and is boring, here's another one of the store front. Looks like medical supplies.

I have Mexican security cameras from infected machines too, but it's night there just like it is here, so those feeds are way more boring.

xrayspx's picture

Well that was funny

Music: 

I'm no longer forwarding cookie thieves to Natalie's site. I had been fussing around trying to make IPTables block all the botnet machines, and when that didn't work, I was just using deny rules in Apache, which sucked, because my include file of blocked hosts was 100,000 or so. That's in addition to the default "Block all of China, India, Eastern Europe" rules I apply. It also sucked because I'm still serving pages and so there were tons of ESTABLISHED, FIN_WAIT1/2, etc. connections, most of which were holding open Apache processes, which was crushing my machine.

The reason IPTables wasn't working turned out to be because of the VPS solution used by 1and1. There is a hard limit of 400 rules on the host, and I can't work around that, so I can't use IPTables with huge blacklists, at least, not that I've figured out.

What I'm doing now though is to use the LimitExcept directive to only allow GET requests in the virtual host which does the rewrites for nataliecurtiss.com. So now those fuckers are all just getting 403's or, in some cases, 500's (don't know why that is).

So yeah that was fun. A case has been opened with SquareSpace, since this attack traffic was all really directed at them. And the only logical thing I can think of is that the attackers are trying to guess session cookies of site admins who aren't explicitly logged out of their site admin tools. This would let the attackers exploit any XSS inherent in code generated by SquareSpace, or use the targeted site to infect more end user machines for this botnet.

Still, it's an awful lot of trouble to go to just to get your hands on Natalie's what, 12 legitimate users per month?

Now I just have a zillion connections in TIME_WAIT, but at least my site seems quick, all my services seem to be working at full speed ahead, and I'm going to stop thinking about this shit for a while. I'm not going to bother figuring out why I can't set tcp_tw_reuse to clean up all those TIME_WAITs.

Update:
The 500's are because I didn't set an auth-type for the user to be able to POST. Well, fuck 'em, they get 500's, since I never want anyone to ever do anything but GET, everything else can DIAF.

Fixed Tags:
xrayspx's picture

It's Statistical Outlier Saturday

Music: 

This is an odd Saturday. I got up at 7:15. That's not right. I'm still not supposed to be awake yet.

My site has been having problems this morning, serving pages, running cron, delivering mail... turns out that even though I don't host Natalie's site, I do redirect "nataliecurtiss.com" to "www.nataliecurtiss.com". So far today I've served 252,974 (presumably malicious POST request) redirects to her site. She has had 975,000 page views so far this month. That's also not right.

While looking that over, I checked my flickr stats. 900 flickr views so far today on really odd referrers, like "http://www.flickr.com/photos/xrayspx/with/9093592988/", usually I do around 50-100/day, not that busy.

Right now I'm flipping a quarter until it lands on its edge. Later I'm gonna go buy some lottery tickets.

Update:

Mmmmmm, cookies, hundreds of thousands of cookies:

POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 500
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: nataliecurtiss.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: SS_MID=162751ed-f2cf-4fdd-8b7c-814881282033hiwadjls

3No6hNrnQwi3zWrY/ZWMWh2SJnHKBItrrv+v3wpU3Jd1+I0hy9KM995Po4TM8f+m
4rMZ+hJt9O4MWe5VdHOzMfFmLZsISqrff6cdnnWEIzGWS8szILditQVvkUGdB2kH
B15aLXiROS4ZZ6RZpeMgfUJbzXCwwGL5RBQcaZDKF2VnMtY8A/VnXsTo0OiT9oQ8
Prnijbzg6O9GMr2gT6sNsNCikOjqy073b8z2NbCGUaYog+1qVHgoLOgTNtRM1PFD
8Zxv4qxjHIImJDBUZPbzceycZ1qP79xVkIemkBWTLt1mu8KvuzMty9AzWyhQDi7X
3wa6vfTr4bwcZNq3zm4U8G1CxtyAJiIMVMLhVSUK/6dGELU5o8YIWiDsq6faey7G
blZlukaXQjr5OKNzklqsuL5Pcor2pAOJ7zyB/LP+z/8SttCi+XGemUo3mxdgVPjn
XKj0ArRJCIy0RvngpOabPewOdEtgSFO8Gjs=

Fixed Tags:
xrayspx's picture

Never Offer Me Platform Advice

Music: 

Throwing Muses - Cry Baby Cry

I am in the market for a new computer. Apple has left me seriously disappointed with the new Mac Pro, what with its inability to hold many 3.5" SATA drives, and has driven me to the iMac after all this time. Internal storage and the fact that the iMacs of the time (2006) sucked was the main driver for me getting the Pro I have now in the first place. However, time marches on, I have a 32-bit EFI and can't upgrade past Lion, and the install is getting kind of crufty, and so I end up having to bounce the machine every so often, which sucks.

So the new Pro is out, might as well go with a maxed out iMac. I had two questions:

  • Am I going to see much difference between the i5 and i7?
  • Do I care about 2GB of video memory vs. 1GB
  • I asked a friend about the CPU thing. His response was "HP will sell you a way better machine for half the price anyway". Was that what I asked? Do I give a fuck what HP sells? Have I not already proven this to be false when I bought this Pro in the first place?

    If I roll up in a BMW 535i, is your first reaction going to be "You could have bought a v6 Nissan Altima for half the price and only lost 30hp". No.

    I have very specific needs, which Apple meets much better than Microsoft + HP (or whoever), my reasons are not "Because it looks cool" or "Because I am a hipster".

    My reasons are:

    • I am not an Apple fanboy. I am a Unix fanboy
      • Use Cygwin, it's just as good
        • No fuck YOU, I don't like rewriting every goddamn little bash script every time I deploy to a different platform, the differences in output between GNU and BSD toolchains are annoying enough, I don't want to deal with MS tools on top of that.
    • Don't like Windows? Use Linux!
      • If Linux was a serious option, I wouldn't be ditching a perfectly good 4 core 2.66Ghz machine with 16 GB of memory just to get an iMac. Photoshop does not run on Linux. Illustrator does not run on Linux. I run many things on Linux, my wife's primary home machine is not going to be one of them.
    • Well dual boot Linux with Windows!!!
      • Explain that to my wife, and explain to her how her workflow must change because we're using Windows now because we're cheap.
      • Why should I reboot my machine, ever?
      • What if I want to quickly get a unix environment outside my work environment for testing, should I remote reboot into Linux? Manually change boot menu options before rebooting? Sounds like a waste of time.
    • But GAMES!
      • But I don't care about games. Anything I want to play I can either play on my HTPC or in a Windows VM on the Mac.

    ...And on, and on and on I could go.

    Fixed Tags:
    xrayspx's picture

    Use The Force

    Fixed Tags:

    Some time ago, I set "3 finger drag" on my mouse to "Lock my machine". That worked about 50% of the time first try. The rest of the time it would take me to my dashboard, change virtual desktops, or go back in my browser history.

    The correct way, as in all things, is to use The Force.

    xrayspx's picture

    Samsung Galaxy S4 Benchmarks?

    Music: 

    I just bought two new Samsung Galaxy S4's and was initially pretty happy with the ability for full device encryption. Since it requires a 6 character alphanumeric password which also must become your unlock-pin, I'm less excited, since "unlocking your phone while driving" effectively becomes "texting while driving" and I don't wanna die.

    My main question was how encrypting the device would impact utilization. I tried and failed to find benchmarks for this, so I decided to do my own. The only directory that I can write into, without rooting, seems to be /sdcard/, there is no sdcard in the device, so this is on-board memory. After running my tests, I question whether this folder actually gets encrypted.

    Tags:
    xrayspx's picture

    Facebook Hoax Denouement

    Music: 

    The Clash - Hateful

    Of course, according to the natural law of maximum irony, my very next Facebook post resulted in this screenshot.

    In my withering defense, I rate anything I read based on the relative historical trustworthiness of the writer. Ebert, Gibson, my wife, rate very high and are near-unimpeachable sources. William Gibson rated a cursory check of Google News to see that, yeah, there are other headlines from other sources telling the same story.

    That said, don't do the crime if you can't do the good natured time :-)

    Previously

    Since Facebook sucks at telling time, the meat all happened within ten minutes of the tweet I read

    Fixed Tags:
    xrayspx's picture

    iTunes Mass Importer

    Music: 

    Bauhaus - King Volcano

    For my own notes, so I don't forget I did this... Big thanks to Doug from Doug's Applescripts for iTunes for convincing me that making iTunes update in this way is possible.

    As with all things, I have to make my music library overly complicated. In historical times, I ripped at 128k, then 192k, but even a lot of the 192k mp3s sound like crap, so I've decided that going forward, I'm doing 320k CBR MP3s as well as FLAC.

    I'm using Max to do the rip and encode on the Mac. It encodes both sets of files in parallel and saves them in a directory under ~/Music/max-rips/Artist/Title.

    Here is a script to sort that and update iTunes. It'll drop the MP3s in my MP3 library directory, then drop the FLACs in a repository for them, finally making iTunes add the new files at the end. If all you want is to make iTunes rescan your library for new files from a script of bash shell, you want the osascript line toward the bottom, just substitute the path to your collection in place of mine.

    I'd like to pass $directory and $albumdir to the osascript and have it live inside the inner for loop, but I've not figured out how to use my variables inside the 's that osascript -e requires to run its part. It only takes a few seconds to re-index the whole thing.

    This is the utterly fugly 15-minute first draft with crappy variables and whatnot, but it does work.

    (Yeah yeah, "find blah blah | while yadda yadda", 15 minutes, works, admittedly fugly, 2000 CDs and nothing has | in the artist or title)
    Update #2: Nevermind all that, the script below is a lot clearer and does all that stuff I wanted.

    maxmover.sh:


    #! /bin/bash

    find ./max-rips -depth 1 -type d | awk -F "max-rips/" '{print $2}' | while read artist
      do

        mkdir "/Volumes/Filestore/CDs/$artist"
        mkdir "flac-output/$artist"

        find "./max-rips/$artist" -depth 1 -type d | awk -F "max-rips/$artist/" '{print $2}' | while read album
          do

            mkdir "/Volumes/Filestore/CDs/$artist/$album"
            mv "max-rips/$artist/$album"/*.mp3 "/Volumes/Filestore/CDs/$artist/$album/"
            mv "max-rips/$artist/$album" "flac-output/$artist"

            `/usr/bin/osascript         tell app "iTunes"
            add POSIX file "/Volumes/Filestore/CDs/$artist/$album/"
            end tell
            EOT`

          done

        rm -f "max-rips/$artist"/.DS_Store
        rmdir "max-rips/$artist"

      done

    Update:
    It looks like there are several ways to skin my osascript cat. These aren't even the most fluid examples I've found.

    xrayspx's picture

    Fixing an ugly email situation

    Music: 

    I've been running IMAP services on my mailserver for many years, previously using Courier. I always had a pretty basic but solid-running system. Postfix, doing a Spam Assassin check, then delivers to the user folders, and Courier running IMAP.

    Pages

    Subscribe to RSS - Computers