Hiatus Shmiatus

Back at the end of the August the server that was hosting brahm.windeler.net went belly up. Something went awry when the server was being moved by a sys admin and the hard drive just decided to give up the ghost. The people that I shared the server with and I are trying to go through a data recovery service, but it’s not looking promising.

Though I don’t have an exact backup of everything that was on the site, I do have the photos that were published on the site as well as all of the blog content.

I’ve been exploring my options over the past few months. Do I host my own site again? Do I go with hosted service? How much do I want to pay? What features are available on the various blogging platforms?

Since I was using the windeler.net domain for e-mail, my immediate action was to move the domain over to the free Google Apps to reduce the number of email messages that would otherwise bounce or be directed into the great bit bucket in the ether. I put up a placeholder page using the Sites functionality within the Google Apps framework, but it was obvious from the start that the functionality it provided was very bare bones and not really set up for blogging.

I also investigated using Typepad, as my blog was originally hosted using Movable Type, which is the blogging platform that Typepad uses. Initially the site would hang during the import because I had specified the wrong filetype encoding (what, you expect a common user to be able to tell if the file was encoded as MacRoman or UTF-8?). Once I determined the correct file type, I was able to import my blog posts just fine but was unable to import the corresponding comments. After many tries deleting and re-importing the entries, I gave up. This did not inspire confidence. If the code for importing their own export format was that buggy, I wasn’t going to spend any more time with it. Another factor was the fact that the free version was severely limited in customizability (2 themes… neither of which were particularly attractive).

After putting the effort aside for a few months, I decided to try to bring the blog up from the ashes again. I started researching if other people had also had the comment-import problem with Typepad. I didn’t come up with much, but did find a lot of pages talking about how to migrate to WordPress. On a whim, I decided to set up a free account and test the import functionality. I’m pleased to say all the posts and comments were imported intact. And I have to say the functionality that it provides is quite impressive. However, I started looking into what it would take to use a custom domain and found it would cost $12/year to do so. That seemed fairly odd to me, because technically all that should be required is to update the DNS record at my domain registrar to point to the appropriate IP or hostname. Additionally, if I wanted to customize the theme as much as I have in the past, it would require paying an additional $15/year. Blogging isn’t worth $27/year to me.

A few people I know have Posterous blogs, so I thought I would investigate that service. I exported my blog entries out of WordPress and imported them through their import tool. I used that method rather than importing directly from my Movable Type backup file because the import option didn’t seem to be able to import from a Movable Type-based site without the site already existing… not helpful when the site has gone bye-bye!

The import went smoothly again. Both posts and comments were added. I also imported two posts that I had written on my very first blog when I went to Malaysia back in 2001 (!) and thought I’d document my travels. I’ve come across a few hick-ups with the site not behaving the way I thought it should (mostly in relation to editing imported entries before merging them into the blog), but all in all I’m happy so far. Also, it’s completely free, I can use a custom domain for no additional charge (the DNS is updating as I write), and the available themes are all fairly attractive.

The one thing that I haven’t decided how to tackle is what to do with all of the broken links in the older posts. Any links that referred to other posts within the site or the photos that I hosted on the site point to non-existant items at this point. I may go back and fix them, though the thought of going back through ~270 posts to fix all of that is making me cringe. I’d also need to re-post all of the albums somewhere like Flickr or Picasa. I’ll probably just leave them as is for now and address them as I have time. For now, I’m just glad to have the blog operational again.

Advertisements

Holiday Cookies 2009

Media_httpfarm5static_fdolc

Yes, second post in two days. I’m making a conscious effort to resume blogging. Twitter has made it much too easy to neglect this site.

Inspired by daily photo postings by an old friend which often involve food, I decided to post a few photos of the holiday cookies Jennifer and I made this past week.

The recipes come from the December issue of Sunset magazine. We chose these recipies because we figured they’d be unique and tasty. We made a double batch of the Honey Caramel Nut Bars to share in various cookie exchanges.

End of Summer

Wow. Eight months have flown by since my last update. I think that’s a record for me.

Just wanted to stop in to say I’m still around. This summer has flown by. I was just getting into the swing of things, now our first child has started Kindergarten. Yikes!

Back in May I participated in the Bayshore Half Marathon up in Traverse City, MI. The weather was beautiful and cool, which contributed to me setting a PR of 1:48:36. Hopefully I’ll be able to beat that at my next half marathon.

In June I had my hike up Half Dome in Yosemite National Park for which I was training through the Leukemia & Lymphoma Society’s Hike For Discovery program.

I combined that trip out to Yosemite with a 5-day backpacking trip with my friend Rob Totte. We started at the White Wolf campground, hiked down to the Tuolumne River and then followed it up, through Tuolumne Meadows, along the Lyell Fork to the highest point in Yosemite NP, Mt. Lyell (13,114 ft / 3997 m) and back down to Tuolumne Meadows. Nearby forest fires to the west of the park made many of the views quite hazy in the Grand Canyon of the Tuoumne River, but we could see for miles at the peak.

The kids, Jennifer and her mother also headed out to California during that time. After my excursion into the wilderness, we met back up in the San Francisco Bay Area and met up with old friends.

In August I took another trip back out to San Francisco to see the SF Outside Lands concert in Golden Gate Park. It was the first time a concert had been held in the park at night. The Radiohead performance opening night was spectacular.

A few days ago I participated in a 100 KM trail running 5-person team relay event in Hell, MI called Dances With Dirt. The course involved running along the trails of Pinckney State Recreation Area in widely varying levels of use (or disuse as the case may be). There were numerous fallen trees and branches, hills a’ plenty, sand patches, abundant poison ivy, thigh-high muck at stream crossings, a shallow lake crossing. Sounds like fun, no? Though we didn’t even come close to winning, it was well worth the experience. Pictures to come (hopefully!).

Welcome to the Jungle

Last week I was checking out Amazon‘s Mechanical Turk web site. For those of you not familiar with the site, it allows people to set up simple tasks called Human Intelligence Tasks (HITs) for others to do that are easy for people to do but too difficult to automate by computer. The people who perform the tasks are then paid a modest amount for their effort.

I came across one HIT that I thought would interest some friends so I right-clicked the link to a preview of the HIT, chose Copy URL, then shared the link with the friends. After checking the site out, my friends astutely noticed that visiting the site logged them in as me. Looking closer at the URL, I realized it contained the actual session state. Rut roh! But that’s not all. There was a link to a “Your Account” page, which then linked to an option to change the name, e-mail address, and password on my Amazon account… without prompting for the current password. Double rut roh! Even after I changed the password, that URL could be used to log in and change it again.

Realizing the security exposure, I immediate deleted the credit card info that was on file. I then sent a few messages to the Mechanical Turk team through a few different channels describing the situation. Though I only got “Thank you for your feedback. We’ll be looking into the situation.” type messages from their team with no way to respond back, it appears they did act on the messages. Upon revisiting the site later that day I noticed that:

  1. I could no longer find a HIT preview link with the state information included in the URL.
  2. The offending URL brought up a page saying the request could not be completed successfully. However, this could just be because the session had expired. The top of the page still shows my name and there’s still a Your Account link. But…
  3. When clicking on the link to change the password, the site now prompts for the existing password first.

Kudos to the Amazon Mechanical Turk team for addressing the issue so quickly after I reported it. I have to say, it was kinda fun, though a bit unsettling, to find a security issue with such a high-profile site.

The Audience Is Listening

A few friends asked me what I’ve been listening to recently, so I thought I’d share my response in case you’re looking for some new tunes.

  • Wilco. Chicago band that makes music that’s kinda like Southern rock meets Radiohead. I haven’t heard their latest album but Yankee Hotel Foxtrot is one of my all time favorites.
  • Calexico. Like their name sounds, the music is a mix of southern Cal/Mexican style folk rock. I like pretty much everything they’ve made.
  • Beck – “Guero”. This came out a few years ago but it’s still high on my list. I haven’t heard much from his most recent album “The Information”, but what I’ve heard has been pretty good. He’s got an amazing ear for hooks.
  • The Weepies – “Say I Am You”. Kind of a melancholy Six Pence None the Richer or Shawn Colvin sound. This was on heavy rotation in my iPod last year (just one of those years).
  • CÈU – a Brazillian female vocalist. Latin American lounge with hints of hip-hop beats (her band includes a turntablist).
  • DJ Shadow – “In Tune and On Time”. A live album from 2004 that’s a pretty good mix of all he’s done in the past (of which I’m a big fan). I haven’t heard his latest album but I heard it’s more of a hard-core hip-hop album so I haven’t had much interest in checking it out.
  • MixMaster Mike. DJ for the Beastie Boys. I recently picked up Eye of the Cyklops and it’s pretty good albeit short (it’s an EP).
  • Easy Star All-Stars – “Radiodread”. A well done reggae cover album of Radiohead’s “OK Computer”.
  • Ashton Allen – “Dewdrops”. Very Elliot Smith-sounding indie artist.
  • Camera Obscura – “Let’s Get Out Of This Country”. Another indie band with a female vocalist. The album has a optimistic, vintage sound if that makes any sense.
  • Bonobo – “Days to Come”. Loungy, (mostly) instrumental downtempo trip hop. Nice relaxing music after a day of work.
  • “Cinematic”. An album of remixes of a bunch of classic film scores.
  • Jack Johnson – “In Between Dreams”. I’m sure you’ve heard his stuff on the radio. This is a good album for making breakfast to on weekends (or any day of the week really).
  • Putumayo Presents “A New Groove” – Latin-American influenced groove compilation. Lots of catchy tunes.
  • Rodrigo Y Gabriela – Virtuoso Spanish guitar street busker duo. You can check out some cool videos on YouTube.
  • Radiohead – “In Rainbows”. Not their best album, in my opinion, but a decent showing. Good to hear some fresh material.

Other artists that I’ve recently come across and like but haven’t bought any music from yet:

Big Heart

I ran the Big House Big Heart 5K this morning in Ann Arbor. Jennifer and the girls were gracious enough to join me by waking up before dawn and driving over an hour so I could run in an event that lasted less than 23 minutes (22:56 to be exact… a 7:21 minute/mile pace). The event itself was pretty fun. I met up with a friend and a few of her relatives before the race. As it turns out, the brother who was running with her was in a work group with me in one of my advanced math classes back in college. Small world! While I we caught up and waited for the event to begin, a small men’s college a cappella group entertained the crowd by singing various U of M anthems (Hail to the Victors, anyone?). I ended up running solo as the rest of them were going to be running at different paces.The route started at the NE corner of the Michigan Stadium, headed up State Street, around the diag, back down State Street, then along a path through the training fields on the athletic campus and to the stadium. It finished by going through the tunnel into the stadium, followed by an immediate turn down the sideline to the south end of the field and back up the center, passing through the finish on the 50 yard line. It was fun to participate for that part alone.I don’t know if it was just the fact that it was a beautiful Sunday morning and people were basking in its glory, or that I was in a fast enough pace group that everyone was pushing themselves too hard to talk (me thinks the latter), but as we passed the Union and Angell Hall I realized that no one in the immediate area was talking at all. The only sounds were those of the shoes hitting the pavement.Jennifer and the girls just missed me crossing the finish line by a few minutes as they stopped by our friends’ place after dropping me off but then had trouble finding parking at the adjacent Pioneer HS. Fortunately we were able to meet back up shortly after they arrived. Randomly, a few friends-of-friends noticed me in the crowd milling around after the finish so we chatted a bit.To complete our time in Ann Arbor, we made the obligatory side trip to Zingerman’s to pick up a loaf of chocolate cherry bread (among other things) and a trip to the Wasem Fruit Farm for apples, cider and donuts. Mmm… trans fats… 😛

Traffic Report

I freaked out yesterday afternoon when Symantec Client Firewall started blasting me with messages indicating it was blocking outbound traffic coming from vmnat.exe and matching the destination ports associated with various Trojan horses.I run a number of VMware virtual machines and vmnat.exe is the program that manages a virtual network with NAT translation on the host environment. The situation is nice because I can have isolated environments for various activities, take snapshots of system state and roll back if necessary, clone a system, etc.At the time I was doing some stuff on the web in the virtual machine that I’ve got set up for accessing the Web, checking e-mail and instant messaging.I usually run a pretty tight ship. The operating system has all the latest patches, all applications are up to date and the anti-virus software enabled for real-time scanning. I use Firefox with Adblock Plus and NoScript extensions to prevent unnecessary cross site cookie and scripting attacks.I wasn’t sure what was causing the flood of traffic that tripped up Symantec Client Firewall. I checked the logs and sure enough saw messages saying it had blocked traffic for the “Rat”, “Bla”, “Master Paradise” and “DeepThroat” Trojan horses. What was even more troubling was that there were some from a few days prior.Could it be JavaScript code from a web site that I white-listed in NoScript? Did a virus/worm come through one of the IM applications I run? Was there a vulnerability in the VMware vmnat.exe that had been exploited by malware/virus/rootkit? Due to the amount of traffic, I thought it unlikely that it was a false positive… legitimate traffic just being flagged by Symantec.Not knowing for sure what was going on, I powered down the virtual machines, unplugged the network cable and disabled WiFi on the host system. I then got on a different computer and started looking into the Trojan horses. Based on the info on Symantec’s web site, I found that the ones that were reported were mostly Trojan horses from a few years ago and were only reported on Windows 2000. I’m running Windows XP for both the host and guess operating systems, so it was unlikely that I actually had those Trojan horses. But I thought it might still be possible for some JavaScript code or a rootkit on one of the virtual machines to implement the same protocol.I checked a number of security sites like Secunia to see if there were any recent vulnerabilities announced for VMware, Firefox, etc. but didn’t see anything that fit what I was experiencing.So to determine which virtual machine might be the culprit, I re-connected the network cable and downloaded Microsoft’s Network Monitor software. I started a capture and then booted up the virtual machines one by one. When I started the one I used for web browsing/email/IM, sure enough I saw traffic over SSL to a whole slew of IP addresses that I did not know. I did DNS lookups on a number of them and they resolved to things like ISP providers (e.g. comcast.net) and foreign countries (e.g. .il). I thought “Oh, great. A bot network sophisticated enough to communicate over an encrypted connection.”I disabled the virtual network connection for that virtual machine to isolate it from the rest of the world, then ran a full drive anti-virus scan on it to see if it came up with anything. Nada. Malware is getting sophisticated enough these days that it can work its way into the system so deep that it can actually avoid detection by many anti-malware tools. So my next step was to boot the machine from CD (actually a virtual CD) and do a scan before the operating system actually loads.I created a “slipstream” boot CD image using software called Ultimate Boot CD 4 Windows (UBCD4Win). This software builds a bootable Windows CD by extracting files from a Windows install disk and then also installs a bunch of tools for things like disk repair, anti-malware, etc. It actually creates a CD image, called an ISO, which you can then burn to an actual CD. However, one nice thing about the VMware software is that you can set up a virtual machine to boot from an ISO directly rather than using the host system’s physical CD/DVD drive.I booted the virtual machine with the ISO and proceeded to scan the drive image with about a dozen different anti-malware, anti-virus and anti-rootkit packages. All of them failed to find anything wrong (well, at least nothing attributable to the alleged Trojan horses).I was starting to get a little skeptical of the whole situation. Either the infection was cutting edge enough that it hadn’t made it into the latest signature files for all of these tools (which I did remember to update before creating the ISO), or the traffic actually WAS a false positive.I fired up the Network Monitor software again and then rebooted the virtual machine using the installed operating system. After shutting down the programs that I have launch at boot time (IM clients mostly), I re-enabled the virtual network adapter and started watching the Network Monitor capture. Nothing. I launched Firefox. Nope. Thunderbird. Nada. Pidgin. No. Skype. Bingo.There was a flurry of activity to random IP addresses at semi-random ports. There’s a new Skype worm for Windows that was recently announced, so I thought I might have somehow gotten that, but it actually requires clicking on a URL within a chat. So that didn’t seem right.Then I realized the ports weren’t exactly “random”. The activity to the random IP addresses came in batches, with the port number the same within the batch. It was starting to become clear what caused the sudden barrage of Trojan horse warnings. Skype had picked random ports to use in communicating with those other computers. It just so happened that when I received those notifications from the Symantec Client Firewall, it had picked ports that coincided with those used by the previously mentioned Trojan horses.I wanted to make sure my assumption was right, though… maybe see if others had experienced and documented similar behavior… and figure out why Skype was communicating with a bunch of random computers. I had assumed that it worked like most other instant messaging applications: connect to a central server at login, “register” your presence to let others know you’re online, then facilitate setting up a direct one-to-one link for actual text/audio/video chats.I got on the web and did a little research to see what I could learn about Skype’s network protocol. I didn’t find much, but I did a document for network administrators [PDF] on Skype’s website outlining steps to tune a network for optimal Skype usage. The overview explains that the network architecture is NOT like that of the other instant messaging services:

Skype communications rely largely on peer-to-peer communications techniques in order to improve the quality of voice calls and to reduce the latency of data transfers between users. The term “peer-to-peer”, frequently written as “P2P”, is a class of software applications that rely on resources located at the network edge, such as the large number of individual personal computers that are always connected to the Internet, rather than relying on large and costly centralized computer servers. Itís this aspect of Skype networking that makes it incredibly robust and tolerant of network failures: Skype has no single “critical node” upon which the service relies for its operation.

So after several hours of stress and research, I could finally rest easy knowing that the computer had in fact not been infected by some form of malware.Well… maybe not the rest easy part. Our youngest daughter woke up crying several times after I laid down at 2:30 AM. After patting her back for a bit, walking her around and giving her some gas drops, the clock read 4:15 AM before I was able to call it a night.