Apple: Simplicity to the Extreme

I’ve never been a big Apple fan, nor have I been an Apple hater, but after my iPod experiences last night, I want to vent a little.

Ever since the first iMacs were unveiled, I was convinced that Apple had finally gone totally ‘form before function’, ’style before substance’, etc. They’re more about looking cool than working well. This has also been demonstrated by the fact that the powerbooks don’t have a link light on their RJ-45 jack… do you know how nice it is to just be able to look at the port and know that you’ve found a working port? But no, that would take away from the style of the notebook too much. (My Compaq has a little link light, and another to tell if it’s in 100Mb mode)

On to the iPod issues… a new firmware was released the other day, and I was hoping that they had added the ‘group compilations when browsing’ feature (it’s in iTunes, and they added it to the iPod Photo firmware). So I plugged the iPod into my laptop, which still has a Windows partition. As soon as the the USB device enumerated, iTunes launched and proceeded to delete the database, making my almost 20GB of music unplayable–what the hell? No prompt, no warning, nothing. I know it probably assumed that the database was corrupted becuase I manage my iPod with gtkpod but is that a reason to delete it? If it was a Microsoft written program, it’d probably prompt me three times (you’re about to delete…, are you sure?… really sure?), Apple decided (correctly) that all these prompts are redundant, but isn’t there a happy medium? I think I should have been warned “Your iPod appears to be corrupt/needs to be initialized, please click OK”

Enough ranting for tonight, hopefully after deleting the database and all the files, I’ll have my music back in the morning.

3 Comments

Back to School

Yesterday I handed in my resignation at work. As of August 26th, 2005 I will no longer be a Verafin employee, for I am starting grad school in September.

I had been thinking about getting my M. Eng for some time, and started looking in to it in Feburary. Yesterday everything was finally confirmed (everything but the official acceptance from the university), and in September I go back to MUN. I’m going to be working with Andrew Vardy on visual robot navigation, which should turn out to be an interesting project.

What happens after that, I really don’t know. A number of people have asked me what I’ll do after I get my Masters (go to work, or try for a Ph.D). As of now, I’m leaving both options open. My life plan simply dosen’t go out that far into the future yet. So I’ll tackly the Masters and when that’s done I may try to find a job that fits me well, or I might decide that I belong in academia. Only time will tell.

Until then, I have a little countdown over on the sidebar that counts the number of working days I have remaining.

2 Comments

Server Intrusion

Well, I’ve spent the last couple of hours trying to investigate a break-in on my home server.

I had noticed that all of a sudden I was getting a lot (like 20 a minute) of ‘undeliverable mail’ errors in my inbox. I looked at one and saw that it was an eBay phishing scam, and the mail was originating from my server!

So I logged in to the server and saw an account active that would never normally be (the account was created only for Samba usage). After killing the processes spawned by the account in question, the user logged back in, and started taunting me with the fact that he/she had gained root access. At this point I shut down the server such that it couldn’t cause any more harm. Before the server managed to shut down, the malicious user did manage to delete all of the files belonging to the account and attempted to make the server unusable–luckily I do nightly backups of all users’ files, and the server had powered off before any other damage was done. (Thank you Gentoo for suggesting that /boot be a seperate partition, and left unmounted)

After disconnecting the network from the computer and starting it back up, I started to sift through the log files. Turns out the account was comprimised a few days ago after trying several unsuccessful attempts to break the root password they started to go through common first names trying for an account having the password the same as the account name. After going through the webserver logs it looks like I had managed to shut everything down before anyone had fallen for the phishing scam. This user also didn’t get to delete their .bash_history file before the server shut down, so I was able to find out some more information about what the user was trying to do. I found evidence of them trying to install some IRC bots, and shutting down a kernel exploit (turns out I was running a 2.4 series kernel circa December ‘04). I also saw that he/she was poking around in some of the files I had left in /tmp (using pico of all things… I’m almost ashamed to admit that I even had that editor installed, vi is the only sensible text editor). After looking at the mail log around 1,000 messages were sent in 8 minutes before my ISP cut off my outgoing mail account for the day (which is good… if only all service providers were trying to be part of the solution, rather than the problem). But even if I hadn’t been cut off, I was lucky enough to have caught this one and had the server shut down around 2 minutes after that, which would’ve meant another 200 emails would’ve gotten out.

So, after finding all of that, and cleaning up the other remnants of the intrusion, the server is almost ready to go back online–but with a few enhanced security measures:

• All passwords are now of ‘acceptable’ strength
• The firewall limits SSH & FTP connections to a select few subnets
• Accounts that only use Samba can no longer get a shell on the server
• The kernel’s been upgraded to a more recent version

Update (June 23, 10:12am): A good article about this sort of thing in the NY Times just popped up on digg.

“A successful phishing operation might bring in thousands of fresh account numbers, along with other identifying details: names, addresses, phone numbers, passwords, PIN’s, and mothers’ maiden names. The richer the detail (and the higher the account balance), the better the asking price.”

Update (June 23, 11:55pm): I’ve also since noticed that the intruder managed to wipe out most of my MP3 collection, but once again those files are subject to the same backup procedures and can be safely restored from DVD.

1 Comment