MacAlpine.org

Ater 3 months of operation no beer donations were received. Thus, we can conclude that WiFi leachers are morally inept, and would prefer to pilfer than leave a trivial donation. All internet traffic is now directed to this static page.

Instead of writing a review that is due in just a few weeks, I’ve found a new distraction to help me procrastinate. That distraction is Blender a 3D modeling software package. Blender is a very high end graphics package used by animation and modeling studios that has recently become open source. Check out the gallery to see just a few of the example renderings. However, the learning curve for this package is steep! If the learning curve for Vi/Vim is a San Francisco hill, the Blender learning curve would be Mt. Mckinley (in winter). I followed the 30 minute tutorial and 6 hours later, I had generated a gingerbread man. But wait! That’s not all, I was also able to animate the gingerbread man. I also included an action screenshot of the blender user interface where I modeled the gingerbread man. Procrastination is bad…but fun.

You may have noticed that the computer that runs this site was down yesterday. A hacker broke into the computer and gained root access and installed the ‘SucKit’ root kit. Luckily, MIT actively monitors their network, and noticed the ‘fingerprint’ of a compromised system within minutes and shut down the computers IP address. So I’ve spent the majority of the last two days reinstalling Debian linux on the computer. Most of the time was spent reconfiguring the various services that need to run on this computer.

What anoys me the most is that I’m pretty paranoid about computer security– crytpic passwords, only a few essential ports are open — ssh,smtp and http and I stay uptodate with security patches…So how did this happen and why my computer?

The intruder was able to gain access through the search function (Search.pm) in the Twiki software package. Twiki provides a collaborative (editable) web page for our lab. This vulnerability, which grants shell access) was first reported on the bugtraq security mailing list Nov 12. Debian had a patched version of the software available Nov. 13th. (lets see microsoft move that fast). Unfortunately, I only update my system on the weekends — that way I have time to fix it if something else goes wrong with the update. Anyway the intruder used the vulnerability to gain access to the shell at around 11:30 PM on the 17th, from the shell he was able to install and run the ‘SucKit’ root kit (how he was able to gain root privileges from the shell is still a mystery). At about 11:34P MIT cut the network connection, effectively cutting the hacker off. So why my computer? Well, I don’t think it was targeted other than the fact that I was running a broken version of the Twiki software. Everyday, I get upwards of several hundred failed ssh attempts on this computer. The MIT network is a popular target for hackers because of its size and speed. MIT has an entire class A network (about 16 million possible IP addresses — more addresses then allocated to all of china!) with a high density of computers exposed directly to the internet. The lesson being learned here is to update even more frequently and limit large complex web programs like twiki to lab members only.

Have you updated to firefox 1.0 yet? There is simply no excuse to use the old (over 3 years since last major update) and virus prone microsoft internet explorer.

One new feature in firefox 1.0 is the ‘live bookmarks’. See the orange radio wave icon in the lower right corner? Click on it, and it will add a ‘live bookmark’ to your bookmark folder. Live bookmarks automatically aggregate the news headings or latest entries from your favorite sites. You can quickly see what is new and read only those stories that are of interest to you.

Firefox also now includes several new features to prevent ‘phishing’ scams. Phishing scams are where the bad guys set up web sites for the sole purpose of collecting your private information. For example, a site that looks just like your favorite bank, complete with acount sign in and password fields. Thanks to bugs in IE many of these sites even display the authentic URL in the address bar. Firefox combats this at several levels. First, it prevents spoofing of the URL in the address bar. Second, it highlghts the address bar bright yellow if the site is secure, and finally, it shows the actual domain name of the computer your are talking to in the lower left corner.

Heather and I added some new photos to the image gallery. These include our trip apple picking at the Carver Hill orchard, a nice hike along the battle road trail(one of the starting points of American revolution) on a beautiful new england fall day, and finally some pictures of friendly squirrel who was not camera shy at all.

Heather asked me to install a shelf in our small computer room so I would have a place to store all my junk (CDs, manuals etc). On the surface this request sounded suspiciously like work, however after some thought I realized I would be able to go to Home Depot and buy some new toys! I ended up buying an ultrasound stud finder and a laser level to compliment a prior purchase of a cordless drill set. In my excitement, I almost forgot to buy the shelf and brackets! With everything in hand, I was able to have the shelf up (and level) in less than ten minutes. Of course I photo-documented the project.