MacAlpine.org

After watching the death toll in south east asia climb to mind numbing numbers over the last few days, Heather and I have made a donation to the red cross disaster relief fund (Amazon has a 1-click donation set up). I’ve never really felt the need to donate before. Starving people in other parts of the world have never really been my problem. In the US, we rate our disasters on property damage and economic impact — 15 billion for that storm 2 billion for this huricane etc, not in human lives. This tragedy is simply incomparable. Particularly frustating is the news coverage. CNN ran a front page story on a ’supermodel’ who survived the tsunami as well a financial story on Victoria’s Secret and the impact this disaster would have on the retail chain (majority of lingerie is made in Sri Lanla). 100,000 people dead and we are worried about super models and underwear. Donate.

First mouse infestation at the apartmentlet. Haven’t seen a mouse since the days at 4 Blanche st. A week ago we noticed that our brand new bag of sandwich buns had a hole in the bag and in a bun. Assumed the damage had from a mouse at the store. A week later we noticed somebody had been helping themselves to our stale pita bread. Bought some snap and glue traps. Caught our first baby mouse tonight. He was actually kinda cute. Baby mice are the worst because it means that there are many many more mice in the walls. I guess it is time to buy some mouse poison.

Lots going on here at work. My Drosophila chromosome 2L replication paper finally came out in ‘Genes and Development‘ this month. I just finished writing a review paper for ‘Chromosome Research‘[bastard ie only site], which entailed a lot of AOPD (analyzing other peoples data) — never fun. I did manage to get away from the computer for a few hours to enjoy the departmental xmas party with Heather. A characicture artist at the party made a great drawing of Heather, except for the fact that it looks more like Cameron Diaz than HROD.

Ater 3 months of operation no beer donations were received. Thus, we can conclude that WiFi leachers are morally inept, and would prefer to pilfer than leave a trivial donation. All internet traffic is now directed to this static page.

Instead of writing a review that is due in just a few weeks, I’ve found a new distraction to help me procrastinate. That distraction is Blender a 3D modeling software package. Blender is a very high end graphics package used by animation and modeling studios that has recently become open source. Check out the gallery to see just a few of the example renderings. However, the learning curve for this package is steep! If the learning curve for Vi/Vim is a San Francisco hill, the Blender learning curve would be Mt. Mckinley (in winter). I followed the 30 minute tutorial and 6 hours later, I had generated a gingerbread man. But wait! That’s not all, I was also able to animate the gingerbread man. I also included an action screenshot of the blender user interface where I modeled the gingerbread man. Procrastination is bad…but fun.

You may have noticed that the computer that runs this site was down yesterday. A hacker broke into the computer and gained root access and installed the ‘SucKit’ root kit. Luckily, MIT actively monitors their network, and noticed the ‘fingerprint’ of a compromised system within minutes and shut down the computers IP address. So I’ve spent the majority of the last two days reinstalling Debian linux on the computer. Most of the time was spent reconfiguring the various services that need to run on this computer.

What anoys me the most is that I’m pretty paranoid about computer security– crytpic passwords, only a few essential ports are open — ssh,smtp and http and I stay uptodate with security patches…So how did this happen and why my computer?

The intruder was able to gain access through the search function (Search.pm) in the Twiki software package. Twiki provides a collaborative (editable) web page for our lab. This vulnerability, which grants shell access) was first reported on the bugtraq security mailing list Nov 12. Debian had a patched version of the software available Nov. 13th. (lets see microsoft move that fast). Unfortunately, I only update my system on the weekends — that way I have time to fix it if something else goes wrong with the update. Anyway the intruder used the vulnerability to gain access to the shell at around 11:30 PM on the 17th, from the shell he was able to install and run the ‘SucKit’ root kit (how he was able to gain root privileges from the shell is still a mystery). At about 11:34P MIT cut the network connection, effectively cutting the hacker off. So why my computer? Well, I don’t think it was targeted other than the fact that I was running a broken version of the Twiki software. Everyday, I get upwards of several hundred failed ssh attempts on this computer. The MIT network is a popular target for hackers because of its size and speed. MIT has an entire class A network (about 16 million possible IP addresses — more addresses then allocated to all of china!) with a high density of computers exposed directly to the internet. The lesson being learned here is to update even more frequently and limit large complex web programs like twiki to lab members only.

Have you updated to firefox 1.0 yet? There is simply no excuse to use the old (over 3 years since last major update) and virus prone microsoft internet explorer.

One new feature in firefox 1.0 is the ‘live bookmarks’. See the orange radio wave icon in the lower right corner? Click on it, and it will add a ‘live bookmark’ to your bookmark folder. Live bookmarks automatically aggregate the news headings or latest entries from your favorite sites. You can quickly see what is new and read only those stories that are of interest to you.

Firefox also now includes several new features to prevent ‘phishing’ scams. Phishing scams are where the bad guys set up web sites for the sole purpose of collecting your private information. For example, a site that looks just like your favorite bank, complete with acount sign in and password fields. Thanks to bugs in IE many of these sites even display the authentic URL in the address bar. Firefox combats this at several levels. First, it prevents spoofing of the URL in the address bar. Second, it highlghts the address bar bright yellow if the site is secure, and finally, it shows the actual domain name of the computer your are talking to in the lower left corner.

Heather and I added some new photos to the image gallery. These include our trip apple picking at the Carver Hill orchard, a nice hike along the battle road trail(one of the starting points of American revolution) on a beautiful new england fall day, and finally some pictures of friendly squirrel who was not camera shy at all.

Heather asked me to install a shelf in our small computer room so I would have a place to store all my junk (CDs, manuals etc). On the surface this request sounded suspiciously like work, however after some thought I realized I would be able to go to Home Depot and buy some new toys! I ended up buying an ultrasound stud finder and a laser level to compliment a prior purchase of a cordless drill set. In my excitement, I almost forgot to buy the shelf and brackets! With everything in hand, I was able to have the shelf up (and level) in less than ten minutes. Of course I photo-documented the project.

While working on the computer that runs BeerNet, I accidentally spilled a beer on the keyboard. Oops. I thought all was fine, but the next day half the keys failed to respond when pressed. Damn. Used this as an excuse to buy a wireless keyboard and mouse. Bought the ‘Cordless Desktop LX 300′ from Logitech. The wireless optical mouse is very nice, the keyboard I’m not quite sold on yet. The feel is a little soft, on the positive side it is very quiet. The previous keyboard was much louder. As I tend to wake up in the middle of the night to work (write), Heather is much happier that this keyboard is quieter than the previous version. The main downside is that the ESC key was added as an after thought. My word processor of choice Vim, a Vi clone, makes extensive use of the ESC key. In the next few days I will try to remap the ESC key to maybe the CapsLock key. Who really uses CapsLock any more?