Wired Sage

I received an email from my brother yesterday. It was a joke email with a subject “Don’t swallow ocean water” and had the following attachment:

Don't Drink Ocean Water

I had a chuckle. I am a guy after all. Low-brow humor affects me. But several hours after receiving this email, the horror of the image hit me. That poor, harmless, mammal, has been killed, hauled up on deck, and will be carved up, shipped to Japan and sold for close to $115 per pound at current exchange rates.

For a brief moment, I was ashamed that I thought it was humorous. Then it hit me. This is genius! If other people react like I did, then they’ll laugh, email the photo around, and hopefully come to the same conclusions I did and be horrified they laughed at a photo depicting slaughter. This image is viral. It should be passed around harmlessly as a joke, and hopefully the image will slowly eat away at the psyche of the viewer and convert their way of thinking.

I don’t condone the killing of whales. I personally think something needs to be done. I feel protesting with your wallet is the most powerful way to make a statement. You vote every time you reach for your credit card. Maybe a boycott of all Japanese electronics? All goods Japanese?

I was browsing my logs today. I get bored sometimes. As a security guy, it’s something I know I should do more often. It just seems a little pointless. No bragging here, my time is expensive. Every minute I’m not working is a minute I’m not securing my family’s future. I sound like an investment commercial there, but it’s true. In life, nothing is free, there is a cost that can be associated with everything. Like the costs of running this site. Some would argue it’s only a few dollars a month. I feel though that it’s more than that now. You see today, I’ve seen tracks… traces of an undesirable element in my log files. Yes, today, I have seen the tell tale sign of haxors.

zero sum game

I use that spelling specifically. I’m one of those old-fogies that call themselves a hacker. But I’ve never done harm. Never deleted a file. Never defaced a website. Never threatened anyone’s lively hood. I have played a practical joke or two. But nothing that brought any harm, real or perceived. In my mind a true hacker is a ‘computer enthusiast.’ A person who likes to play games and solve puzzles. A person who likes to cobble together creative solutions to technological challenges. For example, the other week I decided to see if I could have a radio-show without a microphone. Why? For the same reason people climb mountains, “Because it was there.”

Haxor is my way of identifying one who is not a true hacker. One who is trying to spread malicious code, create a bot network, deface a website, etc. You might have heard terms like script-kiddie, cracker, hijacker, etc. I like haxor.

Anyway, I started my site using iWeb to publish static content here. It seemed to work fine. But one of my very close friends, also in security, basically refused to come here because the created code was so javascript heavy. I kept my eyes open for a solution to this dilemma. I want something that I can quickly and effortlessly publish and update that produces good clean code. Another colleague of mine suggested WordPress. I did some research and found it to be quite nice. I have some reservations running a php based site, but I put a little effort into setting it up properly. I also found that I could use Gallery with iPhoto (there’s a nice plugin that allows me to publish effortlessly) and I now have a site that is accessible, robust and easy.

Today, I saw why I was originally hesitant of running a PHP site. The requests in my logs were for install configuration php files and other files that had my database password within. Now while this is distressful, it’s not something I didn’t expect to happen some time sooner or later. I didn’t think my site was popular enough to warrant a haxor presence, so on one hand I’m pretty flattered. On the other, I just have to wonder why? Is it because I’m in security? It is because I’ve upset someone? It wouldn’t be the first time, believe me. What is the benefit and what is the cost?

No-win scenario

Well, the benefit might be bragging rights that a security guy’s site was haxed. But there’s really not much to brag about. I put very little effort into securing this information.

What is that you say, Mr. Haxor? You own my database? You know my password? That password is either really lame and low security or randomly generated. It won’t even get you into my email. Believe me, it’s only used for the database. And I have backups of my database. Purge, reinstall, restore, and I’m back up again.

What is that you say, Mr. Haxor? You have uploaded nasty maleware to my site? No worries, rm -rf ./* will fix that. And I have backups of my site too. It might take a few days to upload it all, but you’ve done nothing but waste some of my precious time.

What is that you say, Mr. Haxor? You pwned me? You think this is a game. That’s funny, because I wasn’t playing any security games with you. I don’t have time to. You’re really not worth my time. Nor is finding and plugging any security holes in WordPress or Gallery.

Will I plug holes that you so rudely point out? Yes, because I don’t want to continue wasting my time restoring my website. Will that mean you won and forced me to play your stupid games? No. There is a secure way of using these programs, it’s just a waste of my time and website resources. Will I eventually do it? If you piss me off enough probably. But then again, where are you going if your goal in life is to piss people off? My guess, prison.

So everyone knows, this site is a soft target. Nothing special here. No time, money, or desire to secure it. If you’re just a griefer, realize this, I could not care less. As in, I care as little as possible. As in, this is my notebook. If it’s lost, burned, or soaked in coffee, I’ll just replace it.

If you crack this site I officially declare you to be a script-kiddie-wannabe. Weak. Lame. Tired. Pathetic. Go beat up a first grader. You’re still worthless. You have proven nothing.

Time to step down from my soapbox.

I ran across a quaint little collection of quizzes on the net the other day. One of which is linked here, “Are you a Mac Fan( boy || girl )?” Don’t get me wrong, I love my iMac. I really do. By far it is the most functional computer I have ever owned and/or operated. The interoperability of hardware and software is far superior to anything around. It makes getting things done so simple, so easy — whether it is creating a BLOG entry or capturing video footage, editing it, and turning it into a polished, professional looking DVD for friends; it’s as easy as 1-2-3, apple pie, or at least it was.

Yes, you read that right. It was that easy. Was being the operative word. Like the hypodermic needle above shows you, I’m not an Apple addict. I’m not a mindless apple drone. I got this machine to get things done and although it was flawless and perfect to begin with, one upgrade later I’m blogging and questioning the wisdom of Apple.

I recently upgraded to a new HDD camcorder. I have been using the camcorder a lot. I really like it. JVC did a fantastic job. It’s small, powerful, awesome picture, no tapes, super optics, great resolution, tons of record time, superb all around. I can’t say enough great things about it. And with all things new, I had to upgrade to iMovie 8.0 to support the new technology. Sure, fine, that’s expected. What I didn’t expect is the crippling differences between iMovie HD and iMovie 8.0.

iMovie 8.0 boasts some major improvements over iMovie HD in the way you edit. It’s intuitive, next generation, easy, fast, clean, fun, etc. As I used it to edit out the not so perfect video work I did, I really fell in love with it. The two together — JVC HDD camcorder and iMovie 8.0 — created a HUGE TIME SAVINGS. Importing the footage was faster than real time. Editing the footage was streamlined and lightning fast. I was in heaven at first. This was going to mean I could produce polished videos faster than ever before. I’d have more time to maybe produce more videos, cure cancer, work on world peace, end poverty, or stop global warming.

Do you grok how great that was? Again, was being the operative word in that last sentence.

I had captured and edited three separate projects in record time. I was now ready to burn some DVDs. So, in iMovie 8.0 I chose the menu option Share and … what? Where was iDVD?

iDVD missing from the Share options in iMovie 8.0.

I expected the iTunes and .Mac share options. O.K. and I’ll admit “You Tube” was a nice addition; but, not at the expense of iDVD! Wilco Tango Foxtrot Batman? What moronic intern at Apple made that decision? Can you say, Bone-Head?

So, I had the Microsoft-ish task of figuring out how to fit a square peg in a round hole. Annoying.

Google is your friend. Search the net. I’m not the only one to have this problem am I? Nope, lots of people have complained and posted about it. Good. Only, there are no good solutions. Damn it.

I’m beginning to think that Apple has been infiltrated by Microsoft engineers in an effort to make Apple suck more like the Seattle based computer-suck-megacorp. But that belongs on a conspiracy theory website. I have no proof.

So, in iMovie HD, when I had edited a project and was ready to do the next logical thing (output to DVD), I only had to choose the iDVD option and presto-change-o! I was cooking with gas.

iMovie HD links seemlessly with iDVD.

Now I had to export my iMovie 8.0 project with the “Export using Quicktime…” share option, save the movie to DV stream, import the DV movie into iMovie HD, add chapters (another bone-headed-omission in iMovie 8.0), share with iDVD, choose a theme, tidy up my menus, burn to disk image, load the image in Toast, and burn to DVD. This is just like the crap I had to go through with my old XP setup. I bought the Mac to get away from stupid crap like this.

Why the omission? What was Apple thinking? And more importantly, when is Apple going to fix it? I want a patch. Now!