Music Monday: Opportunities

Hi there, and welcome to another in our long-running Music Monday series. That being the royal our, becuase it’s just me writing these.

Watch Pet Shop Boys, Opportunities (Let's Make Lots of Money)

Today’s song is the Pet Shop Boys warning us about Silicon Valley in their 1985 single, Opportunities (Let’s Make Lots of Money):

I can program a computer;
Choose the perfect time.
If you’ve got the inclination;
I’ve got the crime. ♫

Okay it probably wasn’t about that specifically, but I still love the lyric.


Fun with a phpMyAdmin honeypot

Honeypots are fun. In IT parlance they’re a deliberate attempt to make a server look vulnerable, in the hopes of attracking a nefarious user or drive-by scanner. You can use these passively to witness what exploits and common passwords are in the wild, or actively by dynamically training your firewalls and reporting IPs performing abuse.

My favourite is creating a simple webserver with /phpMyAdmin/ in the root, then watch the server logs fill with all kinds of random fun.

Here was a log entry from this morning, showing an attempt to log in through a GET request on the dummy web form with root and 123456 as their credentials. Scripts only try this because they must work sometimes, which is a bit scary to contemplate.

$IP_ADDRESS - - [19/Aug/2019:06:54:06 +0000] \
"GET /phpMyAdmin/index.php?lang=en&pma_username=root&pma_password=123456 \
HTTP/1.1" 200 6529 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) \
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"

All the attempts from this morning’s haul are in my lunchbox repo for those interested. These are what were attempted, in order:

  1. Usual suspects like root
  2. Software names like mysql
  3. Appending the above with numbers and exlamation points
  4. Sequential, then random 6-digit number sequences
  5. First row letter sequences like qwerty
  6. Alphabetical order sequences, like abcdef
  7. Mix of dictionary words, proper nouns, and keysmashes

They attempted 1,052 passwords before giving up; comparitively few compared to others which can run into the tens of thousands. Also, I have my new alias: Qidian Wlozz!

Goodbye again to the Linux Journal

The Linux Journal shut its doors one again, which breaks my heart. Kyle quoted his earlier farewell from 2017:

Ultimately, we couldn’t keep the lights on. Linux Journal announced that it was shutting down on December 1, 2017. I followed up that announcement with an emotional farewell of my own. If you read that farewell, you’ll see that somewhere in the middle it changed from a memoir into a manifesto. My sadness at seeing something I had worked on for ten years going away was replaced by anger that the Linux community had seemed to lose its way. I lost my way. I took Linux and FOSS for granted. It became clearer than ever to me that while Linux and FOSS had won the battle over the tech giants a decade before, new ones had taken their place in the meantime, and we were letting them win.

I remember buying the LJ at the cavernous Borders and Kunokuniya in Singapore, the former being another icon that has ceased to exist. I learned more from LJ and Linux Format out of the UK than I did from any textbook or class. For years I thought it was above my technical ability, but even in those formative years I found their guides and explanations fascinating and thoroughly well written.

Despite the name, their journalists were also a valuable source of BSD and general *nix information going back decades. I can’t remember which article or issue it was for certain that first made me more aware of FreeBSD as a then-NetBSD user; I feel it was something about ports.

I also appreciated Doc Searls’ vocal and unapologetic stance on privacy.

Sadness about the loss of a great publication aside, Kyle also touches on an important broader point. What guts me is that the infocomm industry, as a whole, is awash with cash. More people are reading online content than ever before, demonstrating there’s interest and a potential market. And yet journalism around the world, not least LJ, is faltering.

There’s a line of reasoning out there that journalism being able to count on advertising was a happy accident, so IT companies that took their lunch owe them nothing. I’m iffy about that last point, but even if I wasn’t, surely journalism is a sufficiently worthy project to continue supporting? If you gut what we all understand to be a critically important industry, not just for democracy but for a healthy and well functioning society, what do you expect to happen?

At the risk of sounding melodramatic, this keeps me up at night. We’re going to have to get used to populism and other creeping nastiness if we don’t fucking figure this out; that’s what’s at stake.

I subscribe and pay for a dozen electronic newspapers and magazines a month, but just as charity is no substitute for social security, we need it to scale for it to make any meaningful impact. I’ll admit though, I’m not sure what the answer is.


The SS Grampian

Photo of the Grampian after her collision, showing the buckled bow

Wikipedia had this on its Did you know… section:

Did you know that the captain of the SS Grampian intentionally rammed an iceberg head-on so as to avoid the Titanic’s fate?

I did not know that! And frankly I’m ashamed, given I consider myself a intermediate beginner expert on early twentieth-century liners. From the article:

During the summer of 1919, Grampian was on her way to Liverpool, with 750 passengers and a crew of 350. Of the passengers, 500 were women and children. On July 10, 1919, the ship struck an iceberg off St. John’s, Newfoundland, Canada. Two men were killed and two injured during the collision.

The crash was very similar to the sinking of the RMS Titanic seven years before. However, Grampian was spared the Titanic’s fate as the iceberg did not strike the side of the ship, as had happened with the Titanic. The decision to hit the iceberg head-on was a conscious choice by the captain, who knew the dangers of an iceberg slicing open the ship’s metal plating. When the iceberg was sighted, the captain realized he could not avoid it and so decided to hit it squarely in the bow. The ship was traveling slowly at the time. Passengers in the smoking-room reported that the impact was slight and they were not even thrown from their seats. Even with the slow speed, the front of the ship was crushed. Grampian was not damaged below its waterline and was able to steam to port in New York.

ThinkPad feedback from @sjdorst

Steven Dorst (Twitter, blog) had some feedback on my ThinkPad X40 nostalgia post:

Ha! I too loved my X40! And my current laptop is its descendant, the X240 - which is also my desktop with 2 large monitors through the Pro docking station!

In regards to me being spoiled by Apple’s Retina/HiDPI:

My first laptop was an IBM with no trackpad and used the Touchpoint thingy for pointing. That spoiled me. Since then, ALL my laptops have had Touchpoints. And that means Lenovo since they still hold the patent from their spinoff from IBM. I disable the trackpad on my Lenovos.

TrackPoints are superior for so many reasons. They take up less space, so fewer inadvertent trackpad swipes. You can be precise. You don’t need to take your fingers off the home row. And while I liked the Toshiba ones growing up, I love that IBM/Lenovo coloured them red to match the line’s design language.

When docked, I use a trackball and an external keyboard. Hi res isn’t important to me with the things I do. While my first modern desktop was a Fat Mac, I’ve been in the PC world since the late 80s.

Agreed, trackballs are the best external pointing devices. They don’t need to be moved around the table, and as with the TrackPoint you can be more precise.

I absolutely don’t need high-res, but if given the choice between a touch screen or crisper text, the latter would win. To me it was like going from an early Kindle to the current Paper white; everything just pops.

Fortunately there are a few ThinkPad models which do have Retina-equivalent screens with discrete GPUs, like the X1 Extreme above. Almost certainly overkill, and no cheaper than a MacBook Pro, but one with FreeBSD and a functional keyboard would be sweet.

Steve Hofstetter on Robin Williams

Robin Williams and Steve Hofstetter

Posted on his YouTube community page:

We lost Robin Williams five years ago today. Sometimes the happiest people on the outside are the saddest on the inside. Please remember to check on your loved ones.


Anime motorbikes and scooters

Speaking of retrospectives on posts from exactly a decade ago, back in 2009 I shared this fanart of K-On! character Akiyama Mio riding a motorbike. All I could find of the original artist was a link from Zerochan to their Pixiv page, which is no longer active.

It got me thinking which other characters I knew that rode bikes or scooters. In light of the recent Kyoani tragedy I feel it’s incumbent upon me to point out my another personal favourite from a series they animated: Fujibayashi Kyou from the 2007 anime adaptation of Clannad. Here was a key visual that showed their penchant for gorgeous landscapes:

Fast forward a decade, and we had Shima Rin from Yurucamp last year, another slice-of-life series I thoroughly enjoyed.

But I’d still say the winner is Gintama! One day I’ll finish all nine million episodes, I promise.

(Damn it, I just remembered FLCL as well).


The ThinkPad X40, an all-time favourite

I got something awesome a decade ago to the day:

After just over a year of searching online, offline and everywhere in between (subspace?) I finally managed to procure myself an IBM ThinkPad X40 and USB powered IBM combo drive in excellent condition for less than AU$300 from an Adelaideian.

Netbooks were the rage at the time; remember when all the pundits said Apple was doomed and stupid for not shipping one? One day these talking heads will make a prediction about Apple and be right, but I don’t think any of us are holding our breath. Anyway I made the comparison at the time that for the same price as a junky netbook, you could have a premium-grade machine. And here it was:

The ThinkPad X40

I’d still say my iBook G3 is my favourite laptop of all time, just because it got me through high school. It was also one of my first forays into BSD, specifically the PowerPC version of NetBSD which just worked. People so often ask why I keep a toe in the NetBSD pool despite having moved most of my stuff to FreeBSD; that’s the reason :).

But that ThinkPad X40 was easily my second favourite laptop. It was second hand, but it was built like a tank, the battery still lasted forever, the keyboard was an absolute pleasure to type on, the trackpoint was still better than any touchpad, and I loved the fact it didn’t have a useless widescreen. It dual-booted FreeBSD and either Debian or Fedora for the entire time I had it.

Alas, many years later it was lost when the battery leaked and corroded all the way through the case and screen. I know now that if I care about maintaining vintage hardware in my small museum, remove the damn batteries.

Huntington State Park

I was reading Wikipedia’s article about New York, then ended up in Connecticut, which lead me to Fairfield County, and this beautiful photo by AskJoanne taken at the Huntington State Park in Redding. No relation to Otis, who was born in Georgia. No relation to the country.

I think I have a new desktop background candidate for my work phone, it’s impossible not to feel calm looking at this.


Common myths about private browsing

This is what you see when launching Private Browsing in Firefox:

Firefox clears your search and browsing history when you quit the app or close all Private Browsing tabs and windows. While this doesn’t make you anonymous to websites or your internet service provider, it makes it easier to keep what you do online private from anyone else who uses this computer.

It then links to this Mozilla Support article:

Private Browsing is a useful feature of Firefox, but only if you understand the protection it offers. It helps you obscure your online activity from other people who use Firefox on your computer, but does not make you invisible online.

They list these common myths about Private Browsing mode:

  1. It makes you anonymous on the internet.
  2. It removes all traces of your browsing activity from your computer.
  3. It doesn’t display any browsing history.
  4. It will protect you from keystroke loggers and spyware.

It’s telling that these facts needed spelling out. It’s perfectly reasonable for a layperson to expect a Private Browsing mode to be private, regardless of technical limitations or considerations.

I was worried when such modes were added to all the major browsers, not least Firefox. We’ve seen the stories of people being lulled into a false sense of security thinking their browsing was private when leaking information, or browsing nefarious sites that end up stealing their identities and money.

I’m glad to see information like this directly linked from Private Browsing mode in Firefox, but still people aren’t heeding the warnings. It was inevitable; we’ve been trained by visual onslaughts and bad UI design to dismiss dialogue boxes with the most cursory of glances. It’s why, for all Microsoft’s best intentions, those Cancel/Allow messages in Vista were an abject failure.

I still think we should do away with the name entirely and call it Sandbox Mode, or something more generic that someone without an engineering or IT background would understand.

Update: I went back to my Mac and checked what Safari says. It spells out clearly what Private Browsing mode does when you launch it:

Safari will keep your browsing history private for all tabs in this window. After you close this window, Safari won’t remember the pages you visited, your search history or your AutoFill information.