Mostly Harmless

And now, the coolest thing since Google.com… images.google.com.

** Flash Warning **

This would be funny, if it weren’t so sad.

The record is for "Highest Dollar Amount of Food Contained Within a Single Hand held Grocery Basket (Not Counting Such Obvious Trickery As Loading Said Basket With Vitamins Or Smoked Salmon, etc.)."

The old record was about $97ish, I think. That record fell, and fell hard, because of the tremendous amount of protein-laden items purchased for my new high-protein, high-fat, low-carb diet (see here

I’ve been too busy playing Quake at relatively high frame rates (115 fps with sound off, 80 with sound on, vertex lighting) on the new Mac to update the web log. Let’s just say it makes OS X much more livable; apps launch faster, the system is more responsive everywhere, and I’m surging ahead in the rankings on the distributed.net RC5-64 encryption challenge.

Two things will improve this even further: Mac OS 10.1, due in Sept. (earlier for me though, I’m a "developer"); and more RAM.

Avid readers of this web log will recall that I ordered a 512 meg DIMM ($75!) just after ordering the Mac. I got the RAM about a week before the computer… imagine my dismay when the RAM turned out to be incompatible. Grrrr.

So now I eagerly await my replacement DIMM, which they claim will be compatible, because playing Quake with only 128 megs of RAM is, in a word, sub-par. (Quake3 FPS tip: "/s_chunksize 4096", default is 1024, you need to restart Quake for that to take effect, it isn’t bound correctly.)

Anywho, what are the down sides of a much faster computer with a much faster hard drive? Well, you can accidentally delete 5,000 files in a couple of seconds, for example.

There I was, minding my own business, writing a Perl program and needed to have the date in a variable which would then be used to create a directory (ala: somedir/08_2001/081201/). Having not written anything in Perl for, like, a couple of months, I made the rookie mistake: $d1 = `date +%m_%Y`; and neglected to chop my variables, thusly: <tt>chop $d1;</tt>.

What this means is that I ended up with a suspicious looking directory ("<tt>08_2001?</tt>") which had a linefeed and a "/" in the name. Attempting to delete it, recursively, of course failed to delete the offending directory but did, naturally, start slashing through the root dir ("/") like a tornado ripping through a trailer park. (I eventually deleted the parent directory to remove it.)

My reaction time wasn’t quite as good as it should have been, since it was about 1:30 am, and I missed the Control key once or twice; which didn’t help. The damage? Happily the system files are owned by root so I don’t think I lost any of those (and that’s what gave me a little clue that something was amiss). Unfortunately, the "/Applications" directory was not so lucky. (I would like to thank the 2,670 files and seven applications in "Apps by Stone Design" for taking one for the team). I lost all the apps from "A" to "L", which was at least 5,000 files in about 2 seconds. Yowsa!

I recovered quickly though because of the heavy redundancy (read: clutter) on my drives. I’ve got the same crap in about 4 places since I’ve been doing a lot of computer and drive swapping lately. So I am once again editing this in BBEdit 6.1, and listening to iTunes, and considering "chown root"ing everything in "/Applications."

It seems like we’re well into Round 2 of the CodeRed worm. I’ve had 130 hits on one of my servers and this domain has had 123 unique hits. But, this server (which hosts 345 web sites!) has had a total of 38,736 hits.

There are two strains now. One looks like this:

164.73.191.6 - - [20/Jul/2001:05:38:42 -0500] “GET /default.ida?NNNNNNNNNNNNN… (etc)…NNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801% u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00% u531b%u53ff%u0078%u0000%u00=a HTTP/1.0″ 404 284

The new one looks like this:

61.43.209.44 - - [05/Aug/2001:01:14:09 -0500] “GET /default.ida?XXXXXXXXXXXXX… (etc)…XXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801% u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00% u531b%u53ff%u0078%u0000%u00=a HTTP/1.0″ 404 284

You can now do cool things like this:

http://infected_system/scripts/root.exe?/c+dir+c:

That will give you a directory of their C: drive; how quaint! Now are you going to patch your IIS server? Hmmmm?

You can do your part by sending in your logs. Of course, running Apache is a good way to avoid any problems as well.