mnr

XMLRPC == hacker gateway? Over the last few months, I've experienced a series of break-ins on this website. The hackers invade the site, set up a directory full of html files with names like "nude-agnes-bruckner-pictures/inflatable-sex-doll-pics.html" and then point search engines at these html files. The html itself either looks like a google search page, or re-directs to a phishing site. In addition, they insert a bunch of links designed to push their phishing sites up in the search engine ranks. Cleaning up after them requires looking for files modified with a certain date, and new directories created.

I've been puzzling over how they are getting in - their attack isn't obvious from any of the server logs. But I did discover some interesting activity that seems to happen at about the time of the intrusion, indicating that someone is interested in finding a copy of XMLRPC available on my machine.

POST /nucleus/xmlrpc/server.php
GET //nucleus/xmlrpc/server.php
GET /nucleus//nucleus/xmlrpc/server.php
GET /nucleus/nucleus//nucleus/xmlrpc/server.php HTTP/1.1
GET //xmlrpc/server.php HTTP/1.1
GET /nucleus//xmlrpc/server.php
GET /nucleus/index.php?catid=10&blogi%20...//xmlrpc/server.php
GET /nucleus/nucleus/xmlrpc/server.php
GET /xmlrpc/server.php
GET /nucleus/xmlrpc/server.php
GET /nucleus/index.php?catid=10&blogid=1/xmlrpc/server.php
GET /nucleus/index.php?catid=10&blogi%20.../xmlrpc/server.php
GET /nucleus/index.php?catid=3&blogid%20.../xmlrpc/server.php
GET /nucleus/index.php?catid=10&blogid=1/xmlrpc/server.php
GET /nucleus/index.php?catid=3&blogid=1/xmlrpc/server.php
GET /nucleus/index.php?catid=3&blogid=1/xmlrpc/server.php

wikipedia has an interesting write-up which describes xml-rpc as a precursor to SOAP. In any case, it appears that I've had a interpretive server available on my website since I installed Nucleus. There is also a discussion about the XML-RPC vunerability here.

Since then, I've removed xml-rpc from my website. If I don't repost on this topic, then that probably fixed the problem.

Posted by: mnr | Add comment

Janell and I were in Baja Janell and I took a week trip to La Paz, Mexico (actually California Sur). We took a trip through BOA down the west coast of Isla Espiritu Santo. These pictures are linked to google maps - if you click on the slide show, you can see a map of where they were taken.

Posted by: mnr | Add comment

Inauguration Ball Photos On the evening of January 21st, we threw an Inauguration Ball - what a great event! Here are some photos from our 2009 Inauguration Ball. If you want to view and download the individual images, you can find them here.

Posted by: mnr | Add comment

Did you know I have a "work" blog too? As if you're not reading enough of me, you can also catch my professional side. I blog for Adobe at http://blogs.adobe.com/notesfrommnr. Strictly developer stuff - but if you're working in the computer field - you'll find this interesting...

Posted by: mnr | Add comment

Friesen Ensemble Training I've been hosting an ensemble training session at my house since June of 2007. Once a month, we get a group of five to fifteen amateur Jazz musicians and spend about five hours with David Friesen, learning how to play Jazz in an Ensemble.

It's difficult - there are songs assigned, and you're expected to know the form, chords and be able to solo. But David does a great job of instructing, and can work with a lot of different levels.

Posted by: mnr | Add comment

The Neo-Con double standards drive me crazy The neo-con echo chamber on talk radio and Fox news astounds me with their audacity and hopeful dependence on the short memory of its audience. To the left is a great clip from the daily show, comparing "then" and "now" statements that neo-con pundits have made about Sarah Palin. For example...

Karl Rove on Mayors of small towns
August 29, 2008: listing reasons why Sarah Palin is qualified for VP - "she was the mayor of the second largest city in Alaska" (by the way, population 7,025, and is actually the fourth largest city in Alaska)
August 10th, 2008 listing reasons why Tim Kaine (former Mayor of Richmond, Virginia and Governor of Virginia) isn't qualified for VP - "With all due respect, Richmond Virginia is not a big town. Choosing Tim Kaine as a candidate is saying that you're really not concerned if this person is capable of being President of the United States" (by the way, Richmond, Virginia has a population of 1.1 million, and is the third largest city in Virginia. Oh - and the Capital city of Virginia)

Bill O'Reilly on Teen Pregnancy
December 18, 2007: "On the pinhead front, 16-year-old Jamie Lynn Spears is pregnant. But here the blame falls primarily on the parents of the girl, who obviously have little control over her."

August 2008: "Teenage pregnancy is a personal matter. Some people will judge Governor Palin, but we hope it calms down."

Dick Morris on Sexism...

November 5, 2007: When a woman wants to be President she shouldn't complain based on gender."

In regards to Hillary Clinton "This is what Hillary always does. Whenever she gets under fire, she retreats behind the apron strings."

In regards to Sarah Palin "A man would never have to go through this - it's deep sexism"

Even Sarah herself weighs in on the topic of women needing to be strong in the face of criticism. But I'll leave it to you to watch the remainder of the video...

Posted by: mnr | Add comment

Photos from our 100th Birthday This year, Janell and I will each turn 50. Combined, that's 100 years old. So we had a 100th birthday party last weekend.

We started off with the world's largest Scrabble game, followed by a performance by the Supa Dupa Marimba Bros. For those of you that couldn't make it, here are some photos...

Posted by: mnr | Add comment

My stories in Analog Magazine! The most recent issue of Analog Magazine contains the third story I've co-written with Rick Lovett. For the sake of posterity, here are links to the stories, and potential places you can buy the text or magazine.

NetPuppets: Dennis Brophy does computer support for a large pharmaceutical firm. He's overqualified for his job, but that's okay because he's a bit of a slacker, and when he's not upgrading memory chips or teaching people how to turn on their consoles, there's plenty of time to explore the Internet. Recently, he's found an unusually realistic character simulation program, apparently designed by psychological researchers who never bothered to shut it down when they were finished with it. He and three friends create some characters and set about trying to figure out ways to force them to do what they want in this twisty tale of human nature at its best ... and worst.

Deadly Intent: This was a really fun story to write. It was initially started as a challenge to a bunch of authors to start with a prescribed sentence, then complete the story using your own plotline. Unfortunately, none of the other authors completed the project. Rick and I wrote a version that was good enough for Analog.

The sentence: Courtney Brandt was warm to the touch. Which was truly bizarre because she was so solidy frozen I couldn't depress her skin enough to have found a pulse if there had been one to find. The story is a technical who-dunnit with a twist that software programmers will relate to.

"New Wineskins" is chillingly plausible and close to home, about a journalist who wanders into a scene that seems a little too idyllic to be true--and it is, concealing a sinister new twist on a (relatively) old problem.

Posted by: mnr | Add comment

The Melodious Song of the Guinea Fowl My family is aware that I like to experiment outside the lines of normal behavior. Nothing completely unexpected: no public nudity, no unusual structures, no explosives. However, my neighbors have recently become aware of my attraction to the odd, due to a mildly rash decision on my part.

Enter the wild Guinea Fowl. First, you're aware that I have a small flock of chickens that we keep for eggs. Recently, I applied for a Multnomah County Animal Facility License, and am now legally able to keep up to 10 chickens. This was in preparation to begin raising chickens for meat, as well as eggs.

The economics of raising chickens for meat requires that you start them from eggs, or chicks. Rearing them in an incubator requires a lot of fiddling around, and costs about $2 per chick to get started. In contrast, a rooster and a broody hen do the job for free, and with no need for a messy incubator. Too bad Roosters are illegal in city limits, due to the never-ending racket they create. And I say that nicely.

I was surfing Craigslist for fertile eggs, and came across some folks that had three Guinea Fowls (two hens and a rooster) they needed to get rid of. I did some quick internet lookup, and found that - oh joy - Guinea Fowl Roosters don't crow! And ... their meat is a prized delicacy in France. This looks like a great solution - they'll raise a crop of birds every three months - all I need to do is supply a small amount of food.

Well - I wish I had taken better notes on my sources, as I have learned that Guinea roosters don't crow, because they can't hope to match the amount of noise raised by Guinea hens. They simply don't shut up, you can hear them for about two or three blocks, and they reliably start at about 5:00 am. After the first morning, I circulated around the three block radius to discuss the new sound in the neighborhood, and my plans for noise abatement.

I have also learned that the hen's call is different than the roosters - and that I have three hens. So the whole self-reproducing thing isn't going to happen. Which is a good thing, considering that ten of these birds would generate more complaints than any single barking dog.

We are now two days and counting from an appointment with Harrington Poultry Processing. The neighbors can hardly wait...

Posted by: mnr | 1 Comment

Little Paper Cups Full Of Water May 25th. I'll be handing out paper cups of water at the University of Oregon Duck Bill Thrill Triathlon. Swim 1500m, Bike 40km and run 10km. I used to compete in these things - now I've moved to a more dignified (?) role.

Ok - I'm doing this because Will is competing in the race, and it's always a hoot to watch these folks do the event. Annndddd - Alex Ann (Will's girlfriend) is organizing the event. You can imagine it's a TON of work, so I'm happy to do whatever to make sure she gets a full enrollment. In fact, if you need a ride, send me an email (use the "contact us" link to the side of this message.)

But you - you ought to sign up first!

Posted by: mnr | Add comment