Author: Paul Tomblin

That I did not need!

Update: It’s worse than I thought. I assumed that there was a vulnerability in html2text.php that allowed them to send email, but no, they used a vulnerability in html2text.php to download malicious code, and install something called “mock” in /tmp/.m and a script called “c” in /tmp/send. There were several copies of “c” running just now, when I ssh’ed in from my Treo to delete the files, kill the processes, and restart Apache. This is the first time I’d had malicious code installed on my system in over 15 years of running Linux. I feel so dirty.

As I was getting ready for bed, I chanced to look at my mail queue on munin, only to discover that some time yesterday, my outgoing mail queue was up to over 2500 messages, which is 10 times higher than I’ve ever seen it before. Oh oh, must be a spam run, I thought. It was worse than I thought – it wasn’t blowback from spam being sent out in my name, it was OUTGOING.

It took the last half an hour to find the culprit – RoundCube web mail that I installed soon after I started work at Paychex because I couldn’t ssh home to read my mail with mutt. I don’t know if I missed a patch or what, but there were a whole bunch of hits on “POST /webmail//bin/html2text.php”. I’ve removed it. I guess I’m in the market for a good secure web mail system again.

Hopefully I didn’t get marked as a spammer on too many sites.

Scratching an itch?

I’ve been looking for an aviation logbook for the iPod Touch, and not finding anything that is both suitable and inexpensive. Searching the app store for “aviation logbook” or “pilot logbook” finds one that’s $40, and meant as a companion (not a replacement) for a desktop program that costs twice as much, and another one that was about $5 which, after I bought it, turned out to be useless for general aviation. The Palm one I’ve been using for years and years, cost about $12 and does almost everything I could possibly need. I wish it could keep track of my IFR currency automatically, but other than that, it’s pretty nifty.

So unable to find what I wanted, I took the precipitous step and signed up as a registered iPhone developer. I’d been holding off on doing this, because I’ve always thought that my next smart-phone was going to be either an Android (Google) phone or a Palm Pre, and developing for those is a completely different kettle of fish than developing for the iPhone. On the other hand, the Apple Application store is well developed and seems to work well. Now to teach myself Objective C. From what I’ve read so far, it looks like a horrible language – sort of what C++ would have been if it had taken a wrong turn down an alley and gotten mugged by tcl.

PostgreSQL woes

I was up to 2:30am last night, and up again at 8:30, working on a problem with PostgreSQL. I spent a week and a half consolidating the data that comes from OurAirports.com and my existing data, and trying to figure out who was right when they disagree. I finally got that finished up at around 8pm last night, but didn’t load it on the production machine until after I got back from a party around midnight.
Continue reading “PostgreSQL woes”

Harsh

When I was on the cross country ski team at University of Waterloo, we had our own temperature scale. From warmest to coldest, it was

  • Cold
  • Damn Cold
  • God Damned Cold
  • God Damned Fucking Cold
  • Harsh

Back then, because we spent so much time out in the cold and were pretty damn fit, I think “Harsh” was around -40, which is the temperature we experienced for the entire week of our first Christmas Ski Camp. That’s where future Olympic silver medalist and future several time wearer of the Malliot Jaune and Malliot Blanc in the Tour de France, Steve Bauer, showed me how to put a plastic bag down my shorts to prevent a painful frostbite.

These days in my aged and infirm state, “Harsh” is what we have been experiencing the last couple of days. It was 7°F when I drove home tonight, and in the cold today I broke my new snow brush and my very fancy and expensive sunglasses that I bought in Oshkosh last year. Plus my gas mileage is in the pits because the engine has to run to keep the owner warm.

Tip jar service?

Man this off-line blogging is a blessing and a curse, isn’t it?

Now that Amazon Honor System has gone away, what other options do I have for soliciting donations on my navaid.com website? I get most of my donations through PayPal, but some people preferred to stay away from PayPal for some reason. Amazon has a donation service, but only for registered charities.

We’re only talking about $5 or $10 a month, so it’s not like I need a full ecommerce solution.