ihnatko’s posterous

         

Click here to download:

Scenes_From_A_Bleeding.zip (3344 KB)

-- A.
 
Sent from my iPhone

Loading mentions Retweet

Hmm.
 
I mean...
 
...
 
Hmm.
 
So. Yes, there's a Wordpress worm infecting loads of sites. I was prepared to nuke Ihnatko.com completely and rebuild it. "Prepared"? I was fully Resigned to it. As the Colonial Marine in "Aliens" so wisely noted: "Nuke it from orbit. It's the only way to be sure."
 
I backed up all of my databases two different ways...first from the WP console and then directly from phpMyAdmin. The latter is the entire DNA helix of the blog: every user, every post, every comment, etc. If you restore your blog using the original MySQL databases, bingo: the blog is back, just as it was before. But it's possible that the worm put something nasty in any of those databases. When you Export your site via the WP console, it skips over the database file and exports information that can then be imported into a new database file; this is safer, though certain relationship elements can be lost. Or so I have come to understand.
 
I did the "close your eyes and commend your soul to God" bit. I FTP-ed to my server and trashed all of the existing Wordpress software, leaving behind only my content directory and one existing script: wp-config.php. It's kind of the keychain to the site databases, and the new Wordpress installation needs it to unlock all of my data. I checked the file carefully to make sure that no additional code had been injected.
 
I downloaded the very latest Wordpress and FTP-ed it into the directory. Then I opened the admin page for Ihnatko.com, clicked the button to upgrade the database, and Ihnatko.com was back up and running.
 
All of this is just the standard procedure for upgrading Wordpress.
 
I'm trying to figure out if I've actually fixed the problem. I did a lot of poking around. Lots of folks are discussing this worm and the same two fixes keep coming up:
 
1) Repair the permalink problem simply by going into WP's "Permalinks" setting page and manually changing it back to what it was. Done.
 
2) Remove the new admin account that the worm created. Tricky. The worm tries to cover its tracks, but there's a way to uncover its invisible admin:
 
http://www.journeyetc.com/2009/09/04/wordpress-permalink-rss-problems/
 
Fab. Trouble is...I looked and I'm the only admin on this Wordpress system.
 
I can't find it on the Wordpress "Users" page. I can't find even it using the trick described in the above URL.
 
"Okay, but that's kind of the definition of 'an invisible admin', isn't it?" I thought. So I looked directly in the databases. I even opened the MySQL databases as text files and ran a GREP or two. Nope. I can't find any trace of any Admin-level users, apart from myself.
 
I did find two or three suspicious-looking Subscriber accounts out in plain sight. A couple from the .pl country domain and a couple of Gmail accountnames that had all clearly been created by a bot of some kind. I deleted any user that wasn't obviously human.
 
But did they have anything to do with the worm? I have to guess that these were just the unrelated result of spambots, creating accounts so they could leave comments along the lines of "She wants to play a trombone, not a kazoo...free sample pack available."
 
So here's where I stand right now:
 
1) Ihnatko.com is now running Wordpress 2.8.4. This code was running before Wordpress opened and updated Ihnatko.com's existing database and theme files, so even if there's any nasty code in there...it's dormant. The worm doesn't work with the newest version of Wordpress.
 
2) I'm convinced that I'm the only user with Admin privileges. I looked in the Wordpress Users panel, I looked in the wp_usermeta and wp_users databases. Nothing.
 
3) I changed my Admin password, just on principle.
 
Have I fixed this?
 
I dunno. Maybe. My confidence level is somewhere around 88%. I'm not exactly an admin ninja where Wordpress is concerned. Any positive statement I can make ends with the suffix "...as far as I know." And my knowledge ends about thirty yards short of what a professional Wordpress administrator knows.
 
But it's enough that I'm willing to walk away from this problem. I don't know if there's any code inside my Wordpress directory that shouldn't be there, but I'm convinced that no harm will come to Ihnatko.com, nor to any other Wordpress installation through my site.
 
I can't be 100% sure unless I start off with an absolutely empty Wordpress directory and build up from there, trusting absolutely no file or database that was in there before Friday. That seems like overkill. I feel as though I've either eradicated the worm or at least frozen it in carbonite. I know that Men And Women Who Are Smarter Than I -- and they are legion -- are working on this. I'm confident that in a week or so, there'll be a definitive method of detecting and eradicating the code.
 
One thing about nuking a site from orbit...you can't UN-nuke it later. Whereas the bombs never go stale and will work just as well next week as they would have today.
 
(Note: this information is for metaphoric use only. If your colony is indeed overrun by xenomorphic alien predators, the nukes are definitely your first and best option.)

Loading mentions Retweet

My two favorite curses. I like both of these equally and choose one only based on the situation:
 
1) What might be called a "Magic Square" of curse words:
 
SFPD
HUIA
ICSM
TKSN
 
I have cleverly written them vertically, so that my Posterous (and related sites) aren't flagged as Naughty. Movie fans will recognize this (or something extremely close) as what the pitcher mutters when the batter has belted the pitch into deep left and multiple runs are destined to score. It is to be spoken as a single, four-syllable word.
 
I like this one because really, you feel as though you've covered it all. You've definitely, definitely cursed, and now you're free to move on and deal with the situation that you're cursing over.
 
2) "Goddamn it"
 
This is easier to get away with in polite society. But its true selling point is that it's a full phrase, complete with a compound word. You can really put some creativity and juice behind it. Those one-syllable curse words? It's "one and done." But this one can be bent and twisted around to suit the situation and mood. Viz:
 
"God DAMN it!!!!" - The pause between the first and second words (go ahead, take a full second) lets you put full force and conviction behind the verb.
"Gawwwwwwwwwwd dammit!" - Resignation. You're upset, but you're not going to waste a lot of breath over it."
"GADDAMITTT!!!!" - Run. If you can hear me, just...run. Please.
 
And let me tell you why this is on my mind right now:
 
I was on Twitter this afternoon and I read about a distributed attack affecting self-hosted blogs running anything other than the latest edition of Wordpress:
 
http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
 
I went with SFPD.
 
(Oh, dear. Bad PR for the San Francisco Police Department.)
 
I'm singly responsible for two different Wordpress blogs: Ihnatko.com, and The Top-Secret New Blog which I'm still building. Top Secret wasn't hit (it was using the latest edition of WordPress, which is holding firm, for now) but yup, when I visited Ihnatko.com (running Wordpress 2.6-something) on my iPhone, it had all the telltale signs. The only visible sign of a problem is that all links to individual posts have had some gnarly looking stuff added to it, so nothing really works.
 
The good news: whatever-it-is doesn't take down the site. So when I got home a little while ago, I was able to back up the databases. All of the content I've written for Ihnatko.com is intact.
 
The bad news: it hits the site deep, deep down in the database, adding all kinds of nastiness, and it also creates a new admin account. So "nuke the old site and restore it from the backed-up database" won't work. But the "nuke the old site" bit is probably going to have to happen regardless. God only knows what this
 
Unfortunately, this news broke after I'd left the office. I was on my way to a memorial Mass for my Mom. I did some more research in the church parking lot and did some inventory of everything I could possibly do from my iPhone in the ten or fifteen minutes before going inside. I came up blank. I was up the creek without a paddle.
 
(And if I had a paddle, I'd use it to beat the people responsible for this attack to death.)
 
It was truly one of those "Que Será, Será" moments. Also an opportune moment to seek counsel from a clergyman. His sermon was about the silence of God and during a segueway about all the noise of modern life, he made a comment about iPods. Though he couldn't come up with the name of the music player that defined and created a whole new market and changed our whole relationship with music.
 
(True.)
 
So I don't know if he'd be the right guy to hit up for spiritual advice in this particular crisis.
 
"Father," I would say. "My CMS software is one iteration behind in its updates, and has been hit by a worm that infiltrates spambot code into the site's permalink structure using a classic JScript overflow exploit. Apparently, in addition to creating a ghost admin, it corrupts the entire MySql wp_ database so that only a nuke-and-rebuild can clean the malware..."
 
I bet he would have tried to help anyway. He would have found something useful in the Book of Job. There usually is.
 
Ultimately, I took an inventory of a different kind. Maybe it was the influence of being in a church but I decided that things would work out ok.
 
1) The only thing I'd get upset about would be if I'd lost all of the hundreds of comments people left in response to my post with Mom's eulogy. Nice little irony, there. But I'd already anticipated this sort of thing: when comments stopped coming in, I printed it into a PDF file.
 
(Aside: Thanks again, everyone. Collectively, that was really very sweet of you.)
 
2) When I visited Ihnatko.com on my iPhone, I found that the site was still all there. So while a simple "cleanup" was probably impossible, I could still probably harvest the text and graphics.
 
3) I think I have a database backup somewhere. It's old, but it's possible that the only stuff I'd "lose" would be things that were crossposted from Posterous anyway.
 
4) Nobody will die because of this.
 
5) I won't lose any money because of this.
 
6) I set up Ihnatko.com as my very first Wordpress installation. Y'know, it'll probably benefit from a nuke-and-rebuild anyway.
 
7) A user only starts seriously backing up his data and keeping his software after he suffers a data loss. Okay, kick in the pants has been duly received.
 
Alas, this problem is all my fault. There's nobody to blame but me.
 
(AND the eggsucking weasels who launched this attack, but I'm the only Person Of Interest who came down to the station, so I'm going to have to take the fall.)
 
Why didn't I update Wordpress? Because it was going to be a whole Thing. My version of WP came before the "auto-update" feature was installed. The whole procedure would have been like shampooing a wall-to-wall rug. I want to clean the rug, sure, but do I really want to move out ALL of the furniture? And all of the stuff piled up ON the furniture? Etc.
 
Why didn't I back up the database regularly? Because I could remind myself to do it and all of the plugins that promise to do it automatically made my head spin. Yet another reminder from Life that "because it seems like a lot of work" really isn't a sufficient reason not to do something that's frightfully important.
 
Onward and outward. We walk from where we stand. Mankind is born to trouble just as surely as the sparks fly upward.
 
(That last one is from Job. I'd have guessed that Job was an admin, but I've read that whole book. At the end, he has faith in the basic goodness of Creation. That really doesn't sound like an admin, does it?)

Loading mentions Retweet

Another iPhone AutoStitch:

It's not nearly so local any more, since I moved last year. But The Outer Limits in Waltham is worth the extra drive; it remains my Regular Weekly Shop.

Loading mentions Retweet

"You can bake almost anything in a casserole dish between alternating layers of cheese and red sauce and call it a parmesan."
 
It'sa tidy rule and it'll work for just about any ingredient or leftover you find in the kitchen. Scrod parmesan? Jello parmesan? Mousepad parmesan? Sure, give it a try. My only additional suggestion is that you go to Google Translate and convert the word into Italian if you're going to serve it to guests..
 
"Oh, it's a little something my grandmother used to make for us every Sunday, after Mass. I think she called it Calzino Parmigiano."
 
("How about a Pizza Parmesan" you ask? Don't be an ass. When is there ever leftover pizza in Bachelor Kitchen?)
 
This is my way of saying "Eggplants were on sale at The Market With The Great Produce Section today."
 
I haven't made an eggplant parmesan in a year or so. That's my excuse: nostalgia clouded my judgment. When you make a Burrito Parmesan it's a simple, straightforward assembly: sauce, a layer of pork burritos, mozzarella, sauce, chicken burritos, parmesan, beef burritos, sauce, mozzarella and a dusting of oregano, 40 minutes or so at 375. But eggplants need the full spa treatment. Two hours of peeling, slicing, salting, waiting, pressing out the nasty bitter ungodliness, dredging, and baking only put you at the starter's line for the building of the actual parmesan.
 
But it's worth it. One large portion for dinner tonight, one smaller portion for dinner on Sunday with a side of noodles, three portions for the freezer.
 
I'm not entitled to Normalcy just yet, but I'm trying to steal a little of it. I'm in the final act of writing my next book, and as usual, the general scene has been animated by whoever Tim Burton tapped for "The Corpse Bride." It was a compressed schedule to begin with. It' didn't help that it took me a whole week to get back to a regular schedule after passing through 12 time zones in one day, either. I started the project deep in the soup and have been treading carrots and celery ever since.
 
Several basic elements of the daily schedule tend to get sacrificed when I'm in true Deadline Hell. Cooking real, proper food is usually the first thing to go. I can remember to defrost a piece of meat, and I can even remember to grill it up with some vegetables. But just as often, I feel the pull of the drive-through. Or, if I'm very, very disciplined, a can of soup (it's applying heat to ingredients; that's technically cooking, right?) or supermarket sushi (it's not cooking, but it's always fun to eat with sticks).
 
At some point, though, I need to check myseld into Deadline Rehab. This Tortured Artist thing is great when there's an audience around who can fully appreciate The Horrifying Burdens Of My Genius, of course. But a man who hasn't cooked even a stir-fry and a basic sauce in two weeks' time...can he even call himself a man?

Loading mentions Retweet

My car is overdue for an oil change, plus the "Service Engine Soon" light is on (I'm absolutely 100% positive-certain that those two things could not possibly be related). So the beast slumbers in a service bay up the road while I sit here in a WiFi-studly donut shop and bang out a Macworld column. I started it last night, blessed with an idea that I immediately knew was going to be fun to write. I'm enjoying myself, I seem to be making some sort of point with this, and it's going to be a fun read.

Lots of columns go this way and I'm thankful for that. It's like jumping behind the wheel of a...wait, let me look up the name of that cool buglike little car that was on "Top Gear" a while ago -- ah! Yes, the Caterham R500:

...and driving from Boston to Nashua in something under 20 minutes, deftly finding every opportunity for acceleration and smooth lane changes, while the cops see me only as the memory of something they convinced themselves they never saw in the first place.

Lots of columns end this way, too: I get to the last two line-items on your list of driving directions and waste a whole hour circling the same three streets, searching in vain for "72 Perseid Lane (on right, red house)." There's a Percy Lane and a Perseid Street, but neither of them have any red houses on them and neither one even has a house with a #72 on the mailbox.

Oh, I'll find the end to this column shortly. I just need to abandon the car and start the embarrassing trick of knocking on doors. Not exactly a dignified ending but hey, so long as I get this pizza delivered in 30 minutes or less, I don't really care.

Loading mentions Retweet

http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewArtist?id=314857161
 
Okay. So you're in a theater watching "Transformers 2" and you desperately need to go to the bathroom. Yes, launching an iPhone app in the middle of a movie is not socially acceptable but neither is whizzing involuntarily right in your seat, so you go ahead and launch RunPee.
 
The app connects to a central site and sends you a list of all currently-playing movies. Tap "District 9" and it displays a list of scene and line cues from that movie designating the start of a good moment to leave for the bathroom without missing anything important. A timer tells you how much time you have left before the movie starts getting interesting again and there's a synopsis of any details you might have missed, to read on your walk back to the theater.
 
If this is an ongoing problem for you, and the phrase "Don't buy the 72 ounce Dr. Pepper at the concession stand" never occurs to you, you can launch the app and tap a Start button when the movie begins. The app will tell you at a glance how many more minutes you'll need to hold it until the next gap in the action.
 
This just might be the most brilliant thing ever.
 
I bet it won't make it into one of Apple's iPhone commercials, though.
 
("Say you have a bladder-control problem that affects your ability to see a movie without wetting the seat. There's an app for that.")

Loading mentions Retweet

Spotted on my way to Coolidge Corner tonight:

Loading mentions Retweet

The Daily Kos has a roundup of political cartoons commenting on Ted Kennedy's death. Lots of nice images of the Senator sailing off into the sunset, some slightly awkward and mawkish ones about being reunited with his three older brothers...and Dan Wasserman, longtime Boston Globe cartoonist, absolutely nailed it:

See the whole collection here:
 
http://www.dailykos.com/storyonly/2009/8/26/772954/-A-Special-Tribute-by-Editorial-Cartoonists:-The-Dream-Lives-On-

Loading mentions Retweet