Anthology of Interest

I finished my last SCUBA lesson tonight. Now I just have to do the open water dives to be certified, which can be done anywhere. Some place warm would be nice. Tamara is already planning a trip to Hawaii apparently. The Big Island this time:

Subject: I'm so evil
From: Tamara Hughes
Date: 19:00

Big Island has the nicest dives.  So:

http://www.oceanecotours.com/dive.html
http://www.konacoastdivers.com/index.html
http://www.jacksdivinglocker.com/training/certupgrades.htm
http://www.wanna-dive-kona.com/take_your_classroom_and_pool_wor.htm

Tamara heard about people diving with the sea lions off of Race Rocks in Victoria. But apparently manta rays are scarier than sea lions...

Subject: HOLY SHIT
From: Tamara Hughes
Date: 19:01

This terrifies me more than the sea lions.

http://www.wanna-dive-kona.com/manta_rays.htm

So. Very. Scary.

Subject: well, I know what I'm having nightmares about tonight...
From: Tamara Hughes
Date: 19:05

MANTA RAYS. 

Going to Hawaii again would be cool.... Anyway, the diving course was a lot of fun. Travis and I were the last out of the deep end today. Too bad I can't do the open water dives around here for at least a month, probably more like two or three. Besides, I want to get a bike before I start buying SCUBA gear.

As if I need another, but oh well. I want to keep it small, hopefully not more than a couple of weekends of work (yeah right). It's a small, web based, cash basis accounting system for the lazy financial planner. Just enough to correlate expenses with a budget. The idea is to do as little data entry as possible, relying instead on automatic import of bank and credit card statements.

I could do this with a spreadsheet, but writing a program is more fun, and ultimatly less work once it is finished.

Tamara and I attended a Birth & Babies class last week, and at one point the placenta came up. I can't remember what was said though, because it made me think of this, and I was trying not to laugh out loud.

I've written before about using ssh tunnels to access servers behind a firewall, but recently I've been amazed again by the utility of ssh tunnels.

To access a web server behind a firewall, the ssh client running on the computer you are sitting at listens on a given port number, and the ssh server on the machine you connect to connects to a given host and port. Any connection made to the port on the local machine is captured by ssh and forwarded to the machine the ssh server has connected to. The -L switch accomplishes this, so for a command line like ssh -L 6789:192.168.3.134:80 remote.machine.com, the ssh client listens on port 6789, and the ssh server on remote.machine.com forwards connections to 192.168.3.134:80, which is some machine inside a private network. Now pointing your web browser at http://localhost:6789/ connects you to 192.168.3.134:80.

I recently had to help a friend with a problem they were having, and I wanted to ssh into thier machine so I could see what was going on. Unfortunatly, their machine is behind a firewall, and they didn't have the passwords to open a port. Tunnels to the rescue! I created an account for my friend on spacemonkeys.ca, so that they could ssh in. Thier machine was running an ssh server already, so they used this command to log in to spacemonkeys.ca: ssh -R 6789:localhost:22 spacemonkeys.ca. This opens port 6789 on spacemonkeys.ca, and forwards any connections to the ssh port on my friends firewalled computer. I could then ssh into thier machine from spacemonkeys.ca: ssh -p 6789 localhost.

Pretty spiffy!

"It didn't matter if I was making my bed or making a movie, they never hesitated to say how proud they were of me, and that means so very much to a child." - Reese Witherspoon, Best Actress for Walk the Line.

A couple of the computers I am responsible for have been attacked in the last few months. The first one was my sister's computer. I enabled the ssh server, but didn't limit it to only my account, and left password authentication on instead of setting it to use keys only. My sister's password was very simple and easy to guess. That machine was running what appeared to be an IRC relay for a day or so until I caught it. I only caught it because they changed my sisters password and she couldn't log on any more, which was kind of suspicious. The auth logs showed what happened pretty clearly, and they made the amateur mistake of deleting .bash_history before logging off, not realizing that bash writes .bash_history after you log off. Since they logged in a couple of times, I only had part of the history, but enough to see what they did.

They other one was this very web server, which served as a spam relay for about 8 hours. The attackers exploited a bug in the web server or one of it's modules, likely PHP, possibly one of the PHP applications, like Drupal, Gallery, or Serendipity. The attackers didn't get root access, but managed to install an executable that ran on port 80 in the place of Apache. The executable received requests and forwarded the to my mail daemon, effectively hijacking it.

I installed the security updates for Apache and all the other stuff packaged by Debian, saved all the logs, archived the stuff that was installed, and rebooted the machine. Apache came back, just as it was. Whew. The log files showed that the attackers were somehow using wget to download stuff, so I removed wget and a bunch of other stuff (like GCC) that isn't needed or wanted on a web server.

I haven't rebuilt either machine yet, contrary to conventional wisdom. I really should. I ran a port scan on my sisters computer from my home computer, and I'm satisfied that there are no stealth processes running there (although they could listen only between 3 and 4 am or something sneaky like that). In fact there, are no processes there at all, since I disabled ssh. I can just drive over to my sisters place now if there is anything that needs fixing.

The second time I went skiing to Sunshine, I took my camelback along so I could have some water without going to get my water bottle out of a locker. It worked pretty good, despite having no insulation on the tube, as long as I remembered to blow the water back into the reservoir. I decided that I was feeling confident enough that I could take my camera along and not seriously hurt myself or the camera, since I don't fall down as often or as hard anymore (pictures in the gallery).

So tempting gravity, as I was, I of course caught an edge and fell hard on my back. I didn't notice at the time, but the zipper on the water reservoir had popped open. I rode to the bottom of the run and leaned down to unstrap my bindings, and water poured out over my neck. Fortunately it didn't come inside my jacket, but I did get enough on my boots and pants that there were a few damp spots. The camera was also damp, but not soaked. The camera case seemed to have soaked up all the water, and the camera still works, fortunately.

When I was in Cuba last year, I tried out SCUBA diving at the resort, and then went on a trip to the Bay of Pigs. For Christmas this year my brother in law, who I dived with in Cuba, got a bunch of gift certificates to Adventures in SCUBA. We finally signed up for the PADI open water diver course, which started on last Monday. It is going pretty well, although the class is almost twice as large as normal. We got some pool time, where I found that I really need to work on my buoyancy control. Damn gravity. Four more weeks to go, then we'll have to find a time and place for the open water dives. Maybe when it warms up a bit.

The title is this post is courtesy of Jeremy Clarkson, in Top Gear's Winter Olympics special. It made me laugh.