Good bye bank

Banking woes.

When I moved to Florida, I couldn't cash my paycheck - no bank. I had an account with a Wisconsin bank.

So I picked a new bank. I tried to pick a big one, one that had branches everywhere. This way, if I needed to do some banking, there is likely to be one nearby.

I do most of my banking online, so having a convenient branch, like on the way home to work, etc, isn't that big of deal for me.

This proved to be handy when I moved to Illinois. The closest branch to me is the town south of me, so about 10 miles or so. I have been there twice. Once, right after moving, and once fairly recently to open a second checking account so I can separate my monthly expenses from my discretionary money. (let me tell you, this helped me budget MUCH better). When I was there last, they said they where opening up a branch quite near to me.

One small problem. My bank doesn't exist anymore.

Yesterday, JP Morgan Chase bought Wamu from the FDIC.

They say not to worry. Everything will be fine. I will start seeing Chass branding where I am used to seeing Wamu branding. They say my paycheck is safe and sound, I can still write checks, and my debit card should work line normal.

Today, my debit card was very slow to ring up for lunch.

I guess that means I won't be getting my new local branch office. No matter, there is a big, fancy Chase office at the corner of my block where I live. Can't get much closer then that! They say I will be able to use it starting sometime next year. I am not likely to need going into a bank before then anyhow.

They say not to worry. I don't think I will. My debit card still worked today.

However, I think I am going to get a bit more cash on hand, just to be safe.

HACKED!!!!

A friend's website was hacked recently. It wasn't a big deal for him, as it was a testing/playground site anyhow. The site was simply homepage defaced. The site was due to be drezzed and rebuilt anyhow.

I was concerned because it was a Joomla website. My sites at work are Joomla sites.

I tracked down how it was hacked for him. It took me an hour.

It was hacked out of Turkey - no legal recourse for him.

Basically, it turns out there was a bug in the password reset code that allowed them to reset the admin password.
http://www.compassdesigns.net/joomla-blog/Admin-Password-Reset-Vulnerability-in-Joomla-1.5.html -- OHPSS!!!

It is interesting to note that they used google for finding websites with the vulnerability - their search was http://www.google.com/search?hl=tr&q=inurl:%22com_user%22+hello&start=40&sa=N

The steps that I took to figure this out. I had my friend dump the website and send it to me. The dump was the full filesystem for that website, a full MySQL dump of the database(s) for the site, and all the log files for that site. At this point he could start doing what he needed to do to rebuild the site.

When I got this zip file, I opened it and went to the logs. I just scrolled through the log to see if anything obvious stood out. Nothing at the initial glance.

Thinking it was a remote file include problem, I started looking for URLs that could have been included. This wasn't it, but it did lead me to a spot where I recognized the name of a foreign file - an MP3 that the hackers uploaded.

I then grabbed their IP address and looked at the first instance where they interacted with the system. I found the google search and the click through to the password reset page.

At this point, I did a google search of my own and found the hack.

A note on their behavior during the attack:
They started at 7:37 am our time, and where done by 7:49.
They checked the site again at noon, and again at 10:15pm. I guess they wanted a good laugh at how long it took before the site got fixed.

The moral of this story is that if you use open source software, make sure you keep it updated. With the ability to google search for pages that are running a known piece of code, an aweful lot of websites can get hacked between the time a vulnerability is know until a fix is released and until you get that fix installed.

By the light of the harvest moon

Tonight is the harvest moon. It's a crisp, cool, night. It's finally a comfortable 68 inside, and 52 outside right now. Cool enough that you can see 'steam' from the storm sewers.

The leaves are going to seriously start thinking about turning color here soon I think.

These demon kittens need to go. They are keeping me up all night. Actually they are quite precious - they need to be precious somewhere else besides on top of me.

They are getting so big! Somebody quick, take them home while they are all precious like.

IMTS

Today was the first day of the biggest trade show my company is part of. IMTS - International Manufacturing Technology Show.

My gosh is it a big show. I got a chance to wander around half of the hall we are in. It would take all week to see everything in all the halls.

I went there to be on site to make sure that the automatic lead routing stuff I have been working on for the last 6 months worked ok.

I never got a chance to try it.

One of the computers went down, and so I spent half a day trying to get that working again. I gave up. Not sure what's wrong with it. It's under warranty. The manufacturer can figure it out.

I spent the other half of the day customizing the stuff I wrote for this show so that it's more useful to the people who end up following up on the leads. First, I had to turn all on sorts of extra security so that my work with the server is 100% encrypted. I don't want some bored 16 year old sitting on the lakefront sniffing the wifi packets and getting access to my stuff.

I am laying here in bed, getting ready to work on it some more tonight. We found a bunch of little stuff as I was tweaking it for the show today. I want to get some of this stuff ticked off the list while it's quite and 29 people aren't coming through the door every minute.

It's going to be a long night.

Free Kittens to a good home

The kittens are getting big enough to stake out on their own now. They have moved to the big kitty litter box all on their own. They are pretty much weened - Sister has no milk to give anymore. She no longer flops about when she runs. I think she likes her trim figure back.

So, if you want a kitten (or two) speak up. They appear to me to be boys, but I am no kitten expert. So if one of these boys gives birth, well, cut me in on the $$$ selling the story to the Enquirer.

Here is a quick video interview of the kittens, telling you why you should take them home.
Maybe just a picture would do a better job.

Here is all of us in bed. This is a 10 minute movie of cuteness. No really, check it out. Especially that really cute part at minut------------econds

Loveless Lake Sunset

My parents bought a house on Loveless lake. They don't have lakeshore property, they are just across the road from the lake, but they get to hear the loons at night. We took a little boat tour of the lake.
Here are some photos.
 
 
 
 

PHP Meetup

Last night I was at a PHP meetup - a monthly meeting of people interested in PHP, the programming language I use for the websites at work.

Just talking, I came up with a great idea.

I subscribe to dozens of blogs relating to work, my friends, my interests, ect. This means I average 125 new posts in my news reader a day. A lot of these are duplicates between different blogs that cover the same sector. It's not uncommon for me to see 2-3 or even up to half a dozen nearly exact blog posts on a given topic.

It would be great if Google Reader could aggregate or consolidate these similar articles into a single or a set of articles.

My thoughts would be to a single article up to twice, once, the original article, and the second would be the best discussion of that original article. How to determine 'best' would be hard. Maybe a volume normalized look at digg, reddit, del.icio.us, technorati and the other social sites to see which discussion article gets the most interest. Maybe based on the number of comments a discussion generates?

Maybe only give me the ones that are significantly different?

I don't really know what would be useful.

I do think that all blogs in a single label should be aggregated somehow so you only see unique posts.

Oh, also the National Geographic and Scientific American RSS feeds must be broken or something as I keep getting the exact same post repeatedly. Very annoying. This type of system would cure that problem too.

I was thinking of seeing if I can put something together in Yahoo Pipes.

I don't know if this type of idea would be useful to any of you?