Geoff Arnold

I spent several hours today disinfecting my other website (Speaking of Clouds, also reachable as GeoffArnoldConsulting.com) after a WordPress hack attack. As is often the case, I was saved by the incompetence of the hackers, who had modified my .htaccess files in such a way that it created an infinite redirection loop. (Hint: you’re not going to get far if your URL begins with “htttp:”.) This loop meant that the site became inaccessible, which was immediately noticed by Montastic, the service I use to monitor all of my sites. (Highly recommended.)

Unlike this blog, Speaking of Clouds is hosted at DreamHost. This is not particularly significant: DreamHost has always provided excellent service, and their customer service guys were immediately responsive when I contacted them. However I’m running on a multiuser system, rather than in my own virtual machine or zone, which meant that certain diagnostic and troubleshooting tools weren’t available. I couldn’t restart the Apache process, or compare logs across multiple websites.

The eventual cleanup was relatively straightforward. Ssh in to the host. Take a recursive listing of the entire filespace, so that I could tell what was changed when. Back up everything. Examine logs. Clean up all of the .htaccess files. Change the keys. Log in to the dashboard. Reinstall WordPress 3.4.1. Identify all of the bogus PHP and HTML files (made easier by the atrocious spelling and grammar of the hackers). Change all the passwords. Reinstall all the plugins and themes. Delete (rather than disabling) everything I’m not actually using. And then back everything up. And all the while, I had three terminal windows tailing the relevant log files.

I must say that I would rather been slogging through the mud at Silverstone, though….

UPDATE July 12, 2012:
This story continues to develop. Yesterday I received an email from a Russian company (evuln.com), advising me that my site appeared to be hacked, and providing a little bit of more-or-less accurate advice on cleaning it up. The email concluded:

If you are not able to fix this “redirect” problem on your own then we will be glad to help you for a reasonable price.

Oddly, the description that they gave of how I was hacked was slightly inaccurate, and so I ssh’d back into speakingofclouds.com to check. Sure enough, it had been hacked again. I cleaned up as before; this time I touched every file in my WordPress subtree, so that any changes would be immediately apparent.

This morning, I logged back in, and found that my .htaccess files had been changed again. This time I was able to match the modification time to the exact HTTP log entries, and this is what I saw:

94.23.116.27 - - [12/Jul/2012:05:45:44 -0700] "POST /wp-content/uploads/.cache_000.php HTTP/1.1" 200 365 "-" "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0"

So somehow an executable PHP file had been hidden away in my uploads directory, and was being used to inject stuff into my WordPress configuration. I quarantined the file, then looked around to see if this was a known exploit. I only came across one blog reference, here.

It seems like one really obvious security fix for PHP would be to prevent it from executing hidden files. A quick check suggests that this hasn’t been implemented, though.

More anon.

On Monday, I had a conversation with Derrick Harriss of GigaOM, which he published here. I’ve followed up with a piece on my tech blog, adding a few thoughts and ripping the naivety of certain analysts…

After years of work by many people, we’ve finally published my mother’s memoirs. “My Short Century” by Lorna Arnold is now available from Lulu. A Kindle version is on the way, and both of them should show up on Amazon quite soon.

Yesterday I had an unrecoverable file system error on my MacBook Air running 10.8 Preview 2. Disk Utility instructed me to back up what files I could and then reformat. Since I had an up-to-date Time Machine backup, I wasn’t worried. I reformatted, and reinstalled the OS. However, I discovered that the OS installation had left me with a copy of 10.7. Would I be able to successfully restore all of my 10.8 files onto 10.7? Probably not. (Many of the settings have changed a lot.) So I decided to complete the installation first, upgrade to 10.8, and then recover my files.

Here’s the tip – something I forgot to do which caused me to waste time. While I was reinstalling 10.7, I created my normal “Geoff Arnold” user account. That was silly, because eventually I wanted to restore that account (apps, settings, files) from Time Machine. I should have set up a disposable account called something like “Super User”, performed the upgrade to 10.8 as this user, and then restored “Geoff Arnold” from Time Machine. As it was, I had to juggle accounts before running Migration Assistant: create “Super User”, log out, log in as “Super User”, delete the “Geoff Arnold” account, etc.

I actually ran into one more problem: trying to restore across the LAN didn’t work, because Migration Assistant hung while looking for computers. So I copied the backup sparsebundle to a USB HD, and restored from that. From checking the Apple Support discussions, it appears that using Migration Assistant with Time Machine is (still) mostly broken.

Yesterday I finally had enough. I headed over to the local AT&T store, indulged myself in a mild rant about the POS (Samsung Infuse) that they’d sold me last summer, and then paid through the nose to upgrade it early to an iPhone 4S. Since I don’t intend to replace this one any time soon, I went for the top-of-the-line: a 64GB white one. Did I really need that? Well, when I replaced my iPad with an iPad 2, I opted for a 32GB rather than 64GB, and I’ve been running into space constraints ever since. So 64GB seemed safer.

Anyone want to buy a Samsung Infuse 4G in good condition, complete with desktop cradle? You’ll need to root and flash it to make it usable, of course….

I’ve just left Yahoo, mostly because it became clear that I wouldn’t be able to do what I was originally hired to do. Frustrating, but never mind. So now I’m checking out the alternatives (of which there are quite a few), and in the meantime I’ve joined US Venture Partners as an entrepreneur-in-residence.

Well, 2011 has given way to the New Year, and AT&T have failed to fulfill their promise to upgrade the Android software on all of the 4G phones which they sold in 2011. Back in the summer I embarked on an experiment to see what life outside Apple’s walled garden would be like. The results are in: it sucks. Battery life is awful, system freezes are common (often with the phone feeling dangerously hot), and app management is broken (somehow I have acquired two copies of several apps). I could go on, but why bother?

The main takeaway from this is that Samsung and AT&T (and probably other carriers and manufacturers) haven’t understood that Apple changed the rules with the iPhone, by bringing the PC (and Mac) upgrade model to mobile communications. Backward compatibility is mandatory. Software and hardware upgrades are decoupled. Bugs are fixed. OS and app features are delivered regularly. I’m sure Google hoped that the Android ecosystem would follow this path, but if so they’ve completely failed to convince their partners.

So what to do next? Yes, of course I can root the device, find and install a ROM image of unknown provenance, etc. But I resent the need to do this*, and I’m distinctly uncomfortable doing so on a device which is used for corporate communications. I could dump the Infuse and buy an iPhone 4S, but after only 6 months on the contract it’s a relatively expensive proposition. And the final insult is that most of the tools for hacking Android phones seem to be Windows based, and I don’t have any Windows machines lying around.

File under #FAIL.
–
* And that’s assuming that I don’t inadvertently brick the device. For those who haven’t explored this stuff, here’s the simple version of the instructions for a popular ROM:

• Ensure you have both root and CWM. See the reference post if you do not have both of these.
• Copy ROM .ZIP to SD card
• Shut phone off. Hold Vol Up + Vol Down and Power on device
• Wipe Data and Cache (Wiping data will remove your installed applications and settings. You have been warned!)
• Flash CM7 zip
• Reboot. You will get stuck at Samsung screen. This is normal.
• Pull battery, and reboot into recovery (Hold: VOL+ VOL- Power)
• You should now be in ORANGE -OR- BLUE CWM
• Go to “mounts and storage”
• Select format /system
• Reflash CM7 zip
• Don’t forget Google Apps as well. You can get the gapps easily using Rom Manger -> Download ROM -> Scroll down to Google Apps). Google Apps download link is also at the bottom of this post
• Reboot into CM7 goodness, made possible by LinuxBozo

Just after sunset this evening.

(Warning: full size image is 5.8MB.)

I had hoped, almost selfishly, that Christopher Hitchens’ cancer might spare him for a little longer, so that we could enjoy more of his wonderful writing. Alas, no.

Hitch was just about a year older than me, and like me he moved to the USA in 1981. We were both socialists in our youth, and we each spoke out about our atheism in a country and culture which mistrusts and despises non-believers. But it would be silly to stretch the identification further. I loved his writing, particularly his book reviews, even as I was infuriated by his melodramatic politics. I admired his courage and determination to live life to the fullest. I’ll miss him.

I got my Kindle Fire yesterday, unboxed it, and… I was horribly disappointed. The out-of-the-box experience was awful: slow, inconsistent, stuff timing out, difficulty connecting to the network. I put it aside, because I had a busy work schedule. This morning I picked it up again. Still unusable. I checked the online help resources, FAQs… nothing.

I contemplated returning it.

Then deep in the bowels of the Kindle discussion groups I came upon this thread. So I started to play around with my wireless access point. I use an Apple Airport Extreme (APX), with an Airport Express as an extender. There are lots of devices connected to this network – at least a dozen (PCs, Macs, tablets, phones…) – and they all work flawlessly. I’d configured the APX WiFi as “Radio: Automatic”. I switched it to “Radio: 802.11a/n – 802.11b/g”. Instantly the Kindle Fire started working properly.

I still need to run a few tests to see if this change has any negative impact on the rest of my network, but right now I’m happy to have a usable Kindle Fire