Bandwidth graph of the period during which my machine was compromised:

For the month, I’ve used about 34GB; so while my bandwidth usage was minimal overall, it was a sight higher than what I’d consider normal.

I finally decided to sell my old film body, a Canon EOS Elan 7e. I was keeping it around in case — well, I don’t even know anymore. I mean, who am I kidding? I haven’t touched film in years now. Before I took the pictures, I removed an old roll of ISO 100 that had probably been in there for 3 years, minimum.

If anyone wants to be an “artist”, you could pick up a great film body! 😉

So I just discovered that my dedicated machine, which is generally doing absolutely nothing, was running at a load average of about 1. The top CPU abuser? Some command I didn’t recognize (barbut). I was immediately suspicious. I killed the process, then noticed that it had been running as the cvs user, so I ran a ps to find all commands running as cvs.

webkill?

Yes, that’s right, my dedicated box was an involuntary participant in a distributed denial of service attack, orchestrated by an IRC bot, also known as barbut (which I found, source and all, in /home/cvs/).

Time for damage control. First, I obliterated the user cvs. Then I installed and ran rkhunter; the “good” news is that no root kits were found. Then I went to change the SSH port — oh, wait, I’d already done that, but never restarted with the new config: shame on me!

One of the unfortunate side effects of using CVS over SSH is that you need accounts with shell access. Apparently I’d created a user with a basic password to allow friends to check code out of my local CVS server; I’m guessing that password just got brute-forced. There doesn’t look to be anything else amiss, so I guess I was somewhat lucky.

Anyone want the source code to an IRC bot?

When I signed into meebo this morning, I got a little pop-up with a blurb about a partnership with AOL. I was immediately intrigued. Unfortunately, muscle memory kicked in too fast, and I closed the box — the same one that opens every time I sign in — before I even realized I wanted to read it. So I signed out and back in.

Apparently, AOL is finally opening AIM up really wide. They’re talking about full protocol documentation (that’s the “oscar” protocol, not the crappy TOC one), letting people use their own AIM libraries, and full access to all the functionality (voice, video, filesharing, etc.) — as far as I know, this stuff has never been available before.

I also noticed that you can now convert any AIM screen name into a “bot”: the various rate limits are removed (or heightened, at the very least), you can’t be warned, and are allowed to be added to more people’s buddy lists. In return, you can’t initiate conversations.

You know what this means.

The screen name crabbychild has been successfully converted to an AIM® Bot.

The Sigma DP1 has finally been released! Unfortunately, with a quoted list price of $1090 (although B&H is carrying it for $799), it takes more of a primary position, rather than the go-anywhere companion to a DSLR that I was hoping for. And the sample gallery isn’t really as impressive as I was hoping either.

So here’s to a disappointed hopeful.