Bandwidth graph of the period during which my machine was compromised:

For the month, I’ve used about 34GB; so while my bandwidth usage was minimal overall, it was a sight higher than what I’d consider normal.

I finally decided to sell my old film body, a Canon EOS Elan 7e. I was keeping it around in case — well, I don’t even know anymore. I mean, who am I kidding? I haven’t touched film in years now. Before I took the pictures, I removed an old roll of ISO 100 that had probably been in there for 3 years, minimum.

If anyone wants to be an “artist”, you could pick up a great film body! 😉

So I just discovered that my dedicated machine, which is generally doing absolutely nothing, was running at a load average of about 1. The top CPU abuser? Some command I didn’t recognize (barbut). I was immediately suspicious. I killed the process, then noticed that it had been running as the cvs user, so I ran a ps to find all commands running as cvs.

webkill?

Yes, that’s right, my dedicated box was an involuntary participant in a distributed denial of service attack, orchestrated by an IRC bot, also known as barbut (which I found, source and all, in /home/cvs/).

Time for damage control. First, I obliterated the user cvs. Then I installed and ran rkhunter; the “good” news is that no root kits were found. Then I went to change the SSH port — oh, wait, I’d already done that, but never restarted with the new config: shame on me!

One of the unfortunate side effects of using CVS over SSH is that you need accounts with shell access. Apparently I’d created a user with a basic password to allow friends to check code out of my local CVS server; I’m guessing that password just got brute-forced. There doesn’t look to be anything else amiss, so I guess I was somewhat lucky.

Anyone want the source code to an IRC bot?

When I signed into meebo this morning, I got a little pop-up with a blurb about a partnership with AOL. I was immediately intrigued. Unfortunately, muscle memory kicked in too fast, and I closed the box — the same one that opens every time I sign in — before I even realized I wanted to read it. So I signed out and back in.

Apparently, AOL is finally opening AIM up really wide. They’re talking about full protocol documentation (that’s the “oscar” protocol, not the crappy TOC one), letting people use their own AIM libraries, and full access to all the functionality (voice, video, filesharing, etc.) — as far as I know, this stuff has never been available before.

I also noticed that you can now convert any AIM screen name into a “bot”: the various rate limits are removed (or heightened, at the very least), you can’t be warned, and are allowed to be added to more people’s buddy lists. In return, you can’t initiate conversations.

You know what this means.

The screen name crabbychild has been successfully converted to an AIM® Bot.

The Sigma DP1 has finally been released! Unfortunately, with a quoted list price of $1090 (although B&H is carrying it for $799), it takes more of a primary position, rather than the go-anywhere companion to a DSLR that I was hoping for. And the sample gallery isn’t really as impressive as I was hoping either.

So here’s to a disappointed hopeful.

Every now and then, I run across something that reminds me just how differently men and women tend to think.

Mindy: please can I buy the bomb bath thing????
Mindy: it explodes in the water
Mindy: and releases a bunch of skin softening stuff
Me: How big is the explosion?

Here’s the quick PHP tip of the day: class methods can access the protected (of any shared ancestors) and private (of the same type) members of any instance, not only their own instance. That may sound confusing, but it’s really not so much.

Read more »

I once heard someone say, “Dogs are for wimps too scared to bite people themselves.” I tend to subscribe to that world view, although, deep down, it’s really just that I don’t like dog hair. On the other hand, dogs have nothing to do with my story.

I snack constantly. I cannot survive without snacking. Probably a year and a half ago now, I was sitting at work doing something with an SD card. On my desk I had a bag of Wheat Thins with a little trickle flowing out onto my desk from which I would snag a cracker and pop it into my mouth.

At some point, I put the memory card down.

Later I was blissfully coding away when I felt a hunger pain. I grabbed a cracker, I popped it in my mouth. I bit down. Maybe you can see where I’m going with this — what I’d just thrown to my expectant molars wasn’t a cracker, it was a little blue SD card.

And the moral of the story is simple: flash memory devices are durable… unless you bite them.

I think my kids broke my laptop. I guess that’s one of the risks associated with having children. I mean, I never really expected my possessions to remain unscathed. But this one hurt.

Anyways, in the absence of my “real” laptop, I’m currently writing this on an old Thinkpad 240 that I scrounged off eBay a while ago. It packs a whopping 300MHz Celeron, maxes out at 192MB of RAM, and has a not so bright 10″, 800×600 screen.

Last night I happened to browse over to my (unfinished) website, and, for the first time — probably ever — I was slightly glad that I’d designed it to work with a horizontal resolution of 800 pixels. (I think I was being slightly stubborn at the time.)

And that got me thinking.

As I ponder the purchase of an Asus EEE, the Everex Cloudbook (comes out on Friday!), a Nokia N810 — or just sticking with my N770 — and as a bunch of people have already jumped onto the retro-resolution bandwagon, will there be a renaissance towards designs that fit on small screens?

How to know you’re really a geek, part 1.

You refer to your daughter’s double ear infection as, redundant.