I'm sure most people have known about the solution for ages, but I only recently found out: when you create one of those disk image files, OS X lets you create an encrypted filesystem that has pretty much the same properties as a FileVault store. I feel really stupid for having taken so long to find out. But I'm gonna post this in case there are other people like me, still running around and wondering how to 'vault their drives.
1. open Disk Utility
2. click "New Image"
3. enter size and select 256AES encryption from the list
4. choose "sparse disk image" or "sparse bundle disk image"
5. click "Create"
6. Profit! ...erm I mean: done!
In case you're wondering what the "sparse bundle" is: it's a format that has been added with Leopard. The normal sparse image is a single file that grows as the filesystem contained in it gets filled. This means the recovery of unused space is complicated and time consuming. The sparse bundle, however, consists of a collection of fragments that can be handled more efficiently be the OS. The bundle is a directory that contains some meta info and the actual filesystem data in so-called bands. Here's what it looks like:
-rw-r--r-- 1 udo staff 499 May 1 20:31 Info.bckup
-rw-r--r-- 1 udo staff 499 May 1 20:31 Info.plist
drwxr-xr-x 5725 udo staff 194650 May 1 21:04 bands
-rw-r--r-- 1 udo staff 122880 May 1 20:31 token
Neat, isn't it?]]>
Things are going to be different
From now on, I'll be using creativepark.net domain as the main URL. In all these years, I haven't used the domain for anything else, so it only makes sense to shorten the path. I'll keep the old address working indefinitely, though (I'm a firm believer in the permanence of URLs) and I'll work on some redirects that should make the old links to the site work.
It's back to the roots!
I'm going to write again about RPGs, techy geek stuff, software and maybe some science stuff in the middle of it. I know, it's a weird mix, but those are my interests and I've decided against a separate blog for each of these things. If at all possible, I'll try to stop myself from posting worthless comments about the latest Web 2.0 fad as well as mopey crap about my personal life (which sucks badly, if you must know). Among the many, many things I didn't elaborate on any further is the Dynamic World scenario and I hope I'll find some time and inspiration to go more into that one, along with some actual code maybe.
Maybe personal sites are vanishing, but I'm not ready to offload everything to Twitter and Facebook and call it a day, just yet.]]>
indeed, as a late-thirties balding man of modest height, weight and physical attractiveness, I am practically invisible to anyone under the age of 30, and visible to anyone over that age only to the extent that they have to walk around me, or have to have some limited amount of social interaction with me as we stand in a line or some such.
Wow, it's like he's my twin! Fiendish though as I am, I sometimes enjoy it when people are forced to interact with me. Over the years I have come to derive some form of perverse pleasure from observing their barely concealed pain while they have to talk (or worse: listen) to me, all the while wondering when they can get back to, you know, real people. Ah, good times!]]>
I'm hosted at MediaTemple, using the Grid Service hosting plan. That means, an attack of this sort cannot likely disable the server, since there is a whole grid that can absorb the load. However, this also means that I have to pay not only for bandwidth used but also for cluster resources such as CPU time. So what's a site owner supposed to do in this case? Now that the episode seems to be over, I still don't have a comprehensive answer - but maybe telling the story will help someone somewhere in some way some day. Here's what happened:
The good thing with MediaTemple is that you get almost realtime reports regarding your resource usage. That's how I saw that something was not right: most of my billable resources were being consumed by pages on my blog that couldn't possibly be valid URLs. And there were already hundreds of thousands of such requests occurring targeting these URLs. Well, after downloading the logs for that day it became pretty obvious the originating server was 65.55.107.111, which resolves to
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 65.52.0.0 - 65.55.255.255
CIDR: 65.52.0.0/14
NetName: MICROSOFT-1BLK
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 2001-02-14
Updated: 2004-12-09
So far so good. Could be Microsoft, could be a spoofed attack pretending to come from MSN's IP address. The reason why I thought an MSN server was the genuine source were the nature of the URLs used: they looked highly recursive, like someone made a horrible mistake programming their bot. And now it was stuck in an infinite loop querying my site!
First measure: block those URLs
The first and easiest thing to do was go into the Wordpress code and hardwire the response to those URLs. Since they would never occur during normal web browsing anyway, this was an easy choice. I made it so WP would return no data upon such calls, so there was no further HTML that could be parsed for more recursive mayhem to be added to the bot's to-do list. So far, so good. Because now execution was canceled as soon as the URL was called, excess CPU cycles had been cut by one-fifteenth. Not bad! But still, at the rate those requests were made, it was clear that by the end of the billing cycle I would still be well above my alotted limit. However, I felt this was all I could do on the technical side of things.
Second: contacting Microsoft
Allright, what do you do if there is a company out there, hammering your server? You write them a nice notice, informing them that they have a rogue bot, of course. Oh, how naive I was. I thought it was actually possible to contact someone, they would listen, surely discover their mistake and fix it! Ha, maybe they'd even apologize for causing me costs and workload, I thought. The hubris! There are maybe a hand full of email addresses that you can use to contact MS in case of problems. However, half of them return error message right back at you. The other half, I imagine, are just huge data graves where emails go to die. Of course, there was no help coming. It's just not possible to reach someone who cares. I was at least hoping to get the infamous Condescending Automated Response, but apparently my problem wasn't even worthy of that.
Third: what about MediatTemple?
Well, if MSN wasn't going to do anything at all, maybe I could turn to my provider for help. Of course, the thing you have to keep in mind is, that MT is profiting from such things happening to their customers. Nevertheless, I wrote a diligent message detailing the problem to MediaTemple's support. In the beginning I was even hopeful, because some first-responder sent me a mail right back explaining that my request had been escalated to a sysadmin. However, this state of hopefulness quickly faded away, when the sysadmin finally gave me my Condescending Automated Response. It explained things along the lines of "if you don't want bots spidering your site, you can exclude them by editing the robots.txt". Bloody brilliant, like I hadn't already forbidden MSN to crawl my site. Like these million requests were part of a normal indexing run, sure!
Upon explaining these things again to MT support, I got a semi-useful message back: there just wasn't anything they could do, period. Blocking this IP would mean other customers' sites couldn't be indexed by MSN. And I could always use an .htaccess rule to further cut down on CPU cycles. But otherwise, that's just the risk of running a site.
And then, everything went quiet
I'm not really sure what happened next. The attack suddenly stopped. Maybe MediaTemple had suddenly recognized the fact that this wasn't a normal bot running its index and blocked it, though I doubt it. Maybe MSN finally rebooted their server, though I'm fairly sure they didn't even get the message that anything was wrong. Maybe it will even happen again come next indexing run. Who knows? It's not like you get any curtesy information out of any of those companies. And if it happens again? Well, I'll just have to pay up then, won't I?
What little can be done
I've excluded MSN bots from spidering the site at several levels. It's the least I could do. And it's also not like there is any meaningful traffic coming through MSN search there, too. I would encourage other people to do this as well, because if an MSN bot goes rogue, there is absolutely nothing you can do against that as a lowly site owner. The least you can do to protect yourself is to pull your stuff from Microsoft-related indexes.
Udo's Techblog
All things considered, the attack did turn out to be not so bad, but I certainly didn't enjoy the hacking and the posting of spam in my name. These recent events have added to much of the negativity that is currently in sum making up my life. Things have been going downhill for a long time now, I just don't know where the bottom is, yet. I guess this is also the reason for the shocking lack of original content recently. I haven't decided what to do with the blog, yet. If nothing else, it certainly has allowed unpleasant people in my life another angle of attack. The blog comes up as the first result when someone googles my name and Analytics is telling me lots of people have been doing exactly that, recently. That's nice as long as everything is going great. But if you're bankrupt and overall not doing so well, it becomes another thing entirely.]]>
Apparently, there is also a DoS/overload attack going on, which seems to confirm the initial suspicion. ]]>
Why wasn't Firefox there, first?]]>
Update: fixed the link - but for some reason there's a cataclysmic bug when using IE, trying to figure it out...]]>
Robert ran some data mining script on his Facebook account, and - very predictably - he was soon deported from Facebookland. Of course, they let him back in; everything else would have been just a disastrous PR move reminiscent of what happened to Second Life when they kicked him out. Seen any SL buzz lately? Yeah, me neither. Not that I'm complaining, it's an awful piece of software running a bleak and senseless virtual world. But none of that is the point.
The actual point is, when they banned Robert, all his content disappeared from Facebook. Think about that for a while. Our digital lives are not only threatened by bankruptcy and datacenter-scale disasters. In a setting where you're not allowed to take your own data anywhere, you're completely at the mercy of whoever gets to run those services. Somehow, we have gotten to a point where instead of owning your personal content, you just license it under whatever conditions they decide on, RIAA style.
Let's take a look into the future, where we'll spend even more time accumulating even more stuff on even fewer sites. Imagine using a social service for 20 years! Every byte of data is effort that goes into building your digital identity. Every second spent building that identity increases the mental energy needed to switch to another service and start from scratch. And then, one day, for whatever reason, all the stuff you've been doing just vanishes. It's as if you never existed.
This is a huge deal. Maybe the time isn't right for this idea to enter mainstream yet. But it will be. Someone has to start thinking about this. Sooner or later online service companies need to let us take control of our data. Otherwise, why even bother creating it? Some day, some important blogger will wake up and raise the issue and everyone will act like it's a totally novel concept. People will get ridiculous amounts VC money to solve this problem. Why doesn't Facebook preemptively solve this? Especially since it's almost possible to do today with the existing API?
Oh yes, before I forget: OpenSocial doesn't even begin to address this problem.]]>
Not me though. Google Video may live on borrowed time, but I totally dig both the ">20 minutes" search option and the fact that there are lots of very cool long videos that are hosted on the doomed service itself. I guess that means I'm finally getting old and have completely lost touch with trends and reality. Or maybe I'm the last person on earth who hasn't either succumbed to catastrophic ADD or lost all interest in content that can't be boiled down to a 50 second tabloid soundbite?]]>
Page time:
0.121 seconds.