When worlds collide...

Let me give you a little background. I am, unabashedly, a huge Harlan Ellison fan. I love his writing, everything from the ostensibly misogynist A Boy and his Dog to his enormous body of work as an essayist. His prose just leaps off the page - it's got an energy and flow that few writers can aspire to, even when you are reading an ancient riff on a long-cancelled TV show like "The Mod Squad". If you'd like some examples, check these out. His SF/Fantasy work is universally thought-provoking and can be a little tough to digest - the closest analog to it that I've found is Neil Gaiman.

He's led an incredible life - I'll spare you the details, but if ever there's somebody who has "walked the walk", it's Ellison (OK, maybe just a few details: ran away from home, served in the army, joined a street gang to do research for a book, lived in LA during the 60s when southern california didn't suck, marched in the civil rights demonstrations in the South, walked the picket line with his fellow writers during the Writer's Strike in the 70s, married and divorced several times and lived to tell the tale, etc).

I found out that he was going to be at the Foolscap convention, across the pond in Bellevue, and I was sorely tempted to attend. The things that stopped me were:

1. I didn't quite "get" Foolscap. It's not a typical convention, apparently, but I didn't know what it was, and I couldn't tell exactly what was going on there and whether it's really a good use of my time.
   
2. I'm really leery about meeting artists in person, so I was pretty ambivalent anyway.
   
3. I'm an idiot, and forgot about it. Sort of.
   

The thing is that there's a big dividing line between the work and the artist that I'm really reticent to cross. Reports on Ellison portray him as either a tireless, principled crusader for justice, or a short, petulant, elitist asshole, with very little middle ground. It's fair to say that he doesn't "suffer fools gladly" and that it ain't too hard to find yourself in the "fool" category. I really didn't want to have to reconcile Ellison the auteur with Ellison, the wrinkly old man with a bad attitude (and, frankly, it's enough that he has provided us with his work - he's under no obligation to have to shuck and jive on stage and be my buddy as well).

Anyhow, what got me thinking about this was reading about the Penny Arcade guys' run-in with Ellison. Now, I've met Mike and Jerry before (I helped Mike fix his arcade game, and his wife baked us some very tasty cookies as I recall), and they are both what I would call "nice guys". While they come off as kind of brash on their website, in real life they're like any other smart-ass nerds you might know -- smart, funny, but basically harmless.

And yet, it pains me to hear them rip on "that old coot Harlen Ellison (sic)". Lord knows that Ellison doesn't need me or anyone else to stand up for him, but the guy is a bonafide literary giant. Mike can joke about Ellison "writing Star Wars novels", but the fact is, as the editor of Dangerous Visions 1/2, Ellison is more responsible than nearly anyone else in the industry for making Science Fiction into a legitimate literary genre (not to mention his contributions to the graphic novel genre). Without people like Ellison, science fiction would be all Star Wars novels today.

And as fond as I am of Mike and Jerry, no, they haven't earned the goddamn right to rip on Ellison. Maybe when they've lived another 40 years, and have put their ass on the line multiple times for something more important than making jokes about video games, they'll have the gravitas to criticize anything the man has done.

Ellison once wrote that for the young, "nostalgia is what they had for breakfast". It's all too true. And I guess nihilism loses its charm at some point, too.

Ankle-o-sore

I blew out my ankle a few months back playing in a basketball league (technically, a "Grade 3 Ankle Sprain", which means I completely tore some ligaments). After a couple of months of physical therapy, my PT let slip that completely torn ligaments don't ever heal unless you have them surgically reattached, leaving me to wonder why the hell I was spending all this time doing exercises if I wasn't going to get any better.

The upshot is that I went from a fairly active lifestyle (lifting weights 3 times a week and playing competitive sports 3-4 times a week) to sitting squarely on my butt, unable to run or jump, or even fit my foot into a shoe. Since then, I'm back to lifting, and I'm starting to do Kung Fu again, but it's going to be a while before I'm playing sports competitively (certainly I don't want to risk being on crutches again until after the baby is born, as I have no intention of further incurring the wrath of my angry pregnant wife).

So, I got a little stir crazy going from lots of physical activity to no activity, which I expected. What I didn't expect was how much I missed the competition. I found myself playing more and more online games - I got much more serious about chess, but I really got into playing Battlegrounds in WoW. Something about playing team-oriented online games scratched the same itch that playing basketball did, which I really didn't expect.

The only difference is that as a 38-year-old white guy, there's a limit to how good I'm ever going to be at hoops, whereas in theory there's no reason I can't be the best Battlegrounds player on my server. Uh, except for the fact that as an adult(?) with a full-time job, wife, kid, dog, and all the trimmings, I can only play about 1/10th as much as the really hardcore players...

That ankle surgery is starting to sound better and better all the time.

can u give me sum gold?

I reluctantly started playing World of Warcraft during the closed beta test - I say reluctantly as my last experience with an MMO (Everquest) ended up hitting my life like an atom bomb, resulting in me meeting my wife (very good) but also not playing any other games for over a year (not so good). I also spent a disproportionate amount of time farming silk in the West Commons and sitting on my butt staring at my spellbook waiting for my mana to recharge, which in the end drove me to give up the game.

Anyhow, I played early in the closed beta, levelled up my Warlock to around lvl 30, then quit because at that point, they didn't really have much content available for players beyond that level. As a result, I didn't pick up the retail package until a few months after its release - what this meant was that I picked up the game again shortly before pretty much everyone I knew was hitting level 60 and burning out. Leaving my character (Cryptana) alone, and worst of all, guildless.

I've never really played an MMO long enough to really reap the benefits of being in a guild - in particular, it seems to come in handy when you need large groups of people to go off and raid some dungeon. At the low levels, it seems a guild is mostly useful for:

• Having someone to chat with while you play the game
• Keeping yourself from being spammed with "u wanna join my guild?" requests by everyone who sees you don't have a guild.
  

To make a long story short, my friends quit the game and their guild disbanded, and shortly thereafter got invited to a new guild, which I joined against my better judgement. Through the whole experience, I learned a couple of valuable lessons:

1. If someone you don't know comes up and invites you to a guild, they obviously don't care who is in the guild. It's not that they have been secretly observing you and have decided that you have The Right Stuff. It's that they have briefly observed that you have a pulse, and would therefore increase their guild membership by one, so Welcome Aboard, Cowboy! And so you're joining a guild consisting of people whose sole defining characteristic is their ability to click the "Accept Guild Invite" button. Which leads us to the second lesson:
   
2. There's a segment of the MMO population that doesn't really "play" the game, per se - for them, the game is more of an elaborate instant messaging system with highly customizable avatars and emotes. These players tend to be younger - in fact, I'd say my daughter falls pretty squarely in this demographic - and are the ones who can often be heard complaining about how bored they are, which makes no sense when you imagine somebody playing a game (why play a game that you find boring?) but makes perfect sense when you realize that from their point of view, they are just hanging out in IM, chatting.

Anyhow, most of these random guilds are filled with people in the "chatter" demographic, which makes guild chat feel like I'm eavesdropping on some 13-year-old's IM window:

Allakablam: Blah blah blah I LOVE PANDA EXPRESS LA LA LA!
Nooby: can sum1 give me sum gold?
Allakablam: I'm BORED!
Nooby: lets get mairreed - does any1 want 2 merry me?
Allakablam: Yes, I'm so bored. I'll marry you.
Nooby: i need 2 by a weding dress can u give me sum gold?
Cryptana: ...
Cryptana: Please kill me now.
Cryptana has left the guild.

Maybe things would be better if I played on a dedicated roleplaying server. But somehow I doubt it. I think gaming culture has changed (it's not just geeks anymore) and I just don't fit in.

Sigh.

OMG, I've been hax0red!

So, after 4 years of running my own mail/web server, I've finally been hacked. And, as is usually the case, the cause was my own stupidity rather than some exploit in the software.

I'm generally pretty good about keeping my server locked down - I have my DSL modem NATing for me, with a hardware firewall inside that, with only a few ports open (SMTP, HTTP). And then...I decided to start a blog. Ironically, my desire to be as secure as possible is what let the hackers in.

Blogger.com has a nice feature where they'll host your blog, but if you give them FTP credentials, they'll copy the HTML pages to your server so you can host it too. Being a security-minded fellow, I didn't like the thought of FTP credentials floating around in cleartext on the internet every time I published my blog, so I setup Blogger.com to use SFTP, which is encrypted (although since there's no authentication of the server key, it's theoretically vulnerable to a man-in-the-middle attack, at least during the initial key exchange).

SFTP runs over SSH, so allowing Blogger.com to use SFTP required me to open the SSH port on my firewall. Well, no big deal, I thought - I'll just make sure I've fully patched up my server against any known exploits, and so having the SSH port open won't matter.

What I'd forgotten was that I'd setup an alternate account on the server as a catch-all for incoming junk mail. And I'd picked a pretty obvious name for this account, and an obvious password. Which is not a big deal when the only access for this account was via POP3, but now...

The first sign of trouble was when I was checking one of my mail accounts, and Outlook gave me a credentials error on this junkmail account. I figured that was weird, so I tried to log in to the server with that account, and got the same problem.

Piecing it together after the fact from the system logs, the .bash_history on that account, and some files the hacker left in a difficult to access directory called "/tmp/.: ", it looks like someone started doing a good old-fashioned dictionary attack on my server a few days ago. They finally guessed the password of my junkmail account, and logged in. The first thing they did was identify the OS, then try to download an exploit, first from Lycos (no surprise there), then from a hospital in Thailand. As far as I can tell the exploit failed, so they finally downloaded a script from a hacked server at prohosting.com. This script ("yahoo.sh") was scanning ebay for email accounts, either for phishing purposes or more likely to send spam. And I don't think they were even able to run the script, because I don't have any of the necessary executables installed.

So I don't know for sure that they did anything to the machine, but to be safe, I'm rebuilding my server from scratch right now. Debian makes it pretty easy to bootstrap a machine (download a 150MB CD-ROM image, burn it to a CD, boot it, it auto-configures the machine to use DHCP then downloads whatever packages you want over the net) - the only painful thing is that I have to re-configure my mail and HTTP servers, which is going to take a while (I need my mail server to support multiple domains and to route undeliverable mail to my junkmail account, and that always takes time to get right). On the bright side, I get to clean house a bit on the server, which is nice.

I think that this time, I'll let Blogger.com use plaintext FTP - at least FTP is a less inviting target for hackers than an open SSH port.

I wonder why the hacker decided to change the password on my account? And I wonder how long it would've taken me to notice if he hadn't changed it? Have you checked your server logs lately?

Hi, I'm Druid, how may I help you today?

So my current job has me working on web-based, shared calendar/group management software. We've recently gotten some very favorable press, and are seeing increased usage and interest in our product. And, of course, with increased traffic comes inevitable growing pains.

Now, some of these pains are expected - we expect to have to buy new hardware as our traffic grows, etc. But one of the unexpected side-effects is the huge number of people with questions, problems, and suggestions for the site who are sending us feedback, and who logically expect us to read and respond to their queries.

To make a long story short, we decided to have a rotating on-call person to answer feedback from people. And, of course, Yours Truly got the first shift.

All told, it isn't that bad, dealing with the public. I tend to have a rather...brusque email style, but it's not hard to turn on "Obsequious Mode" when dealing with the public, and to be honest, I really do like our product and want to help people learn how to use it. But I'm ready to go back to writing code now.

Please?