The Good Red Road, a book by my father, has been updated. New in this update is the remaining English text of the book, as well as additional illustrations. Additionally, the text of the Spirit Testament has been added as an appendix, and the layout has been improved slightly. Please note that this is still an early draft, is missing many illustrations, and may contain omissions and other errors. I will post more updates as I progress. To all of you who have been waiting for this release, you will have to wait only a little while longer — this small collection should be finished in a few more weeks. The larger body of work, however, may take a few more months.
Since the process of getting the books of my father (Shupshe) online is taking a long time, I have decided to put another piece up for review. This time, the first third of The Good Red Road is now online. Note that many of the gikinoigun and masinaigun are missing from this, but the English text has been entered up to page 33 (of 90) in the original. Like I said, this is an early draft, and there will be some re-organizing and editing before the final release.
I have posted a draft Bode'wadmi language font that I'm working on. I need these characters for an upcoming book project, which will be published here (for free.) This font provides only one letter set, and isn't even complete &emdash; it only has characters that match existing Latin letters. All the characters are mapped to UPPERCASE letters, and there are no numbers included. Oh, and did I mention? This isn't even the most common Bode'wadmi character set. Like I said, this is just a draft, and may cause problems. No warranty expressed or implied, all rights reserved (for now), etc. Have fun!
I've hit three record stores in the last week, and picked up ten albums: Alison Moyet – Essex
Chumbawamba – Tubthumper
Kim Wilde – Close
Mr. Mister – Go On
Pet Shop Boys – Fundamental
The Clash – London Calling
The Velvet Underground – The Velvet Underground & Nico
Semisonic – Feeling Strangely Fine
Squeeze – Singles: 45's and Under
Wilson Phillips – Wilson Phillips
Basically, all over the map. ![":-)"]("http://www.mgzi.net/templates/default/img/emoticons/smile.png")
Also posted at: last.fm
Well, a "new" exploit has been found for a common model of ATM, and the biggest suprise is that it's not Diebold. An anonymous thief in Virginia Beach reprogrammed the machines to deliver four times the requested amount. eWeek reports that the master passwords to these machines can be discovered via a simple Google search.
Matasano Chargen asks, Why is no one talking about this? Well, everybody is, now. I'm still waiting for the day I drive up to an ATM and it displays a simple message:
1 pWnZ j000!!!!11
Then I'll know we're secure.
The long theorized Arctic polar route has opened up, thanks to our good friend — Global Warming. Now we can transport goods efficiently across the Arctic ocean, saving countless man-hours of shipping time. Now if only our ships could find a non-flooded port to dock in…
A recent article on SecurityFocus analyses the patterns in recent SSH login attacks.
Most of the results of this analysis were fairly unsuprising to anyone who runs a public-facing SSH server. root and various other system-level accounts are prime targets for attack, despite the fact that any competent sysadmin will have disabled remote logins for these accounts. I personally have seen repeated attacks looking for account names like lpd and harrypotter.
The analaysis of passwords used is also not suprising, with simple strings of numbers ("123456" or "11111") or letters ("password" or "admin") being common. I remember one NT system I was called to work on had a very weak password, "xxxxx". After one nasty break-in, I recommended changes, but was vetoed. Apparently, even a weak alphanumeric password would have been "too difficult" to remember. Thankfully, it wasn't my (or my employer's) system, but it was still quite disturbing.
Perhaps the most interesting news, if still mildly unsuprising, was the widespread use of IRC for remote control. IRC is often used for controlling compromised Windows systems, so it isn't a great logical leap. However, many sysadmins could easily block outgoing IRC requests at the firewall — a tactic that would make it much more difficult to use even an exploited system. Of course, that still doesn't truly mitigate the fact that your system has been compromised.
The sheer potential of these attacks is staggering, however:
Combined with an army of IRC bots, an attacker only needs 525 Zombies to scan the entire IP4 of today's public Internet in just one day. If you have a publicly accessible SSH server, you are very likely to be targeted by one of these attacks.
I find this assertion to be true. Not a single day goes by that one of my SSH servers hasn't received an attack from at least one source. I'm currently using DenyHosts to mitigate this problem, but the occasional attack still sneaks through. I'm just thankful that these guys attack invalid accounts.