Woohoo! Rafe Coleburn pointed to me!

He makes it sound like I was one of those involved in the recent hack related to the court case, but I wasn’t. This all happened a couple of years ago. And he is absolutely right that it is a good thing they didn’t panic — we’ve seen what happens when big organisations panic.

I did call up an old co-worker there after writing that up and he said that yes, they were off the net. Not a good thing with a big lease sale coming up.

I hacked DOI.net.

Now that a judge has banned the DOI from the ‘net because of how easy it was to attack them, I can reveal that I was an inside hacker at the DOI.

A little over-the-top, I know, and since everyone knows how easy hacking the DOI would have been it doesn’t really merit that kind of build up, but back when I worked at MMS as one of their UNIX sysadmins, I, being a foolish, consious person, decided to run a port-scan on the network. Now, being foolish, I didn’t discuss this with anyone — they would just tell me to stop. And, as further proof of my foolishness. I decided to scan the entire class B subnet that the DOI owned, not just the segments used by MMS. Finally, I put it in a cron job so that it would run every Tuesday.

Now, this is all looks pretty stupid in hindsight. Especially the cron job. But the reports I was getting back were facinating. For example, the story on what the investigators found reveals:

Certain Interior computers were also running web servers, file transfer programs, remote access servers and other technologies that could allow anonymous access by outsiders.

It was all these machines I was seeing. Hundreds running default IIS installations (from 2.x on). Printers with web interfaces, routers, switches — you name it, I saw it.

I was just curious, but even unrestrained curiosity can be dangerous. The people at Indian Affairs noticed problems with their mainframe and were finally able to track it down to my machine — to me.

They told me that the portscan crashed the mainframe’s TCP/IP stack (which indicates a fragile stack that needs to be patched, really) every time it ran. Not too surprising since I was using the default scan mode of nmap — hit thousands of ports in rapid succession — instead of any of the more stealthy methods. But how did they find me? Their logs showed attempts to access rlogin and rsh — two ports out of thousands.

Yes, I learned quite a few things from that episode, not the least of which was Don’t portscan using nmap’s default settings.

More from Rafe Colburn’s blog: ‘New’ U.S. War: Commandos, Airstrikes and Allies on the Ground

I’ve argued before that if we were going to fight in Afghanistan, we should have put our own troops on the ground. I thought that the “Bomb from the air, use the Northern Alliance on the Ground” was a bad strategy for achieving our ultimate goal — capturing bin Laden — and that it gave the Northern Alliance too much say in the post-war government. From what I’ve read, the Northern Alliance is, at best, marginally better than the Taliban.

So, it was with some interest that I read this piece in the New York Times about this style of fighting. They talk about the good points and the bad points of this style of fighting, but this sentence caught my eye:

But the American strategy also had a decided drawback: the decision to let proxy forces bear the brunt of the ground fighting may have allowed many Al Qaeda and Taliban leaders, and possibly Osama bin Laden himself, to escape.

In my mind, this calls the whole operation into question. Why were we there in the first place? To capture bin Laden, if I recall correctly. The Taliban refused to hand him over, so we had to go in with some force to get him.

While we succeeded in taking the Taliban from power, we evidently won’t be able to bring any of the leaders of the Taliban to justice. Though we did succeed in hitting a couple high-level people in the Taliban with our bombs, the head seems to have escaped.

But, I assumed this was just a side-show on the way to get bin Laden. At least, that was what ostensibly provoked this whole action, right? To me, the end result of this war seems to be helping the Northern Alliance

bin Laden’s apparent escape (for now) only serves to reinforce my pacifist leaning tendencies. Some will say that even if all we did was depose the Taliban, that is a good thing. To me, though, this looks like a diversion — we went for bin Laden, not the Taliban. The Taliban, terrible as they were with their barbaric torture, wasn’t the government that slammed those airliners into U.S. buildings.

Yes, I’m glad that the Taliban won’t be able to torture people any more. But how do we know that the new government in Afghanistan is going to be better? Is the U.S. going to actively support U.N. involvement there to ensure humane conditions for everyone?

My paranoia says it is in the government’s interest for bin Laden to remain free — they need a bogey man to fight, to ensure patriotism, etc. There hasn’t been much worth fighting for since the end of the Cold War, so now we’ll all have a rallying cry.

But I only think that in my more paranoid moments…

In an entry about the way government works in the U.S., Rafe Colburn says:

In a way, this should reassure us, I think. Regardless of whether George Bush or Al Gore won the election back in November, things were going to continue basically as before. In another way, it should scare the Hell out of us. We vote for this person or that one, and the bottom line is that a bunch of people we don’t elect determine how the government really affects our lives.

This is exactly why I don’t vote. Too much inertia. I care, but I don’t vote. Unfortunatly, I’m also lazy so I don’t vote in local elections, either.

Perhaps if I could care more about the national elections I would vote on the local level. I guess, though, that what really strikes me is the people who live outside of the local area but commute in (and thus can’t vote) and the way they complain about local politics. Their local politics are mostly dull (read: reassuringly so), but they are also largly irrelevent because what happens in the city has a bigger effect on them than their local politics.

After a practically balmy December, January has come with freezing temperatures.

Some of my (from north of Lake Ponchartrain — 50 miles of bridge on their commute every day) co-workers are complaining about waking up to ice on their trucks and such.

Meanwhile, in New Orleans proper, we are suffering from temperatures that hover around freezing — perhaps a little frost on the ground. I wore my duck boots — freezing water on the feet isn’t good — put on a nice warm coat and biked to work.

The ride taught me that I should have worn the long-underwear that Alexis gave me for Christmas and that I need full-finger gloves for riding when it gets this cold. Other than those minor irritations, the bike ride was quite nice and really helped me wake up..

David McCuster has an excellent story about death:

Finally they all have the planned drinks. A drink for Miriam.

Which reminds me that this past Sunday I talked briefly with a guy at church who is about 75. A WWII vet. He is slowly recuperating from some surgery and speaks like he has a throat condition.

I asked him how it was going and without a hint of sadness, he said “I’m just waiting for the Lord.”

It has been adequately shown (by Microsoft’s success) that most business software buyers don’t want choice. They want just one significant vendor, and they will pay more and accept less in order to achieve that freedom from choice.

Microsoft Invades New Turf

This is so true! It is why the Macintosh is such a small player and why Linux hasn’t gained more share. It is why Novell is almost non-existant.

Dave is so full of it when he says “ Email is getting more and more useless. Soon it will be time for the next thing after email.”

(And he’s wrong about opening mail when he can see the extention… Several trojans diguise themselves as .TXT files.)

Email is the “killer app” of the Internet. Just guessing, but I would imagine that it is the reason 90% of people use the Internet. It is more private and personal than setting up a webpage and if what you want to keep in touch with your family on the Internet, there is no better way.

I guess he thinks that email is useless because of the spam and viruses. There are ways to fight Spam (Black Hole Lists, for example), and viruses are not endemic to email — they are more the problem of Outlook. Now, it would be unfortunate if Outlook’s problems caused people to stop using email, but I don’t see that happening either.

I think that I’ll learn Lisp instead of Java:

Perl is an inspiring example of brevity. Larry Wall broke all the rules, and in the process discovered some good ideas. Perl may be a kludge, but it makes your programs short, and you have to respect that.

(From “Arc at 3 weeks“)