B12 Solipsism

Spreading confusion over the internet since 1994

Sus Saves was uploaded to Flickr

South Loop

embiggen by clicking
http://flic.kr/p/r8tmKB

I took Sus Saves on June 23, 2011 at 08:00PM

and processed it in my digital darkroom on February 10, 2015 at 05:14PM

Written by eggplant

February 10th, 2015 at 2:07 pm

PHP Script Hack Infected All Of my WordPress Blogs

 Computer Repair LED

Server Repair. 

Yesterday, I logged on to my WordPress Dashboard to see if any upgrades were available. I usually log on a few times a week, depending upon how actively I’ve blogged, or if I know of a WordPress upgrade. Once I logged on, I got an odd message that my plugins didn’t load because something was wrong with their headers. I clicked the Plugins menu to see what was going on, and instead, there was a message saying “You do not appear to have any plugins available at this time.” 

 Whu? WTF?!?!

Earlier in the week, the same thing had happened to my photo blog – plugins suddenly were non-functional. I was in the middle of a work-related crisis, so asked my cousin, the WordPress expert who actually constructed the photo blog, to look into it. He found malware, restored the photo blog to an earlier version with a backup, and it seemed ok. Since I was still sweating out the work-related crises, I didn’t look deeper. The photo blog seemed to work ok.

But now my blog was doing the same thing, and I had some time to investigate. I logged in to my site via FTP, and looked in the plugins folder. Several plugins were there. I opened one plugin directory, and one PHP file1 at random: the first line was a long string of code, obviously some sort of malware. Ru-oh! I renamed the plugins folder, which rendered it unusable by WordPress, created a new folder called plugins, and quickly installed a fresh copy of Akismet, a spam comment blocker. In the 15 minutes or so it took from when I first encountered an error until when I reinstalled Akismet, I received 59 spam comments! Yeesh. 

I looked at the various WordPress PHP files, bits of code that make the blog do what it does, every single one had the same piece of malware inserted in the first line. I reinstalled WordPress, which creates fresh copies of the majority of PHP files in wp-admin; in wp-includes and in the default WordPress directory. However, some files were not replaced, I had to open them manually and strip out the malware. Reinstalling WordPress does not touch anything in wp-content – themes, plugins, etc. I did not have backup copies of my Solipsism theme for some reason, so I had to clean several files here manually. Initially I mucked this procedure up by stripping out some good code as well, but eventually I figured out what was missing.2

I took a deeper look at my photo blog, and though the plugins were clean, and the theme files were clean, all other PHP files were corrupted. Again, I reinstalled a fresh copy of WordPress 4.1, and manually cleaned the remaining files (wp-config.php; wp-pass.php, wp-feed.php and so on).

You Do Not Have Any Plugins Available
You Do Not Have Any Plugins Available.PNG

I host a couple of subdomains3 which are static paged WordPress installations, both of these directories were full of the malware code. In fact, in the process of cleaning up, I discovered what the malware did. On both of these subdomains, there was a plugin directory called, innocuously enough, docs. I didn’t install this plugin, so I was curious what it did. I looked inside its directory, and found a directory called “cache”. In here were nearly 500 files with names like “29fb82abf5c8a42d970f94eed9d69ebf.dat”, and an XML file that indexed these pages using the subdomain’s URL. I opened one of these files with a text editor4 – it was a HTML-type page with the title of “Resume Writing Lookout Heights Kentucky KY 24/7 – Best Resume Writing Services”. The others were similar: “Cv Services Darwin  * Best Resume Writing Services 2014 – Jake Bradshaw”; “Payday Loans Near Augusta Ga ! <  24/7 Online Payday Loans”; etc. 

The HTML was horribly mangled, I would be surprised if it did anything, but maybe it would be enough if Google indexed a link pointing to some schmoe who paid a consultant for Search Engine Optimization. But maybe not. 

For instance, a portion of that particular spam page opened in a web browser looks exactly like this:

Create alert Self experiencing problems with problem with your consult an experienced for example, an e-mail, which is suitable day work. Diamond Call Ross on employer should protect a union, they but it would. Kentucky Diamond View all Altisource Vacations Worldwide jobs jobs Learn more about working at Altisource You can below, together with spending 2-6 hours a day at home This work can be done Colleges Equal Opportunity Williamsburg, Virginia – be at least High School diploma. Diamond

Whatever. I deleted these as soon as I could, shaking my fist at the evil spammer.

I found a few PHP files in my root level directory, I deleted these or cleaned them as needed.

I had tried to install a Drupal blog a while ago, before abandoning it as a futile, frustrating endeavor, but the files were still residing on my server, and all its PHP files were compromised. 

I put in a tech-support request to Pair.com, my web-host, asking them to double check if any PHP files remained that were corrupted, I haven’t yet heard back from them. But I think I cleaned up all the malware, all it took was eight hours of work on a Saturday night…

Today I’m planning on looking deeper into the MYSQL databases, and see if there are any unknown users or other oddnesses, and maybe change all my passwords. I’m not sure how the evil spammers were able to insert the malicious code, but I don’t want to have to go through all this again. Oh, and make backups! and backups of the backups!

Footnotes:
  1. PHP is a server-side scripting language []
  2. I think the blog is back to normal, if you see anything odd, please let me know. []
  3. clients’ web pages []
  4. I use TextWrangler since it is free. I should buy BBEdit, but I never get around to budgeting for it []

Written by Seth Anderson

February 8th, 2015 at 1:54 pm

Posted in blog

Tagged with , , ,

Dental receptionist allegedly at the center of a massive identity theft scam

Teeth
Teeth…

Speaking of health care practitioners who cannot manage to protect personal data, there is another reason to be skeptical when your dentist wants copies of your drivers license and so on…

The New York District Attorney’s Office says that a massive identity theft ring stems from a Manhattan dental receptionist who stole customers’ personal information.

Four people, including 27-year-old Annie Vuong, the alleged receptionist, now stand accused of 394 charges relating to theft of $700,000. All four say they’re not guilty.

The scheme centers around the fact that it’s actually quite easy, if you have enough of a person’s information, to create an Apple account, and with one of those, it only takes about 30 seconds to get approved for a program to buy an Apple-themed Barclays Visa card. With one of those, customers can instantly turn right back around and buy Apple gift cards, which can be redeemed in Apple’s physical stores.

(click here to continue reading Dental receptionist allegedly at the center of a massive identity theft scam.)

Written by Seth Anderson

February 7th, 2015 at 3:44 pm

Posted in News-esque

Tagged with , ,

Your Data Is Not Safe at Anthem Nor At Other Healthcare Corporations

Classless Society

The next decade is going to be a continual escalation of these sorts of crimes. Many sectors of corporations have skimped on beefing up their security practices, making data theft easier for criminals to steal consumer data.

patient medical records typically include information not easily destroyed, including date of birth, Social Security numbers and even physical characteristics that make them more useful for things like identity theft, creation of visas or insurance fraud by falsely billing for expensive medical or dental procedures that were either never done or performed on someone else. Some criminals have also tried a form of so-called ransom ware in which they threaten to reveal medical information unless they are paid.

“The whole thing is evolving,” said Barbara Filkins, an analyst with the SANS Institute, which has studied the risk to the health care sector.

Hospital systems, for example, are increasingly asking for photo IDs and driver’s licenses in an effort to block patients who have stolen someone else’s medical identity, said John Barlament, a lawyer at Quarles & Brady in Milwaukee. The use of medical identity fraud is growing, he said. “It’s a one-way trend here,” he said.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)

Site of the Doctors' Commons
Site of the Doctors’ Commons

From my perspective, I hate when health care providers make copies of my drivers license and write down my social security number and so on. Why? Because I don’t trust that they will keep my data safe. Especially as there is a push to digitize health records, health practitioners need to have stronger data management and destruction policies. Should a dentist I visited once several years ago be able to keep all my information for ever? I guess I need to get a fake ID for these sorts of situations.

The push to digitize patient health records in hospitals and doctors’ offices has also made medical records increasingly vulnerable, according to security experts. Moving medical records from paper to electronic form allows both patients and providers better access, but it has also made patient records susceptible to breaches, whether unintentionally or through a criminal attack.

About 90 percent of health care organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm. The founder, Larry Ponemon, a security expert, says most were because of employee negligence or system flaws, but a growing number are malicious or criminal.

Last year, 18 health care providers reported data breaches because of some form of hacking. Information at Centura Health was compromised last year after a phishing scheme obtained access to employee email accounts. The data included, in some instances, Social Security numbers, Medicare beneficiary numbers and clinical information for 12,000 patients of the facility, based in Englewood, Colo. In another case, a keystroke logger virus that infected three computers for a few weeks early last year at the student health center at the University of California, Irvine, may have captured patient’s health and dental insurance numbers and diagnoses.

Health care providers have sharply increased their spending on data security in the last year, but they remain technologically far behind other industries, say experts.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)

Written by Seth Anderson

February 7th, 2015 at 12:35 pm

Posted in Business,health

Tagged with , , , ,

Bob Dylan Hates Purple Throated Vocalists As Much As I Do

Trio of musicians
Trio of musicians

Long time readers of this humble blog might remember a discussion or two about singers who over-sing. Artists like Whitney “permanent orgasm” Houston, for instance, who constantly ululate over and around the melody until it makes your ears bleed. There’s probably a better way to describe this style of singing, but I call it purple throated, in homage to the phrase “purple prose”.1

Bob Dylan is many things, but one of my favorite aspects of his persona is his love for music, and his propensity to speak the unvarnished truths about musicians.

Such as in his speech at the MusiCares Person of the Year event yesterday:

Dylan was gracious enough not to identify by name the singer who was the recipient of his sharpest barbs. But he seemed to be referencing Ambrosius, who has had several R&B hits, most notably 2010’s Far Away, sang the national anthem at a 2012 Floyd Mayweather-Manny Cotto fight.

“Critics say I mangle my melodies, render my songs unrecognizable,” he said. “Let me tell you something: I was at a boxing match a few years ago, seeing Floyd Mayweather fight a Puerto Rican guy. And the Puerto Rican national anthem, somebody sang it. And it was beautiful, it was heartfelt, it was moving. After that, it was time for our national anthem, and a very popular soul-singing sister was chosen to sing it. She sang every note. That exists. And some that don’t exist. Talk about mangling a melody. Take a one-syllable word and make it last for 15 minutes.  To me, it was not funny. Mangling lyrics, mangling a melody, mangling a treasured song. No, I get the blame.”

(click here to continue reading Dylan disses Merle Haggard, others, in MusiCares speech.)

If you want to torture your ears, here is the YouTube of that rendition of the US National Anthem, available at the moment.

Dylan also discusses another my favorite songs, Sunday Morning Coming Down. I’m partial to the Kris Kristofferson version, but the Johnny Cash cover is pretty spot-on too.

Dylan recalled reading an interview with Tom T. Hall, the country singer and songwriter noted for story songs like Harper Valley PTA and (Old Dogs, Children And) Watermelon Wine, during a Nashville recording stint many years ago. In the interview, Dylan said, “He was (complaining) about some kind of new song coming in. And he couldn’t understand what these new kinds of songs were that were coming in or what they were about.”

“Now, Tom, he was one of the most pre-eminent songwriters at the time in Nashville. A lot of people were recording his songs, including himself. But he was on a fuss about James Taylor and a song James had called Country Road. Tom was going all off in this interview: ‘Well, James don’t sing nothing about a country road; he just says that he can feel that ole country road. I don’t understand that.”

“Now some might say Tom was a great songwriter, and I’m not going to doubt that. At the time, during his interview, I was actually listening to a song of his on the radio in the recording studio. It was called I Love. And it was talking about all the things he loves. An everyman song. Trying to connect with people. Trying to make you think he’s just like you and you’re just like him. We all love the same things. We’re all in this together.”

“Tom loves little baby ducks. Slow-moving trains and rain. He loves big pickup trucks and little country streams. Sleep without dreams. Bourbon in a glass. Coffee in a cup. Tomatoes on a vine and onions.”

“Now listen, I’m not every going to disparage another songwriter. I’m not gonna do that. I’m not saying that’s a bad song, I’m just saying it might be a little over-cooked.”

Dylan said that Hall and a few other writers had the Nashville scene “sewn up” — until Kris Kristofferson came along and started writing songs like Sunday Morning Comes Down, which Johnny Cash turned into a No. 1 single.

“That one song blew Tom T. Hall’s world apart,” Dylan said. “It might have sent him to the crazy house. God forbid he ever heard one of my songs.”

“If Sunday Morning Coming Down rattled Tom’s cage and sent him into the looney bin, my songs surely would have made him blow his brains out.”

(click here to continue reading Dylan disses Merle Haggard, others, in MusiCares speech.)

Bob Dylan - Shadows In The Night
Bob Dylan – Shadows In The Night

By the way, Bob Dylan’s latest album, Shadows in The Night, is actually pretty good, in a melancholy sort of way. Very down-beat, but in a quiet mood, I like it. I’m guessing I might not have appreciated it as much when I was 17, insistent that every song I heard be guitar-driven, but now that I’ve expanded my musical palette a bit, I can appreciate songs by Frank Sinatra, Irving Berlin, Rodgers and Hammerstein, et al.  Also, Dylan’s voice sounds much better than it did on that lame Christmas album2 released a few years ago.

Footnotes:
  1. In literary criticism, purple prose is prose text that is so extravagant, ornate, or flowery as to break the flow and draw excessive attention to itself. []
  2. Christmas In The Heart []

Written by Seth Anderson

February 7th, 2015 at 11:51 am

Posted in Arts,Music,Suggestions

Tagged with

super Snow Day was uploaded to Flickr

snow still falling steadily

embiggen by clicking
http://flic.kr/p/q59F9n

I took super Snow Day on February 01, 2015 at 10:19AM

and processed it in my digital darkroom on February 01, 2015 at 04:23PM

Written by eggplant

February 1st, 2015 at 10:54 am

Dirty Wurds 45 – Caped Crusader Records was uploaded to Flickr

Chicago Garage Rock

embiggen by clicking
http://flic.kr/p/q3wA91

I took Dirty Wurds 45 – Caped Crusader Records on January 30, 2015 at 10:51AM

and processed it in my digital darkroom on January 30, 2015 at 04:51PM

Written by eggplant

January 30th, 2015 at 11:39 am

Dirty Wurds – 45 – Not This One / Mellow Down Easy was uploaded to Flickr

Chicago Garage Rock

embiggen by clicking
http://flic.kr/p/qH5pDr

I took Dirty Wurds – 45 – Not This One / Mellow Down Easy on January 30, 2015 at 10:49AM

and processed it in my digital darkroom on January 30, 2015 at 04:50PM

Written by eggplant

January 30th, 2015 at 11:38 am

Nothing Has Changed Except was uploaded to Flickr

rain, West Loop

embiggen by clicking
http://flic.kr/p/qY62us

I took Nothing Has Changed Except on December 22, 2014 at 03:24PM

and processed it in my digital darkroom on January 28, 2015 at 02:10PM

Written by eggplant

January 28th, 2015 at 9:43 am

Apple Response To National Center for Public Policy Research Re Climate Change

Apple Store with Tree
Apple Store with Tree

From Apple, Inc.’s 2015 Proxy Statement is this proposal from conservative think tank, The National Center for Public Policy Research. We’re quoting the proposal, and Apple’s response to it (which boils down to a long-winded no, are you crazy?, for many reasons). This think tank exists mostly for the task of “dispelling the myths of global warming by exposing flawed economic, scientific, and risk analysis”, and to publicly scold corporations that drop support for ALEC, so you can imagine why they are pressuring Apple. For the lolz, of course. And to support their corporate masters…

On page 62 of the Proxy Statement:

Proposal No. 5 – Shareholder Proposal The Company has been advised that The National Center for Public Policy Research, 501 Capitol Court, N.E., Suite 200, Washington, D.C 20002 (the “NCPPR”), which has indicated it is a beneficial owner of at least $2,000 in market value of the Company’s common stock, intends to submit the following proposal at the Annual Meeting: Risk Report

and the proposal:

WHEREAS, The Securities and Exchange Commission has recognized that climate change regulations, policy and legislation pose a business risk to companies. One risk is that federal, state and/or local government policies, adopted in whole or in part due to climate change concerns, that subsidize renewable energy and upon which company business plans rely may be repealed or altered. These changes in policy may be significant, and may come with little advance notice to the company.

RESOLVED: Shareholders request that the Board of Directors authorize the preparation of a report, to be issued by December 2015, at a reasonable cost and excluding proprietary information, disclosing the risk to the company posed by possible changes in federal, state or local government policies in the United States relating to climate change and/or renewable energy.

concluding with

Apple Inc. has made renewable energy a priority. The Wall Street Journal reported on September 17, 2013, “Apple Inc. now gets 16% of its electricity from solar panels and fuel cells that run on biogas.” One state in which Apple has significant renewable energy investments is North Carolina, which may soon repeal its law providing advantages for renewable energy production, following a report by two think-tanks concluding that this law will cost state consumers $1.845 billion between 2008 and 2021. Subsidies and policies favorable to renewable energy also are being challenged in other states and also at the federal level, where renewal of the approximately $12 billion wind production tax credit (PTC) is challenged annually and in the past has only been renewed at the very last minute, following closed-door negotiations by lawmakers. The PTC’s future is impossible to predict. 

Apple Logos
Apple Logos

Apple’s response:

The Company’s Statement in Opposition to Proposal No. 5 The Board recommends a vote AGAINST Proposal No. 5. This proposal would result in the production of a narrowly focused report that would yield an incomplete and therefore inaccurate analysis of the Company’s exposure to risks associated with changes in government policies with respect to climate change and renewable energy. In effect, the proponent is asking the Company to spend valuable time and limited resources analyzing hypothetical changes in U.S. federal, state or local governmental policies. The Company has already presented an analysis of the risks and opportunities associated with climate change on its website at www.apple.com/environment/climate- change and in its public filings with the SEC, as well as in a shareholder-requested and industry- recognized reporting tool, the CDP questionnaire.

and continues:

The additional report would therefore provide little to no additional value. As explained on its website, the Company believes climate change caused by emissions from burning fossil fuels is a real problem, and has committed to reducing the Company’s carbon footprint.

The Company also provides detailed information on its renewable energy and sustainability efforts in its annual Environmental Responsibility Report, available online at www.apple.com/environment/reports.
In 2014, the Company also provided detailed responses to the CDP questionnaire. Those responses, requested by shareholders, outline the Company’s views on the risks and opportunities of dealing with climate change. The report requested by the proponent would focus on one domestic aspect of climate change potential risk.

This approach distorts the global realities of climate change risk for the Company and its shareholders. The Company continually evaluates its reliance on both traditional and alternative energy sources and regularly makes decisions to mitigate the Company’s exposure to potential price increases, supply shortages and changes to federal, state and local government policies related to the environment. The Company’s public filings and reports already provide substantial disclosure regarding the Company’s approach to renewable energy and sustainability.

For example, with respect to regulatory risks, the Annual Report included a risk factor entitled “The Company is subject to laws and regulations worldwide, changes to which could increase the Company’s costs and individually or in the aggregate adversely affect the Company’s business.” This risk factor specifically addresses potential changes in laws and regulations, which could “make the Company’s products and services less attractive to the Company’s customers, delay the introduction of new products in one or more regions, or cause the Company to change or limit its business practices.”

The report requested by the proposal would not, in substance, provide any more meaningful detail than the Company’s existing disclosures nor would it justify the use of significant resources associated with preparing such a report. The Company believes that the fulsome disclosure already publicly available in the Company’s public filings and on the Company’s website are more than adequate to address the underlying issues outlined in the proposal. The Company also believes that producing the report requested by the proposal would not be an efficient use of Company resources nor an effective way to protect shareholder value.

Let’s hope this proposal fails. I voted against it1

Footnotes:
  1. I once bought 11 shares of Apple with some extra money I made, I only regret I didn’t purchase more, especially as these shares have risen dramatically in value, and then split seven-for-one in 2013. If I had bought more Apple shares when they were $85 instead of paying health insurance, for instance, maybe I could have some money in the bank… []

Written by Seth Anderson

January 28th, 2015 at 9:26 am

Regulatory Reform As A Cover for Corporations to Skirt Laws

Will Obama have to resort to veto pen finally, now that Harry Reid is no longer blocking ridiculous GOP bills from getting passed? I guess we’ll soon see. And the real test will be on the non-sexy things, like regulatory reform.

Please  Vote 

Obama Has Only Vetoed 2 Bills. That’s About to Change—Thanks to Democrats | Mother Jones: “Regulatory reform: By far the least sexy of the topics that might be forced on Obama, changes to how the government writes its rules could pose the biggest trouble for the president. Unlike finance, environmental rules, or health care reform, it’s an obscure topic unlikely to garner an outpouring of public outcry. These are changes portrayed as making government more sensible and business-friendly, always a favorite image to project by moderate Democrats who still cling to Bill Clinton’s mantra of deconstructing Big Government, yet they could stymie efforts to write rules for those specific policy areas.

Changes to how the government writes rules ‘seem both kind of technical and innocent, because they talk about things like cost-benefit analysis, or increasing judicial review, or more economic requirements to help small business’ says Lisa Gilbert, director of Public Citizen’s Congress Watch. ‘Things that don’t sound threatening and maybe even ease tensions with constituents who don’t really like the idea of red tape and have this idea that if we change it at the federal level lots would be easier at home.’ But in essence, these rules just offer cover for big business to delay the laws that they don’t want to comply with—continuing to set their own rules and skating by for years after the public thinks they’ve already been kept in check.

Last week, the House passed the Regulatory Accountability Act, a bill that would force all agencies to conduct a cost-benefit analysis for each rule. This process tends to favor business interests over consumers. The bill would also make it easier for judges to toss aside rules and force agencies to hold lengthy public hearings for each rule they consider. Past iterations of this bill have received support from Senate moderates like Florida’s Bill Nelson, Maine’s King, and West Virginia’s Manchin.

That group of 10 to 15 Democrats willing to break from the rest of the party aren’t hiding their plans. ‘If Republicans want a minimum of six or more Democrats to work with them,’ Manchin said earlier this month, ‘and they’re sincere about policy and good policy moving forward, they’re definitely going to reach out, and I’ve reached out to them.'”

(Via http://www.motherjones.com/politics/2015/01/barack-obama-veto-moderate-senate-democrats)

Written by Seth Anderson

January 20th, 2015 at 10:43 am

Posted in Business,politics

Tagged with , ,

Pip is practicing his Ukulele chords was uploaded to Flickr

Only knows three chords so far

embiggen by clicking
http://flic.kr/p/qzwvM5

I took Pip is practicing his Ukulele chords on January 19, 2015 at 12:18PM

and processed it in my digital darkroom on January 19, 2015 at 06:20PM

Written by eggplant

January 19th, 2015 at 10:50 pm

Picking the Ukulele was uploaded to Flickr

well, smelling anyway

embiggen by clicking
http://flic.kr/p/qS1Bfu

I took Picking the Ukulele on January 19, 2015 at 12:18PM

and processed it in my digital darkroom on January 19, 2015 at 06:25PM

Written by eggplant

January 19th, 2015 at 10:49 pm

Picking the Ukulele was uploaded to Flickr

well, smelling anyway

embiggen by clicking
http://flic.kr/p/qS1Bfu

I took Picking the Ukulele on January 19, 2015 at 12:18PM

and processed it in my digital darkroom on January 19, 2015 at 06:25PM

Written by eggplant

January 19th, 2015 at 1:08 pm

Pip is practicing his Ukulele chords was uploaded to Flickr

Only knows three chords so far

embiggen by clicking
http://flic.kr/p/qzwvM5

I took Pip is practicing his Ukulele chords on January 19, 2015 at 12:18PM

and processed it in my digital darkroom on January 19, 2015 at 06:20PM

Written by eggplant

January 19th, 2015 at 12:38 pm