Jason Cosper

Blog

  • Getting Thematic

    As I posted to Twitter earlier, I’ve decided to join the fray and shrug off new year’s resolutions by instead adopting a theme word for 2009.  My choice was:

    follow-through

    Why?  Well, to be honest, when it comes to follow-through, I’ve historically been sort of selective.  Get me working on something that I’m passionate about and I’ll concentrate on it almost purely.  But other things fall by the wayside while my OCD kicks in — and that’s a problem.

    I’ve become lethargic, unhealthy and chained to my desk.

    I’m letting relationships and friendships fall by the wayside while I concentrate on building a legacy.

    There are places that I wanted to see and things that I have wanted to do long before I managed to get this old.

    I’ve got laundry that is in dire need of attention.

    So with another step into my thirties a mere month away, I find myself at an interesting crossroads.  I can either stay on my present course or temper myself and make sweeping changes in the way that I do things.  But resolving to change one’s ways is always a slippery slope.  Old habits do die hard, after all.  This is where the idea of a theme word comes in tho.

    By choosing something as simple as “follow-through”, I can allow myself to see the things that need doing thru the year and work at them.  Hopefully, using that hyphenated mission statement as a mantra, it’ll keep me on task enough to make this year better than any previous one.

    So, what’s your theme word?

  • The Return of Eraserhead

    It might be a time for a trim when, after the company holiday party, your boss wanders into your office and says:

    Jason, it’s great to see you upright with your head on straight.  [long pause]  Your hair still must be drunk tho…

    Oh hat head, I hate you so.

  • WordPress, remv.php and You

    While hacked sites happen, the hacks are fairly benign.  Normally, folks with hacked sites see a few spam links at the bottom of their pages.  That sort of thing can normally be cleaned up with an upgrade.  When I have to deal with them, it also involves a rap on the knuckles and a lecture on the importance of staying on top of upgrades.

    I’ve never seen a hack crop up with the tenacity of “remv.php” tho.  Seriously, it’s kind of scary.

    I haven’t really had time to go over what all the “remv.php” script does, but I do know that it can be harnessed to send out DDoS (Distributed Denial of Service) attacks to unsuspecting sites.  How do I know this?  Well, about an hour after tossing in “They Live“, I hear Kitchen typing furiously and ask him what’s going on.

    There’s a site’s getting DDoS’ed — but the attack is coming from predominately from our own servers.

    Shit.  Was it a nasty 0-day worm?  Not so much.  Just a bunch of zombie blogs banging away at this poor bastard’s site.  And what did all those blogs have in common?  “remv.php” was hanging out in their “wp-content/themes” directory.

    So in the interest of spreading the word, I’ve got a quick and dirty guide to dealing with sites infected with this nasty little script.

    1. Check to see if your WordPress install has “remv.php” in its “wp-content/themes” directory.  This can be accomplished by adding “wp-content/themes/remv.php” to the end of your blog’s URL.  If you see “Access Denied – your host is not allowed to access this page.”, congratulations — you’re part of the problem.
    2. If you come up as clear on the previous step, you can always double check by FTP’ing into your server and navigating your directories manually.  The file always seems to show up at “wp-content/themes/remv.php”.  If it’s not there, you’re probably safe — but you should upgrade your WordPress install if it’s not the latest and greatest in order to defend yourself fully.
    3. Should you see the file after going over either of the first two steps, go delete “remv.php” while FTP’ed into your server.  Keep the client open tho.  You’re not done.
    4. Upgrade your WordPress install.  At the time of this post, the latest stable version is 2.7 and can be acquired directly from WordPress.org.  That’s sure to change as the years roll on tho, so just try to upgrade to whatever the site lists as “stable”.
    5. Go to your host and change the MySQL password that coincides with your WordPress database.  If you don’t know how to do this, contact the support staff of your host and have them walk you thru it.
    6. Modify the line in your “wp-config.php” file that reads:
      define('DB_PASSWORD', 'myoldpassword');
      There, replace “myoldpassword” with the new MySQL password.
    7. Log in to your WordPress admin area and visit “Users > Authors & Users” (that’s what it’s called in version 2.7).  From there, you can edit your users and set new passwords for all of them.  That’s right all of them. No slacking here!  If you stay on top of updates, this shouldn’t happen again.
    8. Go back to your FTP client (from step 3) and rename “wp-content/plugins” to something like “wp-content/plugins.bak”. Why you’re doing this should become apparent in the next step.
    9. While still in your WP admin interface, visit “Plugins > Installed” (again, this is the name for it in 2.7).  It’ll complain that it can’t find your plugins (because you renamed the directory) and deactivate them for you.  Once it’s deactivated them, use your FTP client to name the directory back to “wp-content/plugins” , refresh “Plugins > Installed” and upgrade all out-of-date plugins before re-activating them.
    10. You’re done!  Well, so long as you have only one infected WordPress blog.  If you’ve got more of them, then repeat these steps until everything is happy once again.

    If it seems like a lot of crap to go thru, just remember that this wouldn’t be an issue if you kept on top of security patches and made sure your plugins were up to date.  If you really want to avoid doing this again, subscribe to the WordPress Development Blog‘s feed and check it religiously.

    If you have any more info on “remv.php”, let me know in the comments and I’ll do what I can to keep this entry up to date.

    Update: It looks like “remv.php” is phpRemoteView.  Apparently, it’s pretty popular with the script kiddies, but it’s not the actual exploit that’s being used.  Still, it’s a bad thing that needs to be removed if you find it in your WordPress install.  If you’re interested in getting the gist of what the script is capable of, check out this page translation.

  • Going Feral

    While reading Jori Finkel’s piece in the New York Times on Machine Project’s LACMA invasion, I was struck by something that Margaret Wertheim said:

    I don’t know of any city other than L.A. with so many feral groups.

    Now while she was referring to the Los Angeles art scene, this sort of applies to the tech scene here as well. There are plenty of folks trying to make this city relevant when it comes to tech. A streamlined, less paunchy version of Silicon Valley that does yoga and drinks wheatgrass. And that’s fine. They can keep doing that. But to lift a quote from Chuck Palahniuk’s Fight Club, “Sticking feathers up your butt does not make you a chicken.”

    I’m not really talking about them tho. Honestly, the most interesting shit that is going on in this sprawl is on the fringe. Groups like Dorkbot SoCal & Betalevel and meetings like Mindshare are where people are doing the really sexy, fun, creative stuff. Well, the stuff that’s worth paying attention to at least.

    Seeing as how I’ve helped foster it along, why would I exclude BarCampLA from that tiny (and rather incomplete) list above? Well, first of all, my ego isn’t that big.

    Most importantly tho, it isn’t one of those feral members of the fringe anymore. Sure, it may have been a bit of a wild dog in the past, but as time goes on, it has become domesticated. With well over 300 people wandering in and out over two days and the schedule slowly seeing product pitches, SEO talks and social media chatter dominating the landscape, it’s sort of losing some of its original charm.

    Think I’m crazy for saying that? Consider BazCampLA. A “mad science only” event, their plan is to get together about two weeks before the next BarCampLA to make sure their technical talks are well tuned and ready for the big show. From the chatter that I’ve seen, they’re sort of worried that this will be seen as a condemnation of BarCampLA. A middle finger to its participants and the Los Angeles tech scene as a whole. But totally I get what they’re trying to do — and I admire their goals.

    Frankly, I hope the BazCampers either take the schedule at the next BarCamp over by force or they end up building a framework for a better event. Like one that would make BCLA obsolete and allow me to take a vacation. Lord knows that I could use the rest… ;)

  • Nice Day For A Vote

    Last night’s rain gave way to beautiful, puffy clouds and a vibrant blue sky. The mood at my local polling place was great and everyone seemed excited to make their opinions heard. Even the people who had to file a provisional ballot didn’t complain at the extra hoops they needed to jump thru.

    If you haven’t voted yet, I hope that you will. I also hope that you’ll encourage your friends and family to get out there too. Today’s going to be a big day — and I don’t know about you, but I’d rather help make history than sit on the sidelines.

  • Tacos For Obama

    I like Obama for a lot of reasons — but when it really comes down to it, I’ll always be for a candidate who has a firm pro taco stance.

  • I Reckon

    This Gnarls Barkley cover of Radiohead’s “Reckoner” totally manages to make up for the fact that I didn’t really care for “The Odd Couple”.

  • Can’t Stop The Hustle

    Inspired by what Merlin is doing with 43 Folders, I’m taking a step back from what I set out to do with Preshrunk. Yeah, I know that I just relaunched it. No, I’m not talking about walking away from it.  It feels too good to be back to just up and stop again.

    What I’ve realized tho is that the internet doesn’t need yet another daily t-shirt blog — it needs a better t-shirt blog. Spitting back every press release and sale notice that drops into my inbox doesn’t make for compelling content. The reason people show up and read Preshrunk is because they actually care about finding wonderful tees. What’s more, people actually trust my taste.

    I know. It befuddles me too. But they seriously do. At least that’s what the feedback coming in says.

    When it comes down to it, the last thing I should be doing is running something I’m only kinda feeling. Or trying too hard to make sure people have fresh content to read when they check their feeds or hit the site. When I’m up against a self-imposed deadline, I end up putting out stuff that’s not up to par. You guys seriously have no idea how hard I’ve had to fight myself to not go back and rewrite entire entries when I read them in the morning. When you realize that you’ve turned out more than one post in the past month that reads like bad Geekologie copy — which isn’t really that great to begin with — it’s time to examine what you’re doing.

    So if you don’t see new shit up on Preshrunk daily, please know that I’m just trying to make things better rather than fall into a routine. As they say, it’s all about quality over quantity. Six months off won’t happen again tho, honest. Maybe a few days at worst. Expect a good excuse from me if that happens tho, alright?

  • History Hacker

    Ever since I’d heard about History Hacker, I’ve been geeked about it. Now, maker extraordinaire and super rad video blogger Bre Pettis, is getting a crack at the big leagues when his show airs on The History Channel this Friday at 8 PM.

    The pilot involves Tesla and his back and forth feud with Edison and has a style that seems like it was made for the ritalin set. So if the promo video above looks interesting at all, consider adding it to your DVR and checking it out.

  • Minor Threat

    Sir Ben Kingsley playing Ian MacKaye?  Why the hell not?

    Normally I’d say “that’s a stretch” — but the whole shaved head/fully bald thing actually sort of makes for inspired casting.