Expert admininining againn.

This website has been down for 12 days. I am not as vain as I think I am, so I did not notice. OpsGenie, however, should have. I guess if you don’t open the app on your phone periodically, it might not push. Icinga says it sent over 500 notifications about the site being down. Linode rebooted the VM during maintenance and because I’m an asshole who uses ZFS on GELI in the cloud, I have to open the virtual console to put the password in.

Don’t be like me. Be like OpsGenie; only giving a fuck about things worth paying attention to.

This is a really dumb thing to drunk shitpost. Odds are I’ll find it in 2 months when I go to write something on purpose. I should write an Icinga integration for Alexa….

My Assange/Snowden slash fic is big in Russia

A Russian botnet will not stop downloading my homoerotic story about Edward Snowden and Julian Assange. It was the middle of election season, I had recently broken up with my girlfriend, and half a bottle of Bombay Sapphire later I crapped out this break-up scene where Assange is emotionally abusive to Snowden.

If you haven’t already left to read that trainwreck out of morbid curiosity instead, let’s investigate this. This is just the blog of a sysadmin who occasionally does stand-up as a hobby. My readers are mostly friends and family, so I was surprised to see that my data transfer thus far this month was 3GB. When I decided to review my nginx access logs, I saw a lot of this:

5.188.210.60 - - [28/Feb/2019:18:06:21 -0500] "GET /?p=261 HTTP/1.0" 200 68303 "https://www.blakedrinks.beer/?p=261" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
5.188.210.69 - - [28/Feb/2019:18:16:22 -0500] "GET /?p=261 HTTP/1.0" 200 68303 "https://www.blakedrinks.beer/?p=261" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
5.188.210.70 - - [28/Feb/2019:18:31:29 -0500] "GET /?p=261 HTTP/1.0" 200 68303 "https://www.blakedrinks.beer/?p=261" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
5.188.210.66 - - [28/Feb/2019:18:50:59 -0500] "GET /?p=261 HTTP/1.0" 200 68303 "https://www.blakedrinks.beer/?p=261" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36"

At the time I am currently writing this, that last entry is less than 10 minutes old. This log file only goes back to December 29th when I migrated to a new FreeBSD 12 host, so I don’t know how long it’s been going on, but at least that long.

I did a quick traceroute on a random one and saw it hopping through Stockholm. Uh oh. Let’s look closer.

% Abuse contact for '5.188.210.0 - 5.188.210.255' is 'alkonavtnetwork@gmail.com'

inetnum:        5.188.210.0 - 5.188.210.255
netname:        AlkonavtNetwork
descr:          Dedicated Servers & Hosting
remarks:        abuse contact: alkonavtnetwork@gmail.com [1]
country:        RU
admin-c:        BJA12-RIPE
org:            ORG-BJA2-RIPE
tech-c:         BJA12-RIPE
status:         SUB-ALLOCATED PA
mnt-by:         MNT-PINSUPPORT
created:        2018-07-22T18:47:38Z
last-modified:  2018-07-22T18:47:38Z
source:         RIPE

organisation:   ORG-BJA2-RIPE
org-name:       Bashilov Jurij Alekseevich
org-type:       OTHER
address:        Data center: Russia, Saint-Petersburg, Sedova str. 80. PIN Co. LTD (ru.pin)
abuse-c:        BJA13-RIPE
mnt-ref:        MNT-PINSUPPORT
mnt-by:         MNT-PINSUPPORT
created:        2015-12-17T21:42:47Z
last-modified:  2018-07-22T18:50:42Z
source:         RIPE # Filtered

person:         Bashilov Jurij Alekseevich
address:        111398, Russia, Moscow, Plehanova str. 29/1-90
phone:          +79778635845
nic-hdl:        BJA12-RIPE
mnt-by:         MNT-PINSUPPORT
created:        2015-12-16T04:19:25Z
last-modified:  2018-07-22T18:58:31Z
source:         RIPE

% Information related to '5.188.210.0/24AS44050'

route:          5.188.210.0/24
descr:          AlkonavtNetwork
origin:         AS44050
mnt-by:         MNT-PINSUPPORT
created:        2016-12-22T14:39:55Z
last-modified:  2018-07-22T18:52:24Z
source:         RIPE

Well, that includes all of the IP addresses in my last snippet. Hello, St Petersberg. Interesting that a hosting company would have a gmail address to report abuse to. Googling around, I see various blogs reporting spam coming from this IP address range. I’m not sure if this is basic spam, though. The short story in question heavily discusses Edward Snowden and Julian Assange as being in conspiracy with Russia. Did I hit a cross section of keywords they’re scraping for? Did I accidentally tell a true story?

Let’s do some grepping around here. I’ll omit all entries of my own IP addresses for bias and look at a couple other posts. That stupid Dunkin Donuts coffee gag I did? As of right now, 167 GET requests. The sequel to that Assange story with Jill Stein? 110 GET requests.

THE ASSANGE/SNOWDEN ONE HAS 20,061 REQUESTS.

19,876 of those are from the aforementioned network, being only 9 unique IP addresses. 6,800 of those are actually attempts to POST…

5.188.210.68 - - [27/Feb/2019:13:11:31 -0500] "POST /wp-comments-post.php HTTP/1.0" 302 0 "https://www.blakedrinks.beer/?p=261" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

Akismet was forwarding these into void, I’m not sure what the payload was. I don’t even want comments on this blog anyway, so I disabled that functionality. There hasn’t been a post request since. Great Scott, I think they’re learning…

Well, let’s poke the bear and port scan one.

PORT      STATE    SERVICE            VERSION
25/tcp    filtered smtp
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
1580/tcp  filtered tn-tl-r1
3389/tcp  open     ssl/ms-wbt-server?
|_ssl-date: 2019-03-01T01:45:32+00:00; +3s from scanner time.
49152/tcp open     msrpc              Microsoft Windows RPC
49153/tcp open     msrpc              Microsoft Windows RPC
49154/tcp open     msrpc              Microsoft Windows RPC
49155/tcp open     msrpc              Microsoft Windows RPC
49156/tcp open     msrpc              Microsoft Windows RPC
49158/tcp open     msrpc              Microsoft Windows RPC
49159/tcp open     msrpc              Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

RDP is open to the internet. That’s fucking awesome. I’m definitely not feeling up to trying to connect to that. Given that these IP addresses are mostly sequential, I don’t think this is the product of malware.

5.188.210.60
5.188.210.62
5.188.210.64
5.188.210.66
5.188.210.67
5.188.210.68
5.188.210.69
5.188.210.70
5.188.210.71

I’m really not sure why those 9 IP addresses are downloading the same article over and over, roughly 5 times an hour. Reversing the search, they are not attempting to get or post to any other entry on my site.

I could set my firewall to reject those, but I want to see if this post gets more hits.

This was probably a bad idea.

No more beers.

So if anyone is wondering if the beer review/story telling show I used to have called Blake Drinks Beer is coming back, I was diagnosed with Celiac disease 2 weeks ago so lol no.

So far I’m bummed to see that there isn’t a .gin domain extension.

Pwnt in 60 seconds.

Just opened the following happy little ticket with my dad’s webhost (and my former webhost).


My name’s Blake, I’m writing on behalf of my father W[nope], I’m a Linux systems administrator, just wanted to point out a few of the pitfalls with your WordPress 1 click install.

Since my sister asked for help installing the single most exploitable piece of software on the planet (which runs my own website), I at first lazily said “Let me do it” and tried to login to the install page as fast as possible. Well, as to be expected, bots had already hijacked the damn thing, okay.

I remove the folder, delete the database, create a new folder, and put an .htaccess file in only allowing my IP. Install fails because the folder is not empty.

Well shit. Okay. This time I start over just changing the permissions of the empty folder to 770 so anyone accessing the site will get forbidden. The one click install FIXED THE PERMISSIONS TO BE EXECUTABLE AGAIN.

Finally I had to just run the one click install, do watch ls and frantically rename the folder so I could secure it at my leisure.

Yes, I could have just manually installed WordPress, but I was just helping out and didn’t want to get stuck having to maintain this thing in the future. So the convenience of your automated service is nice.

Really, though, your one-click-install maybe shouldn’t thwart security practices when every bored basement python programmer is scraping wordpress sites.

My apologies for the crassness. Please forward this message to your infosec guy and have a laugh at my expense.

The Five Stages of Dunkin’ Donuts

1. Denial:

Why is there a Dunkin’ Donuts every 2 blocks in this city? This can’t be all there is, right? I’m sure there’s a regular cafe with decent breakfast around here somewhere.

2. Anger:

Jesus Christ, why is this crap popular? That sandwich was terrible, and I won’t be able to taste anything for a week because that lava they call coffee gave me second degree burns from my lips to my stomach.

3. Bargaining:

Okay, I’m really hungover. There’s one across the street. I’ll just get something greasy and go.

4. Depression:

Ugh, I’m on call this week, I can’t sleep, work is crazy, shit, I’m running late and… oh yeah, I can order ahead on the mobile app…

5. Acceptance:

Yeah, lahge coffee, black.

Get in the fucking car, Sam!

Just about an hour before I started writing this, 11:30am on a Sunday in the city of Rancho Cordova, I was walking east on Folsom Blvd to get fast food. Ahead of me is the Zinfandel train station when a late 90s dark green Toyota Camry abruptly pulls into the bus lane, the driver waving his arm in the air. I figure he’s waving at a vehicle behind him, and then he shouts “Get in the fucking car!”

I grew up in neighborhoods like this, so I tend to walk briskly with my hands in my pockets, minding my own business. Rancho Cordova has a habit of involving you anyway. The late-20s, thin, shirtless gentleman steps out of his car and starts yelling at me, “I said get in the fucking car, Sam!”

I look behind me, there’s no one there other than an elderly woman waiting at the crosswalk. I casually ask, “Do I know you?”
“Oh, you aren’t Sam?”
“No.”
“Shit, you look a lot like my good buddy Sam.”
“Sorry man. You have a good one.”

I went my own way and he drove to wherever it was that he needed to be.


Okay, let’s break this story down a bit. Depending on your experience and world view, you could have read that as being anything from the setup to a horror movie, to being something completely normal and anything in between.

This is totally routine on Folsom Blvd.

Shortly after moving here, I was walking in that same direction, when a heavyset man with no shirt on was dragging a stolen shopping cart from Target behind him. He made eye contact with me and said “If you turn out to be a faggot, I’ll beat your ass!”

Rancho Cordova is a small, underdeveloped city on the east border of Sacramento, but still a part of Sacramento County. It’s the kind of city that’s gentrification-proof, see; not urban enough for hipsters to move there and no developers see a point in putting anything cool there. The cheap rent and lack of pedestrian traffic attract drug culture. The homeless population is more vagrant than that of the inner-city and sometimes prone to violence. Between the vagrants, tweakers, and angry young men being brought up in a culture that promotes their fundamental territorial instincts, being stopped by random sweaty, shirtless white dudes on Folsom Blvd is so normal that you quit noticing it’s happening by around the 4th time.

That may as well have been a methamphetamine handshake.

White trash culture in America is a relatively schizophrenic affair. It’s half toxic masculinity, half drug and alcohol abuse, together creating a dark philosophy that enables violence and sloth.

In this moment I reacted as casually as in any other case of mistaken identity. That’s because, growing up in this culture, that is a perfectly acceptable way for tweakers to greet each other. Your best friend could walk in, punch you in the chest, get you in a headlock, and 20 minutes later you’re drinking Keystone and having borderline rapey conversations about women you’re interested in.

I stayed aware of my surroundings, but you even do that with your friends in that culture. He stood with his chest puffed out in typical territorial primate fashion, speaking with aggression. I was able to see in his eyes that he wasn’t confident enough that I was Sam to push on the subject. If he didn’t know Sam and Sam owed someone money, this might be a more interesting story. If I am to believe Sam is his “good buddy”, I don’t doubt Sam would have jumped in the car, been punched really hard in his left side, and then went on to discuss the drugs he had just scored that morning.

Oh yeah, there was a kid in the fucking car.

The back seat did appear as if it was piled full of junk when seeing it strictly from the back. I would expect nothing less from a 90s Toyota; my Corolla had a different odor every week. It was after the gentleman was getting back into his vehicle that I noticed a carseat in the back with a toddler in it. This fills me with many warm childhood memories.

In conclusion,

I promise to get in the car the next time this happens and write a routine about it if I survive.

Hide all the memes

Hello,

I would like to suggest expanding the functionality for hiding and unfollowing content in the News Feed to include memes in general. This would be a bit of work, but your current facial recognition software makes it totally doable. For example, I click the options on a post, and in between “Hide all from this terrible page” and “Unfollow this racist I went to high school with”, it would be great to have “Hide every other graphic based on this guy checking out that woman’s ass while his angry girlfriend stares at him like she’s about to go home and break all of his shit.”

Others could be “Hide all graphics that are clearly screen shot from Instagram”, or “Hide all references to what Drake does and does not approve of”, or “Hide all posts that feature ‘Wake Up’ in Arial Black.”

In fact, if you could target this kind of content and de-prioritize it in everyone’s News Feed, this would show great effort on your part given all the crap you’re presently getting from the government and media for allowing inaccurate vitriol to take over the internet.

Seriously, I’m only here to know when my friends bands are playing and what they had for lunch. This would be a great improvement on the quality of life of a lot of people.

Thanks!
Blake


So, I’m considering just developing this as a Firefox plugin, but there are a few things wrong with that:

  1. I hate Javascript.
  2. It would have to send information about all images to a service I run in the cloud somewhere to verify the images against a database for facial recognition, text layout and other common templates. Steaming everyone’s social media activity through my private server would be as unethical as…. wait, pretty much any other thing that says “Sign in with Facebook.” Huh.

My Time at UFO X Fest, or; The Morning I Didn’t Drink Enough

San Leandro is a wonderful little city directly south of Oakland, about to be overrun by the great hipster exodus, as the number of barista roommates you need in order to subsidize your art in a 2br apartment has everyone fighting because Steve didn’t label his organic kombucha in the fridge properly. Despite having 3 breweries and a coffee roaster, the city just got its first gastropub, and the food isn’t anywhere near on par with the world famous sports bar that you should go to instead. Basically, San Leandro is one of the few regular-ass-towns in the bay area.

This should bring about no surprise that the historic Bal Theatre, a beautiful landmark left over from the 1940s currently hosting cover bands and touring comedians, is run by a guest speaker on Ancient Aliens. Dan Dillman, the tinfoil-hat-in-chief of the venue, hosts an annual event devoted to conspiracy theories and UFOs because of course he does. A candidate in the 2014 mayoral election, Dan Dillman gained notoriety after an altercation with police in 2010, which apparently resulted in a sentence of 4 months in jail, but I can’t find any follow-up on that and he was running for City Council later in the year.  Really though, you could say the guy truly represents The Dro.

A couple friends of mine advised that I get completely fucked up and go to this with them. I got stuck in traffic so was not able to sufficiently pre-rage. The first chunk of this presentation I was half-way sober for.

Image source: Facebook event page

It opens with Dillman giving a slide show presentation on the subject of time travel, which was this year’s theme. They were essentially presenting that there were time travelers among us, and they had been influencing us throughout history. He starts out by showing clips of classic films where characters were seen holding one hand against the side of their head. This was clearly proof that time travelers from the future were talking on their cell phones. How were they getting signal before cell towers were invented? Fuck if I know.

The rest of this thing was such a meme-fest that you could basically live-Snopes the event. They started showing old pictures of figures who resemble John Travolta and Vladimir Putin, indicating that they had actually traveled through time to different points. If I would believe this about anyone, it would be Putin.

Election meddling resulted in the election of Warren G Harding, I’m sure.

By this point, we’re talking so much shit that the guy in front of us seems rather perturbed. I mention to my friend, “You know, anyone sitting by themselves is really into this and not here ironically.”
“Oh shit. We should simmer down.”
“Nah, let’s sit with him, he looks lonely.”

The next half-assed rabbit hole is about science-fiction films. They were discussing how technologies appeared in such films that came to actually exist in the future. Yes, because people growing up watching Star Trek didn’t set out to invent that shit. Much like aliens built all of our old stuff, time travelers built all of our new stuff. I snarkily mention to my friend, “I’m surprised they haven’t got into the Simpsons yet.” BOOM! Ask and you shall receive mother fucker!

Please consult the following image:

This was presented to the crowd, with the question posed: “How did the Simpsons, in 2008, predict that Barack Obama and John McCain would run for president in 2012?”

If you do not know what is wrong with that comment, please stay far, far away from me.

Next, they showed this adorable image, which you can consult Snopes for right now:

Now, to make things even better, in his narration, Dillman said that the Simpsons “predicted Donald Trump’s 2015 victory.” Look, Dillman isn’t good with numbers, I get it. The following is from his campaign website:

This November you’ve got two choices for Mayor, two incumbent city council members, who are making promises to the future, when they have already had 12 years between them to get something done, or me “Dan Dillman” who has fresh idea’s passion dedication and experience.

So, the Q&A starts. OH, OH YES, THERE’S A Q&A! I already know my question.

I was excited to see you brought up the Simpsons, because they are well-known for predicting the future. One thing that’s bothering me is that, as I recall, Mitt Romney was the Republican nominee in the 2012 election. Could this be the Mandela Effect, and could you tell me how you feel the Mandela Effect pertains to time travel?

I begin to stand up to indicate that I have a question. My friends immediately interject, “Blake, what the fuck are you doing?”
“I have a question.”
“Dude, sit down.”
“What? It’s a good question.”
“You really shouldn’t.”
“Are you afraid I’m going to get us thrown out or something?”
“Probably.”

Moments later, another person at the convention asks about the Mandela Effect and the Simpsons. Not on the same error, but goddamnit that was my fucking question!

This is the end of Dillman’s presentation. We move onto Servando Gonzalez, who was so fucking boring that it was like watching a professor from an underfunded community college trudge through shit he doesn’t understand. In trying to explain time travel using quantum mechanics, he on multiple occasions admitted to not really understanding quantum theory.

Half way through this, we realize we’re too sober for this shit. One of San Leandro’s best bars is about a block over. We’re venting about this, trying to get lubricated enough for the rest of it to be fun. We come back in during a film presentation, UFOs and Nukes: The Secret Link Revealed.

It’s the tail end of it, so I’m not sure what event we’re hearing about. Something to do with a UFO appearing as an ICBM compound starts having problems with their missle systems. All of this is paraphrased as I was drunk and don’t have a transcript:
Several air force personnel identified a mysterious cigar shaped object in the sky.
“You mean a missle?”
It had no cockpit…
“So, like, a missle?”
…or propellers.
“So, definitely a missle.”

Next up was Ruben Uriarte, publisher of several books mostly obsessed with an alleged UFO incident in Chihuahua, Mexico, and Deputy Director of Investigations at MUFON (Mutual UFO Network). After talking to us about Chihuahua and his adventures with his co-author Noe Torres for what seemed like a million years, it turned into a MUFON recruitment seminar.  He was showing some infographic of the most reported UFO sightings in California, and I’m excited to report to my Sacramento friends that you were #1! I was trying to find a source on their website, but have given up because I’m a terrible journalist.

After this, Dillman was due to speak again. Looking at the program, there were another 2-3 hours of this shit. We decided to pub crawl Oakland and forget half of what we just learned.

On the way out, I got to shake hands with Dan Dillman, who I still wasn’t sure was a believer or an expert con-artist. I got to look him in the eye, but will not disclose my judgment as he seems like the type of person to sue you for libel. Opinions aren’t valid, people. I was handed some amazing information to take home, including this declaration of independence from our alien overlords.

Despite all of this, please support the Bal Theatre. I would hate to wake up tomorrow and find a Whole Foods in its place.

Babies at Breweries

I have made a new hobby of shaming parents on Yelp for insisting on taking their shitty children out drinking with them. Oddly enough, it was in the middle of this that I got offered Elite ’17. I thought I would leave some of the better excerpts here.

From my review of Fort Rock Brewing:

The last nail in the coffin for me was something that’s a pet peeve at most breweries, but this one actually promotes: bring your shitty child in. Listen, millennial parents, please stop this now. You’re ruining adult time for those of us who are responsible enough to either get a baby sitter or wear a condom. They have a sign on the door that says “[your shitty child] and dogs welcome!” For the love of fuck, stop encouraging these people. The best I can hope for after mommy and daddy get done pounding various things with “imperial” in the name without a designated driver is that I will never have to hear their crying baby at a bar ever again. You’re not a restaurant. You pour beer and there’s a lousy pasta restaurant next door that will cater to people too drunk or too lazy to care. 

Quick tip for American River Brewing:

They have real darts to play with, so if you’re the type of person to take your annoying child out drinking with you, please help provide the complete Darwinian experience for my afternoon pleasure. 

From my review of Sactown Union Brewery:

At one point, father of the year stumbles over for another drink and needs to do something with his crotchfruit so he can navigate his wallet. He sets his useless poop machine on the bar next to me. The bartender doesn’t seem to be doing anything to dissuade this, but I’m assuming it’s a few kinds of illegal. Since I’m hanging out with a baby now, I offer the kid a sip of my beer. Daddy wasn’t very amused, but seemed to insist on hanging out at the bar with his fleshy bag of future organ transplants while he continued day raging. We started having a conversation about abortion and received a number of dirty looks from upset parents who seemed completely oblivious to the fact that they are standing directly at the fucking bar and not at a table in the other room.

From my review of Revision Brewing Company:

They carded us at the door and I asked “Is this place always 21 and over, or just for the event?”
“Oh, sorry, it’s actually a law in Sparks that children can’t be in-“
“OH MY GOD HOW IS THE HOUSING MARKET OUT HERE?!??!?!?!!”

Yay grown up beer time!