24 April 2019

Cameras like to focus on high contrast images

... and this Black-and-white Warbler could almost be a living test pattern!

21 April 2019

And didn't you need a juvenile eider today? For spring?

I think he seems pleased with himself.

I see you knocking but don't want you in

A few days back, I set up a "droplet" at DigitalOcean to host a Django application that I'd been building, and so I now have a small net-facing Ubuntu VM there. As a security person, I've been, er, interested to see just how interesting my site has quickly become to, er, unexpected visitors. Looking at its first-ever auth.log, it went active at:

Apr 16 15:33:23  systemd-logind[1385]: 
Watching system buttons on /dev/input/event0 (Power Button)

The sshd logged its first preauth disconnect at 15:38:27 (just over 5 minutes later), from an IP address that whois resolved to country code IR. Since I didn't have an associated domain registered at this time, I assume that this was a random address scan.

I started an Apache server about an hour later, at 16:47. Following some of my own testing (and a domain name registration), its first unexpected visit came at 17:40 in the form of a POST from an IP address in St. Petersburg, RU.

I can see that my droplet's sshd and apache have been busy rejecting varied streams of "knocks" since, and am applying best practices of firewalling unneeded ports and disabling passworded access to ssh. Still, I've been surprised at just how quickly and broadly my site was discovered. If more of my prior experience had fallen on the operational response vs. architectural development side of security, maybe I'd be less surprised. Anyway, a valuable learning experience and reminder. Stay safe!

03 April 2019

Partly ludicrous, with gusty winds?

Sunday night through Tuesday...
Rather low confidence in sensible weather across the northeast
during this timeframe due to model solution spread.

I saw the above excerpt in my local National Weather Service forecast discussion this morning. I realize that the word "sensible" has a particular meaning in the context of meterorology, as in something that can be sensed, but couldn't avoid drawing the conclusion that I should instead be more than usually alert for nonsense falling from the sky early next week.

29 March 2019

https redirects: a learning experience

I had maintained an additional blog besides this one, emphasizing aspects of security technology. I hadn't posted there in a while, and decided to consolidate its content here alongside other posts. Since it was a security-oriented blog after all, it had seemed like an obvious Right Thing to set up the options so that it was accessed (or at least accessible) via an https:// url.

I closed the account on the old blog's hosting provider, and wanted to redirect any visitors to a landing page that would inform them of the change and point them at the blog you're now reading. I went to my domain registrar's admin UI, and had no problem setting up such a redirect for the http:// form of the old blog's url. The plot thickened for the https:// form, though. Reasonably enough, you have to have a certificate corresponding to a domain (and, of course, the ability to wield its corresponding private key) in order to deliver valid, authenticated content for that domain via https. And, an https redirect is a (small, but significant) example of such content; if you're relying on the security https is designed to provide, you wouldn't want an attacker without the appropriate key to be able to mislead by redirecting you elsewhere.

I could probably have arranged to get a certificate enabling my domain registrar to issue a valid https redirect to my domain's landing page, but that seemed like a lot of work just to support redirection rather than more comprehensive hosting. It was easier to solve the problem by pointing the domain's name servers to where I'd put the landing page, at a provider that was equipped to serve that page whether accessed via http:// or https://. (Thanks again, FastMail.)

05 March 2019

Ceci n'est pas un hibou

As I've revealed recently, I particularly enjoy occasional opportunities to see and photograph owls. I thought I had one the other day, which looked promising from a distance:


But, no, it was a wooden, lichen-covered non-owl composed of a broken tree branch, despite the convincingly-placed "ears" and "tail feathers". Tempting sight, though.

30 January 2019

MD5: nice to see you here, old friend!

I recently assembled a new desktop computer system. In the course of moving my data to it from its predecessor, I managed to corrupt the database that my photo organizer (Shotwell) uses to manage my photo collection. I rebuilt a new database from the photos themselves, but this lost metadata like comments and edits that I'd applied. I hoped, though, that I'd be able to recover that information later from the older versions of the database tables. I managed to do this, thanks in part to one, er, key element in the database structure.

In Shotwell's database, each photo has a row in the PhotoTable, with many columns containing information about it. There's a unique ID for each photo, but the IDs generated as photos were imported into the earlier database couldn't be assumed to be the same as when I reimported them into the new database. It would clearly be a Bad Thing to apply the tags for photo #457 in the old database to photo #457 in the new database. What to do?

Looking at the PhotoTable columns, I noticed that each photo had an entry for an MD5 hash of the image. Hash functions are great and useful things. It's unlikely (and, I mean, highly, probabilistically, unlikely) that I'm going to encounter two different images in my collection that yield the same MD5 value. (Even though MD5 isn't recommended today for security-relevant applications, it's still doing its job here in distinguishing among image files that came out of my cameras, which haven't generally acted as hostile attackers.) I expect that Shotwell's code uses the stored MD5 as a quick and effective means to determine whether or not a photo has already been imported into its database. When I saw the MD5 column in the table, I realized that it also provided me with a means to find the correspondence between photo entries and their IDs in the old table with their entries in the new table. Thusly armed, SQL of this form followed:

REPLACE INTO PhotoTable ( named-columns )
SELECT named-columns
FROM old-PhotoTable src
INNER JOIN PhotoTable dest ON src.md5 == dest.md5

which took less than a second to replace corresponding metadata into a table representing about 23,000 photos. I restarted Shotwell with the resulting table, and found my edits accurately restored. I was pleased to have been able to accomplish this. I was glad to have been using an open source organizer with an accessible and documented database representation, and emerged with refreshed respect for the power and value of hash functions.