24 April 2019

Cameras like to focus on high contrast images

... and this Black-and-white Warbler could almost be a living test pattern!

21 April 2019

And didn't you need a juvenile eider today? For spring?

I think he seems pleased with himself.

I see you knocking but don't want you in

A few days back, I set up a "droplet" at DigitalOcean to host a Django application that I'd been building, and so I now have a small net-facing Ubuntu VM there. As a security person, I've been, er, interested to see just how interesting my site has quickly become to, er, unexpected visitors. Looking at its first-ever auth.log, it went active at:

Apr 16 15:33:23  systemd-logind[1385]: 
Watching system buttons on /dev/input/event0 (Power Button)

The sshd logged its first preauth disconnect at 15:38:27 (just over 5 minutes later), from an IP address that whois resolved to country code IR. Since I didn't have an associated domain registered at this time, I assume that this was a random address scan.

I started an Apache server about an hour later, at 16:47. Following some of my own testing (and a domain name registration), its first unexpected visit came at 17:40 in the form of a POST from an IP address in St. Petersburg, RU.

I can see that my droplet's sshd and apache have been busy rejecting varied streams of "knocks" since, and am applying best practices of firewalling unneeded ports and disabling passworded access to ssh. Still, I've been surprised at just how quickly and broadly my site was discovered. If more of my prior experience had fallen on the operational response vs. architectural development side of security, maybe I'd be less surprised. Anyway, a valuable learning experience and reminder. Stay safe!

03 April 2019

Partly ludicrous, with gusty winds?

Sunday night through Tuesday...
Rather low confidence in sensible weather across the northeast
during this timeframe due to model solution spread.

I saw the above excerpt in my local National Weather Service forecast discussion this morning. I realize that the word "sensible" has a particular meaning in the context of meterorology, as in something that can be sensed, but couldn't avoid drawing the conclusion that I should instead be more than usually alert for nonsense falling from the sky early next week.