News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Xepher

#161
Announcements / Status, Plans, and Questions...
February 12, 2006, 02:24:05 AM
As you've hopefully seen in other announcements, Xepher.net was hacked again last night. After much investigation, it looks quite likely that there was a backdoor left in place after the last hack, and they just used that to get back in again, despite any security enhancements I made in the interim. The problem here is that, while I think I've found and removed all backdoors and such, there's no way to be positive without a complete system wipe and reinstall. Now, if the machine was sitting here in my room, no problem. I'd take it offline for maybe 8 hours and do it. But it's in Chicago, and I'm in Steamboat. Between shipping both ways and the time to sort and test things, it'd probably mean a week of Xepher.net being completely offline. Also, it would cost me a couple hundred dollars in shipping, and I'd really hate my life because it would eat all my free time when I'm not at work.

Here's my current line of thinking. I think the hacker(s) weren't out to destroy the system, but just spread their viruses and such for other purposes. As such, I believe the damage they've actually done is rather limited, as evidence by everything still running and me still having control of the machine. Now, as I said, I can't "trust" the system, but if it's doing what it need to do... that is, serving your websites up properly, well, I think that's good enough... for now. I'm not going to pull and wipe the system just yet. I'll leave it running for a few more months until I have the time and money to redo it properly. What I ask though, is that since it's possible there's still a hacker with access to things, is that everyone make sure to keep backups of your own data as often as you feel is needed. I do keep system-wide backups, but I'm hesitent to run one of those because all I'd be doing is backing up possibly infected files. If the system is totally taken down, then I will possibly be restoring that backup as an emergency measure. But since it will be a couple months old, many of ya'll could lose newer data if you don't have your own backups. Please realize, I'm talking from paranoia here. This is a worst case scenario. I really don't think the hackers are trying to destroy things, just sneakly spread their worm. As such, I don't anticipate any major disaster, but I'd rather everyone was prepared, just in case.

Now, for future plans... I'm moving back to Texas in a few months. My current plan has me taking over some investment (rental) property, and if that goes well, I'll be getting enough income that I won't have to have a full time job just to get by. That will leave me more time to get Xepher.net sorted out properly. What I want to do is build a new server. The current one (Orca) is now several years in service... the drives have 30,000 hours of power-on time. That's 3.5 years at 24/7 and is definitely "mature" and not at all bad lifetime for something built from spare parts in a college dorm. For a new server, I want to actually drop some real cash on it, build with all new parts. I want a much faster server, with MUCH more storage in a raid array this time 'round. Currently, I'm aiming for about an athlon 64 3200+ with something close to a terabyte of storage. If I do that, I plan to seriously redesign the software side of things as well. The current server setup is pretty much as secure as I can make it while still giving everyone the amount of resources/freedom that I do. I thought it was going to be enough, and it was for several years while we were still small enough to be below the radar. It fended off thousands of "drive by" hacking attempts. The one that finally got through looks to be a concerted effort over many days (possibly weeks or months) by a very determined hacker or group. The new server... I plan to run virtual machines this time around. I'm going to have a master/host that's the actual operating system, but below/inside that I will run virtual machines with a completely seperate OS and everything, and those will run all the actual services. What this gives me is the option to actually wipe and rebuild those virtual machines by remote (using the host system.) So if/when another hacker does get though, I can build a second virtual machine, and switch services over to that one, then go back and wipe the infected machine out completely and rebuild it. I hate having to think this paranoid, but it seems to have become neccessary. The truth is that, no matter how good I design a system to be secure, I'm still at the mercy of the software I use. That means that, even if my design is perfect, a bug in something like the mail server could get the whole machine compromised, which is exactly what happend this last time.

While I'm rebuilding things, I'm going to revamp the hosting side of stuff as well. I'm going to try and implement "Phase 3" as I originally called it. For those wondering, that was the idea that was basically limited (non-machine) accounts specifically for comic hosting. It'd be a lot like keenspace... no applications, everyone gets in, but you can't really do much with it OTHER than host a comic. I also plan to add in some of the things I've been meaning to for a while. Mostly convinence things, like a web-based file manager, and some sort of statistics gathering that's a lot more detailed (and interactive) than the current stats system.

Now, I'd like to hear from ya'll on this, what you think. First off, just any general opinions on what I've mentioned. I have a couple of more specific questions though.

1. Do you think waiting to rebuild the system is a good enough option? Does it worry you undully that the server might be compromised in the meantime?


2. When I rebuild, I'm going to try and resecure things even more than now, but I don't want limit the useability too much. How many non-essential services here do you actually use? To clarify, here's the list of things people can or do use here. Please let me know which ones you actually use, which ones you'd like to use (or might in the future,) or ones I forgot or that you'd like to see

Webserver (essential)
SSH (essential... at least for me, shell/command line access)
SCP (secure file upload, used instead of FTP)
FTP (unsecure file upload... I may be getting rid of this anyway)
Email (username@xepher.net)
Webmail
IMAP (email access protocol)
IMAPS (secure version of above)
POP3 (email access protocol)
POP3S (secure version of above)
SMTP (Outgoing mail server)
Email forwarding
Spam filtering
Wildcard email (anything@username.xepher.net goes to your account here.)
Wildcard filtering (possible future addon... would let mail for address1@username.xepher.net get sorted into a different folder than address2@username.xepher.net. Would require use of email access that supports folders, either IMAP or Webmail.)
MySQL (Used for a lot of forums and similar software)
SQLite (similar to MySQL, but much lighter weight and more secure... used by this forum)
PHPMyAdmin (Web-based interface to for MySQL access/editing.)
HTTPS (Secure webserver)
Cron (process scheduling... run programs at certain time)
Virtual Domains (using a domain you purchased, EX: www.missmab.com rather than missmab.xepher.net)
PHP (scripting... used by lots of webscripts/forums/etc, including the XN newsbox)
Other CGI (Perl, python, and other CGI scripts)
Statistics ( http://xepher.net/stats/ and in the future, more advanced stuff)
Web-based file manger/upload (possible addon in the future)


3. Do you think I should prioritze security, or ease of use / convience, and to what degree? For example, would losing FTP and having only SCP be worth the added security? (WinSCP is just as easy as FTP for direct access, but a lot of editors (like dreamweaver) only support FTP for their builtin file upload.) On the other end, would having to do everything via web-interfaces be too restrictive? That is, having to upload and manage everything in a web-app, with no access to shell, FTP, or other such things. (This is the extreme option, but I believe it would've been secure enough to prevent the most recent hacking attempts, as they all relied on shell access.)


4. What other features or services would you like to see added?


5. How do you feel about the quality of service? By this, I mean how fast the server responds, how well it runs scripts, general performance stuff. This is not to rate MY service as an admin... which has been seriously neglectful when it comes to things like reviewing applications. I apologize for that, but what I'm considering is trying to find a new hosting service for the new server. I notice a decent amount of packet loss and wildly varying ping times with the current one. (On the other hand, it's REALLY affordable, and you get what you pay for.)


6. I want ideas here. I have a couple problems I'm trying to solve. First off, I want Xepher.net to grow, and I want to do so with quality, not just by becoming another geocities. Secondly, I'd like to find a way to get some small income for this thing. I'm looking at investing about a thousand bucks in a new server, and hosting is still costing another hundred a month. If I move to a better host, it could be even more. Right now, the only real income is from donations, and 90% of that is from DMFA ( http://missmab.com ) Still, it's been just over three years since I put the server in chicago and I've spent about 3800 bucks out of pocket for this, not counting hardware costs. I don't intend to forgo the free hosting, but I'm thinking options along the lines of maybe running a seperate "commercial" hosting area, perhaps with dedicated comic services like webcomicsnation.com, which wouldn't have to have a newsbox, or share revenue with donations like the free sites do. Another idea is to maybe offer dedicated game servers for things like counter-strike and such. Other options are maybe stick with the shared donation/ad revenue, but just work hard to get some good, quality content here. I mean, a couple more sites like DMFA is all that's needed. Question is, how to attract such sites? I mean, obviously I need to get one top of my game with applications and whatnot... Speaking of..


7. How can I redo the application system? I want some sort of quality "filter" on new members, but at the same time, I feel bad because the current "wait for Xepher the bevelant dictator to nod" method is leaving lots of worthy applications sitting in limbo because I don't have the time I need to take care of them. I was hoping that with them on the forum, there would be lot of peer review. Don't get me wrong, there are a few members that have been doing a lot of work looking at applications and giving good opinions and advice, and I thank them... but I need more than two or three opinions to let me feel comfortable rubber-stamping something. When I rebuild, should I make a system that requires current members to show up and vote on new people from time to time, or is that trying to force a community where there's not one? How else could I redo it? Do I deputize some trusted people to review and approve/deny applications?


I think that's about it for now, and I apologize for the length of this post, but it's stuff I need to sort out (and apologize for.)
#162
General Chat / Happy Groundhog Day!
February 02, 2006, 06:16:09 PM
Groundhog Day:

Best... holiday... EVER!

Phil's official forecast as read 2/2/06 at sunrise at Gobbler's Knob:
Quote from: "Phil"It is said that imitation is the sincerest form of flattery.
Around the country there are many imitators of me.

In Harrisburg there is Gus who appears on TV
working for the lottery.

Then all around town,
Cute groundhog statues abound.
They all look like me, I found.

Today on the Knob as I'm doing my job,
I don't like this likeness of me.

It's my shadow I see. Six more weeks of mild winter there will be.
Yay for neversummer!
#163
General Chat / Frappr Map
January 30, 2006, 12:46:24 AM
Just because I was bored, I made a frappr group for XepherNet. Add yourself, and it makes it easy to see where we all are.
http://www.frappr.com/xephernet
#164
General Chat / Fairy Tales
January 17, 2006, 01:40:10 AM
It occurs to me that the world needs more fairy tales. Not just fantasy stories, though I do love those, but real fairy tales. Those weird, moral-hefting tidbits meant to frighten children and such. If anyone's read "The Diamond Age" (Neal Stephenson) then you know the bit where he explains how important it is for children to grow up with darkness in their stories. Neil Gaiman wrote a good one called "Coraline" that I read recently. The opening quote of that book is from G.K. Chesterton: "Fairy tales are more than true. Not because they tell us that dragons exist, but because they tell us that dragons can be beaten!"

Today I was looking over Ursula Vernon's website... http://www.metalandmagic.com and she's recently finished a short illustrated tale that's exactly the sort of thing I'm talking about. It's a "children's story" for the most part, but it's intelligent and dark as well. Reminded me a lot of a "Lilo & Stitch" if it had been done by the Brothers Grimm. http://www.webcomicsnation.com/uvernon/littlecreature/series.php?view=archive&chapter=4602&mpe=1&step=1
#165
General Chat / Battlestar Galactica
January 15, 2006, 04:14:32 AM
Because this show needs it's own thread.

Time magazine's "Best of 2005" named Battlestar Galactica as the best show on television. The article starts with this bit.

QuoteBest of 2005: Televsion

-1-
Battlestar Galactica
(Sci Fi)

Most of you probably think this entry has got to be a joke. The rest of you have actually watched the show.
It's entirely true. BSG is the absolute best show on television, possibly the best show EVER on television. Like the Time author, I say that those of you who have seen it know what I'm talking about, those who haven't... http://thepiratebay.org/search.php?q=battlestar+galactica&video=on

This is why I love science fiction. Finally there is a TV series that's as good as the good sci-fi books. I know it may sound stupid, but I know what I want to do with my life. I want to tell stories like that. I want to tell stories that inspire, stories that move, stories that enlighten. I want to tell stories about humanity.
#166
General Chat / Why psychologists are evil!
January 11, 2006, 05:05:54 AM
Why, you ask. Well, here's the answer and the proof. The word "Hippopotomonstrosesquippedaliophobia" means "Fear of long words." No, really, go ahead and look it up. I just wanna shake the hand of the sadistic SOB that came up with that one! Probably the same guy that put the "s" in "Lisp." A close runner-up is "Hellenologophobia" which is fear of greek/complex/scientific terminology. Check out http://phobialist.com/ for some more fun with fears.

EDIT: Dang it, they don't have my one actual phobia. I mean, sure I don't like heights, and I get nervous around pointy/sharp object, but for actual phobias, I've only got one. I have an unnatural fear of crustaceans.
#167
Art / Christmas Cards
December 24, 2005, 05:40:15 AM
I decided to make cards this year, rather than buy premade ones. Here's the two I made.


Pirate Card Cover


Inside



And another for my family.



The inside of that one reads "...And was sad he wouldn't see his family this year. Merry Christmas to those back home."

It's a bit sentimental, but then, I'm not going home for christmas for the 2nd year in a row.
#168
General Chat / Away Messages
December 17, 2005, 07:37:23 AM
So... I see that a lot of people (myself included) tend to post "profound" things in their away messages. Either that, or really funny things. Here's a thread to post all those great away messages that not enough people read.


I have more away messages than I have people on my buddy list. But I'll start with one I just thought of.

QuoteThe world is my oyster...

And I'm allergic to shellfish!
(And yes, I realize the irony of having an Otter avatar with this one.)
#169
General Chat / Jet Wash
December 08, 2005, 03:57:41 AM
Just how much thrust does a 747 have? And more importantly, what's it do to a car?

http://www.dumpalink.com/media/1132999307/747_Jet_Crosswinds_Top_Gear_Test

Note that in the video, they're only throttling 2 engines up, not all 4. If they did, the brakes wouldn't hold.

I think they say it's 56,000 lbf of thrust. Now compare that to the Saturn V, at 7,500,000 lbf. That's not a typo, it's literally 33.4 meganewtons. MEGAnewtons!!! That's over 133 times the thrust. I can't even wrap my head around that.
#170
Writing / Sometimes The Darkness (Caution: Emo ahead.)
December 01, 2005, 06:41:55 AM
Something I wrote the other night when I couldn't sleep. As much as I hate emo, I realize this definitely seems to qualify, and so I apologize in advance. Not quite sure why I'm posting it here, but it just somehow seemed incomplete if it was kept private. Take it as you will.


Sometimes The Darkness
QuoteSometimes the darkness is all you have. The darkness and the fire. As night descends, the creature sleeps. You look in the mirror, with fright at the stranger staring back. This isn't you. This can't be your life. These things all pressing in upon you, they don't make sense. You don't know what you're doing here. You don't belong. Your life belongs to someone else, to some mask you once put on, but now can't take off. It's alive, this creature, this mask. It clings to your skin, and you claw and scrape at it until you bleed. Only in the darkness does it sleep. But exhausted as you are, you dare not join it, for fear that these precious moments of lucidity will pass you by. So you claw, and scream, and howl into the abyss, but no one hears. The mask, the puppet you've become, won't let you make much noise, for that might be impolite. Oh yes, it sleeps, but ever so lightly. You may rage against the walls, and pound upon the bed, tears may soak your pillow, and your sobs may fill the room, but the creature controls you still, and won't permit you to escape. You dream of running away, of forgoing all and escaping, but you never do. You never can. No. You wake up in the morning and you take a shower. You put on your clothes and you go about your day. You smile as people say hello, and answer "just fine" when they ask how you are. A small part of your soul screams, but the fascade is too strong, no one can hear you through the calm exterior. So the days and nights go by. Some night, one night, you can't take it any longer. You sit awake by the fire while the creature slumbers. Fire. Fire would free you. The mask you wear, the creature that consumes you as it becomes you, is made from nothing more than diplomas and contracts, licenses and tax returns, pay stubs and business cards, bank statements and electric bills. They all burn, and with them, the horrid creature in the mirror. One night you do it. You burn it all. You dance around the flames as ashes fill the sky. A primal rite of freedom in the modern world. You dance. You dance. You dance. You dance. You Dance. The beast inside awakes, and you open your eyes, and you open your eyes again. The world is alive. The sea is blue, the grass is green, and the moon shines bright across the night. You howl again into the abyss, and this time you are heard. Oh are you heard! Neighbors shudder in their lonesome apartments, workers cower in their cubicles, secretaries hide beneath their desks, and all over town, souls flicker as if in a breeze. As dawn comes, and your spirit charges off across the skies, the masks seem to fracture just a tiny bit more. Sometimes the darkness is all you have. But sometimes... Sometimes the darkness helps kindle the light.
#171
General Chat / Music Genome Project
November 29, 2005, 09:34:11 PM
Okay, this is really pretty cool. It's a custom radio station thing, where you give it a starting band or song you like, then just give thumbs up/down to other songs. It figures out your tastes and plays stuff it thinks you'll like. I'm actually kind of impressed. I put in "Flogging Molly" and in 2 songs it was playing They Might Be Giants. I put in "Descendants" and I'm 6 songs into that now, and like everything it's played. My only complaint is that it doesn't have a lot of the more obscure stuff I listen to. Not much in the way of Irish Folk music.

http://www.pandora.com
#172
General Chat / Frack That's Cool!
November 22, 2005, 05:40:15 PM
http://graphics.stanford.edu/papers/lfcamera/refocus/

I know it was just on slashdot, so some of you may have seen it already, but... dang that is some awesome tech there. For those too lazy to read the article, just know that each of those pictures/movies is one single shot, taken with a handheld camera. All the refocusing is done after the fact by computer, and is possible because the camera is capturing a complete 4 dimensional light-field, rather than just the 2d slice of it a normal camera does.

Just imagine the implications. Cameras won't have any moving parts, as there will be no need to focus anymore. Security videos will just have to point in a general direction, as any individual bit (like a face or a license plate) will be refocusable later. It actually makes it possible to do the "image enhancement" thing you see in movies, and read a license plate out of a blurry photo. Additionally (though they don't show it in practice in this paper) the technology allows you to make 3D images out of the same single snapshot.
#173
General Chat / Comics
November 10, 2005, 05:33:32 PM
So I end up with a lot of, what we shall call comic-reading time at work. As such, I quickly run out of comics to read. So I figure I'd start a thread here, asking for some more recomendations. I think it's probably safe to skip the really popular ones, so no need for everyone to point out penny arcade, megatokyo, ctrl+alt+del, or VGcats. Also, I think it'd be more entertaining if everyone posts a link to a specific strip they found funny, rather than just the comic in general.

Here's a new one I found recently.

http://campalaska.keenspace.com/d/20050630.html
#174
General Chat / Death to Blogs!
November 03, 2005, 08:21:14 PM
Many of you already know how much I despite the term "blog" and the way I tend to rant when it gets used in my company. I just found this article though, which pretty much says everything I wanted to, but uses words and crudeness I never would. Thus, it's much funnier.

http://www.thebestpageintheuniverse.net/c.cgi?u=banish
#175
Announcements / MySQL and PhpBB
October 27, 2005, 07:49:23 PM
MySQL service on xepher.net is offically "deprecated" as of this post. I will continue to run the service for a while yet, but will not be upgrading to the newer releases of the MySQL package. There are several reasons for this. First, it's a royal pain to manage and maintain. Secondly, there's now a very viable (and much more portable) option in the form of SQLite. Third, the overhead and resources for the mysql server could be better spent elsewhere. There's a reason most serious MySQL installations are on dedicated machines, seperate from the webserver.

What this means though, is that web applications that rely on MySQL (such as phpBB) will need to be either replaced or upgraded to something that supports another method of storage. I personally have to rewrite a lot of the backend software for xepher.net itself to move away from MySQL, so this a headache for me as well.

I think this is a good time to mention that phpBB is also going to be "deprecated." Basically, there have been so many problems (many of them security related) with phpBB that I want everyone to stop using it. I'm not going to out-and-out ban it like many hosting providers are doing, but I will ask that no NEW installs of phpBB be made, and that users do their best to phase out existing installations as soon as possible. I'm not saying you have to have it figured out by next week or anything, but now is the time to start looking for alternatives. I'd personally suggest www.punbb.org which is what runs these forums, and so far, hasn't had any gaping security holes. Also, it supports SQLite and is a double-bonus in that respect. The easiest way to do this is to do what I did here. Make a punBB (or other forum package) install using SQLite, and let it coexist with your old forum for a while as users move over.

Any questions and comments on this policy should be posted here. Requests for technical help with installing/upgrading software should be placed under the technical support forum.
#177
General Chat / Star Wreck
October 02, 2005, 07:34:02 AM
Bizzare, but one of the better looking fan-films I've ever seen. Full length movie, free to download.

http://www.starwreck.com/

Favorite quote:
"It's a passable day to die."
--Lieutenant Dwarf
#178
General Chat / A Quake! A Quake!
October 01, 2005, 08:17:38 PM
"Oh really yeah no fake? We kind of had that feeling when the ground began to shake!"

But animaniacs songs aside...


We had an earthquake here last night. A couple minutes before midnight a 4.1 earthquake hit centered just 14 miles north east of here. I was lying in bed, listening to the final chapter of harry potter and the order of the phoenix when I hear a noise that sounded kinda like a jet approaching, then BOOM! it was enough to shake me back and forth in the bed. I jumped up and went and looked out the windows, because at first I thought it might be a sonic boom from a jet... then I realized I'd heard the "jet" before the boom, and that doesn't happen. Anyway, once I realized it was a quake... Awesome! Just thinking about how much energy is release in even a smaller one like this. I mean, enough that a 30 mile area of granite bounced around like that. Rock! :-)

http://earthquake.usgs.gov/recenteqsUS/Quakes/usdrad.htm


QuoteA QUAKE! A QUAKE! from the Yakko's World album
Music and lyrics by Randy Rogel.

Music adapted from The Happy Farmer by Robert Schumann.
 
Yakko: It's a quiet, peaceful night
       The moon is shining bright
       Giving not a hint of what's in store
       A few hours before morning
       Without a single warning
       Something strange begins to move the floor
 
       A quake, a quake
       The house begins to shake
       You're bouncing 'cross the floor
       And watching all your dishes break

       You're sleeping; there's a quake
       You're instantly awake
       You're leaping out of bed
       And shouting "Oh for heaven's sake!"
 
       I ran outside with neighbors
       Their faces full of shocks
       That's because I'm standing there
       In nothing but my socks
 
W+D  : Oops!
 
Yakko: A quake, a quake
       This must be a mistake
       Just feel the ground
       Go up and down
       Won't someone hit the brake?
 
       A quake, a quake
       Oh, what a mess they make
       The bricks, the walls
       The chimney falls
       Destruction in its wake
 
       I did not have insurance
       I called them from the scene
       And suddenly I'm listening
       To an answering machine

       Say "Too late, too late
       You shouldn't ought to wait
       'Cause now you're stuck
       We wish you luck
       Here comes a six-point-eight!"
 
       Whose fault, whose fault?
       Blame it on the fault
       'Cause Mister Richter
       Can't predict her
       Kicking our asphalt
 
       Seismologists all say
       Tectonic plates are in between
       An encroaching crustal mantle
       Yeah, so what the heck's that mean?
 
       It means a quake, a quake
W+D  : Oh really, yeah, no fake?
       We kind of had that feeling
       When the ground began to shake
 
Yakko: And so we wait
       Resign ourselves to fate
       Because our lawn
       Is sitting on
       A continental plate
 
       We shivered through a blizzard
       Went swimming in a flood
       Then we blew off a hurricane
       And now we hear a thud
 
       Of a quake, a quake
       How much more can we take?
       We thought that we had seen it all
       But this one takes the cake
 
       The dirt, the rocks
       Those crazy aftershocks
       It's just the planet
       Moving granite
       Several city blocks
 
*YW+D: Now the town is falling down
*      While the ground
*      Moves around
*      We won't let it get us down
*      Get beneath the door frame
 
Yakko: A quake, a quake
       It's time to pull up stake
Dot  : The worst is over
Y+W  : We don't buy it
       We're fed up
       We can't deny it
       We just want some peace and quiet
YW+D : So we're moving to Beirut!
 
* - sung to "London Bridge"
#179
General Chat / Air Force Kills Rudolph
September 30, 2005, 03:53:10 AM
Air force admits to killing Rudolph the Reindeer with F-16s, pays santa nearly $5,000 in compensation. Literally!

http://news.bbc.co.uk/2/hi/europe/4295968.stm
#180
Applications / Application Status: OPEN!
September 30, 2005, 03:33:42 AM
This thread and it's title will show the current application status. Do NOT post a new application if it is closed.

Current Status: Open!

And only six months later than planned! :-)