flew a my herring at lunch a little today! sporadic thermals, and a couple of multi-minute flights over the building. good stuff altogether.

First up, a couple of NEW NEW NEW galleries! Saturday, the Saint Patrick’s Day Parade in the Highlands was all that I hoped it could be! We met Geoff and Cabrina down near the Outlook (where she lives), and I was greeted in her English garden with a fistful of homemade beer (nummy!), and then we went up to the parade where we met Matt and Sara (and Kelly, who was waiting for me).

Later that very day, Kelly and I took a little stroll Down by the River. It was fun.

This morning you should…
watch the new Strongbad short, then play the
Trogdor Video Game!! “Stomp 10 Peasants to Achieve Burnination!”

I run a mail server on linux. the mail daemon is Postfix. the H Dizzle asked me about SPAM filtering. Spamassassin does a good job of killing SPAM. Google found me a nice HOWTO on using SpamAssassin with Postfix. I tested, it worked. Yay!

Heh, yeah, well…

From whitestripes.net:

WHITE STRIPES TO ROCK CONAN

At the end of April, to celebrate the release of Elephant, Jack and Meg will be performing on the Conan O’Brien show. Thats the good news. The great news is they will not be on just one night, not even two. But all week! Yea, you heard me correctly, they will be the house band for Conan, performing for one week in late April. Keep checking back here for the exact dates. What are you waiting for? Get those VCR’s fired up and ready to record!

Jackson, Kelly, and I went on the hunt for more geocaches on Sunday — caches were found, pictures were taken, llamas were petted.

The caches:
Lynn’s Paradise Cafe
Joe Creason Nature Reserve (now with more LLAMAS!)
Tyler Park
Seneca G.C. / Bowman Field

Navigator extraordinaire Jackson has also updated his geocaching gallery with the new pics!

when I went to go upload a new gallery today, Gallery told me I had a folder that it didn’t create in the albums/ directory. Low and behold, it was some “warez” directory with an MP3 recorder or some junk in it. Doing a little more research, I find that there is a phpshell script in there (so that your browser acts like a shell), an ftp script to download a PHP Exploit Lab script.

Well, scanning my Apache logs I find that the culprits came from Russia, or at least were using dialups in Russia. The offending hosts:

213.158.2.85
82rez.telegraph.spb.ru
213.134.206.99
161ppp.telegraph.spb.ru
85rez.telegraph.spb.ru
160ppp.telegraph.spb.ru

Further, some of the referrers for these hits lead me to this URL (a forum), which is another exploited Gallery. ( some ICQ numbers of folks on that board include: 2243057, 321381, 118407481)

So, I check out Gallery’s website — and first notice this security notice about a possible security hole. Turns out, it’s not a security hole in Gallery, but in any shared webserver. Well, that IS true. However, what DOESN’T help is that there WAS an exploit with version 1.3.2, which I was running. I’m assuming this exploit allowed for the upload of a file, namely phpshell.php, and thus… script kiddies from Mother Russia had their day. Their day as an unprivileged user, mind you.

Gallery x1.3.2 exploit

I received an email from a fellow geocacher who saw Jackson and I down at Brown Park, and mentioned he saw a man and a woman poking around a cache. Well, at first I thought — “Hey! I’m ALL MAN, man!”, but then looking at Jackson’s photos of our geocaching, I realized that from 300 yards, my sunglasses on my head do look like a fasionable hair-clip. Oh well. Peep his photos for more.

Jackson and I did a little geocaching on Saturday. What is geocaching, you say? Geocaching is finding hidden treasure with a GPS device, essentially. Someone plants a little something somewhere, records the latitude and longitude thanks to their GPS receiver, and then tells others. Yay! We hit 4 out of 5 of the caches. Music in the Brown, Stroll Along – Farnsley Park, Des Pres Park, Pee Wee Park, and the appropriately named String Along a Broken Bridge (which we didn’t find).

Also included — Grandma Betty’s 70th Birthday Fiesta and Kelly and I spend a lovely Valentines Day at the airport.