Some knuckleheads calling themselves the “Tornado Digital Security Team” have hacked the KISD website.

Keller school district technology experts are restoring the district’s Web site after computer hackers destroyed hundreds of documents and photos late Tuesday.

The hackers replaced the home page with a page that shows a photo of a tornado and a lightning bolt and the message: “In The Name of God … This is Web site hacked by Tornado Digital Security Team.”

Keller officials are trying to trace the Web site address, www.TORNADO.ir.

It appears the hackers were searching for Web sites with holes in the security firewall, said district spokesman Jason Meyer.

“It looks like some sort of software program was working on our Web site and they’ve been doing it for several months,” he said.

I always hate news stories about computing and security issues, because most of the people who know what the heck really happened aren’t allowed to talk to the public.  I don’t doubt that script kiddies and perhaps even some serious hackers have been testing the firewall.  However, I expect that the techies just told the spokesman about the firewall logs so he’d have something to say to the media. 

The firewall does you no good if your application code has holes in it, since you have to allow traffic bound for the web server to pass through the firewall to access the application (unless you proxy it, but even that’s not totally secure).  I know I get a lot of idiots in China trying to run dictionary attacks against my SSHD (which has to have a port open on the firewall for me to use it).

I noticed that KISD is running a CMS called Joomla!.  Coincidentally enough, it appears that Joomla has a number of high priority security issues that were patched on Monday.

That’s not to say I know for sure that this is what happened, since there are so many ways that security can be compromised, and some quick research shows that these guys have hacked systems other than Joomla! (interestingly enough, they seem to like hacking Arabic sites).  I’d be really interested to see a writeup on what really happened here.

The Gecko was kind of “cute” when it first came out, but it’s just annoying now.  But worse than the Gecko are the commercials with the “celebrity” and the “real person.” 

Although, in their defense, I’ve always kind of wondered what that movie announcer guy looked like: 

Link to YouTube video of Geico commercial

Update:  Moved the YouTube inline player to the Extended Entry, since it was doing funky things in Firefox.

I previously mentioned the problem I had with my RAID system when I powered it back on.  It really got me focused on the fact that RAID isn’t really such a great method for preserving files.  It’s good for a single drive failure, and it’s good for keeping a system online even with a bad drive, but anything beyond that means total data loss.

When I ordered the replacement drive I also ordered a couple of plain old 250GB PATA drives (the ones that got “thunked” onto my doorstep yesterday).  I’d decided that I was going to keep a second system to back up the first before replacing the bad drive and rebuilding the array.

A couple of weeks ago I had resurrected an old system and installed Open SuSE 10.1 on it.  At the time I was mostly playing around with putting a scanner online (a RadioShack PRO-2052 that I got on clearance) using Icecast.  But since this system also had a built-in Highpoint 370 “RAID” controller it meant that I had two extra IDE channels that I could use to create a mirrored drive array using the Linux software RAID tools (the HPT370 is actually just a fancy IDE controller with a little hardware support for RAID, but not a true RAID controller).  Anyhow, the system was working and it was running headless in a corner of my living room (one of my motivations for Icecast and the headless living room setup is that my office is an EMF wasteland, making it difficult to get a decent signal).

I installed the new drives and booted the system.  Once it was on the network again I used Yast2’s partition tool (being headless, I did this using Cygwin’s X-server on a PC) to create the RAID array, format it, and add it to the filesystem table.  It took me a minute or two to figure it out, but once I did I was surprised at how easy it actually turned out to be (select each drive, add a primary unformatted partition of type Linux RAID, select RAID drop-down, select each partition and hit “Add”, select RAID 1, select Reiser filesystem, apply changes). 

I’m always a little suspicious when something is too easy, but it all appeared to be working so I started an Rsync of my home directory and left to walk the dog.  When I got back I saw that the drive lights were on solid, so I thought it was working.  A little later I tried to login, but couldn’t access the system. 

Once I got it rebooted, a bit of examination showed that both of the HPT370’s IDE channels as well as the wireless card were sharing IRQ 11.  Everything is PCI, and it’s technically supposed to be able to share interrupts, but I don’t like interrupt sharing.  Further, with the RAID array and the wireless card on the same interrupt, it would seem to be just asking for trouble.  Every operation involved in copying data seems to be piled up on one interrupt (i.e receive data on wireless card, write data to hard drive on first channel, write data to drive on second channel).

Unfortunately, this motherboard has a brain damaged implementation of PnP configuration in its BIOS, so that “unsharing” the interrupts involves physically moving devices to different slots.  For example, this motherboard is hardwired to share an interrupt between the HPT370 controller and whatever device is in PCI slot 2, so whatever interrupt you choose for slot 2 (INT PIN 2 assignment in the BIOS), it’s shared with the HPT370.

I also learned that moving a wireless card causes SuSE to “forget” the card (you have to go into Yast’s network configuration and delete the original entry for the adapter and configure the new entry from scratch). 

Once I got through all that nonsense I started the Rsync.  It’s not exactly setting any speed records, as it’s using ssh over my wireless LAN.  But so far it’s copied about 18GB without hanging (as opposed to just under 2GB yesterday).  So there’s only another 140GB or so to go.

At this rate it’ll be finished in about a week.  As long as it doesn’t hang.

One of the side-effects of working at home is that you quickly learn the habits of the various delivery drivers.  The UPS guy, in particular, is interesting to watch, as he usually runs from the truck, dumps the box at the door, hits the doorbell, and takes off at a run for the truck.  Unless he needs a signature, all that’s left of him by the time I get to the door is the rumble of his truck in the distance.

Today’s offender, though, is the DHL driver.  It’s really comforting to be informed that your new hard drives have been delivered by hearing the THUNK of the box as it hits the concrete in front of your door.

I wonder if they’d treat the boxes differently if they thought I was home?  I keep my truck in the garage, so unless I’m standing at the door or the lights are on people usually don’t know anyone’s home during the day.

I’d been waiting for a verdict in the Lindsey Crumpton trial as I was on the witness list due to some comments from the defendant via my feedback form in response to something I originally wrote about the case.  Ultimately I didn’t have to testify, but I was still curious about the verdict.

The Dallas Morning News has an article with the outcome:

A 20-year-old Waxahachie woman who tried to commit suicide in her SUV but instead killed another motorist was sentenced to 10 years in prison Friday.

The jury’s maximum sentence stunned Lindsey Crumpton and her supporters, who had pleaded for probation. The punishment verdict came as Ms. Crumpton was having an emotional meeting behind closed doors with the 18-year-old daughter of Kristina Kelly Bartlett, who was killed in the November 2004 crash.

In testimony during her trial, Ms. Crumpton described a history of severe depression and drug use. The one-time Waxahachie High School homecoming queen, cheerleader and college soccer player said she had run out of medication when she decided to kill herself by yanking the steering wheel of her Ford Explorer as she drove south on Interstate 35E.

However, it appears that Ms. Crumpton is still not willing to take responsibility for her actions, even though it appears she knew they were dangerous.

But under cross-examination by prosecutor Trey Crutcher, Ms. Crumpton acknowledged that she knew her actions were dangerous because she purposely left her puppy at home. “I didn’t want my puppy to be killed,” she said.

Mr. Crutcher also questioned why Ms. Crumpton had not jerked the steering wheel to the right, which would have prevented any chance of colliding with another car. She responded that she did not know why she turned her car toward oncoming traffic.

Ms. Crumpton denied that she was directly responsible for the death of Ms. Bartlett, 47, saying that she only set in motion a chain of events that resulted in her death.

The jury of 10 women and two men convicted her of criminally negligent homicide, concluding that a “reasonable person” would have known that her actions were dangerous.

A chain of events?  If she was a butterfly causing a hurricane across the ocean I might buy it.  But her chain only had one link:  the yank of the wheel.  It’s kind of hard to claim you couldn’t forsee the outcome from that particular chain.  Worse, it sounds like she’s trying to claim that she just decided at the last moment, but that is contradicted by leaving the puppy at home, which means that it wasn’t spontaneous.

My mother, who is almost as cynical as I am, thought she would only end up serving a couple of years, but it appears that the law has tightened that loophole a little.  According to the article Ms. Crumpton will have to serve at least five years before being eligible for parole.

I don’t know whether that’s enough time.  Unless Ms. Crumpton does a lot of growing up in that time, I don’t know that it’ll help.  She’s obviously not ready to take responsiblity for her actions.  I hope the parole board asks some pointed questions in this area when she comes up for eligibility.

A few days ago I was out walking my dog behind Town Hall when I noticed my shoe had started clicking on the sidewalk.  I looked down to see that I’d stepped on a big, rusty fishhook.  I see people fishing out there nearly every day, and mostly they don’t cause a problem.  However, the fishhook reminded me that there can be unexpected hazards from their activities if they don’t police their trash before leaving.

The fishhook, of course, is dangerous to any pets who might be walking in the area, since most of them don’t wear shoes.  I’ve also seen plastic worms/lures on the ground, and I can’t help but think they could be dangerous to the ducks, should a duck attempt to eat one.  But the worst offender, in my mind, is the person who keeps leaving big tangles of cast-off fishing line on the ground.  Last spring I saw a duck that had become entangled in the line and drowned.  I can only imagine that it was a horrible, slow, and ultimately needless death.

It appears to me that the QT issue brought a lot of visitors to Keller City Limits who hadn’t seen it before.  Visitors who are absolutely seething over the SUP’s approval at the last council meeting.  A subset of whom are still so angry that they aren’t capable of coherent comments other than name calling.

Jim Carson wrote a short post explaining his rationale for voting for the proposal.  The commenter who stood out the most, however, was someone going by the name Jennifer, who left this in reponse to Jim’s post:

BLAH BLAH BLAH

You had your biased mind made up before you ever stepped foot into City Hall that evening.

Ok…  whatever…

But what really had me scratching my head was this exchange, posted in response to a comment from Doug:

#  Jennifer Says:
August 22nd, 2006 at 2:14 pm CST

Gee Doug, nice job giving Jim his obligatory pat on the back. I’m surprised Monty and Aubrey haven’t chimed in yet. I would have expected all of Jim’s sidekicks to have responded by now.

# Doug Says:
August 22nd, 2006 at 3:09 pm CST

Jennifer, should I chastise him for a vote that I agree with?

# Jennifer Says:
August 22nd, 2006 at 4:43 pm CST

I haven’t known about this website for very long but my guess is that I would be hardpressed to find anything in the archives that you disagree on with Jim.

Just curious, is there anything? I’m hopeful to learn that maybe only Monty and Aubrey are the bigger asses.

Whiskey Tango Foxtrot?

I hardly ever comment at Keller City Limits, and I only wrote one post on the QT issue.  I was only being mildly sarcastic in tone, and completely serious in content, so I’m not quite sure what has earned me this enmity.  Perhaps it was something from earlier?  Maybe the library?

I suppose I’ll never know, because Jennifer’s anger over whatever sin she thinks I’ve committed makes it completely impossible to hold a conversation with her.

I’ve noticed several other commenters with similar problems.  QTDS (Quick Trip Derangement Syndrome), perhaps?  Or maybe it’s TCLDS (Town Center Library Derangement Syndrome).

Don’t worry Jennifer, I won’t bite you should we meet in real life.  I’ll be polite, shake your hand, and make quickly for the door like I do with most people who’ve gone off the deep end… 

[That’s humor. Laugh, damn it!]

In all seriousness, should you wish to have a reasoned conversation on whatever issue it is that is bothering you, feel free to frequent the comments.  But my patience is wearing thin with the personal insults.

There’s a husband/wife couple that I see on the trails fairly regularly along with their dogs.  It’s one of those cases where Boots immediately took a liking to them and their dogs.  She ignores most people, but she goes fairly crazy when she sees them.

Until today I hadn’t seen them for a month or so, but I didn’t think much of it, since they had previously said something about taking a long trip in August.  However, when I saw them today I was almost tempted to ask the wife if she was pregnant, as she had the characteristic belly (which she didn’t have the last time I’d seen her).  But, fortunately, my thinking brain kicked in before my impulse brain had a chance to get the question out. 

I think it’s likely that she’s pregnant, but if she isn’t, asking the question would have been A Bad Thing™.  I think I’ll leave well-enough alone and wait for her to bring it up…

Just about two years ago I built a RAID system to use as my media/file server.  I’m fairly paranoid about shutting it down, since I’m afraid that I’ll lose a drive.  But when the A/C went out I shut it down to prevent it from overheating. 

The A/C is now back on (fortunately it turned out to be something simple—the fan start capacitor had burned out and shorted out a couple of other wires, but nothing that couldn’t be fixed), and as I feared, it lost a drive on bootup.  I’ve got a new drive on order, and until it gets here the system is still operational, although it’s no longer fault tolerant. 

At the time I thought that a RAID setup would be a good way to prevent losing data, especially given the costs of tape.  But I’m not so sure anymore.  Even though it allows for a single drive failure, it still makes you nervous to pull a drive out of the array and replace it, then rebuild the array.  You always feel like you’re hanging by a thread.

I’ve got some old systems laying around.  I think I’m going to add some disks to one of them and run it as a backup (maybe a daily rsync or something similar).  Hopefully, both systems wouldn’t die at the same time, should something happen to either one.  Of course, that doesn’t take into account something like a lightning strike.  What I really need is an offsite backup.  Perhaps I could persuade one of my friends with high-speed Internet to let me place a system at their place in return for backing up their data to my systems (i.e. cross-site backups).  Or maybe I’m just being overly paranoid.  But I’m starting to feel like someone carrying a bunch of eggs in a frayed basket, so I’m going to have to do something.

Yesterday and today I eschewed my normal hiking/cargo pants-o-many-pockets and loud shirts in favor of more respectable attire that included a dress shirt and tie.  And then I sat around, doing a little bit of work, and waited.  I was on standby should I be called to testify as a prosecution witness at the Dallas County Criminal Court in State of Texas v Lindsey Alyn Crumpton (for Manslaughter).  About an hour ago I got an email informing me that my services wouldn’t be needed, as the defendant admitted to the issue about which I would have testified.

Some of my long time readers may remember my previous postings about Lindsey Crumpton.  For those who don’t, here’s a brief refresher/timeline, along with some events that I didn’t detail at the time:

1. November, 2004:  I wrote a short post with my take on a case where a young woman (Ms. Crumpton), while attempting suicide, ended up killing an innocent woman on I-35 by driving across the median.  That post, entitled Deadly Stupidity attracted a couple of comments, including one from the outraged daughter of the woman who was killed.
2. January, 2006: (approximately 13 months after the original posting)  I received an angry, insulting, and vaguely threatening message via my Contact Form from someone who appeared to be Ms. Crumpton herself.  I posted her message, along with my response, in a post entitled You Have Mail!.
3. April, 2006:  I received a message from an Assistant District Attorney with Dallas County, who had found my posts and was very interested in them, as he thought they would be material to the trial.  I went ahead and forwarded him the messages I’d exchanged with Ms. Crumpton.
4. May, 2006:  A relative of Ms. Crumpton (or someone claiming to be) found this site through Google and proceeded to leave a nastygram in the comments to an unrelated post.  I moved the comment and added my reply in More Deadly Stupidity.
5. July, 2006:  The Dallas County ADA called me again to say that the trial was going forward (starting Monday, August 21, 2006) and that he wanted me to testify.  Shortly after that I received a letter and was served with a subpoena to appear as a witness.

I think it can be safely said that the old advice about shutting up still holds in the digital age.  DA’s are now routinely checking online search engines to try to find information about defendants.  I was told by this ADA that he often found incriminating information by looking at a defendant’s MySpace page.

As they say, “anything can be used against you,” and that includes online, provided it can be proven to have come from the defendant.  In this case, I couldn’t say with 100% certainty that it was Ms. Crumpton, since anyone can enter any old email address in the contact form.  However, I responded to the email address that was given and got a reply back.  Further, the email address was of the form her_name -at- hotmail.com.  Taken together, I felt safe in assuming I was dealing with her at the time.

Anyhow, the moral of the story is to shut the hell up if you’re facing a criminal trial.  No matter where you say it, someone will eventually find it and use it against you.

Update: (5:50pm, 8/25/2006)  I just received word that Lindsey Crumpton was convicted.  I am waiting to get confirmation of that, as well as what sentence she may receive.

Update 2: (11:30am, 8/26/2006)  More on the verdict here.