My Douglas Adams year

A few weeks ago I turned 42, which prompted my friend Paul to declare I was entering my “Douglas Adams year.” (Though somewhat worryingly, one of his other analogy-years was 33, because that’s how old John Belushi and Chris Farley were when they died… Douglas Adams died at age 49. Hmmmmm.)

Bend Beer: A History of Brewing in Central Oregon2014 was an eventful year, primarily because I wrote a book! The contract was signed around December of 2013, and I began researching and interviews in earnest in January, with a deadline of mid-July. Meaning, I had about seven months in which to complete it—pretty quick, by publishing (and writing!) standards. Following the submission of the manuscript were rounds of edits and proofing, with a publish date of October 21—at which point the rest of the year was a whirlwind of signings and publicity, including the Big Time—a talk and signing at Powell’s Books in Portland!

So now I am the authority on Bend beer and its history, for better or for worse. But that’s okay, because now I have a published first book under my belt, from a real publisher, which opens doors to a second, and third, and more books. For which I already have ideas.

But 2015 is (mostly, since the majority of the year I am 42) my Douglas Adams year, which means I need to be well on my way to figuring out the question to the question of life, the universe, and everything. Or at least inventing a computer to do so. Hopefully that means 2015 will be eventful too!

(So far, so good—mostly with events stemming out from the beer writing, which is a good thing!)

Ringing out 2012

I hope everyone has had a good year; for my part I think 2012 was pretty darn good overall. Obviously if you’ve been following this particular blog for the past year (or more) then you’ll note that I haven’t posted much (once a month, on average); a big part of the reason for that is the amount of time and effort I’ve been putting into my beer blog and Bend blog, both of which I’m very proud of, though it does tend to detract from my personal ramblings here (not to mention actual work getting in the way…!).

At any rate, one of my goals is to get more writing done in the year(s) to come, so hopefully I’ll buckle down to include this blog in that goal.

In the meantime, happy New Year everyone! Let’s toast 2012 tonight and ring in 2013 with fanfare!

The big four-oh

So today—which as I write this, is nearly over—is my birthday, and most people know it was a momentous one: 40.

That’s right, one of the Big Ones. (From 30 onward they all get counted in tens, of course.) What’s funny is I’ve been mentally rounding my age up the past few months anyway, so there’s really not much adjustment now that it’s official. And no, I don’t “feel old.”

But it was a very good birthday, with friends and family and beer and good times. Oh and a cigar and a whiskey or two.

And the Mayans didn’t mess it up, either. But now, technically, we’re in the new cycle of their Long Count Calendar (day 2, actually, since it ended on the 21st), which combined with my 40th birthday seems awfully momentous somehow. That could be a good theme for my next 40 years…

Next up: Christmas!

The most epic spam email ever

So I got this spam a little while back, and I couldn’t resist sharing. Here, in its entirety:

December 21, 2012:
Mayan Galactic Alignment
Once in 26,000 years

Celebrate the end of the Mayan Calendar,
the Sun aligning with the center of the Galaxy,
and the 2012 Winter Solstice.

Greetings ,

The “2012 Mayan Galactic Alignment” celebrates an astronomical event that happens once every 26,000 years.

Join me on a spectacular Cruise and Seminar-At-Sea to the sacred Mayan sites of the Yucatan, where we will gather in grand ceremonies and rituals that close a 5000-year era of darkness, and open a new eon of light – the ascension of humanity.

This is “the place to be on Dec. 21, 2012.”

The Carnival Triumph takes us to Chichen Itza and Cozumel, where we will honor this Time with ritual and ceremony, participate in seminars and healing while at Sea, and celebrate on a world class cruise ship.

On December 21, 2012, the Great Long Count Cycle, which began in 3114 BC, will end. The Fourth World will pass, and the “World of the Fifth Sun” will be born.

Now add your momentum to the vibrational energy that culminates in the peak spiritual event of the Millennium – the Winter Solstice, at the incredibly auspicious hour of 11:11 a.m. Universal Time on December 21, 2012. At that time, on that date, everything we know will change. We will enter a new world – a world of Ascension.

Learn more at http://www.mayancruise2012.com

Now hear a F’REE Teleseminar with speakers who will be on the cruise:
http://www.mayanteleseminar.com

Where will you be on Dec. 21, 2012 ?
We know where we will be – At this once-in-a-lifetime event !

HIGHLIGHTS:

– Workshops on the seminar-at-sea, as amazing speakers, such as Fred Alan Wolf, expert Mayan scholars, and enlightened spiritual leaders awaken our consciousness!

– Nightly Skywatch with Richard C. Hoagland, as we view the Galactic Algnment, a once-in-26,000-year event!

– Awesome Rituals, Initiations, and Fire Ceremonies at Mayan temples with Mayan Elders Hunbatz Men and Tomasa Lissell as we prepare to enter the “World of the Fifth Sun.”

– The Sun aligning with Hunab K’u, the Center of the Galaxy, in a spectacular Solstice light transmission and telescope array.

– The precise moment, 11:11 AM GMT, the end of the Mayan Long Count Calendar Cycle, witnessed in a Skywatch and Inner Journey to the Galactic Center, and with prayers, meditations, and light transmissions from the Ascended Masters.

– Visits to Chichen Itza and other pyramids and temples.

– Visit to San Gervasio, home of Ixchel, the Mayan Fertility Goddess, on Cozumel, and swim with her dolphins.

– Celebration of the Ascension of Humanity into a higher vibration with music, dance, food, and entertainment on a world class cruise ship.

– Honoring the date December 21, 2012, when the next cycle of human evolution begins, with transformative initiatory rituals by Mayan Elders, and meditation led by Babaji and other ascended beings.

This date is, by far, the epic metaphysical event of our lifetime.
And it comes once every 26,000 years!

Space is Very Limited. Learn More and Register Now at http://www.mayancruise2012.com

Be a part of this vital process, as you contribute your spiritual energy to this keystone event. This gathering can transform the planet at a time when transformation is essential.

You are called to be a part of this planetary ascension of consciousness, at this time, in this place!

Space is Very Limited!
Learn More and Register Now at http://www.mayancruise2012.com
Mention my name when you register.

“This is not a cruise. This is a Spiritual Experience. This is a spiritual awakening that will transform your life. You will pass from an age of darkness into an age of light. Your life will be blessed, and you will never be the same.”
The Immortal Babaji

Mayan Apocalypse cruise. It’s hard to beat that.

Lost planet

Saw this article on Discover.com earlier this month and thought it was really interesting: The Solar System’s Lost Planet.

Nesvorny, who runs computer simulations to study how the solar system evolved over time, kept encountering the same problem: The four giant gas planets, whose orbits are comfortably far apart from each other today, kept violently jostling with each other in his models of the early solar system. Jupiter would end up tugging on Uranus or Neptune and casting one of them out into interstellar space. Obviously, that never happened. So Nesvorny came up with a clever explanation: He proposed that a fifth gas giant emerged from the planet-birthing cloud 4.5 billion years ago. Suddenly his simulations started matching reality. The outer planets still jockeyed for position, but this time Jupiter spared Uranus and Neptune and ejected the extra planet instead.

Not that we’d ever be able to know if this is correct (probably), but it certainly sounds logical. I just hope the Planet X/Nibiru nuts don’t jump all over this as proof of pending doom.

Leap Day

This is only the third Leap Day we’ve had since I’ve started this blog, and this is the first time I’ve made a point of noting it. Aside from being the one extra day every four years (and, technically, only every 400 years on the century marks), the only other notable thing I can think of about the day is that there is a folk tradition wherein a woman asks a man to marry on this day rather than the other way around.

Leap Year itself is more interesting to me in large part because of that “400 years” observation I made above: a quirk in the calculation in the Gregorian calendar which we use. However even that pales to some of the other leap year calculations made in different calendars: in particular the Chinese, Hebrew, and Iranian ones seem especially difficult. I know the algorithm for computing a leap year in the Gregorian calendar, but the mind boggles at the ones for these others.

If you’re lucky enough to have a birthday today, happy birthday! I’ll buy you a drink on your next one, four years from now…

Postscript: Apparently I forgot to push “Publish” on the day itself!

Anatomy of a blog hack

So, last weekend I found out that my blogs had been hacked.

Actually, it wasn’t just my blogs, nothing personal involved or anything like that: the shared server space my sites were hosted on was compromised, and a good number of other sites and files were hacked as well. Based on what I can piece together, here’s what happened:

There were a number of sites on this hosting space that were running out-of-date versions of WordPress, and some that also had various other PHP code installed (NetOffice, Gallery 2, a few others). Any software that is outdated is potentially at risk to known exploits, but more worryingly, I found an old bit of PHP code on the server that was set up to run arbitrary PHP code for (I presume) some back-end admin processing, and ultimately I think this was what had been exploited.

And until I had found and killed this code, the exploit happened at least 3 times even as I was cleaning up the server.

The exploit itself, once I knew what to look for, was fairly simple:

  • In PHP files that were writable to the Apache webserver process, the code was altered so that any line containing an opening PHP tag (which tells the server to start executing the code after it as dynamic PHP until the closing tag is reached) looked something like this:
    From <?php .....
    To: <?php     eval(base64_decode('malicious code encoded here')); .........
  • When I copied this code to a sandboxed PHP environment and decoded it, it contained fairly simple instructions:
    • If the visitor to the site was coming from a Referrer—in other words, if they had clicked on a link from another site like Google search results, Facebook, someone else’s blog—they were redirected instead to a completely different site that presumably contained spam, or malware, or whatever.
    • If the visitor was coming to the site directly—they had typed the URL directly into the browser’s Location bar, or clicked on a bookmark—then they were passed on through to the site.
Because I normally type in URLs to my blogs directly, or click the “recently visited” link in Chrome’s list, I didn’t see the exploit at first. But as I was writing a blog post on The Brew Site on Friday the 20th, I was searching out a link to a previous blog post (gotta love Google for that) and when I clicked that link to pull up the earlier post, I was redirected to some site in Poland (or at least, with a Polish country code for the top-level domain).

Fortunately, I don’t believe this hack was in place for long, since I often search out links in this manner and would have noticed sooner: Sometime in the wee hours of the morning of January 19th was when the files were first modified is the earliest I can determine.

It took me a bit of time to figure out the exploit (at first I was thinking it was the Google 302 hijacking exploit), but once I did I was cleaning up files on my blogs by Saturday morning. I hadn’t yet had the chance to address the (many) other files and old sites on the server hosting space, so unfortunately my blogs got re-infected at least once more before I was able to kill the old files and update others. Most of my weekend (and part of the following week) was spent updating, fixing permissions, cleaning, and deleting files and sites.

For reference, a handy pattern for detecting this code in grep is:

grep -R -l 'eval(base64_decode(' *

(This should always work because you should never have similar PHP running in your legitimate code…)

Now, I keep my WordPress blog software (and installed plugins) up-to-date pretty religiously, and I try to keep permissions set appropriately. But a good number of files in each blog were infected even so—how? It turns out, even though a fair number of the core files that were originally installed (manually) had the correct Unix group (“<account>:users”) and permissions of 644 (rw- r– r–) and were untouched, I was also making liberal use of WordPress’s built-in auto-updating feature, along with automatic plugin installation, and at some point the files that WordPress were updating got set to the “nobody:users” group—the Apache webserver process. It was these files that were exploitable to the “nobody” Apache process that was being exploited by the other code on the server. (Along with the few files I had set to group-writeable as well.)

So, lesson learned. I’ve battened down the hatches, fixed the permissions on all the files in my sites, and have decided to forgo WordPress’s auto-installing and update features for now for good measure. And, I’ve finished up a (long overdue) move of my blogs to a new webhost with none of the legacy code possibilities that were extant on the original server. (Nothing against the original web hosting provider, I just needed a clean break with an affordable price.)

Of course, you all let me know if you still run into any problems, okay?