Site Maintenance: Updates

Folks,

Just a warning, I’m updating WordPress and some plugins and hopefully fixing false-flagging of some comments.  I’ll comment when the updates are applied; I shall wait a few minutes after this posts to ensure no one loses work on posts or comments (save your work, folks!)

 

I’ll be doing some other tweaks later this week, and hope to have a surprise or two, but that depends on my time and how things go.

Be well.








Site Maintenance Update

Just a quick update and test. This post will appear and then disappear, and then reappear again. Kind of like the health care travesty in the Senate.

Last night, our hosting company updated a lot of the back-end server stuff and that was why the site was a bit twitchy. It should be fine now.

 

I’m testing this theory by posting a picture to see if it errors out.

And the errors didn’t happen!

This was on a Reservation, forget which one  thanks to Adam, I’ve determined that it’s from my visit to the Taos Pueblo – thanks! I’ve visited a few out West over the years, but never stepped foot into a casino. Should you ever have the chance, visit a Reservation, tour and ask questions, and spend some money in non-casino settings, they can use it.

 

Open Thread








On The Road: Please Stand By…

Alain asked me to schedule a post for him. He has asked me to inform you all that he is experiencing technical issues and, as a result, today’s On the Road post will not be happening as normally scheduled. Please consider this an open thread while he waits for someone at tech support to answer his ticket/request.

Open thread!



Your Input Sought: Suggest Quotes and/or Pie Sayings

 

Folks,

As many of you have noticed, the pie filter and the random quote rotator are now in both the desktop and mobile sites, though there are still some issues we’re addressing that affect a few users. This is progress!

In bringing each of them to the fore, I’ve revealed them to have an inadequate set of messages. This is your chance to make suggestions to add to the site, and, in the case of the pie filter, I’ll be sharing all suggestions with Cleek, who invented it and helped launch it as a built-in part of the site. Since other sites also use this filter, you’ll be helping other communities, not just Balloon Juice.

You can review the current set of quotes at this link: https://www.balloon-juice.com/bjcustom/quotes-collection.json

You can review the current set of pie sayings at this link: https://www.balloon-juice.com/bjcustom/pie_strings.json

 

Quote suggestions will go through an approval process, but most-to-all pie sayings will be accepted. Finally, someone suggested using the Balloon Juice lexicon as another source for quotes. For my taste, they’re too long so I’m considering another application for the lexicon.

 

Please this nifty new form to submit your suggestions for either. One quote per submission, and we limit you to 10 per hour. I hope to add them early next week. Should the form be an issue or have an issue, please comment below. I’m not around in this post, so I won’t be here to deal with questions or reports of site issues.



Followup on Yesterday’s Post About the Ransomware Attacks, More Oceanography, Mobile Site

Folks,

Mea culpa. It looks more and more like the “ransomware” attacks were not after money, but destruction. That, coupled with the timing in Ukraine right before their Constitution Day, would tend to indicate it was Russian operatives that did this. At first, I assumed that a major attack in Ukraine was Russian-sourced, but as the day unfolded with reports from around the world, I surmised that it was actually NK hackers, making it look like an anti-Ukraine operation, and after even more Bitcoin like the previous wave of ransomware. The fact that there was a major dip in Bitcoin value right before the attack started seemed like an echo from a previous attack.

Well, it looks like I was wrong – the attacks had a poorly-designed ransom function that didn’t work, and in reality, the payload destroyed files of certain types without recording the encryption key used. In other words, it was irreversible – the payload was destructive and not ransomware, it was just built to resemble one. So in this case, paying or not paying had the same result – if you contracted it, your files were toast.

 

Still, the suggestions I made about updating current systems, using good security software, backups, not clicking on ANY link in email, etc. hold. And, should you be running a dead Windows operating system, do plan to upgrade soon – either get a newer pc, upgrade to Windows 10, or install something like Linux Mint or Ubuntu. Right now, you’re a sitting target with adversaries that are evolving while your old machine likely doesn’t have functional anti-virus software, much less modern defenses built into operating systems.

 


 

And now an overdue announcement – tomorrow at noon Eastern, we’ll have part 2 of Boussinesque’s Intro to Oceanography, this time on Ocean Acidification. As a huge fan of all forms of seafood, learning of the effects of this trend on plankton, the root source of all life in the sea, has me quite concerned.

It will be interesting, and he’ll be manning staffing in the comments to answer questions, etc.  – thanks to both for nudges

 


 

A brief note to mobile site users – expect some changes over the next day or three. I intend to bring a lot of the tweaks and tools from the desktop site to the mobile site, where appropriate. I’m sure some will complain, feel free to do so and I’ll adjust it like always! Should you have any mobile site complaints or suggestions, this is the thread for them; I’ll come back here a few times to see if any late readers have added their 2 cents.

 

 


 

Finally, about 3:30 today I will do some backend tweaking and that may make the site boogered for a few seconds. Should this happen, comments you just submitted might get eaten, so if it’s important, around that time, copy comments to notepad or something in case it doesn’t go through. I’ll comment right before and after the change.

Open thread!



Site Maintenance and Tech Suggestion: You Have Been Warned

Folks,

Item the first: small site changes

  1. The blogroll
    This was a classic case of “no good options”. Currently, and for months, the Blogroll opens in the same window. This causes some users to complain and ask that it open in a new page. I finally caved, knowing that in doing so, I would cause IOS users a headache as it blocks pop-ups by default. After making that change, I began to receive emails complaining that for them, Blogroll was no longer working. One report was from a FireFox user, so this is no longer just an IOS issue.
    That got me thinking – one choice means inconvenience, the other means it doesn’t work. So the choice became clear: the blogroll will open in the current page. I’m sorry for the hassle this causes some, but hassle for some is better than not working for some!
  2. Later this afternoon, I’ll be making a few small back-end tweaks related to security. This may make the site hiccup for a moment as the changes take hold. If you have an issue, count to 10 and reload the page and all should be well.  It is possible during this brief time that comments-being-submitted may disappear into the aether. If so, my apologies, and please re-submit it/them.

 

Now, a brief comment on the current wave of hacking going on:

I’m sure you’ve heard about the wave of ransomware/hacking that began yesterday morning in Ukraine and has now spread around the world.  In my opinion, this is another effort by North Korean-affiliated hackers to generate a huge amount of Bitcoin that will likely be used to purchase more tech and hacking exploits. I bet that a significant chunk of the proceeds from these hacks goes back to NK’s coffers, but these likely foreign-based operations need funding, and I think that they likely resort to these types of hacking to keep the electricity on, as it were. I don’t think it coincident that NK re-commenced their numerical code broadcasts about 2 weeks before the last big hack happened.

The issue of concern from my perspective is that this is the second wave of ransomware-hacking on a global scale. I suspect that many of you have read about how a bunch of NSA exploits and hacking tools were stolen, likely from a contractor, and are being released. If a nation state’s hackers were behind the theft, then perhaps they are using these exploits to generate money before systems are all patched.  If this is the case, then these first ransomware attacks are probably using the least-valuable exploits, ones that have already been patched in most systems. I fear that, in the coming weeks, we’ll see more and more of these attacks, and that they will be much more effective, when they begin to use 0-day exploits that no one except the NSA knows about. (On a side note, is the NSA/US Government financially liable for the effects of their stolen cyber weapons?)

So the question is, what can you do/not do?

These important things:

  1. Ensure that your computer(s) are fully up-to-date. This means Windows, Mac, Linux, phones/tablets. Automatic updates are a requirement in this era, embrace them. As soon as an update is released, bad guys analyze it to see what was fixed. Then they target that issue in hopes of catching machines that aren’t yet patched.
  2. Ensure you are running quality Anti-Malware/Anti-Virus software on all appropriate machines. I don’t like to recommend certain brands, but I’d stay away from Russian brands (bye-bye Kaspersky, I cannot trust your great products ever again) and avoid the cheap/free/no-name options.

    I buy an annual 5 computer license via Amazon, use the digital download option, and it’s like $25 a year. DO IT NOW if you do not have such software. Although I use Norton Security, McAfee is another trustworthy name. Neither product is ideal, and I know many of you hate them with a passion for their performance, but for many lay-users, they are sufficient. They are not better than other options, but I prefer them to any free or no-name solution.

    Please try to start your Amazon purchases using the link here or in the sidebar on the desktop site, or in the comment area or top of a post on the mobile site. Every purchase made using these links generates a bit of $ for the site!

  3. Ensure that all important files are backed up. I love cloud storage/backup because it means there’s a copy off-site, so if my local copy gets screwed up, I can get a good copy. I also like a local backup of my files, so I use a on old Raspberry PI with a hard drive as a Samba-powered backup server. It’s simple, effective, and silent.
    For my most important machine, I backup the entire hard drive (I use CloneZilla to copy the entire disk to an external USB drive) every week. That way, worst-case scenario, I can restore my Windows and programs, downloading my files from local or cloud backup.
  4. If you have an old PC or two on your home network, say for the kids to use or for guests, take them off the network if they are running the following operating systems: Windows 95/98/ME/2000/XP/Vista. All of these are no longer supported which means that any exploit that comes out that targets them will be successful. Email and website are the most likely vectors, and, especially with teens, website visits include some gnarly, crap-ridden sites. Ideally, update old computers to a modern version of Windows, or replace the operating system with a more-secure, free option. Linux Mint is a great operating system that works on almost any old machines. I’m quite partial to Ubuntu, both the GUI version and the “headless” server version that I use for my home media server.
    I love the idea of a Chrome Book and similar paradigms – they do seem to have a very good security model.
  5. If you are running an Android tablet or phone, ensure that you’ve got good security software installed. In IOS, we’re ok because of Apple’s walled-garden approach, but with Android, things are much more dangerous. Related to my suggestion of Norton or McAfee, both include options for installing on your devices.
  6. Never click on a link in any email about any account. Always use a new tab in your browser and type in the site’s address yourself and login as you normally do. Often, well-crafted emails purporting to be from a bank or other financial institution will contain links to sites that look and behave much like the real one, but record your username, password, secret questions/answers, etc. and then use that data to steal your money from the real site. Such emails are also often ways that trojans and other nasties get loaded onto your machine.
  7. NEVER put a found USB stick into a connected, important machine. Bad guys are clever – they know people love to find free stuff, and when they do, they hope that there’s something valuable or neat. So bad guys will drop a few poisoned USB sticks in areas where people will find them, then rush home/to the office to see what’s on it, how much room it has, etc. Such a technique will often infect a machine and perhaps other machines on the network faster than you can believe.
    I use a Linux machine to investigate such things, since I’m sure that Windows is the real target, though these days I just break them and dispose of them without even looking – better safe than sorry, and hopefully if it’s legit, I’ve saved someone’s important data from being found by someone not-so-benign.
  8. Don’t leave machines running all the time if you’re not using them daily – an unattended machine is a sitting target. Always check machines at least once a day or so to ensure all looks ok. Nothing like checking your machine after ignoring it for two weeks, only to realize that the deadline for paying ransom expired last week!

 

To conclude, let me explain briefly what a ransomware attack looks like.

The Basic Mechanism

Basically, these things get into your machine and then use high-grade encryption to encrypt all the files on your computer. This means that instead of your resume, that Word doc is a scramble of characters that makes the file unusable and unreadable. You are often given a short-term deadline (3 days) to pay $300 in Bitcoin to undo this, or can take up to 7 days to pay $600. During that period, if the payload on your machine receives a “they’ve paid” signal, it will unscramble your files. If the 7 day limit is passed, your files are re-scrambled with a random encryption key which is never saved, so your files are permanently scrambled. Or at least for the next few years until tech and decryption breakthroughs mean it will take days not decades to decrypt your files. By then, you’ll likely not care.

Signs of a Compromised System

Basically, you’re using your computer and it gets slower, and you might get errors running programs you use routinely, or messages about corrupted files. This is the infected stage – the payload is on your machine and is in the process of encrypting your files. Turning off the computer or shutting down won’t necessarily stop things, but it might. It also might result in your already-encrypted files being permanently scrambled as the tool didn’t get a chance to complete the process and present a ransom demand. If the files are important, it’s almost better to let the encryption process finish so that you can pay them off, confidant that your files are recoverable.

Once the payload has determined that its encrypting-files job is complete, it will present a screen that you cannot dismiss. It will contain instructions, links to tech help, often even live chat-based support, believe it or not. Once you see the screen, it’s time to go buy $300 of Bitcoin and send it to the file-nappers. There are no other options, sadly – the FBI, NSA, etc. cannot help.

So when you hear about a hospital or a company dealing with this, we’re talking about many-to-most-to-all computers being infected. Imagine how much a company has to pay to release all their computers! In a home user situation, having to pay for one machine is bad enough, but having to pay for multiples can quickly get very expensive. Hence the utility of having your files backed up – as long as you have them, you can pay to release the important computer or two, and for the rest, you can reformat, re-install the Operating System, and all your programs.

 

These truly are scary times – take precautions and be safe!

 



Small Site Updates, greennotGreen News

Folks,

I’ll be tweaking the sidebar a bit today and hope to add some nifty things to the comments either later today or tomorrow. Also, a rotating quote line is coming today!

On a more personal note, Terry, greennotGreen’s sister read the memorial thread and let me know how helpful it was:

Alain, I noticed the celebration thread up on BJ. Thanks so much. I’m actually going to use some of the quotations from Carol Ann for the memorial service. She would love the idea of writing part of it herself!

So there you go folks, well done!

 

Open thread!

 

ETA: OK, folks, exciting things just went live. Look below the comment form – there is now a comment help/tips section with lots of useful things (more to come, as things change).  And perhaps more importantly, a built-in pie filter. Use it to block annoying commenters and their comments. It’s harmless – enter a name or a comment number and all comments from that person will be turned into statements about pie. It works on a per-browser basis, storing your list in the browser’s site data.

All hail Major Major Major Major and cleek. Their help to convert the filter from something that you had to tack-on in a specific framework into a built-in function of the site was immense. Thanks guys, your help made this a better place for all.