Josh Wieder

Recently I have started coming across somewhat unusual entries in the access and error logs for a few of the Apache web servers that I am responsible for maintaining. The entries look like this: 95.156.251.10 - - [03/Nov/2015:13:56:23 -0500] "\x16\x03\x02\x01o\x01" 400 226 "-" "-" Here is another example: 184.105.139.68 - - [03/Nov/2015:23:48:54 -0500] "\x16\x03\x01" 400 226 "-" "-" These errors will be generated on a website configured to use SSL - and in fact, error messages similar to these can be generated by misconfiguring SSL for your website. This error message, for instance, can indicate an attempt to access Apache through SSL while the OpenSSL engine is either disabled or misconfigured: Invalid method in request \x80g\x01\x03 Connections that generate that error would not be successful. This post, however, assumes that your website is working normally when used normally. So what gives? The error indicates

In my internet travels today, I came across a group called the " Terrorism Research & Analysis Consortium " (TRAC). TRAC claims to provide: " researchers in the fields of terrorism studies, political science, international relations, sociology, criminal justice, philosophy and history with content that provides comprehensive data and analysis for complex topics." I assume that one of those complex topics is terrorism, both because of the name, and because their website is a large list of various groups and individuals that TRAC describes in a few incendiary paragraphs before pigeon-holing them as terrorists. TRAC claims they have a lot of these profiles: "With tens of thousands (and expanding) web pages of information, over 4,650 (and expanding) group profiles, and 2,800 consortium members, TRAC provides many ways to efficiently access information." These profiles are apparently compiled into a database, which they sell subscriptions to. Indivi

Recently I was reviewing several of The Pirate Bay's (TPB) new mirror sites that have popped up over the last year since the most recent rounds of raids against the famous website's administrators. These mirrors have been the source of no small controversy - there have been rumors of law enforcement entrapment, that a project once founded in the spirit of breaking down walls to the free transfer of information has been hijacked for nefarious ends. Among these rumors, complaints centered on the advertising schemes used by many of the new Pirate Bay mirrors stand out as being substantial. Even Pirate Bay founder Peter Sunde pointed to advertising as one of the critical signs that the site was taking a turn for the worst in a blog post late last year  : "TPB has become an institution that people just expected to be there. Noone willing to take the technology further. The site was ugly, full of bugs, old code and old design. It never changed except for one thing – the ads.

Among the many pies I have my thumbs into at the moment, I am particularly interested in using technology to bring greater transparency to government. One of the most prominent problems as it relates to government transparency might be surprising: while most people immediately think of deliberate secrecy as the pre-eminent threat of transparency, simple dysfunction plays at least as large a role in preventing public access to state records. Immense troves of data remain solely available on ink & paper. Information that has been computerized remains in private intranets. Even data that is online, organized and available remains in a format that prevents semantic contextualization - either by storing documents in image files (TIFF) or difficult to decipher compressed formats (PDF or XPS). And in the rare cases where government agencies have made information public, semantically decipherable and accessible over the internet the problem remains of indexing that data using a common s

A few of my Red Hat servers run cron jobs to check for updates. starting yesterday (Thursday October 1st, 2015) at around 3PM I encountered 503 unavailable errors when attempting to contact a Fedora Project URL that hosts the metalink for the  rhui-REGION-rhel-server-releases repository - a core RHEL repository for EC2. Could not get metalink  https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64  error was 14: HTTPS Error 503 - Service Unavailable 3 hours later or so, the URL began responding again, but the problems remained. `yum` now reports corrupted update announcements from the repo: Update notice RHSA-2014:0679 (from rhui-REGION-rhel-server-releases) is broken, or a bad duplicate, skipping. You should report this problem to the owner of the rhui-REGION-rhel-server-releases repository. Update notice RHSA-2014:1327 (from rhui-REGION-rhel-server-releases) is broken, or a bad duplicate, skipping. Update notice RHEA-2015:0372 (from rhui-REGION-rhel-serve

About a month and a half ago I grew so frustrated by the boneheaded way that Amazon EC2 handles IP aliasing that I wrote a pretty lengthy post about the problems entailed and included a small program that would fix those problems . Amazon provides some pretty productive documentation for some types of users. There is help available for you if you are any one of the following:      - You are willing to pay for a new ENI to support a second IP address      - You are multihoming / load balancing      - You want to use "Amazon Linux" and install their ec2-net-utils But, if you want to just add a second IP address to a pre-existing Linux server, you are pretty much screwed. Well, you were screwed. Now you can install my program - aliaser - as a service and it will route additional IP addresses for you without the need for an extra ENI. I've uploaded aliaser to Github   - it includes a shell script and a .service file, as well as some very easy-to-follow instruction

UPDATED: While wlstorage.net has been taken offline and is not currently being redirected elsewhere, it looks like all of that host's functionality is now being provided by https://file.wikileaks.org - mostly as a way to facilitate torrent downloads. The new host appears to require SSL, which wlstorage.net did not. The SSL issue was particularly troubling as all of the torrents available for download on wlstorage.net were created referencing the non-SSL version of the site (establishing an unencrypted client connection between the P2P client and wlstorage.net, another great way for the powers that be to identify Wikileaks users). The torrent that includes infected files, gifiles-2014.tar.bz2.torrent, remains available for download as well. As I discussed in my series of posts explaining how the Stratfor email dump hosted by Wikileaks contains malicious software , I first came across a series of infected files when I downloaded and reviewed a torrent file hosted on the Wikileaks