Tag: Computer Security


So apparently LinkedIn didn't salt any of its users' passwords before hashing.

Man, if only they'd had some way of finding people who understood basic fucking network security and were looking for work.

Tempin' Ain't Easy

I try not to think about the fact that it's been seven years since I got my CS degree and I haven't put it to use professionally.

I entered the field at the wrong time and in the wrong place. It's rough all over, and the housing bubble hit Arizona disproportionately hard. I've spent the past few years working as a temp and building the odd website on the side.

The first temp gig lasted two years -- ironically, longer than any other job I've had. But I got laid off about a year ago.

There's this kind of paranoia you get. It could happen again any time. And it has absolutely nothing to do with how hard you work or how good a job you do. You could be out on your ass tomorrow, on the whim of some guy you've never met.

I've heard some of the "get a job" rhetoric lately and it's just baffling. A hell of a lot of people would like very much to get a job. I've been either unemployed or underemployed my whole adult life, and that's with a degree that, fifteen years ago, could have gotten me six figures.

Not that I intend this as a pity party. I've got work now, and it pays well enough to live comfortably while still squirreling away enough each week that I'll be okay for a few months if I find myself unemployed again. There are a lot of guys who have it a lot worse than I do.

And if you take anything away from this comedy of errors, let it be that: this is the story of a guy who's doing okay in this economy.

Job 1: Fortune 500 Company, Real Estate Business

Job: Imaging laptops, working in a warehouse, inventory duty
Distance from Home: 3.5 miles
Best Thing: Laid-back atmosphere most of the time
Worst Thing: Lung fungus
Length of Service: 2 years

This wasn't a bad gig, really. Not intellectually challenging, but I worked with some good people, I got some good exercise in, and most times things were pretty laid-back.

But it wasn't worth giving up my health for, and ultimately that's what I did.

I did a lot of work out in a dusty warehouse, and I managed to contract valley fever. For those of you not from around here, valley fever is a lung fungus, and it lives in dust. The Valley and valley fever are like the Internet and Hitler comparisons -- you stay there long enough, it's something you're eventually going to have to deal with.

So I contracted a lung fungus working there, and I've still got asthma. It's manageable now, but I'm not what I was. Before I took that job I was healthy.

The next-worst thing about the job, after the lung fungus, was the meddling from up the chain. People with little-to-no grasp of our actual day-to-day operations had very strong opinions of what those operations should be, and precisely which boxes we should check on which forms each and every single time we did them. Precisely what those opinions were tended to change from week-to-week, producing an ever-changing, increasingly complex system for dealing with very simple tasks.

And as this went on, the environment became less and less laid-back, and more and more stressful.

There was a real disconnect between the building I was in and management out on the west coast. Within my office I was regarded as an essential member of the team, and indeed my bosses not only recognized my value, they realized that I could probably be doing more for the company than just counting how many sticks of RAM were left in inventory, and fought hard to get me not only hired on but promoted.

It's no small comfort to me that every single person who actually worked with me was pulling for me. To the point that when Corporate decreed that all the temps would be let go, my boss's boss's boss got reassigned for telling his boss's boss's boss exactly how he felt about that.

It was nothing personal. And it was nothing to do with my performance. I was just caught up in a bloodbath. I was part of the first wave, but it kept going. Last I heard, they'd laid off another third of my department, every help desk tech in Arizona, nearly everyone in the front office, and most of the people up the chain to VP. And demoted my boss back down to tech.

But before all that, I got a layoff for Christmas. I lost my job two years, to the week, after I'd gotten it.

There's a fatalism that kicks in after awhile. A knowledge that no matter how hard you work and how much you're appreciated, there's some clown in a corner office somewhere who's never met you but has the power to decide whether you're drawing a paycheck next week.

But ultimately there's something liberating about that, too. After awhile you stop trying to impress the clowns in the corner offices who have never met you. You realize the only people worth giving two shits about are the ones you deal with every day -- and that trying to impress them isn't about whether you'll have a job next week, it's about doing a good job for its own sake and for the sake of your team.

Those guys had my back. And that means more to me than a paycheck ever did.


Unemployment sucks. But it could be worse.

It's a pretty damn smooth process in this day and age -- all online, no driving across town and waiting in line. You fill out an online form, they take a week or two to make sure your story checks out, and then they open up a bank account for you, send you a card, and put money in every week.

Once a week you'll have to resubmit your claim. You tell them you're still looking for work (and keep evidence on file in case they ask for it -- I kept rather a long Excel spreadsheet with a list of everybody I'd contacted) and declare any money you've earned.

The whole thing's demoralizing and more than a little Kafkaesque -- Ursula K Le Guin recently described it quite wonderfully in a short story called Ninety-Nine Weeks: A Fairy Tale, and it's barely an exaggeration. That spreadsheet I mentioned where I kept track of all the dozens jobs I applied for? Only one of them ever actually got me an offer, and it was out-of-state -- more on that below. By the time I did finally get work again, it wasn't from the job search, it was from the same temp agency I'd been working for since '08.

Job 2: Local Non-Profit, Medical Industry

Job: Imaging laptops
Distance from Home: 13 miles
Best Thing: A job!
Worst Thing: Poor pay, sporadic availability
Length of Service: 3 months, off and on

This one wasn't too bad either. Neat office, nice people, and a certain degree of autonomy. The cramped little room I worked in got pretty crowded and hot as time went on, and there was a whole lot of downtime as I waited for laptops to finish imaging, but hey, I got time to catch up on my reading.

I also learned some interesting things about security policy. I've never had to lock things down so tightly from the BIOS -- a unique strong boot password on every machine, USB boot disabled, Bluetooth disabled, and on and on.

The toughest thing was that this wasn't a 40-hour-a-week job. It was "We just got these laptops in; image them and when you're done we'll send you home and call you back in when we get more."

And, without getting into the specifics of my pay, here's where that got frustrating: often I didn't make significantly more money than if I'd just stayed at home and collected unemployment.

Unemployment in Arizona works like this: you get a weekly stipend of up to $240. I was eligible for that maximum amount.

Every week, you report how much you've earned. You can earn up to $30 before they start subtracting your earnings from your unemployment check.

So there's this sort of dead zone between $30 and $270 where you are making the same amount of money whether you work or not.

And at this job, I frequently worked a weird part-time schedule and fell into that zone. Once I got past that first $30, I wasn't actually making any money; I was just getting a paycheck from the temp agency instead of the state.

Obviously there are still reasons to work. For its own sake, first of all. And second, to stay eligible for my healthcare, which was set to expire after three months without work. (I got back into the market just in time, but not fast enough to keep someone from fucking up my paperwork and taking me off their books even though I was still paying in every week. I had to call three different departments to get it corrected and my last prescription covered.) But there's still a definite sense of frustration in knowing that you're effectively working for free.

More than one other tech actually told me I should slow down and deliberately take longer to do the work so that I wouldn't get sent home in the middle of the week to await the next shipment. What a position to be in -- effectively being punished for being efficient, and incentivized to slow down and waste time.

This, as you will see, was to become a recurring theme.

Job 3: Company You've Probably Heard Of If You Live in North America, Retail Business

Job: Phone support
Distance from Current Home: 30 miles
Distance from Apartment Where I Lived 4 Years Ago: Directly across the street
Best Thing: Coworkers seem like all right guys
Worst Thing: The single worst job I have ever had. Fuck these people.
Length of Service: About a month

On some level, this fucking fiasco was my own doing.

I'd been poking through listings on some job site or other (probably not CareerBuilder; I quit using it after I discovered it was the thing that kept locking up my browser and hanging my entire system) and I noticed an IT job being offered through my temp agency which my rep hadn't brought to my attention. So I E-Mailed him and asked about it. In hindsight, I should have assumed there was a good reason he hadn't approached me about it.

It was phone support. Not phone support like I'd done before, but in a phone bank -- I had a few feet of shelf that I wouldn't really refer to as a desk, partitioned off from the guys next to me by small dividers that I wouldn't really refer to as a cubicle. Every morning at 6 AM I pulled up whatever broken chair nobody was sitting in, put on a headset if it was still where I'd left it the day before, and started working my way through a list of branches to call to walk their managers through installing new kiosks that didn't work very well in buildings that, half the time, weren't cabled correctly. (Ever walk a retail manager through recabling a patch panel? I've done it six times before breakfast.) It was dimly lit and it was dehumanizing -- I'd compare it to an assembly line, but the assembly lines I've seen are a whole lot livelier and more fun.

(I will grant one thing to the "cog in a corporate machine" setup: this is a company with hundreds of stores, all organized exactly the same. Each store has the same patch panel with the same numbered ports that go to the same rooms and assign IP's based on the same scheme. There was this in-house .NET program we had that would let you plug in a store number, automatically populate the IP address for every port in the place, and give you a one-click ping for each one. That's the advantage of a company that treats its stores as unifom, cookie-cutter widgets. The disadvantage is that it treats people exactly the same way.)

I spent most of each day on hold listening to the same fucking 16 bars of piano music over and over again. Periodically interrupted by a recorded voice telling me I was on hold, of course -- and if I ever meet the son of a bitch who decided to stick voice recordings in the middle of hold music, I am going to gouge his eyes out with my thumbs. I know I'm on hold, asshole; that's why there is music playing. About the only thing that could trick me into thinking that I wasn't on hold would be if the music abruptly stopped and I heard a human voice instead.

There were a couple of guys there who I'd gone to high school with. One of them I recognized but hadn't really known very well; the other used to pick on me but claimed not to remember me (he blamed it on the drugs he'd been doing back then and I am inclined to believe him). Now, remember how earlier I expressed frustration that my career hasn't really gone anywhere? Well, if you want a symbol that will hammer that little insecurity home, suddenly finding yourself sitting next to a couple of guys from high school is a pretty good one. But probably not as good as being directly across the street from the apartment where you lived back when you worked a previous dead-end job. Man, that would have been a sweet commute in 2007!

So no, let's say that this job wasn't the best fit for me. But dammit, I got up every morning at 4:30, put on a smile, went in, did my job and did it well. I blew through every task they gave me and asked for more.

This, as it turned out, was a problem. But nobody ever actually bothered to tell me that.

One morning I walked in and found that my login wasn't working. I asked the guy who'd been training me; he hemmed and hawed and wandered off for awhile, then came back and told me to turn in my badge.

It bears repeating, at this point, that I had just driven 30 miles to show up to work at 6 AM.

My rep told me that they'd called his office the previous evening to tell him to call me and tell me not to come in to work in the morning -- after he'd already gone home for the day.

He added that I'd been sacked because they thought I didn't schmooze enough with the end users over the phone -- something that nobody had ever actually complained to me about. I wasn't rude, or even brusque; I was just, in my rep's words, "too focused on getting the job done". I'm used to support jobs emphasizing getting the task done quickly, because the user doesn't want to be on the phone and wants to get back to what she was doing. But apparently that's not how it worked at this company; they wanted me to slow down and shoot the breeze -- except nobody ever bothered to tell me that. Come on, guys, if you want me to talk about the weather, just say so -- I have quite a lot to say about the weather in Phoenix in June, even when half the state isn't on fire.

Anyhow, it's the only job I've ever been fired from. And nobody even bothered to tell me there was a problem, let alone that I'd been fired.

The guy who walked me to the door was apologetic and told me not to worry about it, that people get fired from that place all the time through no fault of their own; maybe just for looking at somebody the wrong way. And it occurred to me that I'd passed my boss early one morning in the hall and, when she asked how I was doing, cracked a grin and responded "Hanging in there" -- and she apparently took offense that I hadn't said something more enthusiastic.

On the whole, pretty demoralizing and upsetting, and far and away the worst professional experience I have ever had.

Of course, I use the term "professional" in its loosest possible sense.

Job Interviews

Through it all, of course, I was interviewing wherever I could.

There are lots of stories I could tell. The temp agency I spent half an hour trying to find. The interview where I referred to a former coworker as "A temp like me, but kind of a slacker" but the interviewer just caught the "like me, kind of a slacker" part and that pretty well torpedoed me. The interviewer who asked me about a comment I'd posted about Spore's DRM on the FTC website back in '09 and then followed up by asking my opinion about SB1070. But the best story is the hosting company I saw advertised on a billboard.

"Do you know Linux? We're hiring!" said the billboard, with a colorful mascot next to the words. I would see it on the freeway on my way to work. Or maybe it was on my way home from work. Maybe it was both; I think they had more than one billboard.

Well, hell yeah I know Linux. I pulled up the website and submitted a resume. Turned out it was a hosting company -- even better. I spent most of '07 running the backend of a local ISP singlehandedly; I know my way around Apache httpd and MS IIS pretty well.

So they called me back, and the most immediately odd thing was that they told me the job was in Austin. Why would a company in Austin advertise in Phoenix?

Well, of course the answer is that they couldn't find anybody in Austin willing to accept the shitty salary they want to pay for Linux administration, so they're advertising in depressed markets that are full of desperate, unemployed Linux admins. But as you might expect, they didn't come right out and say that.

No, they gave me some talk about how they're expanding into new markets, and how they'd pay for my relocation, and they didn't balk when I gave them a deliberately high figure for my expected salary. They made the whole process seem very exclusive, putting me through three different interviews -- a general one, a second one with a series of technical questions, and a third where they had me SSH into one of their servers and demonstrate that I know my way around bash.

And then they offered me an hourly rate that was maybe fifty cents better than what I was currently getting in the phone bank. And a relocation fee that might have covered a U-Haul rental, deposit, and first month's rent on an apartment.

I hear Austin is a neat place, but no thank you.

It was about this point that I decided to read some employee testimonials on the place, and it sounded suspiciously like the terrible job I was already working at.

The billboards are down now. I wonder if they ever found anybody desperate or gullible enough to take their offer.

Job 4: Contractor for a Contractor for a Contractor, Insurance Industry

Job: Imaging laptops
Distance from Home: 32 miles
Best Thing: Getting work immediately after the previous fiasco; autonomy and people who were happy to see me
Worst Thing: Night crew fired after their first day
Length of Service: 6 weeks

Actually, before this job my rep sprang into action and got me a half-day gig fixing a company's QuickBooks setup, a mere 5 days after the debacle at my previous job. But I'm not counting that as its own section. My rep's cool, though.

Anyhow, shortly after the half-day QB fixer-upper, he found me something else and, at last, I got to be part of a Windows 7 refresh -- the precise thing that my boss, the previous December, had assured me would ensure my job security for another year, the week before announcing that the Windows 7 rollout had been canceled and so had my employment.

Anyhow, this one was interesting. The idea was to provide a minimum of disruption for the employees, while upgrading most of the office to Win7 in a matter of weeks.

So we had a night crew. They came in, ran a script to back up the user's files, either reimaged the user's existing computer or grabbed a new, freshly-imaged one that I'd already put together, restored from backup, and left it to me to walk the user through initial configuration the next morning.

At least, that's how we eventually got it working. The first night, things failed rather spectacularly.

I got in the next morning to find the night crew still there, a small handful of computers actually in working condition, and the rest in various states of completion.

The way I heard the story went something like this: one tech on the crew had asked the guy in charge what the plan was -- how they were going to split up the workload, what the schedule was, etc. He had made some vague "Just get started" noises. She asked him a few more times; he responded similarly. Finally she just went to work; she was responsible for the handful of machines that had actually been finished, while the other techs hadn't really worked out a plan for how to get their work done.

So the company fired everyone else and put her in charge of the new team.

After that it went really smoothly most nights. There were a couple exceptions -- one weekend when the generator had to be turned off for maintenance and so they couldn't come in to get computers ready for Monday, and one night when the AC was out and it was too hot to work. But no more problems from the techs themselves; the second crew did a really great job and made my life much easier.

Job 5: Company You've Probably Heard Of If You Live in the Southwestern US, Real Estate Business

Job: Imaging laptops
Distance from Home: 22.5 miles
Best Thing: Autonomy
Worst Thing: Still a bit of a drive.
Length of Service: 4 months so far, out of a one-year contract.

And from there I moved on to my fifth job of the year, not including freelance Web design or that one-day gig fixing QuickBooks.

This one comes with a one-year contract, so hopefully that'll hold and I'll still be there through next August. But I'm not going to take that for granted; one of the many lessons I learned in the Dank Pit of Phone Support last summer is that a six-month contract can turn into a one-month contract with absolutely no warning. Course, I've been working this one long enough that I am confident in saying that this time I am working for decent human beings, but again, it's not the people I've actually met I'm worried about. And every time I hear the Windows 7 rollout's been delayed, I get a little nervous.

I guess it's worth asking, what motivates me to come to work every day and do a good job? Here's what I can come up with:

  • Need for money
  • Need for health insurance
  • Pride
  • Loyalty to my coworkers

It's instructive to note the things that aren't on the list. "Hope for promotion" and "fear of losing my job" are conspicuously absent -- yes, I do feel both of those things, but as I've mentioned several times, I have absolutely no sense that my employment or advancement is tied to my performance in any way. They're motivating factors just as much as the potential for finding a $100 bill on the ground or tripping and cracking my skull -- they're both things that have some potential for happening, and my job performance has about as much to do with the likelihood of either one.

Also missing: "company loyalty". And unlike those other two things, this isn't something I have in the slightest. I am, as I said, loyal to my coworkers, and I appreciate my rep at the temp agency, but that's not the same thing as being loyal to either the company I'm working for or the company that placed me there. If I get a better offer I'll take it -- and those last two bullet points are the only reasons I'll give two weeks' notice.

On the whole I'm not entirely sure this is a bad thing from my perspective -- hell, the ideal list would probably have two bullet points instead of four. Company loyalty, the stick of firing and the carrot of advancement -- I don't need those things to do a good job. But from the company's perspective, it's probably a bad thing.

And if I may be so bold, I think I'm probably representative of a good solid chunk of my generation. Educated, underemployed, unable to hold down a job for more than two years through no fault of my own -- what happens when that's your workforce? In the coming decades we're going to find out.

Unison: File sync from Ubuntu to Windows 7

Hey, been awhile. Have been ignoring the blog (even my traditional New Year's Eve Post) and many of my other Internet habits in favor of various projects I've been hard at work on. I just pulled off a WordPress update; you're reading this so it looks like it went smoothly.

Anyhow. One of the aforementioned projects (and the thing you came here to read, if you found this page by Googling an error message -- and if you did, you may want to skip my meandering explanation and go straight for the numbered steps at the bottom of this post): I recently decided to set up a file sync system across the computers in my house. It's useful for syncing things like savegames, RSS feeds, and the public-domain ebooks I've been grabbing from Project Gutenberg and MobileRead and comics from Digital Comic Museum across multiple devices.

I'd done some command-line RSS before, and also set up backup systems with Toucan, but figured I'd try something different on this one. I gave Ubuntu One a shot and it seemed promising until I realized it isn't open-source and I can't set up my own server. Canonical is swiftly becoming the Apple of the Linux world -- good at taking open-source software and making it pretty and usable, but not so great at giving back to the open-source community.

Ultimately I settled on Unison, which proved to be a bit of a headache -- frankly if anybody has a better solution I'd be happy to hear it, but here's how I got it to work.

First of all, the Unison GUI requires GTK. Hardly a problem on the Linux side, but under Windows, extracting the binaries from gtk.org and setting the PATH variable didn't work, no matter what I did. Maybe it's a Windows 7 thing, or maybe it's a Unison thing, but either way, Unison threw up "This application has failed to start because libgtk-win32-2.0-0.dll was not found. Re-installing the application may fix this problem." every time I ran it. Sticking it directly in the GTK\bin directory worked but is an ugly solution; multiple sites suggested installing Pidgin, which comes with GTK, but produces the same problem as Unison doesn't find it in the path.

(Actually, let me back up a bit: I couldn't get Unison to work with 64-bit GTK at all. The only Unison binaries I could find were 32-bit; I opted to install a 32-bit version of GTK rather than stick Cygwin on my HTPC and compile Unison from source.)

Ultimately, I found a binary Windows installer for GTK (conveniently the first Google match for gtk windows binary installer); whatever my PATH problem was, this installer fixed it. The Unison GUI was up and running, from its own folder.

Next problem, though: SSH. Unison did not play nice with PuTTy.

Googling the problem, I found a page called Unison-ssh, which includes a wrapper named ssh.exe for download. If you've read this far you've probably already installed PuTTy, but in case you haven't, you'll only need it if you want to use public key authentication -- this ssh.exe will automatically install a copy of PuTTy's command-line SSH utility, plink.exe, if it can't find it. (Well, hypothetically. It tries to stick it in WINDIR and if you're not running it with admin privileges it'll fail.)

Now, I should add that this ssh.exe doesn't work properly under Windows 7; it'll prompt you for a username but only let you type one character and then automatically Enter it. Same problem with the password prompt. The comments thread in the page is filled with people who have the same problem. Maybe a clean compile would fix it, I don't know; again, I didn't want to go to the trouble of setting up compilers on my HTPC.

There's a solution a ways down the comments thread. Unison stores its data in the .unison directory, even under Windows. (That'd be \Users\name\.unison under Win7.) They're simple text files with the .prf extension. And you can add an "sshargs" line to give command-line arguments. If you're comfortable sticking your password in plain text, you can add the line "sshargs = -pw [pass]" and you're done. But if you're not, you can set it up with RSA keys. A later comment links a post on Palin's Technical Blog that runs down how to generate a keypair with puttygen -- the problem is, I couldn't get my Linux server to accept it; I kept getting a "Server refused our key" error.

I found the solution on Andre Molnar's blog: you need to generate the keypair on the Linux server, using ssh-keygen, add the public key to your authorized_keys file, then move the private key over to the Windows machine and use puttygen to import it and then save as a PuTTy .ppk file. From there, add "sshargs = -i [path to private key]" to the appropriate .prf file.

Almost done, but the Unison GUI still has path issues, even if you stick ssh.exe in the same directory as PuTTy and add that to your PATH. I got around it by sticking a shortcut on the desktop with the PuTTy directory as the working directory.

In summary:

  1. Install openssh-server on your Linux server and PuTTy on your Windows client.
  2. Install Unison and its dependencies on your Linux server. (It's offered in the Ubuntu repos; command-line is unison, GUI is unison-gtk.)
  3. Install Unison on the Windows client.
  4. If you want to use Unison's GUI, install GTK on Windows.
  5. Download the ssh.exe wrapper for PuTTy. Stick ssh.exe in the same directory as PuTTy and put that directory in your PATH.
  6. Generate an RSA keypair on your Linux server using ssh-keygen. By default it will put the keys in ~/.ssh/id_rsa and id_rsa.pub.
  7. Copy the contents of the public key (id_rsa.pub) to ~/.ssh/authorized_keys. Remember to set perms on ~/.ssh to 700 and authorized_keys to 600.
  8. Move the private key (id_rsa) to the Windows machine. That's move, not copy; delete it from the Linux side as you don't want to store the same private key in more than one place.
  9. Run puttygen.exe. Import your existing private key, then save the result as a new .ppk file. Delete the original key file. Again, only the owner should have read perms on this file.
  10. At a minimum, your \Users\name\.unison\foo.prf file should contain the following:

    root = [Windows path]
    root = ssh://[user]@[host]//[Linux path]
    sshargs = -i [path to private key]

  11. To get the Unison GUI to run ssh.exe properly, create a shortcut and set its working directory to the PuTTy directory.
  12. You can schedule regular syncs using Windows Task Scheduler; run the command-line Unison executable, with args "-batch [name of pref file]". Don't include path or extension, just the filename ("foo" in my example above).

So there you go: a cross-platform syncing solution. Good for backups, for keeping files consistent between your desktop and your laptop, or for anything else that requires keeping the same files on multiple machines.

Playing: Just finished playing a fan translation of Act Raiser. Maybe a bit more on that soon.

Reading: Blood of the Elves. As I await The Witcher 2.

What "Hacker" Means to Me

Recently, I made some comments on the unfortunate change in popular usage of the word "hacker", from a positive term for a skilled programmer, to a negative term for a skilled programmer, to a negative term for someone who can figure out Sarah Palin's zip code.

I like to think of myself as a hacker in the original, positive sense, and I have a story about what that means.

Ten years ago, I upgraded my OS to Windows 98. Unfortunately, during the upgrade my hard drive, which had been compressed using DriveSpace, one of the worst pieces of software ever, was corrupted.

Now, I'll grant I'm a pack rat, but there wasn't much of sentimental value on there. There was, however, the most recent installment of KateStory, Book IX. It turned out Steve had a backup, but it was incomplete.

That gnawed at me for years. I kept the hard drive and never wiped it, and every now and again I'd hook it up and see if I could find a way to recover the data. I could never get it to mount. My instinct was that I shouldn't be working with the physical drive anyway, that I should copy the data from it to an image so I could make additional copies and freely mess with them without worrying about losing the original data. But none of the disk-imaging tools I could find would image a disk that wouldn't mount.

By the summer of 2004, I was familiar enough with Linux to know that dd was the tool I wanted, that it would make a bit-for-bit copy of the data on a device regardless of whether it could make any sense of it. I copied the drive to a file and went to take a look at what I could do with it.

File recovery software pulled up some images and some old E-Mails, but not the ones I wanted. In fact, searching the raw hex, I found the text "Subject: Re: KateStory IX: Third Anni" followed by gibberish; the data literally went from plain text to incomprehensible compressed bytes in the middle of the subject line I was looking for. I abandoned the project for a few months.

As the fall rolled around and the KateStory's tenth anniversary approached, I got to thinking about it again. I looked up information on how to recover DriveSpace volumes, and happened upon Dean Trower's DriveSpace 3 Disaster Recovery Kit. Since it required DriveSpace to run, and since DriveSpace won't run on modern versions of Windows, I set up VMWare on my computer and installed Windows 98 on it. My memory of what I tried then is fuzzy; I'm not sure what I did wrong but I still didn't recover the data.

It seems like I tried a couple more things over the years that followed. I think there was a period where I thought maybe the compression I couldn't get past wasn't DriveSpace's but Netscape's. (In retrospect, I believe Netscape Mail's "compress folders" option didn't actually compress text, it just deleted the text of E-Mails that had been deleted from the mailbox but not removed from the mail files.) I definitely remember at least one occasion where I dumped the entire 545MB hard drive image into a Thunderbird folder -- now, whether or not I qualify as a hacker, I think we can all agree that qualifies as a hack. When it didn't work under Thunderbird, I found old copies of Netscape 3 and 4 and tried it there; that didn't work either.

About a month ago, with KateStory XVII beginning, the anniversary approaching once more, and my going back through Books XIII-XVI to put them on this site, I got the urge to take another crack at IX. I did what I'd done before: set up VMWare, set up Windows 98, and got a copy of the Disaster Recovery Kit.

Without getting into too much detail, a DriveSpace "compressed drive" is actually a single file stored on a physical hard drive, then mounted as a virtual drive. As I said, I couldn't mount the drive. The docs for Trower's program mentioned creating an empty DriveSpace volume and looking at its file header; I got the idea from there to look at the header bytes on a fresh file and see where I could find them in my disk image. I found them -- the beginning of the compressed file -- and deleted everything prior to them on the image. (It bears noting that at this point I had numerous backups of the image and wasn't hacking up my only copy.)

Following the advice in Trower's Readme, I started with the simplest solution: copy the compressed file to a host drive and see if Windows mounts it. He cautioned that it might not work and Windows's attempt to "fix" the corrupted data could hose it; he was right. I was thrilled to see the filenames in the root directory show up, but I couldn't access the data in any of them.

On to step two: I tried using Trower's decmprss program. I tried it several times and discovered that it kept outputting empty files; they were the same size as my image but made up entirely of zeroes.

There was a line in the Readme: "DCMPRESS ought to work under Windows, but nevertheless I recommend running it in MS-DOS mode." All right. I did a Shut Down/Restart in MS-DOS Mode, but Windows 98 and VMWare weren't quite playing nice; any time I did that DOS would run for a minute or two and then freeze up and require a simulated hard reset.

So I went back to Windows, and checked to see why decmprss was outputting empty files. I started by trying it on a new compressed image that I knew didn't contain any corrupt data. I got the same result, proving that it wasn't just a problem reading my corrupt image.

Trower's toolkit included the source code, so I jumped into it to see if I could find out what was wrong. For the first time in years I found myself coding in Pascal -- coincidentally the same language Dr. Wily teaches at Prescott High School in KateStory IX. I didn't do anything particularly clever, just added some traces to see where the problem was occurring. I confirmed that the problem lay not in the Pascal portion of the code, but in the x86 assembler.

All right, I thought, my guess is that Windows 98 doesn't like the direct system calls that the assembler portion of the code is making. So that takes us back to trying to run it under DOS -- and if that doesn't work, the only thing left to try is to learn x86 assembler and pore through the DriveSpace API.

Booting to DOS from Win98 shutdown still didn't work, but it turned out that picking it from the boot menu worked just fine -- once I went into OSX's keyboard settings and disabled F8 for pulling up Spaces so I could use it in VMWare.

That worked, and generated a file that contained KateStory chapters that, I could confirm, were not in the copy I had.

That would be where the rest of Trower's toolkit came in -- reassembling files that had been partially compressed -- but I was confident that KateStory IX had been entirely compressed. So now it was time for my Thunderbird hack.

So I copied the entire, 1GB+ uncompressed image into Thunderbird's mail folders. Success -- Thunderbird correctly parsed out all the files that were E-Mails. I sorted them out, exported the ones that had "KateStory IX" in the sub line, and copied them out of the Win98 VM into my "real" system. From there I went through them all, cut out the stuff that was redundant or off-topic (which was most of it), and lo: today, this fourteenth anniversary of the original KateStory and eleventh anniversary of this installment, I have KateStory IX in its entirety.

So, back to my initial point: what does "hacker" mean to me? Well, eleven years ago my friends and I wrote a goofy story. Ten years ago, I lost it. And over the intervening years, I used my skill and my determination to get it back. (A friend once told me that when I want something I go after it like a pit bull, I don't let go. Comparisons to pit bulls may be the only thing Sarah Palin and I have in common.) I'm not some scary terrorist stealing your credit card or breaking into the Pentagon, I'm a guy who used his skill to recover a lost piece of his childhood.

Of course, I'm sure there are those who will say this doesn't make me a hacker. And maybe they're right. In the final analysis, all I did was use the dd command, set up a virtual machine, install Windows 98, do some very cursory hex editing, boot to DOS, use someone else's recovery tools, and copy a giant file into Thunderbird's mail folders. When all's said and done, I only wrote a few lines of code, and all they wound up doing was confirming what the Readme had already told me. So maybe that's not enough to qualify me as a hacker.

But you know what? If that's not enough to qualify as hacking, then plugging Sarah Palin's zip code into a password hint field sure as shit isn't.

Security Flaw Found in Door Technology: A Machinist Exclusive

Howdy, folks; it's yer old pal, Crispus T Muzzlewitt!

As you fellers well know, when I ain't writin' fer Salon's Machinist blog, I spend most o' my nights sleepin' on park benches or in boxcars. And as I have so often remarked, it's the good life -- except fer them damnable folk what live in houses. Always yammerin' on about how good they got it. "Hey Crispus," they'll say, "it sure is harder to get rained on with a roof over your head." Or "Hey, bum, you could sure use a shower." Or "Hey there, Mr. Muzzlewitt, it looks like somebody stole your bindle while you were passed out on that park bench."

Smug bastards. I hate them all so very, very much. With their clean clothes and their straight teeth and their "Hey Crispus, you'd probably have a lot fewer headaches in life if you had a bed to sleep in and if you didn't smell like gin and urine."

So it is with no small amount of glee that I announce my recent discovery that houses are actually no more secure than the wide open spaces where I rest these bones. Sit down, young'uns, and let me tell you a tale.

'Tweren't long ago I was approached by the right honorable representative of a local security firm, and he done dropped a bombshell on me: houses don't keep folk out at all!

And my esteemed colleague Battlin' Joe Frickinfrack confirmed he done saw it with his own two eyes: a seedy-lookin' feller walked right up to the front door o' one o' those fancy houses like you see sometimes, and when the owner unlocked the door, let him in, and then wandered off somewheres, why, the seedy-lookin' feller done robbed him blind. So you see, it's just like my bindle -- front doors don't offer you no more protection than a park bench in the moonlight on a mild autumn night.

Another thing: I keep hearin' about folk who keep their valuables in safes, 'cause they think it's safe, on account o' the name maybe. But truth is, safes ain't no safer'n a lady's purse. Sure, you see a lot more purse-snatchin's than safe-crackin's, but that's only 'cause more folk got purses than has safes -- safes just don't make no sense as a target; why crack a safe when it's so much easier to snatch a purse? But it can be done, and easy, too: Battlin' Joe says that there burglar I wuz talkin' 'bout a minute ago also managed to get all the money outta that man's safe, on account o' the man gave him the combination.

I talked with a gentleman from Norton Home Security about this problem, and he said that, rare as it may seem today, it'll be an epidemic in the comin' months, and every homeowner everywhere needs to go right out and buy a Norton Home Security System. He then went on to add that he has absolutely no conflict of interest in makin' that partic'lar recommendation. And shucks, I believed him, but just to be thorough, Salon sent out its star reporter, Judith Miller, an' she confirmed that her source has absolutely nothin' to gain by exaggeratin' the threat posed by this enemy.

So there you have it, you smug sumbitches, with all yer fancy "doors" and "walls" -- now we know the truth. Houses ain't no more secure than parks, 'cause you can unlock the front door and let somebody in; safes ain't no more secure than purses, 'cause you can tell people the combination and then they can crack them, and OSX is just as vulnerable as Windows, on account o' if you allow root access to a suspicious program it can do bad things to yer computer. So wipe them smirks off them damn faces; yer house ain't no safer than my bench nohow.

So that'll do fer now, but I reckon this'll be the first in a three-part series. Next time, I'll talk about how roofs are overrated 'cause rain still gets in if you knock giant holes in them with sledgehammers, and in our final installment, I'll examine how showering and that there underarm deodorant them rich folks use don't do nothin' to make you smell better if'n you rub pig shit all over yer body immediately after.

Thank you, and goodnight.

Hobo names supplied by John Hodgman.