Hacker movies: Unrealistic but inspiring

I recently came upon an Irish Times article about a science week event in Dublin in 2010 about “Hackers and Hollywood”. In his talk, Damien Gordon explained how many hacker movies are based on the same formula as fantasy epics like Lord of the Rings: The protagonist gets a magical item and is guided by a wise figure before fighting evil. This is especially true for my favourite hacker movie of all time, Wargames (1983): David Lightman gets access to an (all too) powerful mainframe computer and, with the help of Dr. Falken, defeats the warmongering WOPR programme.

Of course, hacker movies are intended for an audience that knows as much about computing internals as the film makers themselves. The actual hacking action in those movies usually ranges from “embarassingly unrealistic” to “hilarious if you’re able to spot the reference to real technology”.

I started with computers in the early 80s when hacker culture had just begun to spread. I learned to program from day one (the VIC 20 manual was in fact a programming manual) and soon felt the power to force your analytic will onto a machine. Later, I hooked up a modem to my parents’ PC and discovered that networks like CompuServe and FidoNet allowed me to connect with people that I would never be likely to meet in person (and also that it only takes a few days to rack up a four figure phone bill…). Back then the foundation was laid that I have my own humble IT company today and am slowly losing my nerves because our DSL broadband has been down for two days now.

Hacker movies mix existing and invented technology and exaggerate its potential to form an entertaining plot. Unrealistic as they may be, they can have an inspiring effect on young people, as Gordon pointed out in his talk. They certainly had in my case.

That’s why I collected a list of computer geek movies from the last 30 years (WHAT, three decades already?!) that I like:

• Wargames (1983) – At that time, any computer geek could relate to David Lightman. He felt bored in school, disconnected from his parents and insecure towards the other sex. After successfully breaking into the mysterious mainframe, he gets acknowledged both by the girl and his adult mentor, and finally saves the day. And you also got to see that there’s a fine line to becoming an ubernerd like the two guys in the data center…
• Tron (1982) – This movie had high-end computer generated imagery and asked the question about what would later be known as “immersion”: What if you actually could become part of the game? (The sequel “Tron: Legacy” from 2010 isn’t nearly as groundbreaking, but its soundtrack is my favourite hacking music.)
• Weird Science (1985) – Well, everybody knows that you can’t just scan in pictures of scantily clad women and put a bra on your head to create a totally hot woman (“like Frankenstein, only cuter”). But one can dream, can’t one? And there’s also the message that sometimes, it only takes a bit more self confidence to get ahead in life.
• Sneakers (1992) – In this movie, we see both sides of hacking: The good hacker (who had to go underground) and the evil hacker (who became rich). It’s the one that has the social skills to enlist help from his friends that wins. Again, the technology portayed is unrealistic, but the villain’s insight isn’t: “The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeroes, little bits of data. It’s all just electrons.”
• Jurassic Park (1993) – Hacking doesn’t have to be limited to computers, author Michael Crichton realized, and so this movie’s plot is based on hacking amphibian DNA. I wonder if I’d rather have been raised with SGI workstations instead of Legos, just like hacker boy Lex must have been (“It’s a UNIX system! I know this!”).
• Hackers (1995) – This movie shows that hacking doesn’t have to be a solitary hobby. It can also be a team sport, in a subculture with its own language, cool code names and greeting gestures. And with Angelina Jolie.
• The Matrix (1999) – The lesson here: When you hack the artificial intelligence that is enslaving the whole human race, you do it in style. And you use nmap to scan its ports.
• The Girl with the Dragon Tattoo (2010) – Even after 30 years, the image of the lone but unstoppable computer expert is very much alive. I rather not share Lisbet’s past, but being able to spend high five figures at IKEA after some “transactions” must be fun.
• MI4: Ghost Protocol (2011) – Today’s kids won’t relate to a David Lightman inserting 8“ floppies into an IMSAI 8080. In MI4, they see familiar iPhones and iPads as tools of the trade and listen to Eminem as musical background. Ah, that song in the first action sequence, you ask? That’s Dean Martin with ”A Kick in the Head". You’re welcome. Get off my lawn.

While the US struggle with SOPA/PIPA, Switzerland keeps its cool

It’s not that the entertainment industry is completely content about their sales in Switzerland, they’re lobbying there like everywhere else. The difference is that the Swiss government looks through their thinly veiled grabbing for more power.

End of last year, the Bundesrat researched the consequences of piracy on society in economic and cultural terms and concluded that there’s no need for a change of current legislation, under which downloading copyrighted material for personal use is permitted.

The study further found that the money citizens over 15 saved by downloading pirated media eventually gets invested into visits to concerts and movie theaters as well as into games and merchandising.

To the huge foreign production companies that complain the loudest about piracy, the swiss government suggests they check their business model and adapt to the change in consumer behaviour.

I guess it’s the clean mountain air.

A new Freiburg Iron Blogger

I just made a new entry to the member list of Iron Blogger Freiburg. And it’s certainly a bit unusual, because Heather actually doesn’t live in Freiburg. She’s from Minneapolis, which is a teeeensy bit away from here…

But she’s asked so nicely that I didn’t hesitate to add her to the list:

I’m wondering whether you’d consider adding someone to your group who doesn’t currently live in Freiburg — but who will be there in September to settle any fines she may incur. (Heck, even if I *don’t* incur any fines, I’ll gladly pick up a round or two of beers.)

If you’d like to check out my blogging qualifications before answering, I’m at www.hmunro.wordpress.com.

I’d say you’re more than qualified. So, welcome to Iron Blogger Freiburg, Heather! I’m looking forward to meeting you in September!

Man, this whole thing may only be a few days old, but it’s already becoming incredibly fun and motivating!

Iron Blogger Freiburg

A blog entry from Antischokke made me aware of a great idea to breathe new life into the blogs of local writers. It’s called Iron Blogger, a group effort that requires the participants to write at least one blog post per week. Otherwise, they’ll have to chip in a “fine”. Every so often, the fines will be converted to drinks collectively.

I like this idea and invite all bloggers in Freiburg to join Iron Blogger Freiburg! We’ll use Mako’s rules. The fine will be 4€ per missed post (payable in person or via PayPal), and I’ll organize a meetup when the beer pool reaches 40€. The slacker limit is 20€ (reach it and you’re out unless you pay the balance).

If you’d like to join the group, let me know. You’ll reach me via the comments below, via email or Twitter.

I’m looking forward to get this thing off the ground. There’s some writing to do and I just ordered myself a new keyboard!

UPDATE: Woohoo! It’s taken only a few hours to get an enthusiastic group together! I’ve created a separate page on this website for us.

Make temporary files non-executable

At DrupalCONCEPT operations, our intrusion detection system recently notified us that it found a rootkit in the directory /dev/shm on one of our servers. This directory is writeable by the Apache webserver, so attackers that find a vulnerability in the installed software are able put hostile content (aka rootkits) there.

Of course, the vulnerability shouldn’t be there in the first place. We’re doing security updates all the time, but only on the OS and hosting infrastructure level. Since the actual web applications running on our infrastructure (in our case, Drupal) are maintained by our customers, we don’t have the same kind of tight control here as we have on the OS level.

Okay, we may not be able to prevent attackers from deploying their scripts. But we can prevent those scripts from doing any harm. This is where the noexec filesystem option comes in handy. Files on filesystems that have this option enabled can’t be executed even if they have their execution permissions (“x” ) set.

We use a Chef recipe to modify /etc/fstab accordingly. The first execute resource does a remount of the /dev/shm filesystem, but only if triggered by another resource. Namely, the following bash resource that modifies /etc/fstab if it’s not already hardened:

# remount /dev/shm
execute "remount_shm" do
  action :nothing
  command "mount -o remount /dev/shm"
end

# set noexec for /dev/shm
bash "shm_noexec" do
  user "root"
  cwd "/etc"
  code <<-EOH
  sed -i.bak -e '/\/dev\/shm/d' /etc/fstab
  echo "none /dev/shm tmpfs nodev,nosuid,noexec 0 0" >>/etc/fstab
  EOH
  not_if 'grep -q -e "/dev/shm.*noexec" /etc/fstab'
  notifies :run, "execute[remount_shm]"
end

Since we include this recipe in our base Chef role, it’s applied to every server we set up.

A great tutorial for creating Chef cookbooks

System administrators who are looking for a tool that helps them automating their maintenance tasks and have no or only little experience with Chef should really take a look at Joshua Timberman’s great tutorial “Guide to Writing Chef Cookbooks“.

In his article, Joshua describes all steps he takes to create a new Chef cookbook that installs and maintains smartmontools (a set of tools to monitor hard disk health). It’s a great example how straightforward it is to automate systems operations tasks with Chef.

Even with two years experience in using Chef, I learned one or two bits from this tutorial. And it just so happened this week that I needed a smartmontools cookbook. So, thanks twice for writing this up, Joshua!

How not to distribute DNS servers

For one of our customers that addresses the south american market, we’ve rented a server at HostDime in Brazil. Unfortunately, they often suffer network outages.

Once again, we can’t reach our server, so I try to access their Ticket system named “Core”. It’s unreachable, too. Let’s see:

$ host core.hostdime.com.br
Host core.hostdime.com.br not found: 3(NXDOMAIN)

Okay, looks like DNS is down. But there’s more than one DNS server, isn’t it?

$ host -t ns hostdime.com.br
hostdime.com.br name server ns1.hostdime.com.br.
hostdime.com.br name server ns2.hostdime.com.br.

There is. So how…

$ host ns1.hostdime.com.br
ns1.hostdime.com.br has address 187.45.182.3
$ host ns2.hostdime.com.br
ns2.hostdime.com.br has address 187.45.182.4

m( Does anyone have a suggestion for a hosting provider in Brazil that’s not run by idiots?

Travel tips for sysadmins

OpenDNS recently added a datacenter location in Frankfurt, Germany. On their blog, George Patterson, Director of Operations for OpenDNS, not only posted some pictures of their server rack but also a bunch of tips for sysadmins that have to travel to a remote facility:

• Have a solid deployment checklist of everything you want at the site. If you don’t bring all necessary tools and equipment with you, getting them will cost you extra time.
• Set up all your power at the datacenter and make sure it’s working before you leave. Don’t waste time waiting for the datacenter staff to have your power supply connected. And have them install a remote manageable power distribution unit, so you don’t have to pay remote-hands charges.
• If you can avoid it, don’t book a flight until your gear has cleared customs. Depending on the country, customs handling can take from a few days to several weeks. Don’t just hope that your gear will arrive earlier than you.
• Always plan for extra days. You shouldn’t have to go into fast-forward mode because something took a bit longer than planned; that will only account for more problems. Plan for some extra days and if you’ll finish early, there probably will be more to go and see than only a datacenter.
• Take photos along the way, and at the end. If your site documentation includes images, it’s very easy to point a remote tech to the right place.

Read George’s whole blog post on the OpenDNS blog!

Official emergency advice for the Zombie Apocalypse

Everyone knows that it’s only a matter of time until we’ll have to fight hordes of lifeless creatures hunting for our brains. And “everybody” includes the U.S. government’s Centers for Disease Control and Prevention (CDC), as Tom Limoncelli reveals in his blog entry “The CDC has a Zombie Attack Plan“.

Under “Preparedness 101: Zombie Apocalypse“, the CDC provides all the basic information you need to know after the outbreak:

• A Brief History of Zombies
• How to assemble an emergency kit
• What to take care of in your emergency plan

But the CDC doesn’t limit itself to just preparation. They’ll take an active part in the resistance after the undead have started roaming the streets. Blog author Ali S. Khan closes:

Not only would scientists be working to identify the cause and cure of the zombie outbreak, but CDC and other federal agencies would send medical teams and first responders to help those in affected areas (I will be volunteering the young nameless disease detectives for the field work).

All in all, that’s sound advice and an encouraging perspective from “Your Online Source for Credible Health Information”.

P.S.: If you’re looking for a new family home, consider purchasing a Zombie-proof house.

Emacs and The Second Coming of TextMate

A text editor is one of the most important tools of a sysadmin, software developer, documentation and blog writer. So, after switching from Linux to Mac a few years ago, I immediately starting looking for a good editor software. On Linux, I had been using Emacs for many years, but its Mac versions available at that time didn’t convince me. They rather reminded me of the reasons for which I replaced my desktop OS after all. It didn’t take me long to find TextMate and it became one of the first in the long line of applications I purchased in my Mac life. And I’ve been using it daily ever since.

TextMate is a very capable editor and its add-on “bundle” concept makes it easily extendable. There are bundles for every common programming language, for using version control systems and even a bundle for blogging that lets you not only write and preview your writing but also publish your finished post.

But there is also one concern that’s been bugging TextMate users for a long time now: the author is working on version 2 of the software. At least that’s what he uses to claim on his blog every few months. Recently, Watts Martin must have lost his patience and in “Text Editor Intervention“, he makes a compelling case that there are proven alternatives to eternally waiting for the Second Coming of TextMate:

But in the meantime, you gotta get work done. Either pony up money for BBEdit, pony up time for MacVim (or Emacs), or stick with TextMate.

Shorty after reading his thought-provoking post, I came upon Joshua Timberman’s blog post “Switching to GNU Emacs“. I did a short search and it almost looks like there is an Emacs renaissance going on.

As you may already have guessed, I decided to give it a try and join the movement. Why?

1. Back in the days, I’ve been using Emacs for almost everything that had to do with plain text. I know I’ll be able to accomplish all the tasks for which I’ve been using TextMate.
2. GNU Emacs has been ported to Cocoa in the meantime, so its UI runs natively on Mac OS X.
3. After installing Emacs, I realized that all of the important Emacs keyboard shortcuts are still stored in my muscle memory.
4. Getting Emacs fit for a variety of tasks is easy with pre-configured packages like the Emacs Starter Kit.
5. The effort of customizing and extending probably is more effective if put into Emacs. As Watts puts it:

Why do I recommend three stodgy old warhorses? Well, any editor that has a still-growing community after two decades is probably doing something right.

And finally, as GNU Emacs is the embodiment of Free Software, I certainly won’t have to pay another license fee for the next major version.

Repentantly, I return into the arms of the Church of Emacs.