general


It’s finally up and running. I moved all my non-.NET posts from the past month over to that side to keep things nice and tidy. The links to visit and/or subscribe are over there on the right.

There’s a great (but lengthy) post on tomdispatch.com this morning from a former assistant director of the public library system in Salt Lake City. It is well worth reading if you have the time. If you don’t, just read this:

“The cost of this mad system is staggering. Cities that have tracked chronically homeless people for the police, jail, clinic, paramedic, emergency room, and other hospital services they require, estimate that a typical transient can cost taxpayers between $20,000 and $150,000 a year. You could not design a more expensive, wasteful, or ineffective way to provide healthcare to individuals who live on the street than by having librarians like me dispense it through paramedics and emergency rooms. For one thing, fragmented, episodic care consistently fails, no matter how many times delivered. It is not only immoral to ignore people who are suffering illness in our midst, it’s downright stupid public policy. We do not spend too little on the problems of the mentally disabled homeless, as is often assumed, instead we spend extravagantly but foolishly.”

This article on drive-by pharming and default router passwords brought back painful memories of bygone events.

A few years ago I was an active moderator for the Fark.com message boards. To save some time I created a bookmark to link directly to a particular bit of functionality. The moderation pages are password-protected, but as with many sites I found that the page wasn’t particular about how the authentication info got there – POST or GET. I included my username and password in the query string of the bookmark and voila! One-click access.

This worked great for about a week until I received an email from Mike, the technical guru that makes sure the vast array of hamster wheels that power the Fark.com servers remain properly greased. It turns out I had used my shortcut enough that it appeared in the most popular links on the stats page… username, password, and all. For a brief time, everyone that looked at the stats page had instant access to a moderator login for the site.

Looking back it was an incredibly stupid thing to do. I single-handedly created a massive hole in the security system of one of the net’s most-trafficked sites! All to save a few keystrokes. This is the importance of remaining vigilant about your passwords. It’s easy to get lazy, and that laziness is what hackers like to exploit.

If you have a wireless router at home and you haven’t already done so, CHANGE THE DEFAULT PASSWORD NOW!