Thursday, December 26, 2013

The Time of the Doctor

Christmas special of Doctor Who was quite good. There was a lot of pulling lose ends together, much like in the special aired a month ago. Tenth doctor, played by David Tennant, is still my favorite but I do think that Matt Smith is a great actor. After the last season, it felt like it is a time for change and I do not blame him for wanting to do something different. Regarding Peter Capaldi as a new Doctor, I am still fighting dissapointment of Moffat's choice. I watched again the part from 2008 "The Fires of Pompeii" where Capaldi was playing Caecilius and, once again, found his performance quite unremarkable. I hope that Steven Moffat knew what he is doing by choosing his new Doctor. I checked Twitter and it looks that people really like Capaldi and scowl at anybody who is demanding a younger and a good-looking Doctor.

Monday, September 2, 2013


My apartment building in Kiev.

View from my room (1987-1997)

The building where I lived 1973 to 1987

My day care / kindergarden 1974 to 1980

My school 1980 to 1988


Friday, August 23, 2013

"John Dies at the End"

Read "John Dies at the End" by David Wong. Maybe because it has been awhile since I read something non-mind-bending, I really liked it. I think I'll watch the movie, it doesn't look bad either.

Friday, August 9, 2013

Wednesday, July 31, 2013


Not only I managed to get out of my house but also took a few pics with something better than my phone.

Tuesday, June 25, 2013


Quite an interesting thing I learned about humming birds. If you don't move, they don't register you much. It is amazing to have them one foot away or less. The turbo propeller sound from the wings is quite something. I should take more pics with a better camera next time. It is nice of them to let me that close with my phone.

Monday, June 24, 2013

Now I know who ate my roses

Found these two beasts at 3am in my yard.

Well Said (on function and design)

"Design matters because function alone is not enough" (c) Pomme Chan

Extraction from Computer Arts Magazine (Issue #213)

Bellroy. I am so buying that wallet.

I usually click on ads only by accident. However, I couldn't help and made an exception and clicked on a  nicely drawn banner. It turned out to be an online store that sells wallets Just recently I read an interesting article in the Computer Arts magazine about Design and Advertisement fields not aligning nicely together. Yet, Bellroy seems to be getting it all right. It is a good lesson not only on how to slim your wallet but how to make a great looking online store.

Tuesday, June 18, 2013

Interesting EC2 AWS security incident

Today I got a forwarded message from the EC2 Abule Dept:

"Dear Amazon EC2 Customer,

We've received a report that your instance(s):

Instance Id: i-exxxxx
IP Address: 174.xxxxxx

has been port scanning remote hosts on the Internet; check the information provided below by the abuse reporter.

This is specifically forbidden in our User Agreement:

Please immediately restrict the flow of traffic from your instances(s) to cease disruption to other networks and reply this email to send your reply of action to the original abuse reporter. This will activate a flag in our ticketing system, letting us know that you have acknowledged receipt of this email."... etc etc

I have to admit that for a second it did feel like some sort of an "oops" moment. However, thinking a bit more about it I said "Naaaah" but went on to check what is going on with that VM.

Logged in as root, quickly checked history, nothing. lsof -i... oh I see it:

xmit64 3276 root 1407u IPv4 10785708 0t0 UDP ip-10-xx-xx-xx.ec2.internal:60980
xmit64 3276 root 1408u IPv4 10785709 0t0 UDP ip-10-xx-xx-xx.ec2.internal:42197-
xmit64 3276 root 1409u IPv4 10785766 0t0 UDP ip-10-xx-xx-xx.ec2.internal:55691->
xmit64 3276 root 1410u IPv4 10785767 0t0 UDP ip-10-xx-xx-xx.ec2.internal:44663->
xmit64 3276 root 1411u IPv4 10785776 0t0 UDP ip-10-xx-xx-xx.ec2.internal:36846->

and many many many more of these.

Happy lucky xmit64 is sitting in /bin and streaming away to an IP in China

kill -9. I am tempted to disassemble this little binary friend but what is the point really? What is kind of upsetting is that it is eery quite in logs. Not that it is difficult to clean up after getting to the machine an doing something but it just doesn't look like it, too clean and too quiet. It is all crickets and spider web. Only two people used that machine rarely, so there is not much to look through.

So how did xmit64 get to /bin? If the file wasn't (s)FTP-ed there, what is an alternative way for it to get in the fiel system, hmmm makes you think really.
Not to fail to mention that the only thing running on that instance was Tomcat, no php, not much shaky stuff. 

I emailed to EC2 Dept all I could dig out. I am kind of curious to hear what they say. I do hope they follow up at some point.

06/24/2013 Update: No response from Amazon. Killed the instance with a :sigh: