Random Tangent

A couple of nights ago, as I was browsing the web, I got a pop-up message from Zone Alarm Anti-virus telling me that it had found and quarantined the Trojan-Clicker.JS.Agent.h trojan in my Firefox cache.

Now the problem with the Firefox cache is that the files in there aren’t indexed by URL name so I had no idea which site I’d gotten that trojan from. The only two sites that were open in my browser at that time were Google Reader and this here blog of mine. This blog, by the way, is installed on my own website which, in turn, is hosted on a shared web hosting server in the US. A server that is expertly managed by my web host’s very competent systems administrators. My website, therefore, is very secure. My blog is also secure since my version of WordPress is almost always up-to-date. This, then, was strange since neither of those sites should really have had a trojan or virus or anything else malicious on them.

Since Google Reader was the less likely trojan-hosting candidate, I thought I’d check my blogs’s HTML page source to see if I could figure out what was going on. However, when I tried to check it through Firefox, the page came up “missing”. That was not a good sign. This meant that it was indeed my blog that contained the trojan since it was this page’s local copy (in the cache) that Zone Alarm had quarantined. To double check, I navigated away from and then came back my blog’s home page. Immediately, Zone Alarm popped-up another quarantine notice. Yep, the trojan was in my blog [1].

Bugger.

Time For Some Research

I then went to the web to learn all I could about the trojan which, strangely enough, wasn’t much at all. This trojan was (and still is) rather new to the ‘net and, therefore, has been minimally catalogued in all the online virus databases. It was, however, mentioned on a few message boards. Unfortunately, the relevant posting on Zone Alarm’s message board was incredibly useless while the message boards that really seemed to be discussing it actively were all in Russian. Google Translate helped a bit with that but, ultimately, I couldn’t learn anything from those pages either.

All I ended up learning from the web was that this is a JavaScript trojan (hence the JS in the middle of its name) that either opens up a pop-up ad, places a cookie in your browser’s cache, creates a connection to a couple of sites on the ‘net, and/or re-directs your browser to a particular page. I wasn’t sure which of these this trojan did because it never got the chance to run on my computer. I also learnt that this trojan was, for all intents and purposes, pretty harmless. The virus databases listed its threat level as low and, really, if no one had even bothered to document it in any detail on the ‘net, how bad could it be?

Still, a trojan is a trojan. So I set about trying to fix the problem myself.

Do-It-Yourself

The first thing I then did was some more research. I started by checking the WordPress site for security documentation. I learnt quite a bit from there. I then went and did all the things they suggested you do to ‘harden’ your WordPress installation. These were things I hadn’t done earlier and that was probably how the trojan had gotten into my blog in the first place.

Next, I went and downloaded (through FTP) all the files from my blog installation to my local hard drive. All the files (mostly PHP files) got downloaded just fine but one of them immediately got quarantined by Zone Alarm. “A-ha”, I thought, “that must be the file that contains the trojan. I must look at this file.” Unfortunately, Zone Alarm wouldn’t let me (duh!).

Fortunately, this was a file that I could look at from inside WordPress’ administrator’s interface. Unfortunately, again, most of what was in that file was gibberish. It contained a few JavaScript functions that were weirdly named (a seemingly-random string of numbers instead of a descriptive name) and some code within those. Now, since I didn’t want to mess with WordPress’ code, I though I’d compare this file’s code with the corresponding code from Nadia’s blog installation (which, according to Zone Alarm, was trojan free). Nadia’s version of this file was, indeed different from mine. As I tried to tweak the code in my version of the file, however (i.e. change my file’s code to make it look like Nadia’s), I must have mistyped something because the next time I tried to view the blogs they had both crashed. That is, every time I tried to load them, I got a 500 Internal Server Error error.

Bugger.

It All Falls In To Place

Fortunately, our blogs eventually came back online (did I mention that my web host’s SysAdmins were really good?) and, this time, I wasn’t getting any trojan pop-up messages from Zone Alarm when I visited them. However, the next day, the trojan quarantine messages were back. Oh, and now they were coming from both blogs. It was then that it occurred to me: “Dammit! The reason my code editing didn’t work the first time was because I was trying to make my trojan-ridden code look like another kind of trojan-ridden code!” That is, I wasn’t actually removing the trojan from my blog, I was merely changing it to look like the trojan on Nadia’s blog. What I should have done was compare my version of the file to a perfectly clean version of the same file.

To get a clean version of that file, I went back to the WordPress site but couldn’t find it there. I figured I’d have to go into the actual PHP source code (maintained by WordPress’ developers) to do that…but that wasn’t something I really wanted to get into. Then I realized that I did have easy access to a clean version of that file: I could simply install another copy of WordPress on my own website. Since this would be a new install, all of its files would be perfectly clean and trojan-free. I could then compare my file to that installation’s version of that file. So I went ahead and did just that. And guess what? All of the JavaScript code in my file was trojan code. That is, the original version of the file didn’t contain any JavaScript code at all [2].

Removing that was easy and now, finally, our blogs are completely trojan-free. If all now goes well, and with the help of a much more secure WordPress installation, our blogs will stay trojan-free from now on as well. Here’s hoping.

Footnotes

[1] While my web host’s SysAdmins are responsible for maintaining the web server itself, they aren’t responsible for the stuff you install on your site. That is, the fact that my blog had a trojan in it, wasn’t their fault. It wasn’t entirely my fault, either. Nor was it really the fault of the people who made WordPress. It was basically the fault of the hackers who had found a way to exploit a vulnerability in WordPress that let them attach this trojan to it. That’s usually how it happens anyway.

[2] Which, in retrospect, is obvious since it was a PHP file that really shouldn’t have had any JavaScript in it anyway.

Tags: Blogging, Internet, Technology by Ameel
No Comments »

New York’s Empire State Building (ESB) was lit up in green from 12-14 October to mark the Islamic festival of Eid. This Eid (there are two of them in each Islamic calendar year) is called Eid-ul-Fitr and it marks the end of the fasting month of Ramzan (pronounced Ramadan in Arabic). Check out the AFP article about it, the Fox News article about it, and, until the page is updated next, the ESB’s tower Lighting Schedule that mentions it as well.

This is only the third religious festival that is honoured by the ESB, the other two being Christmas and Hanukkah. This green lighting (sorry, had to make that pun!) is now going to be an annual event.

Tags: Life by Ameel
No Comments »

I am seriously considering starting a new blog. One about my MBA journey through the University of Melbourne’s Melbourne Business School (MBS). It’ll cover my life during the program, the courses I’m taking, stuff about the university/school/program, my job hunt, and basically anything else that is relevant to me, the MBA, the tech industry, and Australia. I’ve already documented part of my MBA journey in my MBA Journal but that only presents a high-level overview of events. I want to get into the nitty-gritty details and, basically, tell more of the story.

The good thing is, should I do the spin-off, I know that I’ll be able to sustain the new blog. I’ve started to blog reasonably regularly now and it’s getting easier to maintain this pace. In fact, I have reached the "I should blog about that" stage thanks to which, whenever something interesting happens to me these days, I start to think about how I’m going to write about it in my blog!

Also, this here blog doesn’t have a proper focus. Yes, it’s about anything and everything that I find interesting in my life and in the world, but having a stronger focus would let me explore my subject more deeply and be more insightful about what I write. I will, of course, continue to maintain this blog in parallel.

Finally, while there are lots of MBA student blogs out there, only one other MBS student, my classmate Birgit (with Birgit in Adventureland), currently maintains a blog of her own. And even that is a more general blog about her adventures through life and around the world that it is about her MBA journey. As for our professors, only two maintain blogs: Chris Lloyd with Fishing in the Bay ("Statistical musings from an Antipodean perspective") and Joshua Gans with CoRE Economics ("Commentary on economics, strategy and more").

Meanwhile, B-Schools from around the world are embracing the power of blogging. Here’s a random selection:

• Inside the London MBA
• Berkeley MBA Student Blogs
• Ivey MBA Blog (2007-08)
• MIT Student Experience Blogs
• Wharton Student Diaries
• HBS Working Knowledge

My blog will be a drop in the ocean compared to all of those, of course, but at least it’ll be a start.

Incidentally, I was all set to convince MBS to start their own series of blogs — authored by students, professors, and the admissions, alumni, and marketing departments — a few months ago. I’d even written a project proposal for it. Unfortunately, I then got an internship so I never followed through with it. If all goes well — that is, if I maintain a good blog over the course of this term — I might propose the idea to them again at the end of this term. Let’s see.

Meanwhile, let me start by thinking up a good name for my new blog. Hmmm…

Tags: Blogging, MBA by Ameel
1 Comment »

This is my sixth post today. I’m on a roll, eh? Two completely unrelated articles this time, for which I apologize. It’s just that I don’t want to write two separate posts for them when, really, I just want to write three lines for each.

First, do you want to see stunning examples of typography on the web? Look no further than I Love Typography’s ‘15 Excellent Examples of Web Typography‘. I mean, like, wow.

Second, Brian Kim wrote a really good article earlier this week called ‘Top 5 Things Every Extrovert Should Know About Introverts‘. Being generally introverted myself, I really appreciate the fact that he’s written this and think that it’s something everyone (extrovert and introvert likewise) should read.

Tags: Life, Technology by Ameel
No Comments »

If you’ve been reading this blog for a while now (that would be just you, Nadia!), then you’ll know that I am rather obsessed with convertible tablet PCs. That is, I really, really, really want one. Why? Because convertible tablet PCs are everything that I want in a laptop computer at this point in time. That is, a keyboard that I can type on, a touch screen that I can write on, and a small and light form factor that I can easily carry around. The latest ones are also fast, powerful, and full-featured (ports, accessories, etc.). The only things missing in them — a large display and a configuration suitable for gaming — are better left to desktops anyway. I figured, therefore, that it was time for another tablet PC update. Why? Because Fujitsu and HP both recently released their latest tablet PC offerings: the T2010 and the 2710p respectively. And from all the reviews about them on the web, they’re both excellent machines.

So here’s my hypothetical issue (it’s rather pathetic to have one, I know, but hey, if I can’t fantasize about all this here, then where can I fantasize?). If I had the money to buy a tablet PC right now (let’s say I won the lottery or something…God: hint, hint), which one would I get? I’m down to the following four choices:

1. Lenovo ThinkPad X61t
2. Fujitsu LifeBook T4220
3. Fujitsu LifeBook T2010
4. HP Compaq 2710p

And they’re all really good. The problem is that, while they’re all really good, they’re all extra-specially good in different ways.

The Powerhouses

The Fujitsu T4220, for example, is the only one that has an on-board optical drive. It’s also (by far) the most powerful of the bunch. However, it’s also the most expensive. The Lenovo X61t, meanwhile, has the best keyboard (though the others are really good too), the longest battery life, the fastest hard drive, a really good processor, and the best extras. However, it has the the dimmest screen, no on-board optial drive, and, for the time being at least, is going through production problems. These two are also the heaviest of the bunch (though both are less than 2kg each).

The Lightweights

Meanwhile, both the Fujitsu T2010 and HP 2710p are incredibly light (about 1.5kg each), have excellent screens, good battery life, and aren’t all that expensive. However, neither has an on-board optical drive (which means you have have to buy, and then carry one, with you separately) and both have low-power (i.e. slightly less powerful) processors. The 2710p also has the slowest hard drive. On the other hand, it’s the only one with a wide screen. It’s also the cheapest of the lost, and, apparently, has the best “tablet PC experience” of the lot as well.

Confused? Hong Kong Phooey made a really nice comparison table that shows each tablet’s strengths and weaknesses graphically. That might help. The discussion below that posting is quite good too.

More Data, Mr. Spock!

Want to know craploads more? Check out the following video reviews on GottaBeMobile.com:

• Lenovo X60t Part I, Part II (multi-touch and ultrabase)
• Fujitsu T4215
• HP 2710p
• HP 2710p compared to the Fujitsu T2010

Or the following text reviews listed on Tablet PC Review (except for the last two that haven’t been added to the listing there yet):

• Lenovo X61t — 3 reviews
• Fujitsu T4220 — 4 reviews
• Fujitsu T2010 – 2 reviews
• HP Compaq 2710p – 4 reviews
• HP Compaq 2710p (GottaBeMobile)
• HP Compaq 2710p (jkOnTheRun)

Analysis, Mr. Data?

So what does this all mean? Which would I finally choose? Well, when you compare the four, the first (and most obvious) grouping splits the bunch into features and raw, number-crunching performance (X61t & T4220) versus display quality and overall tablet PC experience (T2010 & 2710p). I generally prefer performance over everything else since I want to be able to edit audio & video and run processor- & RAM-intensive programs like Dreamweaver and Paint Shop Pro on my laptop. This would be true even if I did end up buying a desktop on which I could play high-end computer games etc. And, really, I don’t mind the extra half-kilo of weight. That eliminates the two lightweights and narrows my choice down to the two powerhouses: the X61t and the T4220.

Next, if push came to shove, I’d probably pick the Fujitsu over the Lenovo. Why? Because, even though the Fujitsu is the most expensive of the lot, it does have the most features. If I get the SXGA screen (i.e. the higher resolution one) and up the hard drive to 7,200RPM (i.e. the fastest one; if possible), for example, I undo most of the Lenovo’s advantages. I won’t get the Lenovo’s excellent battery life in the standard configuration, yes, but I will get the most versatility thanks to the Fujitsu’s modular bay drive that can hold an extra battery, the optical drive, or, to reduce weight, nothing. And I like versatility.

Oh, and I get a few bonuses with it too: the control key is the bottom-left-most key on the keyboard (a big plus in my book), there’s a touch pad instead of a track point stick, and the docking bay includes an HDMI port (which makes for better viewing on large, external monitors). Fujitsu is also supposed to have the best service and support.

So there. I’ve decided then. I am hypothetically going to get the Fujitsu LifeBook T4220P (the P is the more powerful of the two models) as my next laptop. Now I just need the money for it. Which basically means that I won’t be able to actually get this till next year (assuming, of course, that I have a job by then). Oh, and Dell will have have come out with its tablet PC by then too. That should really shake the industry up and, as a result, I will get to make one more posting about my little obsession here. Yippee! :) Till next time…

Tags: Tablet PC, Technology by Ameel
2 Comments »

Rolling Stone ran an interesting article a few days ago called Allah, Amps and Anarchy. It’s about the first-even Muslim punk-rock tour in America and it makes a really interesting read. Here’s a snippet:

There are more than a million Muslims living in the U.S., and the youngest generation is still struggling to find its place in America. “Shit changed for all of us Muslim people after 9/11,” says Khan. “The best way for me to deal with it was music.” The Kominas are one of the more established groups, having toured and released records. Their songs mix punk speed and attitude with Middle Eastern sounds. Their lyrics, often confrontational, are also deeply personal. In “Par Desi,” Usmani, who spent part of his childhood in Pakistan, describes getting beaten up by punk skinheads in America: “In Lahore it’s raining water/In Boston it rains boots.”

Tags: Music by Ameel
No Comments »

Other than this awesome djembe from Toca Percission (pronounced jem-bay, by the way) that Nadia got me for my birthday:

She got me a few t-shirts too. I selected these three from ThinkGeek:

Pi By Numbers

There’s no place like 127.0.0.1

No Comment

We also really wanted this one, but it was out of stock:

Come to the Dark Side

And now, thanks to Download Squad, I really want this one as well:

Balki Bartokomous T-Shirt

(*sigh*) Some day.

Tags: Life, Technology by Ameel
1 Comment »

A lot of people have written about a lot of good/fun tech stuff over the last few weeks. Here are some of the things I found interesting:

The excellent Smashing Magazine did a good roundup of the best screen savers available online. And, in case you missed it, they recently did a good roundup of desktop wallpapers (my favourite wallpaper site for the last few years has been Vlad Studio, by the way) and, some time ago, an extensive roundup of over 40 books for professional design and development. Pretty awesome.

Scott Rosenberg wrote about the Terror of TinyURL. I’m someone who rarely, if ever, clicks on a URL that he can’t see in the browser’s status bar so I know where he’s coming from. And while I do understand the need for TinyURL, it does scare me.

CNET reports that UC Berkeley has now started posting entire course lectures online on YouTube (at http://youtube.com/ucberkeley). And while the are the first to do so, they certainly won’t be the last. This should be fun.

Finally, Marc Andreessen has been giving lots of excellent advice about career planning on his blog. He’s written three installment (plus introduction) so far, and though he comes from a high-tech, Silicon Valley background, it makes a really great read for everyone:

• The Pmarca Guide to Career Planning, part 0: Introduction
• The Pmarca Guide to Career Planning, part 1: Opportunity
• The Pmarca Guide to Career Planning, part 2: Skills and education
• The Pmarca Guide to Career Planning, part 3: Where to go and why

Enjoy :)

Tags: Internet, Technology by Ameel
No Comments »

In a comment to my post about monsoons in South Asia, Aman pointed me to Umer Farooq’s two-part article on Lahore that also talks about what happens when it rains there (and does a much better job that I ever could). You can find that on the Read It Live website: Lahore, Lahore – Part II. If you’ve ever lived in Lahore for a decent amount of time (or simply know people from Lahore), this ought to strike a chord. Or at least resonate a bit.

Tags: Life, Pakistan by Ameel
No Comments »