Kirsle.net logo Kirsle.net

Welcome to Kirsle.net!

This is the personal homepage of Noah Petherbridge, and it's where I keep my web blog and various creative projects.

I blog about anything I find interesting, and since I have a lot of varied interests, my blog entries are kind of all over the place. You can browse my tags to sort them by topic and see which ones I frequently write about, or the archive has a complete history of my posts, dating back to 2008!

Besides my blog, I have pages for my creative projects, which are linked to on the navigation bar.

I write a lot about Linux and Android, Minecraft, and I like to rant about stuff. Generally anything that makes me curious.

For the geeks: this website respects your privacy and doesn't run any third party ads or analytics. This site speaks HTTP and doesn't require any JavaScript to work.

On iOS Vulnerabilities
January 18, 2017 by Noah

It seems there's a new iOS vulnerability where receiving a certain text message can crash your phone (forcing a reboot), and then lock you out of the Messages app--presumably because attempting to display the offending message will crash the phone again. Also, apparently, you don't even have to read the text message; the notification for the message alone will crash the phone too.

I heard of it from this article on Cult of Mac, and I have various thoughts on the matter (and about iOS vulnerabilities in general and how people handle them once discovered--the long story short is they're handled very poorly).

The article mentions that if you found yourself a victim to this exploit, you can "fix" it by visiting a web page in Mobile Safari which then offers to "Open this page in Messages" and then finds some way to allow safely deleting the text without crashing the phone.

I tried inspecting the source code of the "fix" page with the curl command line HTTP client (because you should never check out a possibly shady web page in your normal browser, as they might try and exploit some zero-day vulnerability in your browser and compromise your computer). But, it seems that the domain the fix was hosted on no longer exists: it gave me some DoubleClick "inquire about this domain" nonsense and tons of advertisements.

Either this is an extraordinary coincidence that the site is down now (given that the article was written today, and presumably the site worked when the author wrote the article), or the site was up to something shady and got reported and terminated by its host/registrar. My guess is that it was basically a jailbreak exploit, as iOS tends to be very locked down compared to Android (for example, no "Intents" system for apps to communicate with each other, and iOS doesn't allow replacing the default Messages app for managing your text messages).

Which brings me to how iOS vulnerabilities are handled in general by the users: very badly. Somebody discovered that they can crash iOS by sending a certain text message to an iPhone user, and instead of doing the responsible thing of privately informing Apple about it and not disclosing it publicly, they make YouTube videos being like "Text your friend these 3 characters and crash their phone! It's hilarious! Fun prank!"

It's not a fun prank. Short of using a shady as fuck web page that probably gains root privileges on the phone in order to fix your Messages app, the other way to fix it would probably be to factory reset the entire phone.

To compare with Android, vulnerabilities get disclosed in vague terms, like "somebody can craft a special audio file and text you it", but with no specific details, and the users are more concerned with updating their OS to patch the problem as soon as possible; rather than being, "I can crash all my friends' phones! I know exactly how to do it because blogs and YouTube videos are telling me how; and I'll use it to 'prank' as many of my friends as I can before Apple can fix it!"

One reason I'm glad not to be an iPhone user. I'd have to unfriend people IRL if they intentionally abused such a dangerous exploit against me.

Tags: 0 comments | Permalink
New Server Layout
January 12, 2017 by Noah

It's been on my to-do list for a while, and I've finally begun the process of rearranging my personal servers.

I've always treated my personal servers like pets rather than cattle, usually only having a single server hosted somewhere that runs all of my things. Most recently this took the form of a single Digital Ocean VPS that I named ocean.kirsle.net and that costs $40/mo. for 4GB RAM, and it ran all sorts of things:

  • All my websites including kirsle.net and a lot of legacy sites that don't even point to my server anymore but that I still had the document roots for.
  • Various random PHP apps, and a Git server, and other random nonsense.
  • My Minecraft survival server.
  • My self-hosted e-mail.
  • My XMPP chat server (until the server wouldn't start after a reboot one day).
  • My OpenVPN server (until that stopped working one day and couldn't be fixed due to the kernel not creating the /dev/tap device).
  • All sorts of random cruft on the filesystem, like custom-built local versions of Perl, Python 3.4 and Git.

The various sources of pressure that got me to finally start doing something about this include:

  • The OpenVPN server was unfixable and I'd need to start from scratch with a new VPS to re-implement it properly.
  • Digital Ocean added a Block Storage feature where you can attach a separately-growable disk to your VPS, but those are only available in certain datacenters so far. ocean.kirsle.net was hosted in SFO-1 but Block Storage was only available in SFO-2, so I wanted to eventually migrate to one of the data centers that supports this feature.
  • It took me all day long to configure my self-hosted e-mail, and I didn't wanna do that again too soon. First I tried setting up a brand new mail.kirsle.net VPS so that I'd only have to configure mail one more time, but it wasn't going very well so I decided to go back to Google Apps for my e-mail. I still have a grandfathered free account there, anyway.

So, now I have a new server named web.kirsle.net that's only $10 for 1GB RAM and it hosts all my simple websites, including this one! It took about four hours to migrate all my websites over, and in the process I also stopped hosting many random things. Like I don't use Piwik Analytics anymore (a PHP app), nor do I host a Git server now. The new server is so much lighter than the old one for it. I don't even have PHP installed, or Apache either.

My Minecraft server will be moved to its own VPS shortly, before I finish decommissioning ocean.kirsle.net. I'll eventually add more servers when I need to in the future too, e.g. to have a dedicated server for databases.

Tags: 0 comments | Permalink
Site Comment Updates
January 3, 2017 by Noah

I've made a few updates to how my web blog handles user comments:

  • Anonymous users on the Internet are now able to edit or delete their own comments for 2 hours after posting them (this is cookie-based).
  • All e-mails sent from this site are now formatted in HTML and will render Markdown text, so if you subscribe to a comment thread you can see the future comments rendered out as HTML in your email client.
  • I added a "Quick Delete" function for me, so that when a spam bot posts spam I can click one link in my e-mail that instantly deletes the comment without me needing to log in or do anything.

The gory technical details are in the pull request.

Tags: 0 comments | Permalink
SmarterChild and Other AIM Bots
December 21, 2016 by Noah

This is Part 1 in a series of blog posts about my adventures programming chatterbots for instant messengers in the early 2000's. In this series of posts, I'll focus on one instant messenger at a time and dive into the interesting quirks and challenges we botmakers faced when programming bots for them.

The order of the posts will roughly start "from the beginning." This is Part One: AOL Instant Messenger.

AOL Instant Messenger

Read more...

Tags: 1 comment | Permalink
Use Go as a Shell Scripting Language
November 29, 2016 by Noah

A very long time ago, I stumbled upon this article "Use Java for Everything". While I disagree that you should use Java for everything (or any programming language, for that matter), the author mentions that he wrote a wrapper script that lets him use Java for shell scripts (ones where you execute the Java source file directly, without the "write, compile, run" steps).

I wanted to do something similar for Go, because I had a very simple Go program I wanted to be able to throw into my .dotfiles repo and run without needing to do too many things first: a simple static HTTP server.

Read more...

Tags: 0 comments | Permalink
Simulation Hypothesis
November 8, 2016 by Noah

Besides computers and technology, something else I'm really nerdy about is science (like physics, astronomy and quantum mechanics), and something really fascinating that I admittedly don't understand is quantum physics. But I'm not going to talk too much about that on this post; instead this post will consist of more philosophical and theoretical musings related to it and what it might all mean. Some of it is my own; some is inspired by others.

Read more...

Tags: 0 comments | Permalink
Music Management
July 29, 2016 by Noah

Manually managing a music collection of MP3 files on disk is such a pain in the ass that I felt like blogging about it.

First, you have cloud music services like Google Play Music which can't detect duplicates properly.

Read more...

Tags: 4 comments | Permalink
A review of Linux desktop environments
June 17, 2016 by Noah

The next version of Fedora (24) is coming out soon, so I decided a couple weeks ago that I'd take a tour of all the different desktop environments and see if I like any of them enough to switch from Xfce. My original desktop environment of choice was GNOME 2, and I had jumped ship to Xfce after GNOME 3 was released because I was no fan of the tablet-focused, feature-stripped interface of the new desktop and GNOME 2.32 was, in my opinion, the pinnacle of the desktop metaphor for Linux.

Read more...

Tags: 0 comments | Permalink
I've updated my blog!
June 3, 2016 by Noah

...and I don't mean by writing this post. ;)

I run Kirsle.net on a custom Python CMS I wrote called Rophako and I just added a bunch of improvements to the blog platform in it.

I've been wanting to start working on some larger blog articles, things that could take me a few days to write, and my blog had no support for saving drafts. You had to write and publish your blog posts in one sitting. The only alternative was to make the posts "private," where only the site admin(s) can see them, but that would still cause them to "go live" and be listed along with normal public posts and was a messy workaround.

So now my blogging platform has proper support for saving drafts; they stay invisible (even for admins) on all of the normal blog pages, and can only be seen in bulk on a dedicated "drafts" page. While I was putting all that together, I added similar support for private posts, giving them their own index too where you can see only those posts rather than have to go hunting for them.

For visibility purposes, draft and private posts get little tags next to their author/date lines so an admin can tell at a glance what they're looking at. Normal end users won't see those, though. ;)

I've also finally implemented a feature I wanted to from the beginning: sticky posts. The blog database schema has always had a "sticky" field, but it was always set to false and the Create/Edit Post page gave no way to change that value. The back-end code did have logic to bucket sticky posts higher on the index list than normal ones, but there was no (easy) way to make a post sticky to begin with.

Sticky posts will also get a little "[Sticky]" tag next to their author/date lines, and those ones can be seen by normal end users.

I also fixed a handful of smaller bugs/problems. I've removed the ability to set a custom date/time when editing a blog post. This caused confusion between your web browser's local time and the time zone of the server. So instead, the server always picks the latest UTC Unix time on new entries. When editing an existing entry, there's a checkbox option to reset the time to latest when saving, if you want to bump an old post to the top.

Tags: 0 comments | Permalink
Principle of Least Astonishment
March 22, 2016 by Noah

In user interface and software design, the principle of least astonishment states that "if a necessary feature has a high astonishment factor, it may be necessary to redesign the feature." It means that your user interface should behave in a way that the user expects, based on their prior knowledge of how similar interfaces behave.

This is a rant about Mac OS X.

Read more...

Tags: 0 comments | Permalink