It's been a tricky week for a number of reasons - while Inspectors stalk the corridors of my office and I wrestle with seemingly deliberately obtuse bureaucracy at home and at work, someone decided that I was good for a few Bitcoins of ransom for my data. Linux ransomware is rare - but does exist in the wild. It's also been fairly primitive up to now, with attackers using predictable keys to encrypt data, and generally showing a lot less knowledge of the underlying system than the Windows based machines they're used to hobbling. However, as much of the world's larger-scale server architecture lives on some form of Unix derivative, they're going to get better at this.
My first question was why?, or more specifically why me? This is a completely non-commercial site, with relatively low traffic and which really only a few people would notice the absence of should it fall off the net - albeit after nearly eighteen years online! Anyone who knows me would know I'm certainly not good for the kind of ransom proposed. I cycled back through the various political disputes I've been involved in around the last election - none felt nearly sharp or potent enough to inspire this, in fact the whole campaign passed in a sort of stunned blur for both sides I think. I thought about other rivalries - I don't have many, and the one work-related matter which came to mind seemed unlikely. So perhaps it was just completely random after all? Just a chance attempt to extract a bit of cash from someone who rambles about roads and railways. Maybe. I think I'll have to accept this explanation.
The next step was recovery - and at first this didn't look remotely good. Hosting my own server has many advantages, but it means that anything which goes wrong is mine to fix in my own spare time - and that has been in short supply this week with all that's happening. It also appeared that the way the attack had progressed may have meant that the encrypted files had been backed up over the good ones. It was hard to say. In the end I decided that the best course of action was to completely reinstall a clean server and hope that the off-site backup was still good. Thankfully, the fact you're reading this shows that this strategy worked out - but not without some tribulations on the way. A lot of us keep servers running to the configurations we painstakingly worked out years back - and while they keep working because kind developers tend to value backward compatibility, a fresh install brings a new world of changed ways of doing things. I think, almost a week later, things work largely as they used to - with a few minor exceptions I'm still tweaking. Will they try again? Surely - but I hope if that happens, I'm ready.
Finally, I had to consider how my regime of backups worked - and the answer was actually, pretty well - I had a good, very recent, clean backup which was very easy to restore once I knew things were safe. But it could have been better - slicker, cleaner, more efficient - and the itch to polish and improve, to shave a few steps off there and make something work just a little better was suddenly back. In short, it's proved an interesting intellectual exercise which has distracted me a little from the rest of the week in generally positive ways. It seems likely that the vector of attack was a Wordpress installation which hosted my old Songs Heard on Fast Trains music blog. Certainly this has been attacked before, being used to relay spam via the injection of some malicious code. I've long disliked this blog being separate from the rest of the site, so it was time to extract the data and make it part of Lost::MikeGTN proper - some external links to SHOFT might break, but it was a small price to pay for closing a potential door. So, that's done too - and while this might need some tweaking and changing to make it look and feel right, at least it's here and you can still read my thoughts on obscure Scottish music of the early 2010s!
The loss of data to attackers from outside is always going to feel like an insult or an invasion, and as more of our life is lived virtually it will begin to feel more and more like a physical intrusion or loss. For me, the loss of a great deal of recent writing about my excursions felt potentially like a depressing enforced ending to a meandering project which I wasn't ready to give up on just yet. The older stuff, the diary entries from the late 90s for instance, perhaps only have any great relevance to me - but even so, the fact some of this digital archaeology survives makes it feel worthy of keeping. I almost lost a lot, but I learned a great deal more. And so to more turgid posts about long walks, observations on the rail network, and generally to more of the same...
It's fair to say that this website hasn't had much attention in recent times. The tailing off of regular travel here has meant I'm less often inclined to update things, which consequently meant that I'd really not thought much about how it looked over the past couple of years. It's worth pointing out here that Lost::MikeGTN isn't a Wordpress blog or based on some sort of hosted solution, it runs on my own webserver, using a site I wrote from scratch - mostly just for the experience of doing so. Back in 2004, there weren't any content management systems that did quite what I wanted as simply as I'd like, and I wrote Areopagitica in response. It was functional, if clunky at time, and allowed me to upload and edit content wherever I was in the world. I learned a lot about MySQL and PHP in the process too. Overall, things worked fairly well for the next ten years or so with just the odd tweak or minor irritation to work around. It's easy to get comfortable...
Having worked with a modern system on my other blog during 2011/12, I knew things had moved on a fair bit. Some experience of learning about newer technologies for other projects had also left me wondering about how easy it would be to build something around the database of stories and articles I'd amassed here since 1999. I set about the task with my usual lack of planning or foresight over the Christmas break, and have had a fair few stumbles along the way. However, what I've definitely noticed is how technologies like Bootstrap make it much easier to make a site look presentable quickly, freeing me to make it work how I want it to. As someone with very little eye for design, and even less talent at graphic arts, this is a huge relief. I was able to build around the original database in which the articles live with a minimum of fuss and get a new design working in a few hours. That encouraged me to take a far more radical approach to things, and I'm still exploring the possibilities.
So here it is, the second incarnation of Areopagitica. For you, the reader, it hopefully looks and feels a lot nicer - certainly it should behave far more sensibly on smaller screens now. For me, the fun was more about the back-end of the system. How I could really make editing and updating the blog easier, quicker and more enjoyable. It's been a fascinating project - with many tasks left to complete. But I'm already able to sit and compose this article feeling far more like a writer and a lot less like a programmer. I'd do neither profession justice I'm sure, but this is definitely progress!
Having had an extended break over Easter and also taken the days between the weekend and my trip to Fife as leave, I've slowly worked my way through a bunch of things I'd meant to do but never quite got around to. Some of these were things I'd promised to other people - others were things that only I would beat myself up about. So, through a haze of procrastination and diversion I finally set about improving the usability of my online 'movebook'. While the public face of this is the rarely clicked little link to a table of what trains I used that day, the administrative backend has remained in a similar primitive state since I started the project about eight years ago. In particular, I quickly realised that the database of stations I'd imported wasn't going to address the issue of rare track tours - and there have been many frustrating occasions when I've been away from home and suddenly realised I can't input the data, as adding a location relies on direct access to the SQL server. Likewise, as my wrists begin to ache more readily with age, reducing the number of keypresses to get data into the system is a useful goal, and I'd long imagined a system of 'favourite journeys'. So the new 'almost 2.0' movebook interface allows me to do all of this, from practically anywhere. It's also much cleaner and less clunky for little screens and quick access. Of course you, the reader, will likely never see this - but it was really quite fun to dust off the coding muscles and make something useful and practical to 'scratch an itch' - which is of course the genesis of many a household name in applications! One day, perhaps, I'll consider my replacement for the increasingly wobbly Locoscene database, which seems worryingly unmaintained these days.
It's not often I do any work on the underlying code of this website. Since I wrote Areopagitica four or five years back, I've done just enough tweaking to keep it working or to add features which have been deficient. But the core of this is much what was written back then, in all it's sprawling and messy glory. It's for this reason I've always resisted allowing it out into the wild - although a recent deployment elsewhere which was fairly simple has convinced me it wouldn't be quite so hard to package.
Today's work started as an effort to tidy up and improve the Movebook code to cope better with heritage engines - and sort of spiralled from there. Mainly as a marker for me, the following bits and bobs have seen work:
If I can keep up the momentum in spare moments, I'll try to fix one or two other irritations over the coming weeks. It's certainly reminded me that at times when things are, shall we say a little fraught in the workplace, the mental effort of solving programming problems is a rewarding task.
I've had a home on the web for more years than I care to remember, and a few kind souls persuade me it's worth persisting with keeping it updated. This current incarnation of the site is centred around the blog posts which began back in 1999 as 'the daylog' and continued through my travels and tribulations during the following years.
I don't get out and about nearly as much these days, but I do try to record significant events and trips for posterity. You may also have arrived here by following the trail to my former music blog Songs Heard On Fast Trains. That content is preserved here too.