WordPress compromised again

It is slightly annoying that even when I keep WordPress up to date automatically that it still gets compromised. Is this really the trade off between a great flexible piece of software that creates nice flowing websites? That it is constantly full of zero-day exploitable holes?

Deleting protected folders in your Mac home directory

One day I was setting up my new Catalina (and later in Big Sur) OS on a fresh work Mac laptop and I discovered something fishy. I couldn’t delete my Documents, Pictures, Videos, and Music directories. Normally what I do on my Linux systems is create symlinks for those folders whose target is in a common directory that I can then sync onto my NFS server, or like in the case of my work laptop, into a corporate system. Be it Office365 OneDrive, or Box, or Amazon WorkDocs.

Ok, anyway I fought and fought with the Mac OS. Attempts to delete the folder were denied even though I have sudo access on the system:

% sudo rm -rf Documents
rm: Documents: Permission denied

So my hunt began. Turns out the culprit is SIP. Otherwise known as System Integrity Protection. It’s designed to help keep things setup the way they need to be for various aspects of the OS to work as expected. In some ways it kinda really annoys me because is the result of the whole Mac eco-system dependencies. So as Apple continues to force you to keep apps on your OS like News, Stocks, iTunes, etc, the OS has to work a little harder to make sure dependencies stay correct.

Cool, how do you shoot that shit in the head?

This is the link to the official documentation from Apple. But I will duplicate it here:

Restart your computer in Recovery mode.
Launch Terminal from the Utilities menu.
Run the command csrutil disable
Restart your computer.
Make your changes, then do all the previous in reverse using csrutil disable

I think it’s work noting that I was able to do everything I needed in just the one reboot to Recovery mode. Once in Recovery Mode and in a terminal, I could disable SIP, make my directory changes, then reenable SIP, and then reboot back in.

Hope that helps!

Procomp aluminum cylinder heads on my 496 BBC

I just wanted to share my experiences with these heads so others can evaluate what I dealt with and decide if they are worth their investment. So in April this year I ordered from Skip White his BBC aluminum heads. They are Procomp heads. These things, as plenty of you know, are sold a lot of places and under a number of different names. Born and bred in the Good Ole US of A Peoples Republic of China. They are so cheap I thought it was worth the risk. So here is my first hand experience with them.

They arrived and looked pretty good. Skip White really isn’t to blame as their company has good customer service and was really helpful with all the stuff I bought. They seemed to do good machine work on everything that arrived at my shop.

They showed up loaded with valves and springs. As we started to disassemble them just to go over them once, the first thing we discovered was that the spring pressure was way to high for what I was building. That was easy to fix. But the next thing we discovered was this:

If you look closely in the upper left hand corner of the intake runners you will see that the bare metal disappears under the gasket. Note also that the bolt holes are correctly aligned. As much bare metal as you see in the lower right hand corner is as much as they are offset up under the gasket in the upper left hand corner. I know that trimming gaskets isn’t that uncommon but this seemed surprising to me in this day and age of CNC machining. Especially because the Edelbrock air-gap intake I am using matched up very well to the gasket. We proceeded to match the ports to the gasket spending more than I was expecting to clean it all up. But, so far so good.

When I started assembling the heads I encountered one or two rockers that sat funny on the stud. I struggled to get the pushrod guides to hold the rods over far enough to line up nicely. And, as luck would have it, one of the rods kinda interfered with the passage way through the head. Back to the machine shop.

Now I am finally bundling it all up. Everything lines up and feels ok. Putting a little oomph on the intake manifold bolts (mind you not much) by hand and all of a sudden one of the bolts starts freely spinning. Brand new set of heads and the first time I run the intake bold into the hold it strips the threads. Checking the holes out and there aren’t helicoils in them. Not that it surprises me maybe as these aren’t crazy torqued holes. But still hand tight and they spin??

With luck on my side they were blind holes. So I was able to helicoil them myself in place without disassembling everything.

I know that all heads need a little massaging before assembly. But these kind of blew me away. I haven’t even fired the engine yet and I’m basically in the same price range as a new set of AFR’s. Lesson learned I guess.

So all that being said, I ended up setting these head aside and starting over with something I can trust. I ordered Brodix heads. I’ll get that updated later.

I love Security Theater

#SecurityTheater.  You all know what it is.  The attempt to make it appear that you are doing a great job of security an event/situation/communication/etc.  Early in the days of #TSA, we use to accuse them of Security Theater. At least they are getting better.  I recently attended #GoogleNext2018 in San Francisco.  Each entrance of the event was guarded as you can see in the attached image.  At each entrance, I was required to hand my small shoulder bag to the security guard, then step through the metal detector. My bag was given a cursory glance inside.  Inside my bag was ANOTHER bag that was never opened during the 3 days I went in and out.  What was inside the inner bag? What about the shoulder bag’s pockets? My inner bag was, admittedly, filled with medical supplies I need for my Diabetes (type 1’s holla!). 

 

Given my interest in physical security, I thought I would test how effective all this was.  The list of restricted items was pretty straight forward. Illegally sized knives, firearms, explosives, flammable gas, etc.  I should have taken a picture. I was able to successfully enter the event repeatedly with some basic restricted items (knives) that were cheaply bought in the area.  In fact, I loaded my bag down with weight one time that was approximately what my loaded Glock 21 would weigh (about .9kg). The suspicious weight should have been a tip off to any security guard. Nope. The other picture you will note is a security guard radio. Non-trunking, non-private. I was able to overtalk on these channels with my $10 ebay baofeng ht.  So lets recap – An individual basically could have entered the event completely armed without any hassle, proceeded to jam their communications with ease, and begin causing some serious issues. Given the level of training of the guards seen during my day-to-day activities, they would have been borderline useless. In this day and age that is a serious thing to consider.  So that begs the questions: what is the point and what can we do to change it? I’m not fond of a police state situation, but I do think there are better ways to control situations like this without the theater. I’d like to hear your thoughts!

Launch of a new site

[avatar user=”Geoff” size=”thumbnail” align=”right” /]

After a number of years I have decided to rework my website.  I’ve used Drupal for years, but I just don’t need the level of complexity that it offered.  It’s an awesome framework, and I wrote a ton of code in it, but I don’t need it for this site any more.

You might also have come here looking for my photo galleries.  Those have been removed and will be replaced.  Sorry if you were linking to something.