The freeway. Snow – beautiful, white, soft – still coming down hard. Plowed, sort of. Little traffic.

Drive. Rapt attention. Not too fast. Stay in control. Not too bad.

Drive. Drive. Drive. Enjoy.

But ahead? Lane obscured?! Not plowed!!!

Brakes.Brakes.Brakes.Too late?Too much?

Frontendcatching!Tailcomingarround!Countersteer,countersteer,countersteer!Fulllock!

Facingwrongway-headingforditchslidingbackwardsohnoohnoohno!

Impact.

Snow poof.

All quiet. Wipers make pass of windshield.

Car still running. Take stock of situation. Too dangerous to leave car. Stuck?

Traction control off. Shift to second gear. Wait for gap in traffic. Ease on accelerator – gently, gently.

All-wheel-drive struggles, then forward motion. Sharp turn to right; back in the flow.

Pull over on ramp ahead. Check car. No damage. Sigh of relief.

Drive on.

Back up your files, kids.  Not tomorrow, not after breakfast — now.  If you don’t already have a good system, there are plenty of easy options like Backblaze.

I bet you can guess where this is heading.  But first, some backstory.

About a week ago, I was idly surfing the web.  Surf, surf, surf.  Just wasting time after moving Stopping in Every State off of Posterous and onto my own server.  I clicked a link on a search result, and while the page was loading, I noticed a Java applet fire up in the browser window.  That was immediately alarming for two reasons.  First, this is not 1999, so there are pretty much no legitimate reasons to use Java applets on web pages.  Second, I had read about a Java virus that hit Reddit a few weeks back.

I closed the browser as quickly as possible, but it quickly became apparent that I was too late.  First, a rogue security tool popped up.  Then I noticed a large amount of disk activity.  Pop-up windows for questionable sites.  The works.

In a bit of a panic, I first shut off my network card (which has a physical switch on my laptop).  I fired up task manager and started killing suspicious processes.  Then out came Process Explorer, and with that I began shutting down unusual DLLs.  Still under attack, I went in with Hijack This (which I keep on my USB thumb drive) and started undoing damage.  At the same time, I fired up a borrowed computer and got the latest versions of a host of legitimate anti-malware tools, including Malwarebytes Anti-malware, Windows Defender, and Ad-Aware.  I transferred them with my thumb drive, ran them, and let them do their things.  They found a bit of malware and claimed to have removed it.

The situation seemed much improved on my laptop, so I turned the network card back on.  I cautiously fired up the browser and tested a few sites.  Things looked normal, so I smugly declared victory and continued wasting time on the ‘net.

All was fine for about 30 minutes until I decided to check Google Analytics for Keacher.com.  I was a bit surprised by one of the popular search keywords, so I went to Google to check it out myself.  Sure enough, my blog popped up high on the results list, so I clicked it.

Then I freaked out.

Instead of displaying my friendly familiar blog, I was sent to some sort of ad-filled page on a different server.  I tried a few more searches and a few direct links, and the behavior was exactly the same as a compromised WordPress installation.  I cursed the misfortune of getting hit by spyware and a hacker on the same night and fired up a few shells into my server.

I went into damage control mode.  I shut down keacher.com, grabbed the latest from WordPress.org, and installed that in a new directory.  After scrubbing the database, I brought the site back up with the new installation (which did not have the old theme, since at the time I had to consider it potentially compromised).

After a bit of this, it dawned on my that keacher.com was not the only site behaving oddly.  Many sites started having strange ad-related redirections from Google’s search results.  Suspicious, I did a search for Apple.  When I clicked on the result for www.apple.com and saw an ad page, I knew I still had a local malware problem.

That set off about 10 hours of searching, scanning, registry analyzing, and deleting.  No matter what I did, I couldn’t figure out what pest still infected my computer, let alone remove it.  Eventually, I decided that it must be some type of particularly elusive rootkit and threw in the towel.  I went to a local computer store and bought a new hard drive, which I promptly installed in my laptop.

Many hours of software installation ensued.  Eventually, I was ready to transfer my documents from the old drive to the new drive.  I popped the old drive in my external USB to SATA adapter, mounted the drive, and casually began the copy.

“Access denied.”

What?  That couldn’t be right.  I knew that I was using Encrypted File System (EFS) on my old Windows installation, but I had taken pains to backup and import the certificate and key.  I thought it might have been some sort of file ownership or NTFS permissions problem, but no amount of fiddling made any difference.  I could access encrypted files modified before August 20, 2007, but nothing newer.  The reported certificate thumbprints for both the new and old files were the same, but for whatever reason, the newer files refused to be decrypted.

That was a huge problem for me.  While I have several independent backups, most of them use NTFS and would retain the original encryption.  Since I appeared to have saved the wrong encryption key, I would be unable to access any of the post-2007 files on any of those backups.  (I pulled out a couple of backup drives and confirmed that to be the case.)

The good news is that I had anticipated this possibility — out of fear that I would forget the passphrase for the encryption key — and had made a totally separate backup using a completely different encryption scheme.  I retrieved that drive from its off-site storage spot and confirmed that it was good, if a bit out of date.  The last update to it was over 6 months ago.

Unfortunately, that separate backup did not contain one of my prize data sets due to size constraints: my comprehensive photo archive, 550 GB in size, containing every frame I’ve shot since late 2003.  I have multiple copies of the so-called “selects” (the best shots from each shoot), but I had only one copy of the entire archive.  And it was encrypted with the mystery EFS key.

Even though I could not access any of the newer EFS data using the key I had previously exported, I could still access all of the data — new and old — from the old, infected Windows installation.  That realization set in motion intense efforts to successfully export the EFS key from the old installation in a way that would be usable on the new installation.  Each attempt required popping the cover on my laptop and switching the system drives, which was a huge pain.

I tried everything I could think of.  New exports, different methods of export, experiments with the command-line “cipher” tool, adding users to the new and old Windows installations,  creating new EFS certificates, creating new EFS keys, re-keying the encrypted files… I knew the key was in there somewhere, since clearly I could access the files in the old installation, but no matter what I did, the post-2007 files remained stubbornly unreadable in the new installation.

After over a day of screwing around with the encryption, I declared defeat on that too.  I put the old drive back in the laptop one last time, fired up the old Windows installation, hooked up the comprehensive-photo-archive backup drive to the USB to SATA bridge, and told the computer to start decrypting.  Including other files, 650 GB needed to be decrypted, and due to the nature of the setup, the system could manage only 3 MB per second (net).

For the next 60 hours, my computer did nothing but decrypt files.  Since I didn’t want to put the computer back on the net in a compromised state (remember, I had to be running the hacked installation in order to decrypt the files), I couldn’t really do much else with it.

I was sweating bullets the entire time.  Would the still-present rootkit kill my old copy of Windows?  Would the backup drive survive several days of continuous, heavy use?

Fortunately, the decryption proved both uneventful and successful.  When it had completed, I swapped boot drives on my laptop again and found that I was able to successfully read the newly decrypted data in the new Windows installation.

All told, the malware infection was a blessing in disguise.  It prompted me to discover that my backup solution was flawed.  Who would have thought that a “System Repair” type malware would actually be useful, albeit indirectly?

Had I suffered a catastrophic drive failure on my laptop where my system were left unbootable, I would have found out too late that my encryption keys were bad, and my data would have been permanently lost.  Instead, I was able to correct my backup strategy without losing any data.

It’s important to make backups.  It’s even more important to make sure that the backups are usable.

There I was, lying in bed in the middle of the night.  What time it was, I could not be sure.  But that didn’t stop me from trying to figure it out.

The most recent issue of Outside magazine has an interesting article about navigating using only the clues in one’s surroundings.  No maps, no compasses — certainly no GPS receivers.  Things like the sun, damp hills, and wave interference patterns served in their stead.

I’m pretty decent at dead reckoning for location, and I can almost always return to a spot if I’ve been there once.  That said, I always bring serious navigation equipment when I’m solo hiking in the wilderness: topo maps, a high-end hiking GPS, and a phone that will work in the area.  I like the romance of instinctive way-finding, but I like not getting lost, too.  And I really love maps.  Clocks, too.

I have no traditional clocks in my bedroom (my iPod Touch is my alarm), and I don’t wear my watch when I sleep, so I have no way of checking the time in the middle of the night without getting out of bed and stumbling to my desk.  Unfortunately, I sometimes wake up with an incredible urge to know how much longer I’ll be able to sleep.  With that knowledge acquired, I can fall back into bed and quickly doze off for a few more hours.  However, if I don’t get up and go look at my iPod or phone, I just lie in bed, unable to sleep, wondering what time it is.  Then a blog post results.

Anyhow, the Outside article got me thinking: would it be possible to use the clues from my nighttime environment to divine the time?

There isn’t much to go on.  The neighbors are pretty quiet.  It’s dark outside.  I can’t hear automobile traffic from my room, and the distant trains that I can hear don’t seem to obey any particular patterns of activity.  I can usually feel when my alarm is about to go off, but if that’s more than a few minutes away the usefulness plummets.

What I can hear are two cyclic appliances: the surprisingly noisy refrigerator compressor turning on and off, and the soothing expansion and contraction of the radiator as the system heats and coasts.  Thus, I can judge the relative passage of time, but absolute time remains elusive.

Surely there must be a way to figure out the time to within, say +/- 30 minutes without a clock on an overcast night.  But how?

April 23, 2018 – BOSTON – The Transportation Security Administration (TSA) today introduced the first deployment of through-body X-ray scanners at each of Logan International Airport’s security checkpoints.  The machines, which scan through the clothes and bodies of passengers, supplant the earlier backscatter imagers, which cannot penetrate the skin.

“There have been concerns for some time about the ability of terrorists to bring weapons and explosives through checkpoints by concealing them in body cavities,” said TSA spokesman Tom Parsons. “These scanners will allow us to significantly increase the safety of air travel.”

The machines operate much like medical diagnostic X-ray scanners.  Each passenger passes through an arched gateway, which has an X-ray source on one side and a detector on the other.  The X-rays pass through the passenger’s clothes and body, and any concealed items appear on a screen being watched by a TSA agent.  Much like the X-ray machines used to scan luggage, suspicious items are highlighted in color.

Though the technology has been available for many years, the recent push to deploy the scanners at airport security checkpoints was driven by a rash of suicide bombings in which the bombers concealed the explosives inside themselves.  In a failed attempt on a transcontinental flight last October, a terrorist was found to have an astonishing 5 kg of high explosives packed in her GI tract.

The through-body machines are not without controversy.  Harvard researcher Dr. Nestor Lokenbal notes that the X-rays emitted by the machines are ionizing radiation capable of causing DNA damage and cancer. “A single scan from one of these machines is equivalent to nearly three years of natural background radiation,” says Lokenbal, “which corresponds to an absolute lifetime cancer risk increase of about 0.1% per scan.”  He continued, “That might not sound like much, but the effect is additive, so for frequent fliers and pilots, the added hazard can be quite significant.”

The TSA’s Parsons dismisses the risk, noting that the machines have been tested by the TSA to be safe, even though precise information about their operation remains classified.  “We are confident that the flying public will accept through-body scans as necessary for flight safety, much as they did backscatter scanners in 2010 and the ban on laptop computers in 2015.”  As an alternative, passengers can opt out of the through-body X-ray and instead be subjected to a manual full body cavity search.

The American Civil Liberties Union announced it is suing to stop the use of the machines, citing fourth amendment concerns, among others.

I’m an idiot.  Or rather, I was.

Looking back about six months, I can’t help but notice how naive and wrong I was about so many things.  Jejune misstatements and patent falsehoods.  I shake my head at my former self.

And that’s a good thing.

I want always to be improving.  If I get to the point where I can evaluate myself from six months prior, and I don’t see any difference from my current self, then I have failed.

I set goals.  I achieve goals.  I learn new things.  I refine.  I filter.  I tweak.  I discard.  I collect.

Juggling: a goal from long ago, finally accomplished.

This is not some sort of desperate race to avoid some depression-driven self-reproach.  No, I think rather highly of myself.  My current self.  That old me?  Well, he was an idiot, but he’s gone now.

And in six months, I hope that my present-day me looks like an idiot, too.