27 Nov 2004
title: Great story
date: 2004-11-27 13:10:17
Great story:
I expected that the contractor would be waiting for me with the
cables finished when I got there. Nope. I found upon arrival that
the electrical contractor doing the installation was not the same
company that Iâd been working with before. THAT company was
a highly competent bunch, supplying trained workers capable of doing
any task in a heavy industrial environment. High voltage cables were
an everyday job for these folks. What was out there installing
cables was small-town electrical contractor, apparently some sort of
âbrother-in-lawâ deal having been made. And while
these guys might be fine installing the 277-volt feeders for a
Burger King restaurant, they were over their heads in dealing with
the 15,000-volt cable they were installing here.
Tags:
23 Nov 2004
Simon Fraser University:
The core environment in support of research computing comprises
currently of a 200 processor compute cluster and 140 TB storage
facility, which also functions as the central storage facility for
the Western Canada Research Grid.
and NEPTUNE Canada:
As a member of the NEPTUNE Canada DMAS development team, the
successful candidate will be responsible for the installation,
implementation, administration, management, maintenance and
ongoing support of all operating systems, communications systems
and applications systems including hardware, software as well as
networking components necessary to develop the NEPTUNE Data
Management and Archiving System.
Sigh...someday...
Tags:
career
21 Nov 2004
title: That's weird: MX vs A record
date: 2004-11-21 11:15:46
I run my own web and mail server:
thornhill.saintaardvarkthecarpeted.com. I host 6 or 7 domains right
now for friends and family. I'm on Shaw Cable, a big-ass ISP up here
in Canuckistan. Thornhill is listed as the MX for all the domains I
host.
I recently gave up the SOHO package, which for $120/month gave me TV,
internet access, the right to run servers and one (1) static IP
address. Now I'm a renegade, hiding from the law and running my
servers on addresses ladled out by DHCP. I run a client on Thornhill
to update EveryDNS.net's records. (Good folks, by the way, and
recommended.)
Today I tried SSHing to Thornhill, and it timed out. The websites were
working, and I could ping the rest of the Internet ("ping
255.255.255.255"), so WTF?. I ran host
thornhill.saintaardvarkthecarpeted.com
, and got its old static IP
address - the one that hasn't been in use since the end of October. I
tried querying my ISPs nameservers directly using dig
, and got the
same result: both kept listing the old, static IP address for
thornhill, but the correct address for
www.saintaardvarkthecarpeted.com. Meanwhile, querying EveryDNS'
nameservers, or any other nameservers I could think of, gave the
correct, current, dynamic address. I queried many times but kept
getting the same result.
No wonder mail seemed a little thin: no one on Shaw would be able to
send us mail, and anything we sent to each other would also get lost,
too (since we're both still using our ISP's mail server...still trying
to get exim to work for me on Rearden, the new firewall box).
I thought about it, and decided it was worth trying to add another
MX
record. I added saintaardvarkthecarpeted.com
, which has its own
A
record, and set the score/cost/preference to one less than
Thornhill's. I figured that maybe Shaw's nameservers would at least
check the MX
when trying to bounce mail, or run the queue again, and
see the updated record. I checked again with dig
to make sure that
Shaw's nameservers still had the correct IP address for
saintaardvarkthecarpeted.com
(yep), and again to see if it'd changed
its mine about Thornhill (nope). Then I asked what they thought about
MX
records. Sure enough, two were listed.
Just for fun, I tried querying again about Thornhill's IP address, and
fuck me if it hadn't suddenly changed to the new, dynamic, correct
one! And not only that, but five minutes later all sorts of email from
folks on Shaw started coming in.
Well, that was one nameserver down -- what about the other one? I
queried it for Thornhill's IP, and it was the old one. I queried for
the MX
records -- both were listed. I repeated the query for
Thornhill's IP, and bam -- just like that, it had been suddenly
updated to the correct IP.
That's where things ended last night; my wife and I watched Coffee
and Cigarettes (Bill Murray! Iggy and Tom!). But I set up a cron
job to keep querying the nameservers about Thornhill's IP address. And
you know what? 6AM it was fine. 7AM it was fine. But at 8AM I saw the
same behaviour: get Thornhill's old IP address, query MX
, get
Thornhill's new IP address.
'Sfucked up, mang. The only thing I can think of is that maybe there's
a crapload of DNS servers behind load-balancing, and I'm getting
different ones at different times.
Tags:
14 Nov 2004
Here's a few more details on the problem with the new Shuttle. First,
the card is a DLink DFE-530TX; the Shuttle is an SK43G. If the DLink
is connected to my internal network switch, and from there to the
gateway box, this sequence will make it freeze:
- ifconfig eth1 192.168.0.1
- route add default gw 192.168.0.254
- ssh 192.168.23.254
Interestingly, if the network cable is unplugged, the problem doesn't
show up...so it appears there's something about the response to the
three-way handshake is what's causing the problems.
I managed to find some reports of wireless cards locking up
hard with the VIA KM400 chipset, including cards from DLink. I tried
setting all the IRQs to "Reserved" in the BIOS, and that didn't work;
however, the card was grabbing IRQ 17, and the BIOS wouldn't let me
reserve that one. I also tried upgrading the BIOS, and that didn't
work either.
I'd love to pursue it further, but it's now officially the new
webserver; I wanted to get it installed while I had a day to fool
around with it and get everything working. So far there don't appear
to be any problems.
And now, of course, I've got what used to be Thornhill as my desktop
machine: P3 500MHz, 640Mb, and a new 160GB Seagate Barracuda. Once
again, I'm going with Debian, God's own distro. Still gotta come up
with a name for it.
I'm currently trying out KDE and Konqueror -- usually I use IceWM and
Firefox, but I thought I'd give something fancier a try now that I've
got a slightly hibbier machine. It's not bad so far, although having
to set up all the keyboard shortcuts that come with Ice is a little
annoying. We'll see how long it lasts.
Tags:
hardware
11 Nov 2004
SK43G, Sempron 2200. eth0: Via Rhine driver -- DLink 350TX? I'll have
to look it up. eth1: RealTek 8139 onboard. ifconfig eth0 192.168.0.1
netmask 255.255.255.0 route add default gw 192.168.0.254 (log in as
self) ssh 192.168.0.254 BAM -- freezes hard, and even the Magic SysRq
key does nothing.
Reboot... ifconfig eth1 192.168.0.1 netmask
255.255.255.0 route add default gw 192.168.0.254 (log in as self) ssh
192.168.0.254 Password: BAM! (the good BAM, this time)
Yay! No BIOS
upgrade required maybe! (UPDATE: Spelled out which one was eth1 [the
onboard Realtek]. What a maroon!)
Tags:
hardware
09 Nov 2004
The sumbitches are at it agin', mother. Comment spam is infecting both
my blog and my wife's. So far a relatively small number of
keywords -- poker, Texas, debt -- is sufficient to keep 'em away from
where Google can see 'em. Well, that and OCD-like running of SELECT
statements in MySQL. But the fuckers are gonna be the death of me, or
at least blog comments. Although maybe some sort of SURBL plugin
for URLs in the post...that'd be cool. Someone must have something
like that already.
Not that I notice a whole lot of comments, anyhow, at least away
from the Slashdot side of things...although I do notice that
I've made it onto somebody's blogroll. How'd that happen?
In other news: I finally decided what to do about new computers: buy a
new Shuttle Sk43G, Sempron processor, and make that my web server;
then, make my current webserver (older Compaq P3-500 desktop machine)
my desktop and firewall: lots of room for ethernet cards, tape drives
and whatnot.
I agree, it's a little silly that the more powerful box becomes the
horribly underutilized server, but such is life. If there was a
comparably cheap shuttle that came with two onboard ethernet
interfaces, I'd be buying that instead.
So dive right in, right? I got the new box home last night, assembled
it and booted w/o problems. It took little effort to move the hard
drive from the web server and put it in the new, tiny box; sure, I had
to recompile the kernel (8 minutes! eat that, P90!) to get the right
drivers in, but nothing big. Until, that is, it froze. Hard. And only
a few minutes after booting. If I ran top and set it to update
continuously, I could get to freeze within seconds.
Some fiddling with Grub (boot loader of the GODS, man) showed that the
problem seemed to go away if I went with the original Slackware stock
2.4.20 kernel instead of the 2.6.7 kernel I'd last compiled. (I'm a
packrat, and that includes keeping every kernel compiled on this
damned thing, Just In Case, because You Never Know.) We've got one of
these boxes at work with an Athlon XP and it works fine; admittedly,
it's not doing much, but neither is my web server. (Ba-zing!)
God only knows what's going on there, but it didn't last: I left it on
overnight to see if it'd keep going, and sure enough it froze again
around 10pm. I put the HD back in the P3 and left it. I'm going to see
Wilco tonight (Whoo! WilCO! WHOO!), so this'll take a back seat to
some serious RAWK. Except I'll probably be speculating about crappy
memory or badly applied heatsink paste the whole time. No. No, I
won't. It's Wilco.
Actually, I'm thinking I may have to upgrade the BIOS in order to get
it to work properly with the Sempron; originally it was detected as a
900MHz Athlon, and I had to tweak the bus speed and whatnot to get it
to run at 1.5GHz. (Interestingly, this seemed to have no effect
whatsoever on how quickly it would crash, compared to the difference
the different kernel version made.) (God, that's an awful
sentence. I'm sorry, everyone.)
Anyhow, there's probably lots wrong with the settings; I never really
wanted to learn about memory spacings and CPU voltages and I don't
know what-all.
In other other news, I mentioned that I moved last week, but I
didn't mention that I came back to two, count 'em TWO dead
computers. (Before you ask: Support contracts are for the weak, and I
suspect I'm about to get very weak.) One was a Linux box whose hard
drive gave up the ghost. Stupid IDE hard drives in a dusty, hot
environment anyway! But the other was was an old Duron whose
motherboard's capacitors yearned to be one with the cosmos (ie, they
blew up real good). That was running Windows, so the whole
let's-just-throw-the-hard-drive-into-another-box-and-see-if-it-boots
thing was good for a very, very bitter laugh but little else.
Instead, I reinstalled not only Windows but Cygwin, too. That proved
to be harder; we use Cygwin to compile very particular things that
depend on version 2.2 of Python. Version 2.3 makes things cry. And no
matter how much you tell the Cygwin installer that you don't want to
upgrade Python, it goes ahead and does so anyway like some hyperactive
sugar-fueled kid who's certain he knows how to fix things.
After far too much experimentation, I did what I should have done in
the first place: I found an old archive of Cygwin, with the right
version of Python, and I mirrored it. One gigantic, nine-hour long
sucking sound later, and I had a local copy to point the Cygwin
installer at. Thank god.
Finally, just got in the first 19" LCD monitor at work. This was, of
course, two weeks after assuring someone that they were too expensive
to get past the boss. My bad. I'm going to get a lot of mean looks, I
think. But then, if I was a people person, why would I have become a
sysadmin?
Recommendation of the Day: Vicious Battle Rap, by DJ Format and
Abdominal. Bow down, baby.
Tags:
spam
hardware
09 Nov 2004
title: Who really won?
date: 2004-11-09 18:37:43
This made me laugh.
Tags:
09 Nov 2004
title: TODO: Utilize Port 43
date: 2004-11-09 14:56:46
I want my own WHOIS server! Completely made up stuff, of course, and
back to its original purpose of white pages for th'Internet. Something
like:
$ whois liddy
LIDDY: Dark God Of This Universe. The Black Goat
of the Woods with a Thousand Young. Your ass is grass, and He is the
fertilizer.
$ whois Tom Petty
TOM PETTY: Evil underling of Liddy, and His adopted son.
etc...Listen on port 43 and away you go. How cool would that be?
Generate random responses (output of babble, perhaps?) to
queries.
TODO: Find a Free WHOIS server post-haste.
Tags:
07 Nov 2004
I decided this week to get Amanda working properly at home. I've got
an old DDS3 tapedrive in Francisco, my FreeBSD firewall box, but all
I've been doing so far is tarring to it once a week.
Setting up Amanda wasn't much of a problem, but I kept getting short
write errors -- the damn thing was giving up and saying the tape was
full after only about 3GB. I decided to run amtapetype, which takes
about two hours per run with my hardware, in order to figure out
exactly how much space I had. The first time, it said 2GB. WTF? The
second time, the drive crapped out with errors about how a power reset
had been detected. I decided to shut down Francisco and reseat the
cables just in case. No problem, right?
Wrong! When I brought up Francisco again, it refused to boot -- lots
of scary errors about how the hard drive couldn't be read, or found,
and maybe the LIES about having a hard drive present should just stop
now, huh? Francisco is old: it's an old P90 scrounged from an old job,
stuck in this black case with non-working LEDs and a Punisher logo
someone poked out in toothpick-sized holes on the front. No cooling
fan, four ISA slots and three PCI, and I had to jiggle the BIOS so
that it would boot from a 100MB partition at the beginning of an 80GB
hard drive. Seems like as good a time as any to simply replace the
damned thing...
...but first, a firewall. I tried booting it from an old laptop hard
drive I had around, but that didn't work. I tried getting it to boot
from a Slackware Live cd, but the whole concept of booting from a CD
just made Francisco huddle in the corner in the fetal
position.
Nothing else for it: it was time to do The Bad Thing. I grabbed one of
the ethernet cards from Francisco, shut down Thornhill (P3, 500MHz,
web and DNS server, Slackware and 2.6.7 kernel) and threw it in. A
quick module recompile for tulip^Wvia-rhine and that was up; some
judicious editing of the firewall set it up for NAT. Ph35r m3!
(Side note: Man, it's been far too long since I set up NAT on Linux; I
still don't really understand what I've done. I've worked with FreeBSD
for firewalls almost exclusively over the last four years, and I have
some serious catching up to do.)
So now the question is: what do I do to replace Francisco? I know,
finding a Pentium similar to Francisco is not that hard at all. But
dammit, I'm tired of big, noisy boxes that are just waiting to die. I
want something small, quiet, and reasonably new; I don't want to be
fiddling with it, or worrying about it running out of memory (I tend
to run far too much on a firewall, and 92MB of RAM just aggravates the
problem).
It's complicated a bit by the recent heat-death of Hardesty, a 300MHz
Celeron that had, 'til recently, been my desktop machine. I'd been
hoping to replace or upgrade that, too; I've gotten quite used to a
fast processor and lots of memory at work, and 15 seconds to render
Slashdot's front page seems less like acceptable and more like a sign
that civilization is in decline.
So...one option is a VIA Epia Cl6000. Dual ethernet, fanless
goodness. That, and a case -- unless I decide to build my own Bubba
can computer -- and some memory, and maybe a hard drive or maybe
PXE booting. Whee! That'd make a pretty decent firewall and
fileserver, no question.
But another option would be to let Thornhill keep doing the firewall
thing, even though it's a webserver and should, like, rilly be
outside the firewall, or at least in a DMZ. I could do something
really funky like run Apache inside User-Mode Linux. Or maybe my own
stuff, although I'm sure X would be a bear to get working.
A third option would be to keep using Francisco, but w/o a hard drive:
let it PXE boot and do all the firewall stuff that way, totally
stateless (well, hard drive-less). That could be interesting: almost
no moving parts at that point. That would let me get a Mini-ITX
something-or-other to use as a desktop machine. They're not the most
powerful processors around, but when you can compile a kernel in 6
minutes, who the hell cares? Or maybe a Shuttle, so I could keep
using my video card. Hm...
Well, enough of that for now; my cat needs chasing. And anyhow, King
of the Hill season premiere tonight! @Woo!
Tags:
freebsd
linux
hardware
05 Nov 2004
title: Not nearly paranoid enough
date: 2004-11-05 12:35:47
While looking for an article on Windows XP's SP2 firewall doohickie, I
came across this article. Check out these gems:
When you check Donât allow exceptions, XP won't accept
incoming connections for network services that appear on the
exceptions list. This feature is handy when you suspect your machine
is the target of malicious activity, as well as when youâre
connected to the Internet using a public, possibly unsecure,
connection.
When you suspect your machine is the target of malicious activity, as
well as when you're connected to the Internet using a public, possibly
unsecure, connection. Holy crap, did I miss the return of 1986 or
something? It gets better:
This mode also is useful when a Trojan or worm attempts to propagate
across a network. If detected early, you might be able to prevent a
machine from becoming infected by disabling access to local shared
resources and services. When the threat has passed, you permit XP to
accept incoming requests for applications on the Exception list by
clearing the Donât allow exceptions check box.
Believe it or not, I'm speechless. Yep. Out of speech. No speech for
me, thanks -- I'm full.
Tags:
28 Oct 2004
title: Stupid, stupid Purolator
date: 2004-10-28 08:46:01
Want to track a Purolator shipment? Getting that stupid error message
about how you can only use Internet Explorer?
Fuck that noise! Put this bookmark into Mozilla or Firefox:
http://shipnow.purolator.com/shiponline/track/moredetailsFramesetWeb.asp?pin=%s
Edit the properties of the bookmark so that the keyword is something
like "purolator". Then, when you get a shipment ID -- ABC123, for
example -- just type purolator ABC123
into your location
bar.
Stupid, stupid IE only sites.
Tags:
23 Oct 2004
title: Hash ne mix pas avec Cygwin
date: 2004-10-23 19:55:06
Top Tip #1: You can set up SSH under Cygwin so that you can SSH into
your W2K box and make it useful. But when you want to allow people
with domain accounts to do this, you need to add the appropriate
entries yourself into /etc/passwd
. Here's how to do it:
mkpasswd -d | perl -ne'@line = split /:/, $_; @line[3]=545; print join ":", @line;" >> /etc/passwd
As part of a much larger problem, I had to get one of these
SSH-enabled 2K machines to rejoin its domain. The SID had changed, so
that meant I had to recreate the password file entries. Not being one
to dive in where a more careful approach might do just as much harm, I
ran the line above with a subtle variation:
mkpasswd -d -u foo| perl -ne'@line = split /:/, $_; @line[3]=545; print join ":", @line;" >> /etc/passwd
This got the info for my account alone. I then commented
out the original entry for foo with a hash, then tried SSHing in:
ssh bar -l foo Password: //bar/foo: Permission denied
WTF?
I uncommented the old entry and tried again. This time it worked:
mounting my home directory worked a treat. This was not good. Going
back to the old domain was not the best of options -- certainly not
one that could last very long -- and this was supposed to be a
routine prisoner transfer anyway. What the hell was going on?
I tried rebooting. I tried rejoining the new domain again. I tried
restarting the SSH service. I tried tweaking the SIDs for the
Administrator and ssh privilege-separation entries in the password
file. No luck. I got desperate enough to turn on Samba debugging, and
that gave me a clue about what might be happening.
I compared the output in Samba's logfiles for two machines: the one I
was migrating and another that still worked. When it came time to try
and mount my home directory on the machine, the working one was trying
it using my credentials, and the non-working one was trying it using
the credentials of the guest account. Since we don't allow guest
access to home shares, this was a problem. But why the hell was the
machine losing my identity along the way?
I decided, for no good reason at all, to see if I could mount my home
directory by hand using Windows' net use
command. I went up to the /
directory and thought about typing:
net use /user:domainfoo foo
which wouldn't have worked anyway, but I was (as mentioned)
desperate. I decided to see what was there, first, and where in God's
name I might actually mount this thing. And I saw it:
# ls -l /
drwx------ 16 #foo Users 544 8 Oct 14:15 bar
I'm sorry, who owns that directory?
I deleted the line in /etc/passwd
that began with "#foo", and tried
SSHing in again:
ssh bar -l foo Password: Success! You are logged into this server!
...which I'd never been happier to see.
So as far as I can tell: Top Tip #2: Using a hash to comment out a
line in /etc/passwd
in Cygwin doesn't really work. Thank you, and
good night.
On a lighter note, this post was originally written outside Waterfront
Theatre in Vancouver's beautiful faux marketplace, Granville Island
Public Market ("GIPM: Authentic(tm), but still with parking!") while
waiting to see Neal Stephenson, along with two other writers who
I'm sure deserve more from me than being lumped in with the rest of
the non-Stephenson world. I could not get wireless access at GIPM on
this iMac. There is no justice in this world. But at least I was first
in line.
Tags:
22 Oct 2004
title: One wire == One wire. More than one wire == rat's nest.
date: 2004-10-22 06:09:00
Q: Why did the Romans lose their empire?
A: Poor cable management.
I swear to God, if I get an ulcer and heliobacteria are not
responsible, it'll be from cable management. All this week I've been
trying to install a new managed switch so that we can keep test
equipment from, say, making FreeBSD cry by claiming the broadcast MAC
address as their own (whee!). And all this week the job has been
utter, thieving hell.
It's a lab, of course, so that means test equipment and its attendant
cables: USB, power, network, RS-232, phone (two kinds), RF, and
telegraph (I swear I've found the last gutta-percha telegraph line in
existance). They have mated and nested and raised more cables and set
them free to find their own fortune. It's a mess of Darwinian
proportions.
Slowly, very slowly, I've been separating them and attempting to
organize them. It's difficult, but I have many sins to atone
for. Finally, I'd reached the point today where I could consider
hooking up test equipment to the managed switch: separate VLAN,
traffic logging, port mirroring in case of trouble...oh, it was gonna
be sweet. And then my cables didn't work.
I'd crimped five 18-foot cables, tested them with the brand-new cable
tester, then carefully stepped behind the rack, threaded them
underneath, across a floor, up a table leg, then through a channel
underneath the table using old telephone cables tied together in a
double sheet bend that I'd carefully practiced following instructions
brought to me via Google. I'd poked 'em through holes in the table,
brought up the port in the switch, then plugged 'em in only to find
that they didn't fucking work.
I checked the ports again: good. I checked 'em with the cable tester,
putting the detachable bit at one end and running to the other end to
press "AutoTest": good. I checked 'em with the iBook: bad. Tried 'em
again on the workstations: bad. I tried another cable, purchased long
ago, in the same ports that were giving me trouble now: good, and the
iBook began again to work.
I got mad. I unthreaded the cables from the table and table leg,
unhooked 'em from the switch, then ran to my desk. I loaded up the web
page of one of our many suppliers, and searched for "Ethernet Cables",
"10baseT", "Category 5", "Network Cables", "Wires", "Network",
"Ethernet", then found them by browsing to "Computers : Accessories :
Connections : Switch/Hub : Wired : Misc : Uncategorized". I shook the
cables angrily at the screen, shouting, "Do you see how much those
cables cost? It's still worth it to me, you worthless pieces of
shit!" Then I saw that they were selling 10 15-foot cables for
$22.95. Then I ordered 5 packs.
It's said about Linux and circumcisions, but it's really true about
network cables: crimping them yourself only saves you money if your
time is worth nothing.
Tags:
17 Oct 2004
title: Now that's what I call quite good!
date: 2004-10-17 21:30:32
Just going over the alerts from ACID and Snort tonight while listening
to The Housemartins, which really is the perfect accompaniment
(sp?). Sure, I could have a life, but what fun would that be to write
about?
Interesting to see how many things Snort twigs on, like all the
stop-doing-that ICMP messages that come back at 3 in the
morning. After a bit of digging, I noticed that they were almost all
triggered by an initial UDP packet to port 53 of some host -- which in
turn is caused by the web stats program trying to figure out what
country everyone's coming from. Not sure if Webalizer (which rox, btw)
is being too aggressive in its timing or what; I've got it set up to
do 35 concurrent queries, which now that I think of it could probably
be scaled back a bit...what else has my server got to do at 3am?
Next step is to try and come up with a rule to catch WordPress comment
spam; my wife's blog has been hit by gambling site spammers a
couple times already this month. The pattern may allow me to watch for
it -- a quick POST, followed by a GET two to three seconds later, with
the User Agent set to look like IE 4.0 on Windows 98 -- but the
question is how to get Snort to watch for a two-part signature like
that.
Actually, the real question is how to build automatic weapons fire
into Snort's flexible response options, but that's another point.
Mmm, The Housemartins. I'd forgotten how good they were. Drop down,
baby, drop down dead tonight...
Tags:
11 Oct 2004
title: No cascading netgroups please
date: 2004-10-11 13:56:00
Top Tip: Red Hat and NIS groups
A while back, we ran into problems with netgroups and FreeBSD. I've
lost the links, but it turns out that NIS groups can be a total of
1024 characters, not including whitespace. Lemme tell you, it doesn't
take many entries like: (foo.example.com,,)
to fill up that limit,
and it's pretty stupid.
The solution, such as it is, is to create container netgroups like
this: master.netgroup @subgroup1, @subgroup2 @subgroup1
(foo.example.com,,) ...
It's a crock, but at least it's a solution
for FreeBSD.
Well, last week it caused problems. We've got a RedHat machine, and
guess what? Yep, doesn't recursively expand the netgroups: if you tell
it to export to master.netgroup, it'll say it's doing it, but won't
actually do it. It'll happily export to subgroup1 if you list them
explicitly; it will not expand master.netgroup into subgroup1 and
subgroup2.
Bollocks. Bollocks, I say.
Tags:
10 Oct 2004
title: bcwireless.net
date: 2004-10-10 19:34:11
I've been meaning to do some reading at bcwireless.net for a
while now; instead of packing for the move, I'm reading up at last.
It seems pretty damned cool, especially the idea of links between
different free wireless networks. For some reason, the idea of
rebuilding FIDOnet or the Internet just seems really cool to me.
I'm going to be moving downtown in a few weeks. I've got a wireless
access point I inherited from a friend of mine; I think I'll point it
out the window and join the network once we're settled in.
On another note, I finally got Snort and ACID set up on my
web server. It's interesting to see what it catches, like formmail
access and special CyberKit pings and whatnot. Nothing drop-dead scary
yet, which is good.
Tags:
07 Oct 2004
title: Oh my
date: 2004-10-07 19:51:01
It's Udo. He's got The Groove Cave and a Boney M
page. Be sure to check out his room. Oh yes.
Tags:
06 Oct 2004
Network problems again last week. Cheap switches will be the death of
me, I swear, unless cable management gets me first. (Actually, it was
both this time...cable looped back on itself + cheap switch == lots of
embarassing explanations.)
But there are bright spots in this morass -- 48 of them, to be
precise, in the form of 2 x HP 2626 Procurve Managed Switches. SSH
login, VLANs up the wazoo, and much muchness. The only thing I'm not
sure about is whether or not it does port mirroring (which I can live
without, but it'd be nice). (UPDATE: Yes it does. Weeoo!) If these
work out, then I think it'll be 2 x 2650s to replace the DLink
unmanaged ones that keep crashing. The Ciscos seem nice and all, but
the cost...oh my. And the respondents to the recent Ask Slashdot
seemed to like HP a lot. Plus, we used to use 'em at my old job, and
everyone was pretty happy. We'll see how it goes.
Just bought Neal Stephenson's The System Of The World at Big Hair
Bookstore. Twenty-two pages and I love it already. God, the man
can write.
Tags:
hardware
books
03 Oct 2004
So as of November, we've got a new place to live now, right in
downtown Vancouver. It's back in the West End; I lived there for seven
years, and with my (now) wife for two of those. We moved out to the
sticks for cheaper rent and a bigger place, but realized we missed
downtown: most of our friends are here, and there was really nothing
much where we were living. It was (is) a nice place, but a bit of a
black hole as far as things to do go.
We were lucky, and found a nice place; the building manager took a
shine to us, I guess, and offered us the place as we were looking at
it. It costs more but it's about the same size as our current place,
and we're happy to be moving back.
'Course, this does bring up the question of Internet access. I'm
hosting five websites on Thornhill, the Linux server, and doing DNS
for another domain that belongs to a friend of mine. My ISP is
not the greatest value; a static IP is currently costing me an extra
$80 per month (and the TOS still prohibit servers, although they've
yet to enforce it), and I just can't justify that with the extra rent
we'll be paying. That means going to DHCP, dynamic DNS, and I don't
know what-all.
There are other options, of course. Shaw is the local cable company,
and I could always go to ADSL. God knows there's lots of choices
there; I used to work for one of them. However, my experience
there has made me extremely wary of ADSL in Vancouver.
We resold ADSL service from a company that I don't want to name; let's
just say that if you think of the c in E=mc2, you'll think of their
name. When we started I was quite impressed: static IP address
(usually a 10.something, but public ones were available if you asked)
and servers were okay. But then it turned into this absolute
nightmare:
It turned out that they weren't the main movers and shakers for
the service. We knew they resold to other companies -- they made no
secret of that -- so our assumption (because we were too stupid to
ask, that's why) was that they controlled the equipment. But they
didn't. How did we find that out? Follow the bouncing ball:
They originally set up 3Com modems so that they could query them via
SNMP for traffic stats, because their business model involved giving
away a small amount of bandwidth suitable for most people if you
didn't include file-sharing, then banging the people who overshot
at $20/GB (at least, that was what we charged).
Only the 3Coms didn't work as well as planned, and anyway were in
the customer's hands so you couldn't really trust them anyhow. So
they went to MAC address-based traffic counting. Free bonus: MAC
address-based filtering, too -- you had to have a MAC address the
router knew about, or you couldn't get out of their private
network. Only that bit they didn't tell us about. Yep, they didn't
say a thing.
We found this out because we had people who suddenly couldn't
connect. With much prodding we could get the people we knew to try
and fix things. Usually, it wouldn't last too long, and we were back
to square one. Connectivity was utterly erratic; sometimes it
worked, sometimes it didn't, and there wasn't a blessed thing we
could do about it except plead with our upstream folks for help. Of
course, we were doing all this while pretending to the customer that
we had our hands directly on all the misbehaving equipment. This
was when we began to suspect that we were in the same naive position
as our customers.
Eventually, we discovered that was, in fact, the case. Every time we
called up to beg and plead, we were one of a half-dozen ISPs. And
then they would have to go beg and plead for help on our behalf to
their shadowy masters. Unless it was after 5pm, of course, which
turned out to be quitting time when you're a shadowymaster. Whee!
We found out that we were supposed to be able to add MAC addresses
via a web app (IE only, of course, just to make things even more
fun), and then those MAC addresses would be allowed out. This did
not work. More prodding told us that they were working on it, and it
would work Real Soon Now.
With even more prodding it came out that the reason this was all
happening was because there were problems with the database that
held the MAC addresses of the customers. When the database had
problems, the routers defaulted to DENY rather than the perhaps more
sensible option of just letting the fucking packet through, we'll
fix it later.
Then we found out the database was MS-SQL, and wondered if that
might be part of the problem too.
Then Blaster hit.
Then many, many months later, we started getting bills, which had
not been coming in all this time, from our upstream people. This
wasn't just for service for x customers over y months, of
course; no, that would be too simple. Instead, this was bandwidth
for x customers over y months, including the people who turned
on Kazaa then went on vacation for a week. Records were either non-
existent or untrustworthy, and neither we nor the customers'd had a
way of checking their usage. (That too was coming Real Soon Now.) Of
course we had to get some money from the customers -- at $20/GB,
remember, and some people were 100 GB over their limit. You try
talking to a customer who's just got a bill for $2000 for usage over
the last n months, when they were expecting $39.95 plus tax.
Christ almighty, it was such a giant clusterfuck. I began to sing
between support calls, to the tune of "Jimmy Crack Corn":
A customer called in to 'fess Our techn'cal service was the best So why was he in such distress? The database dropped his MAC address. Sing it! DSL's down, and I don't care DSL's down, and I don't care DSL's down, and I don't care -- It's Lightspeed's fault again!
Eventually it did begin to work, and from what I understand it does
quite well today. But still...shudder. Never again.
They resold their services to a bunch of different local ISPs, most of
which I recognised (can't remember who they are now, worse luck), that
I'm deathly afraid of getting stuck in the giant sucking wound that is
Lightspeed Internet.
There's Telus, of course, but they're liable to be even worse; they've
been going through hellacious layoffs in the last year, and horror
stories abound about the wretched customer service these days. In
fact, they're even being investigated by the CRTC because of the
number of complaints. Besides, Telus' service was spotty to begin
with; their DHCP servers would go down frequently, and take people's
connection with it. (Ha. It got to the point where the only selling
point I could repeat in good conscience was the fact that our tech
support people were easier to reach than Telus'.)
So...unless I can find an ISP with a penchant for handing out cheap
static IP addresses and being generous with traffic, I'll do dynamic
DNS. Some day I'll colocate, or get a virtual server. Until then, I'll
settle for cheap.
Tags:
27 Sep 2004
title: Worst. Title. Ever.
date: 2004-09-27 09:02:55
Good idea:
The sad thing I've noticed is that some people new to the world of
lawyer blogging have never heard of blogs like
BeSpacific.com. Instead, their news aggregators may be filled with
new blogs, which is not a bad thing in itself, but lack blogs that I
consider to be bedrock legal blogs. That bothers me. Maybe it shows
that I'm getting older. But Bob is on to something important. So,
I'm announcing a new feature of this blog where I'll highlight the
core legal blogs that meet my definition of excellence.
Terrible title:
I'm tentatively calling this feature "Essential Blawgs."
My advice: stay away from the fish.
Tags: