starting-blast landlocked

Category: tech stuff

Once more with feeling: Default passwords are bad. Not kidding.

If you’ve been reading this thing for any amount of time, you’ll probably notice I tend to come up with all manner of very strongly worded opinions. Particularly in the neighbourhood of geek things. Like, for instance, when it comes to folks who set up a piece of hardware–like, say, a router, or a server–and decide to leave the default password in place. So your state-of-the-art Lynksys router, which you’ve had for all of 24 hours, has become a hot spot for the local script kiddy and the mass amount of software he’s employing even as I’m writing this so he can expand his porn collection–and all because, well, you didn’t follow the first rule of basic security. Change the goddamn password. That goes double if you run a website for a school district, and its default login credentials are, uh, well, only slightly above no login credentials at all.

A Texas school district is learning the hard way about website security basics. If you’d like to keep your site from being compromised, the very least you can do is reset the default login. According to a post at Hackforums, the Round Rock Independent School District of Austin, TX was using the following name and password for its admin account. (h/t to Techdirt reader Vidiot)

hacked – idiots used default login/pass

u; admin
p; admin1

Needless to say I’m not exactly world’s most qualified hacker, and if it were me on the delivering end of all of that, I figure it’d take me about a minute to gain access. Provided I was 1: doing it manually and 2: not trying very hard. I’m going to go out on a bit of a limb, here, and disprove the theory that you get what you paid for. Whatever the school district paid the folks what set up and apparently didn’t maintain the website, I’m making the offfer right here–not, you know, that I figure it’ll go anywhere, but hey. Take the amount that supposed third-party company brought in. Divide it by 2. Now, write me a check for that amount. Stick it in the mail. Upon receipt, I’ll hand you a website infinitely more secure/stable than that hot mess. No? Well, I tried. In the meantime, for the love of all things holely somebody please provide SharpSchool with a better selection of passwords. Because clearly, they’ve got approximately nothing.

System administration. Because the vodka industry needs some love, too.

Warning: the below post is probably long, and definitely geeky. You’ve been warned.

I’ve had this blog and several others hosted on a server I run and pay for since around the neighbourhood of 2010 or 2011. Naturally, this means I go beyond the whole finding random things to post about idea and dip into the territory of the sysadmin. Awesome, insofar as experience goes–not, mind, that said experience gets me any closer to being employed, but you’ll have that. But the more I play around with it, the more I think it gets me ready/comfortable with the idea of actually doing something like this and getting paid for it. Besides, I like a challenge.

So I’ve been running this particular server since August of 2012, or thereabouts. And in that time, yeah there’s been just a tiny little bit of broken here and there. But I usually had some warning or could guess that, hey, what I’m about to do will very likely end in spectacular fashion with me spending the next week and a half picking the pieces off my floor. This time, not so very much.

I maintain a small platform where I can stick random bits of info, like documentation for things I’ve figured out about otherwise less than stellarly documented programs. Or, you know, random things that just might turn out to be useful to me a year and a half later. That platform is powered by MediaWiki, who’s probably best known for being the thing used by Wikipedia. So you know, it’s been poked at, prodded at, tested the hell out of, and generally considered stable enough. Well, that or Wikipedia is partially owned by MediaWiki, but hey whichever. So I figure, why not? It’s scaleable, so my small little documentation platform oughta be no sweat. Which is largely true, until it breaks.

I’d never actually bothered digging into the code, if I’m being honest. I figure eventually I’ll get to it, then things happen, and it doesn’t really get gotten to. You know the deal. Fixing the broken, though, necessitated a quick little dig through the surface layer of code. The bright side: now I know why it’s relatively light on database usage. Can I trade, now?

Here’s a little bit of a primer, if you’re one of those folks who’re on the border of techy but not quite ready to slide across it yet. Most software, like wordPress for instance, pretty much leans on whatever database you’ve set up for it. Everything hits the database, no questions asked. Unless you run some kind of a caching plugin (I do), even the basic trying to access the website hits the database. Database goes down, site goes down. MediaWiki does that, to a point, but there are enough layers between the database and you that it’s not entirely obvious. One of those layers is the extensive use of regular expressions for damn near everything. Almost nothing in the software is actually pulled from the database after, perhaps, the first initial load. Exceptions might be made for things like menus, but that might also be stored in the code itself somewhere and I just haven’t bothered finding it yet. But everything else, like for instance the actual page content? Cached somewhere on disk, then hit with a regular expression. Awesome, in theory. Works perfectly, again also in theory. Until theory goes out the window and they release a server software update that pretty much breaks the place. I applied that server update. Had no idea anything was broken–because barely anyone uses what I’ve set MediaWiki up for, and nothing else went sideways. So all was right in the world. Until my documentation actually needed to be flexed.

In fixing the broken, I learned exactly two things, real quick. Thing the first: Even on non-Windows systems, updates still break pretty–I knew that already, but it’s occasionally nice to have that confirmed once in a while. Especially when you know a few people who’ll gladly insist they’ve never had an update problem with $OtherSystem like they’ve always had with Windows. And thing the second: If you release an update to a pretty significant piece of software that breaks compatibility in new, interesting and creative ways, and pretty much no one sees it coming, you’re doing it wrong.

Let the record reflect I still love the sysadmin gig. Let the record also reflect I’d still love to be paid for the sysadmin gig. But I’m kind of wondering now how many paid sysadmins are sitting in an office wishing they could fire themselves a developer. Other people’s broken is never a fun thing to come home to. Now, I speak from experience.

The only Heartbleed left now is the NSA.

So pretty much everything exploded this week. If you were paying attention, you were probably warned not to go near things like your online banking site, or pretty damn near anything that advertises itself as having a secure connection. This is because of a pretty lethal bug in the software that provides that secure connection, in several cases, that pretty well rendered your secure connection worse than no security at all. There’s a pretty nice, if a little technical, explanation for it written up by the guys I’m paying for the use of this server, but the cliff notes version is the hole’s a few years old, and can provide someone who knows what they’re doing with access to pretty much any information stored in the memory of a server with the buggy software. So if someone knew how to take advantage of that security hole, they could potentially have access to usernames, passwords, creditcard numbers–basicly anything that happened to be in that server’s memory at the time.

There’s an updated version of that software in the wild now that plugs this security hole (note: not that anything on the server uses secure connections at the moment but I’m running that updated software now anyway), so as people get around to applying it that should be much less of a holy hell what in creation have I done kind of problem. Which is awesome, for guys like you and me. A little less awesome, though, for guys like the NSA.

The internet is still reeling from the discovery of the Heartbleed bug, and yesterday we wondered if the NSA knew about it and for how long. Today, Bloomberg is reporting that the agency did indeed know about Heartbleed for at least the past two years, and made regular use of it to obtain passwords and data.

While it’s not news that the NSA hunts down and utilizes vulnerabilities like this, the extreme nature of Heartbleed is going to draw more scrutiny to the practice than ever before. As others have noted, failing to reveal the bug so it could be fixed is contrary to at least part of the agency’s supposed mission:

Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute, a Bethesda, Maryland-based cyber-security training organization.

“If you combine the two into one government agency, which mission wins?” asked Pescatore, who formerly worked in security for the NSA and the U.S. Secret Service. “Invariably when this has happened over time, the offensive mission wins.”

So when the smoke clears, the NSA will have at least a little bit less access to John Q. User’s data–at least until they end up mandating another hole in some other layer of security software. But until then, it looks like the fine folks at stalker central will end up being the only ones dealing with a case of heartbleed when it’s all done and dusted. Now if it was only that easy to switch off the exploits they helped introduce.

How I ended up firing Windows XP.

So for anyone who happens to be paying attention, april 7th is XP dies a death day. Microsoft has decided after what’s probably shot past the 10 year mark to drop support for the OS. Which, escentially, means if you’re still running that version of Windows, you’ve just officially volunteered your machine to play host to all manner of new and interesting malware creations–you have probably also had your spamming ass slammed by my oversensitive firewall, but that’s another story. Because it’s me, and because I never turn down an excuse to see how far I can stretch things until they break, my finally tossing XP wasn’t entirely a conscious “this needs to happen” type decision.

I’ll freely admit I put off switching operating systems until almost the last minute. Largely it was lazyness–I have a crap ton and a half of stuff that needs moved from one OS to the next, and when the thought crossed my mind initially I was in the process of throwing together a multiple-part archive of pretty much all of it so the machine I was using at the time could be wiped for the upgrade. But other parts included things like I wasn’t entirely sure I wouldn’t be replacing the machine I was using a ways down the road, or I couldn’t 100% guarantee Windows 7, which is where I was planning to migrate to, would run on that machine–I figured it would, because the thing originally shipped with Vista, but Vista was also 7 years ago so that wasn’t exactly a very stable benchmark either. So I was alternating between holding out until I could find a new machine, and doing the occasional bit of digging to see if my machine would collapse under the OS or not.

Things kind of happened in fairly short order after that. Plans developed that saw May getting herself a new machine, so the Windows system she was using–which at the time ran Windows 8 (don’t get me started)–sort of stopped having any actual use. My machine had started showing its age, and there was a point that I actually wasn’t entirely sure it’d last long enough for me to do what needed doing with it to keep my various crap from falling into system failure oblivion. Fine time for me to start experimenting with new backup systems, right? So I played around with that (that’s another entry), and managed to get things to a point where if the system spontaneously caught fire it wouldn’t do anything more than torch my corner of the office. Which, okay, would have sucked royally, but my stuff was safe.

Okay. So that’s one headache down. Now I was comfortable enough that if the system decided to fry every circuit going, or if Microsoft decided to change their mind, pull support early and launch an update that escentially disabled every system in the place still running that OS, I wasn’t gonna be hurting too horribly bad. That made the next steps very nearly natural. Since May’s new machine was here and set up, May’s Windows machine became my Windows machine. Since I will never willingly use a Windows 8 machine for anything other than something new to put Windows 7 on, my next project became wipe the machine, and toss on an OS that doesn’t make me want to consider buying stock in migraine medication. I spent the next couple days manually rebuilding the machine, including hunting up wireless network drivers that I could have swore Windows 7 had built in when we bought that damn card. Then it was take a better part of the next week or so downloading and restoring the backup from the old machine, and my eventual turned emergency OS swap ended up happening with only the removal of a couple strands of hair.

And for the last couple months or so, well before Microsoft flipped the switch what turns all your XP into hacker heaven–yes, this apparently may or may not include most ATM’s, I fired XP and haven’t looked back. I may kick myself for it in 6 months when I go looking for something I knew I had on the old machine and poof, it forgets to exist, but you’ll have that. And in future, I do believe I’ll start the upgrade process well in advance of potential catastrophic implosions. On the other hand, that was kinda fun. Perhaps I’ll do it again…

In which tech failures happen in 3’s.

Things have a tendency of getting all kinds of eventful up in here. Particularly when they don’t *really* need to be. If it’s not family making, breaking, remaking, switching up and then completely forgetting about plans in the span of 5 minutes, or things bouncing in just about every direction except the one you want them to go on the education front, it’s technology conspiring to do all manner of screwing with your head, and your whatever you were planning to use that technology for. And because epic failings must be had in 3’s for reasons no one can figure out, when the fun gets going, everyone gets a turn.

My warning was the laptop. I’ve had it for it’ll be 2 years about now, and the only problem I’ve ever had with it was a failing fan. I knew the fan was going for several months, but could never find a place where I had the time, the energy and the money at the same time so it could be delt with. When I had the time and/or energy, there were financial things needing to be shoved out of the way before they came round to bite us in the ass. I actually delayed my run at college by a bit in hopes I could put together all 3 in a reasonable amount of time, or that it’d sort itself out and we’d be golden in time for classes to actually start. It looked like it was gonna do exactly that, and things were falling into place for me to start the course I’m in the middle of now, so I was starting to breathe a little teeny tiny bit easier about it. It could hold out long enough for us to get hands on money, which should come just before the Christmas break, we were thinking. Which would have been amazing timing, if it had worked out that way. School’s out, send the laptop off for repairs, hopefully have it back maybe a week after school gets back in session in the new year. And just when I was comfortable with that plan in theory, the thing gave out completely. Two days before class started, and if I’m lucky I could get the thing to give me half an hour before it shut down to avoid overheating. Well now. There goes careful planning.

I should have probably taken that as a sign that I maybe aught to just back everything up on every machine I own, stick it somewhere central like, and hold out until I could replace the equipment wholesale. While I was dealing with the laptop, I was seeing signs my desktop, also known as the primary machine I use for pretty much anything heavy, wasn’t gonna be much longer for this world. It hasn’t gotten critical yet, but it’s inexplicably shut down on me a few times, I’ve seen pretty freaking unrecoverable blue screens more often than I’d like, and it’s having to work harder at doing things I know it could do without breaking a sweat not entirely all that long ago. This one, at least, I could more easily expect. It’s given me 7 years, and a lot of wicked heavy usage–most of this site was born out of that machine, for starters. It’s not completely toast yet, but I’m not liking its chances for seeing its 8th year. Plus, it runs Windows XP still and, well, let’s be honest–while the machine could probably easily run 7 instead (it shipped with Vista initially), I’d just be replacing it shortly anyway. So before it puts me in the same situation the laptop just tried to, it’s on its way out. Bright side: the machine I’m replacing it with actually has a little bit better specs. I’d be slightly jealous, if I wasn’t just told I could take it for myself.

I mentioned things happening in 3’s, and did they ever. The first sort of warning I got that made me think the desktop might be in slightly worse shape than it turns out it is had actually more to do with the external drives I keep connected to it. I do a lot of things with music, TV shows, movies and the like. So I keep some pretty large external drives around–unless you wanna get fancy, a lot of what I plan to collect won’t fit on your average internal drive. At one point I had 3 connected, and was talking about adding a 4th down the road. Across those 3, I had quite a few years of music, videos, backups from other drives, random things that I hadn’t gotten around to sort and put where they should be. So basicly a crap ton of stuff. Two of those drives flirted with failure of the highest order. And one of them needed two attempts before it finally just irreparably met its maker. I managed to pull most of what I needed off the drives before they went, and can get my hands on the rest once I figure out what needs to be gotten and then remember where I got it from the first time. But the way they were readying to go lead me to believe maybe the desktop was on its way out quicker than I’d like it to be. The drives would show up for a while, then either I couldn’t actually access one, or the other would disappear entirely. But I could plug them both into another machine and at least mostly do what I needed to. So that was a thing to deal with–particularly given if the desktop had went as quickly as I was expecting, I still didn’t have the laptop back and fixed so that might have slightly caused problems.

So now, the laptop’s mostly working as it should, the desktop’s on its way to being replaced and I’ll be needing to rebuild my video library. Again. All told, not entirely too bad for a season or two in the life of a semi-crazed geek. And I should be relatively clear of tech issues for a good while. I wouldn’t say no to another 7 years of mostly smooth operation. And hey, maybe by then I’ll be doing something that actually allows me to pull a wad of cash out of my wallet and emergency replace pretty much everything that has ever come apart on me on 24 hours’ notice. Hey, a geek can dream, can’t he? But in the meantime, I suppose I should go reformat my brain. This forecasts to be another intensely crazed week on the education front–which I should probably actually write about before I’m completely done with it. Eh, maybe in the spring.

In which Star Trek becomes a little less like science fiction. You saw it coming.

With the exception of the origional series–well, and the damage they started doing to the franchise with the last couple movies they turned out, you might say I’m a bit of a Star Trek fan. Well, okay, probably more than a bit–days like today would be mighty fine use cases for transporter technology, if we’re being completely honest. So I keep an eye on things that look like they might have been slightly inspired by the land of full-fledged civilizations dotting the final frontier. Which means my interest is a little bit increased when I read about a researcher that has developed the capability of 3D-printing a nearly completely plastic handgun, or the ones who’ve improved on that to put together, again using a 3D-printer, an honest to god pistol.

Okay, so maybe vaguely inspired projects that involve replicating new and interesting ways to kill each other isn’t the healthiest way to start off a Star trek inspired post. I mean hey, I’m screwed up, but not quite that screwed up–well, most of the time. So maybe let’s skip right to the “directly inspired from Star Trek” pile, then, yeah? For that, we skip across the border and land us in Canada, where a software engineering company has put together its very own attempt at a universal translator. At the moment, the goal is only to make the accents of those folks in call centers overseas seem just a little less like about half to three quarters of the problem in any customer service conversation since the dawn of customer service conversations. Having bin on the serving end of some of the conversations that have resulted from a few of those overseas accents, if I had the money handy right here right now, I’d be looking wicked hard at where to sign up. And hey, if it ever gets beyond the experimental stage, perhaps the folks behind it will be cellebrating by cracking open a bottle of an equally experimental and equally interesting present-day version of synthehol–complete with the ability for you to sober up quickly should you need to. You know, in the event your designated driver’s off in the corner drowning himself in the real thing, the fool, and you’ve just blown what should have been your cab money. Of course if this ever stops being experimental and goes mainstream, I wonder if designated drivers will still actually need to be a thing.

From the directly inspired by Star trek, we fly right on over to the directly pulled straight out of star Trek. And we land in North Carolina, where a city councillor there named David Waddell has submitted his resignation–in Klingon. “Today,” he says, “is a good day to resign.”. Not exactly a direct translation, but I mean what are you expecting from a 21st century non-Klingon? It beats the hell out of another politician deciding he wants to spend more time with his family, anyway. so, now, who’s gonna get cracking on this transporter thing? Anyone? I’ll wait…

Fun with passwords. Or, why your 25-year-old sysadmin might be looking a little grey.

Default passwords are a thing, and for a fairly decent reason. Your crap needs to be relatively secure, even if you haven’t actually done anything useful with your crap since the start of its existence. Default passwords are also incredibly, incredibly bad for you. It’s why most actual corporations force you to change it from the default the first time you log in, whether or not they force you to change it on a subsequently frequent basis later on. Because not doing so can be a real problem for you, your content, and your sysadmin. Most of this, you’d think, would be pretty common sense–even if you’re not the technical sort. But, I’m putting it here, so you can safely assume it’s not as common as I’d prefer. This came pretty much full circle yesterday, and the only reason it didn’t get blogged yesterday is educational things have conspired to fry me.

As probably a few of you will figure out, I’ve run this site on a dedicated server for a few years. I also happen to have added a few people to the list of things running on this server in that time. In doing so, I use what I think to be relatively standard practices for security–you get an account, with whatever domains/services/whichever you need access to. You get a username of your choosing, and because I neither want nor need to know what your actual password(s) is/are, I give you a standard default password–and very strongly recommend, as in you really, really want to do this before I scramble the thing for you and hand you a generated one that’s at least 32 characters long, that you change the thing. Like now. As in before you even decide to turn around and install WordPress–which you should, because flexible. Because yes, the thing is secure. Mostly. But default passwords are usually three things. Easy to remember, short enough so as not to be overly confusing for folks who aren’t exactly up to trying to translate, commit to memory and not completely flub a 32-character-long password, and probably not difficult to figure out for your average script kiddy with a brute force program and some free time to devote to finding themselves a new machine they can borrow to spam the hell out of someone or someones. In other words, change it or you really do deserve to be slapped across the forehead with the clue stick. Gently, of course.

So I was on my way out the door yesterday with the half dozen things that usually follow me out the door when my phone pretty much blew up. I pull it out on the bus and find myself staring at a screen full of mail server failure notices. I’m talking very nearly a hundred of the freaking things. Well, I figure. This isn’t altogether too pretty of a thing to be seeing if you’re me. Did a server people are trying to send to decide to pick yesterday to suffer a fatal issue, or has something on my end gone and broke itself?

To figure out how this applies, let me summarize roughly what happens when you try and send someone an email. Your machine, through Outlook or some other program, sends the mail you’re working on to a server–either owned by your ISP, or your website provider, or the company you work for–with instructions that basicly says “This needs to get to person@place.com”. Your mail server, then–that’d be the thing Outlook just got done talking to, flips through the internet equivalent of a phonebook to figure out which other servers are accepting mail for place.com. When it finds one or several, it tries to contact them. Assuming it gets an answer from one, it asks two questions. “Do you actually accept mail for place.com?” And, if the answer to that question is yes, “Does person exist in your info on place.com?”. Assuming both answers are yes, one of two things happens. Ideally, your mail is then sent to the receiving server, who then tells your mail server, “Okay, I’ve got it. Thanks for dropping by.” and that’s that. Transaction complete. Or, slightly less likely, the server’s experiencing problems–or one of the servers it relies on is experiencing problems–and your mail server is told to escentially try again later. Which it will, repeatedly every so often, until either the mail is delivered or it just plain gives up on account of the destination’s well beyond broken. If the answer to the second question comes back a no, the receiving server escentially tells your server, “I don’t have anyone named person here.”. Okay, so that’s a problem. And it’s a problem you should probably know about so you’re not trying to repeatedly send mail to person@place.com and wondering why in the sam hell that rat bastard hasn’t gotten back to you in 6 months. So your mail server turns around and automatically sends you a quick email saying basicly “I tried to send your mail to person, but the folks at place.com don’t know who that is. Sorry about that. Oh and by the way, you should probably tell person his place.com address doesn’t exist–or make sure the sneak gave you the right one already.”. Okay so maybe not that last part, but you get the idea.

When my server sends people the “place.com doesn’t know who person is” email, it also copies that email to me. Not because I feel like snooping in on the juicy details of the morning’s gossip that you’ve accidentally sent to the slightly mistyped but still mostly correct address of the chick you usually have coffee with after work, but because in the event this kind of thing happens consistently, there’s either something wrong with the receiving server–which I may need to yell at someone about, or work around temporarily–or there’s something wrong on my server’s end, either with your account or with the server in general–which I need to fix, or prod you to fix, in order to prevent further much larger problems. So when an account on my server started generating several emails to random addresses that didn’t exist, the server got several “this person doesn’t exist here” notices from servers it was trying to deliver to. As a result, I got several copies of “I tried to deliver this, but they don’t exist” emails. And because it’s 2013, I’m a geek and there isn’t a smartphone alive today that doesn’t let you, I got to handle most of those on the way to class–and discover that those emails were coming from entirely random addresses on my server that *also* didn’t exist. Well then. Don’t we have us a situation. I couldn’t do entirely too much about it at the time except diagnose on account of I was mobile, I was on 3G and I wasn’t in one place long enough to haul out the laptop and make things happen, but at least now I knew there was something amiss in techville.

When I got where I was going, I had a bit more time to play find the hole. And what I found was the mail traffic was being generated by an account that hadn’t actually been accessed since it was set up and the person who owned it installed a version of WordPress. Since then, that account had escentially been sitting there doing not much. Unfortunately, because it hadn’t been accessed except the one time it took to install WordPress, that also meant its default password was still its current password. And, as a quick check would tell me when I got back to a network I could actually use without the restrictions of a not very well set-up firewall, it was that default password stil being set for months on end, on a public-facing system, that lead to the account being accessed by places and in ways that it might not aughta be. Having no idea at the time, though, my priority was escentially turn off the tap. So I disabled that account before class started, and it sat there being disabled until I could get a look at it when I was free–see also: when I confirmed that yes, in fact, the thing was accessed in ways it shouldn’t have been by a password that should have had a lifespan of 5 minutes.

That account will more than likely end up deleted, on account of it was never actually used and so really, nothing’s being lost by killing it. Which also means I don’t need to send an actual user an email basicly saying “by the way, because you fail at security basics all your crap is now compromized. Thank you.”, which works just fine for me. But this is a thing that could actually happen to a system or service you would probably much prefer it didn’t. think of everything that comes with a default password in place already. Routers, any modem purchased in the last maybe 5 years, university or college email/network accounts, the afore mentioned actual work related systems, the list goes on. They don’t come with default passwords because they’re worried about John Q. User developing amnesia and not having the slightest idea what their password is. They come with default passwords because they’re usually set up automatically, usually in batches, usually for several dozen to several thousand people at once. This also means if you feel like giving it a couple months, that common, default password can and will be found on Google. Which means anyone with 5 minutes free who knows the service exists and you have access can easily also have access. Which in turn means if they decide to use that access for less than legal purposes, or less than insanely irritating purposes, it’s not them that catches hell for it–it’s your access, therefore it’s your problem. Changing that default password, preferably the second you sit down in front of the system in question and access it for the first time, significantly reduces the likelyhood of it becoming your problem. It also just so happens to be exceedingly smart thinking, since in the case of people who maybe used to have access and shouldn’t anymore, it prevents them from deciding to borrow your access to try and get back at whoever decided they no longer needed it. And you’ll have just prevented, at least temporarily, your friendly neighbourhood sysadmin from developing a few of those grey hairs. That gets you bonus points somewhere. And hey, if it’s a thing I have anything to do with and you’ve just prevented me from having to piece together a working copy of your account long enough to beat you with it before telling you you should probably change your password, I swear I’ll be your best friend for life. Which will be a lot easier if you’ve also resulted in me having one or two fewer heart attacks. Now if the rest of the world would just come along quietly we’ll have it made.

You know your skills are in demand when…

So. I mentioned once or twice my end goal being putting the geek abilities that result in, among other things, the existence of this website on paper. Someone asked me once what I’d use as an indication the skills I’m looking to prove I have and expand on are ones that would be in reasonably–meaning reasonable enough to pay for–demand. Until recently, I wasn’t entirely sure–beyond the fact that just about every organization of just about every size needs IT help these days, even if some of the smaller ones tend to outsource those needs to someone not actually covered by them. And then, the media handed me a benchmark. Thanks, Dawson College.

A student who used to attend that school found a bit of a flaw in their information portal. That flaw made it possible for anyone who’s anyone to get their hands on student information that didn’t need to be gotten hold of by anyone who’s anyone. The student brought it to the attention of the school and the company who developed the software they use. As thanks for his efforts, the school expelled him. contrast that with the folks what developed the software–who had the option of charging him for trying to hack their software, and instead offered him a job. Measurement of demand established. That it had the grannies over at the Globe and Mail sticking their necks out so the folks over at Techdirt could lop it off at the shoulders is what ya call an added bonus.

My end goal is to walk away from my education with the ability to do escentially what this student accomplished. It helps that the college I’m staring at seems to be a little more with the times–hell, their website is entirely powered by wordPress. And if the job postings that end up landing in my lap aren’t evidence enough I’ll be able to at least get people to talk to me when I can put this junk on paper, the fact the guys he supposedly broke the law to help out didn’t see it that way and wanted to pay the man just about solidifies it. If nothing else, it decreases the likelyhood of my being expelled for trying. That counts for something, at least…

Dear CPanel. You need to support Postfix. I’ll even ask nicely.

Since my former web host gave me the boot for fairly ridiculous reasons, I’ve had the pleasure of getting extremely familiar with a server and software of my very own. Part of the setup I’ve got going on now involves CPanel, which escentially lets me set up a website, email address, or any number of other things automatically inside of about 5 seconds as opposed to doing the configuring all manual like and probably contributing to my brain damage in the process. It actually isn’t too different from the control panel software the old host uses–except that they insist theirs is custom-made, but you’ll have that. There’s the occasional minor issue with the software, but over all they can be worked around or otherwise plain ignored if they aren’t already in the process of being fixed (see also: IPV6 eventually). I can’t say I love CPanel, but I’m fairly sure it wants me to. And it’s almost convinced me. Almost, except for one minor problem.

I like to be able to tweak, adjust, reshuffle, arange, configure and otherwise mess with pretty much anything I can get my hands on. If it can be changed and not result in flatlining the server, I’m all over it like white on rice. For the most part, CPanel lets me do this thing and doesn’t complain too much. Try something funky with spam settings? Sure, here ya go. Shove an extra layer of security over web trafick? Let me help you with that. And if by some freak accident I completely bork the thing, I’m usually only about two commands away from tossing the breakage aside and restoring to a last known reasonably good configuration–thank christ, since one thing doing this on my own has shown me is I’m an absolute fail at storing my pieces of configuration files in 50 million places. But where CPanel’s limits show up isn’t necessarily in CPanel itself but rather in the software it chooses to support.

Fast forward to my only real, niggling issue with CPanel. Hardly a dealbreaker, but it would definitely work towards making me a lot more open to not trying to roll my own. CPanel doesn’t handle email quite the way I’m used to it handling–even when I wasn’t hosting my own email. For starters, CPanel installs Exim as its mail transport agent (MTA). Now, don’t get me wrong–Exim’s good for what it does. I have no real complaints with Exim. I just can’t do anything overly useful with it without recompiling the source–something CPanel doesn’t do, and so if I were to attempt it, I’d probably be walked over as soon as the nightly updates ran. It’s not as flexible with logging as I’d prefer either, giving too much information in some areas and yet too little in others.

I’d have much rathered if CPanel supported, either natively or otherwise, the use of Postfix for its mail relaying. I’ve started advocating for as much on their feature requests site in recent days. Based on what I know, the two are very similar. But for all their similarities, the way they handle is almost completely different–at least if you’re me. For starters, Postfix leaves more to the configuration files and less hardcoded so direct access to the source is required–again, useful given CPanel doesn’t compile its MTA and doesn’t give you the option of doing so. Additionally, Postfix is a more security-focused MTA, in the sense that it can be jailed/chrooted without breaking the rest of the system similar to how cPanel already gives you the option of locking individual users into a jailed environment so they can’t affect anything outside their own space. The ability for Postfix to drop priveleges doesn’t hurt its case any either. Postfix also tends to handle message delivery differently from Exim–generating a message for each individual address, rather than grouping messages addressed to more than one recipient into one bulk message. This has the added advantage of a single address that generates a temporary failure doesn’t cause the MTA to hold back on delivering that or any other message to anyone else who just so happens to be using the same mail destination–something that’s come up to very occasionally annoy me.

I’m noticing as well that Exim, unlike Postfix, is relatively quiet when potential problems crop up. For instance, Postfix can be configured to send email on certain types of failure, not just to BCC you when the server itself generates a delivery status notification. So if Postfix is encountering a resource issue, let’s say it’s close to running out of diskspace, it can alert you by email. It can also log the details of an SMTP interaction for more involved diagnosing. For instance: figuring out at which point in the transaction is a connection falling apart, so I can better figure out what needs a good solid tweak in the nose to do what it’s told.

I like CPanel well enough, now that I’m not improv learning it as I go–or having to fight with it to do what it aught to be doing pretty well out of the box. I’d like it even more if it supported the Postfix mail agent. And for that, I’d even be willing-ish to say please. Now if we could just skip right down to the part where all I have to do is flip a switch, we’ll be in business. Your move, CPanel.

How I handle backups. Or, happy world backup day!

For most of the world, it’s Easter. at least, on the east coast, for the next… we’ll say… less than an hour. But for anyone who maybe doesn’t cellebrate easter, or has maybe more important things on their plate besides that, today is also world backup day. In honour of that, let me tell you how I work.

I’m insanely paranoid about my backups. To the point where at any given time, it can be pretty well guaranteed I know exactly what’s backed up where, and have backups of those in at least two other places. Let me run things down on a basic level. The server hosting this website has 2 hard drives, both of them 2 TB. On the first is everything I’m running–the OS, the software that runs the site, email, you name it. On the second, is every single configuration file, line of code, database, log file, random thing that just doesn’t really have a home in any other category. And on that drive, it’s backed up in 3 different locations–just in case one of them goes on vacation. Or, you know, on the off chance I need to quickly pack up and slingshot my crap from this server to some other in an aweful goddamn hurry. The advantage of also doing it this way is, pretty much on demand, I can grab a copy of that backup, and pull it to any location I choose with enough room to hold it–like, we’ll say, somewhere local if I suspect some fool’s intent on nuking the server. It also allows for a bit more flexibility–let’s say, for instance, I decide to once again fire up a Dropbox instance on the server. Configuring it to serve as a thing to hold backups would be only too easy, and actually be moderately a painless process. The advantage to that of course being I’d have local access to those backups, regardless what my definition of local is, so long as I have access to Dropbox. Kind of makes emergency “Oops I screwed it good” recovery a thing.

What does that mean for the hosted folks? In short, barring a nuclear bombardment that takes out the entire eastern/central region of North America, anything and everything data is relatively breakageproof. Of course if a nuclear bombardment on that scale ever becomes a thing, I suspect “where’s my crap” won’t be the first question on the list. But this also gives me a personal thing I can use later, should I ever manage to stop being bounced around and actually shove my foot in a professional door just enough so that it’s not slammed on my nose. I’ve had absolutely no professional training in this or any other area, and I’m more comfortable with the backup solution I have right now than I would be if I was paying someone else to do it. Largely, I suspect, because I know exactly where everything is and it’s a simple copy/paste if ever I need to unbreak something. But, I think, also because if it does go sideways, I don’t need to worry about holding someone else to account who doesn’t have a dog in this fight. It’s my data. It’s my friends’ websites. It’s another friend’s email. It’s all very good reasons for me to pay the fuck attention. And that, I think, is how I work best. Which reminds me. I think I’m due for a local copy pull…

If you used any of these passwords for, well, anything, please deposit your user’s license.

It’s a little late for best/worst of 2012 lists, but no one ever said I stuck to a schedule. Besides, this one amuses particularly because, well, server admin. So it’s kind of a big deal, if you get me. And also it beats the royal hell out of an entry wherein Amazon tries screwing folks over twice just for fun, which is probably nothing new by this stage. Of course that could also mean I’ll have nothing to write about in a day or two and get back to that one, but hey you’ll have that. As for now, you’ll have the worst passwords of 2012.

Like one of the commenters to that article, I’m very glad–and yeah, okay, a little surprised–that “admin” isn’t on that list. Personally “master” is almost as bad, but considering how many people almost never actually change the default passwords to things, and those default passwords are remarkably insecure as it is, that’s a thing. Equally disturbing is that passwords like “Jesus” actually exist and don’t cause impressive amounts of damage to the folks what use them. My personal favourite on that list is “welcome”. Why? No, as in, why in the hell? As a password, even if it’s an absolutely brainless password, that doesn’t make sense. As in any. As in at all. As in please, just stop doing anything computer right now, and go back to pen and paper. Typewriter, even. It’s safer. Plus I won’t have to fix you later.

Related: If you use a thing I maintain and have a password remotely close to any of these, I’m probably gonna wanna have a conversation with you. Of course by the time I find this out you’ll probably be wanting to have a conversation with me about exactly how it is we’re gonna unbugger the crap somebody who got hold of your password buggered while you were too busy up in the weak sauce–which will make the conversation I want just that much easier to have. I like it when things work that way. Of course I like it even better when the passwords belonging to folks I fix don’t end up on one of these lists, but hey, you can’t have everything. Just remember to leave your user’s license with me when you’re done and we’ll all be fine. Or better yet, just change your bloody password.

Did your internets grow a wednesday wabble? Here’s probably why.

What do you get when you take an ISP accused of being a spammer, the organization doing the accusing, the several security organizations defending the accuser, and one hell of an axe to grind? If you answered a wicked nifty cool DDoS attack, you get yourself a cookie. But since I have no cookies, you can settle for vodka. The attack in question started out just aimed at spamhaus, who manages an antispam blacklist for primarily mail trafick to prevent certain types of spam from hitting a mail server (disclosure: it’s one of the 4 I use, and use heavily). When a bunch of organizations jumped in to help Spamhaus minimise that attack, it escalated. The attack ended up aimed at the folks what provide a backbone to the internet (because someone’s going to ask, it’s explained better than I ever could).

The long and short version is, if one of the connections that make up the backbone of the internet ever takes a dive, large chunks of the internet can potentially take that dive right behind it–it happens every once in a great while, usually because somebody cocked up. But sometimes, it can be triggered for any number of reasons. On Wednesday, it was denial of service time.

Now, these things can typically handle a hell of a lot of trafick. They’d have to, considering pretty much any and all internet trafick eventually passes through them to get, well, anywhere. So you’d think they’d be pretty close to difficult to attack. And you’d be right, more or less–the attack from Wednesday measured at, well, about , eh?

So if you were growing an issue or two on Wednesday, it could have been your local technology. It could have been your ISP mucking something up. Or, it very likely could have been that someone really did just try and break the internets. I might actually be somewhat vaguely impressed–if the attempt at calculating that bandwidth bill didn’t just cause my brain to implode. I hope these folks had uncapped connections…

A 3-strikes blog post for global 3-strikes copyright systems.

It never ceases to amaze me exactly how tightly folks will cling to the very same logic that blows up in their collective faces within about 6 months of it being deployed. Perhaps not entirely without some degree of amusement, you see it most often in the two worlds who could use a wake-up call the most. The entertainment world, and the political world. Between the two of them, they’ve managed to piece together a mamoth bad idea on a global scale–and one that could have been predicted to implode before it even got off the ground–in the form of a 3-strikes copyright policy (6 if you’re in the US). In keeping with the entertainment and political worlds’ tradition in this arena, my own 3 strikes system–3 epic failures anyone who used their brain could have seen coming.

Strike 1: File who?

I’ve mentioned it in passing before, but it gets its very own special mention here because, uh, this suddenly isn’t exactly a unique situation. Person happens to be the account holder, but may not necessarily be the most technical case on the block. They likely have the internet for email, Facebook, school and if they’re into that kinda thing and have a brain cell to spare, maybe a little Twitter, but that’s the extent of their internet usage. Not so much, perhaps, for that person’s roommates, but the laws as they stand now don’t really go for that kinda thing–you own the internets, therefore you get the nail. It results in, rather irritatingly if you’re the do your homework check your email go to bed type, needing to have the basic idea of file sharing explained to you before the industry tries a nd fails to sue the everloving pants off you. Win or lose, the New Zealand industry got what they wanted–regardless who did the sharing from where and when, the account holder they went after turned around and cancelled the account–thus probably creating a brand new issue for herself in the process where her education and the like’s concerned. But, hey, there’s no more of that nasty file sharing coming from that address now is there?

Strike 2: Not our material? You’re still guilty!

I enjoy laughing my ass off at the DMCA. Not so much at the folks what get slapped by it–I myself was indirectly and falsely slapped by it not all that long ago–but at a majority of the folks doing the slapping. And with the onset of the US’s 6 strikes policy, all it takes is someone sending you–or rather, your ISP–a DMCA notice (whether it’s an accurate one or not) for you to start heading down the path towards a very rocky internetting experience. The system they’re using to track, identify, process and send those notices for this 6 strikes system? Well, that would be the same system that became highly confused and decided that a mod for Guild Wars, a computer game, was actually a copy of at least one NBC TV show, none of which remotely resemble computer games or mods thereof. No info on whether or not this is court bound, but were this actually to fall under their 6 strikes system (and there’s no reason to think it wouldn’t) the accusation may be all that’s necessary for the ISP to be required to start taking action. For TV shows that weren’t being shared and may not have even existed. Go copyright!

Strike 3: Serving your country is not a defense.

Back to New Zealand for strike 3, and perhaps the more ridiculous of the 3. Where at least the other 2 the argument, if shakey and pretty much unproveable, hadn’t completely entered the realm of being entirely out to lunch, this one left the ball park–and, arguably, the country. Again we have a multiple roommate situation–this one, they’re all in the millitary. The guy who’s name the account’s in, and thus the one who ended up fielding the accusation, was in Afghanistan during the time the industry’s precious copyrights were being violated. The others in the house were apparently deployed in various locations around New Zealand at any given time, so figuring out who did what and when was more than a little bit of an issue. But far be it for the industry to let a little detail like that get in the way. So when the account holder was back from Afghanistan, he had that to deal with. How did he deal with it? Well, see, the thing about serving in a permanent war zone–so I’m told–is you don’t really have a lot of time for stupid when you get back, what with getting used to the fact you’re no longer serving in a permanent war zone and all that junk. So rather than very likely have to drag it out in court, all for events that couldn’t be proved and couldn’t be connected to him by more than an IP address tied to him just based on lack of proximity alone, he paid up. And somewhere, in a press release yet to be written, he’s about to be added to the “file sharers we caught” list. And there just went getting shot at in defense of democracy as a legal defense against copyright.

I’d love to be a fly on the wall in some of the rooms where conversations like these happen, if only because I can’t even guess at the mental and verbal backflipping that goes on to make anything remotely like this sound like something that doesn’t smell entirely of overdone crap on an underdone cracker. Somebody somewhere has to have spoken up and pointed out to these folks that maybe, just maybe, there’s a better option out there other than trying to kill a mosquito with a bazooka and hitting their own feet instead. But, hey, what do I know? I’m just one of those online folks the industry doesn’t wanna hear nothing about or from. Then again, maybe that’s their problem…

Because macdonalds has to find *something* to do with their wifi.

Now this is an interesting take. A Macdonalds in Verginia has opted to allow customers free iPad usage while they eat. And they’re providing the iPads. apparently, the restaurant is leasing the iPads from a French company, who’ll be the ones actually in charge of their maintenance–and, presumedly, their replacement should some shmuck decide to get creative and find ways to walk off with one–they’re secured to the table, so creativity might have to be required to pull it off. I imagine anyone who does any kind of anything while mobile will probably still bring their own gear, if only because I can’t see someone checking their email on the restaurant’s iPad. But, hey, if all you want to do is shlept through the news or something while you eat, why not? The restaurant has apparently blocked Youtube, so shlepping through the news or something might be your only option if you’re borrowing one of their pads. Still, it’s an interesting thing to keep an eye on. In the meantime, it does make me wonder exactly how this conversation would have played out had our local one up here gone and done something similar. Hmm. Now I wanna test things.

Senderbase.org, 5 months later.

So. Here’s a thinggy for long-time readers. Remember the epic server move of August of last year? You know, the one where everything and its asociated user had to be shuffled off a server I no longer had any actual stake in inside of 5 minutes–and where I was met head on by an email blockage issue? Sure you do. But I’ll let you refresh yourself just in case you don’t. In the meantime, I’ll catch things up–because the stats tell me I’m not the only one with the issue.

In August, when I fired up this server, I was slapped with an IP address–well, several IP addresses, actually–that had a poor reputation, according to senderbase.org. Here’s the problem with that. Because they decided my reputation–which they don’t really tell you a whole lot about–was poor, several major ISP’s and a few smaller ones were permanently rejecting email sent to them with the ever so helpful message that if I believed this message was rejected in error, to please contact the recipient using alternate means. Helpful, but not really. I fought with it for a few weeks and got pretty much nowhere. Senderbase doesn’t actually have any way to contact them. No support address, or any real contact page, and the information I was able to piece together on a possible contact got me pretty much no response. A back and forth with the guys running the datacenter this server’s sitting in told me they have just as much luck with these folks. So figuring I’d deal with it later, after I finished ironing out the kinks that came with a move of this variety, I was handed a new IP address from a different block entirely. This one, at least, had a neutral reputation when I got it–and it’s supposedly only improved from there, but again, I have no idea according to what metrics.

So I set email to go out using only that IP address and pretty much forgot about it. Because it worked. so I saw no need to continue aiming guns at heads. ISP’s that used to take one look at the server and laugh their asses off now accepted email from that same server as though there was nothing at all wrong in the world. I was a happy geek. Still am, but largely because the damn thing still does what I told it to. So fast forward to this week. I’m doing a check on other things, just to make sure I don’t need to go behind the scenes and do some sort of wicked nifty cool brand of tweeking. Which, okay, is major amounts of fun–but only after generous amounts of caffeine and nearly as generous amounts of vodka. Or a vodrumoke, if one would prefer (all of 3 people might actually catch that reference, including the one what said it). So it’s during this routine scan for breakage that I decide, hey, let’s take the server’s primary IP address and run it by those bastards at Senderbase. Let’s see if they’ve wised up any. Hint: if you thought for even 2 seconds that they might have, I’m going to have to revoke your license to read this blog.

Not only did they decide the primary IP address of this server still has a “poor” reputation, but they escentially also decided to forget that I used that IP address for pretty much anything. Where before, I could get an idea of how much email has been blocked by Senderbase, so far as it’s concerned now, I’ve got nothing. Senderbase lets me ask it about my server’s IP, then sneers at me and says “Look, bud. I don’t actually know the guy, but I hear he’s no bloody good. Hey–that’s just what I hear, alright? Whatcha want?”. It can’t even tell me what the IP’s DNS reverses too, which is–well, odd and quite doable using the good IP, but hey, whatever. I just find it highly interesting that, 5 months on, it’s forgotten pretty much everything about this server except its reputation–which supposedly improves over time, but I’m still waiting. In the meantime, if you run your own mail server and actually rely on Senderbase to handle even part of your antispam policies, you’re an idiot. And if I can find some way of getting email to folks what use you and not actually have to go through you, consider it done. Now. About that vodrumoke.

Beware corporate spying from China! … Or maybe not.

I’m going to blame the fact everything these days seems to be political when coming out of the US, even if it really doesn’t need to be. Because honestly, that’s about the only reason I can think of for a congressional committee, based on not much other than it wanted something to generate headlines, to go into an investigation having decided two Chinese telecom companies were involved in some high level spying–and improvising a report to say as much at its conclusion. The committee, investigating companies Huawei and ZTE, pretty much said the two companies were allowing the chinese government to use their equipment to hide trojan horses (escentially, software and/or hardware backdoors) that would allow the government to gain access to sensitive information, or to use that hardware to launch a cyber attack–basicly, bring down any service or website they so choose. Rather than coming up with some veriety of proof on their own, it was left to Huawei and ZTE to escentially prove they weren’t.

Leaving alone the fact it’s virtually impossible to prove the nonexistence of something–people have been trying to do that with religion for an age, and leaving alone the fact that not long after the release of this report, the whitehouse came out with its own and cleared the company, the question has to be asked. Did anyone on this committee happen to maybe consider that pretty much everything tech these days has spent at least some time in China before making it to wherever it’s now being used? Did no one maybe bring that up to the committee before they got the idea to hey, let’s go ahead with this investigation and see what sticks?

Of course it may be that, you know, being vaguely technical-minded that explanation comes far more natural to me than it would to, say, a career politician in his 50’s. But you would think that, you know, if China was actually on the lookout for ways to accomplish something like that, there’d be ample opportunity for them to do so without needing to expect that of one or two of their own companies who happen to have a market in the US. And you’d think at least one of these politicians, in their 50’s or no, would have somebody vaguely technical-minded on their staff who’d speak up about it. Of course the fact that they might not may very well be why we have things like this in the first damn place. at which point, look for one of those folks to be made aware in the near future that Apple makes pretty much all their iThings in China–well, until some point this year, anyway. I wonder how long it’d take for that investigation to unfold. Oh, wait–US companies with Chinese interests good. Chinese companies with US interests bad. I forgot that’s how these things work these days. Silly me. Oh well. The thought was fun while it lasted.

Tech support license: revoked, sucker.

When I lived at the other apartment in Ottawa, every so often we’d get calls from nonsensical numbers that couldn’t be called back, blocked or even properly traced. They’d call for one of two reasons. Either to try and sell us tech support (me and the former roommate are both more than capable of our own tech support), or to offer us air duct cleaning service (we lived in an apartment and didn’t actually, uh, *have* air ducts). Oddly enough, our number was on the DNCL (Do Not Call List). Come to find out, we weren’t the only ones with the problem–and two of the companies responsible have been slapped. The smackdown went global, with the US and others joining in the festivities earlier this year. Of course, by now that phone number isn’t even in service and the new one hasn’t been slapped in any lists of that variety, as in ever, but it’d be interesting to see if this actually had any kind of affect. I mean beyond being some wicked little poetic justice if one of those guys was the one what rang me. In the meantime, I think we’ll be keeping our current phone numbers the hell off the DNCL, thankya please. I’m not interested in tech support for my very much not infected machines.

Documentation is key. so where the hell is yours?

I’ve been known to get my hands dirty with this or that random project. Occasionally, resulting in the consumption of something a bit stronger than the coke I often keep nearby. Sometimes, I do it pretty much by the seat of my pants–this looks like it goes over here, so let’s see what this does. And sometimes, either by choice or by force, I’ll actually have to go hunting for documentation. Occasionally, the hunt points me to the developer’s website, the developer’s twitter, the developer’s blog–but not, in fact, the developer’s documentation. Or any documentation, for that matter. A user manual? A half-page thing on someone’s personal, but publicly accessible, WIKI? Yeah, no.

admitedly, I occasionally have that very same problem with my twitter app of choice, but in this case there’s documentation, it’s just not in English. So it *could*, if it was absolutely needed, be translated. Awesome. Useful. I should get on that, eventually. But in cases where there’s no documentation, as in whatsoever, for this or that program, script, basic language or other such extra utility, it has to be asked–and Slashdot asks it–what the hell are you thinking?

You want your program, script, language, basic little utility to be used, yeah? And not solely by geeks with little else to do between job searches and family things but to try busting things, yeah? Yeah. thought as much. So, uh, how about manualing the hell out of it? Nothing says “oh crap” more than smacking the help option and being directed to a website that tosses me a 404 error instead of something useful, like a FAQ. And, if I don’t feel like playing a guessing game–usually because I’ve got 80 million other things to do as it is–nothing convinces me to toss your program in the maybe later pile faster. And probably increases the likelyhood of me forgetting I have that program, simply by virtue of its presence in the maybe later pile. I’m not averse to doing a little RTFM every now and again. Hell, maybe I’ll catch something obvious that gives me an excuse to redo something and easily waste away an evening I can’t spend watching hockey. But by all means, couldja maybe pretty please try and WTFM–write the fucking manual? It helps, I promise. Or, at least, it makes you immune to entries like this one. Which is always good.

Useless Sack of Bull, or why USB is of the devil.

I pretty much live on USB. Have for half an age. Kind of a requirement with about 90% of what I do. I have 3 external drives, all of them USB. I have an admitedly not used printer. That’s USB. The keyboard is USB. The mouse, if I’d gotten it back from the former roommate before he started being a tool, is also USB. The new wireless card (more on that below) is USB. Oh and I have an iPhone. that’s USB if anything useful needs to happen. Basicly, USB runs my life. Which is awesome, squared. At least until it decides to stop working. Which brings us to today–well, yesterday now.

I got my hands on a wireless N card a bit over a year ago, since the card this machine came with was trying real hard to head maybe in a that-a-way type direction. When I got the card, the N wireless standard was still fairly new–so new it was still considered experimental. The card did what it was supposed to, for the most part. But recently, especially when doing fairly network intensive things like copying files from one system to the other, I started pushing the card’s limits. And it started pushing back. Dropping connections, sometimes not actually picking the connection back up, and once requiring a restart to actually fix the thing–I’m somewhat blaming windows for that last one. Productivity doesn’t really get to happen if you have to check every so often to make sure your system didn’t drop your productivity on the floor halfway through. So yesterday, since May and I wanted breakfast anyway, we figured we’d bounce off a restaurant and land at Staples. So we did, and I grabbed a USB wireless card. I’m getting a little low on ports, as is she, so we grabbed a couple hubs to go with–nothing fancy, just your basic 4-port jobs. Brought them back home, then figured we’d relax a bit before I started setting things up. It was only gonna take a few minutes, but it didn’t need to get done right away–most of the intensive stuff could wait a couple hours. So I put it off until yesterday afternoon, then decided I’d take the couple minutes I’d need to actually get things set up. It was gonna be quick and easy. Slap the hub in place, slap the card in the hub, install both, go on about my day. Yeah, about that.

The USB hub installed no problem, once I figured out what the hell the extra cable was for. The card? That took a little convincing. Well, and a CD–really, who the hell packs driver software on a CD anymore, D-link? But then the fun popped in and said hi. The instalation of either card or hub, or both, caused one of my external drives to hit the deck. It was recognised, but you couldn’t actually *do* anything with it without getting permission and I/O errors up the wazu. Weirdness squared, since nothing I’d done went anywhere near the drive that gave me the fit. Oh well, you’ll have that. So figuring what was just your typical Windows wonkyness, I hit the restart button. Hey, they aren’t kidding that 90% of problems with Windows can be solved, at least temporarily, by a restart. This one slid itself neatly into the 10% that couldn’t.

I brought the machine back up, went to call up the problem drive. “Windows can’t find l:”. Wait wait what? Oh no you didn’t. “My Computer” tells me nope, that drive ain’t showing up. Different letter, maybe? Windows develops amnesia sometimes. Nope, that doesn’t do it either. Alright, let’s drop into device manager and see what ate itself. Oh, well that’s cool. Where my external drive should be, there’s an “Unknown Device” staring at me instead. Oh and hey look. Uninstalling it and reinstalling it? Still an unknown device. And Windows ever so helpfully informs me that a USB device attached to this computer has malfunctioned and could not be recognised. Where’s my vodka, again?

I fought with that for several hours. Then, when I thought the system might be in the process of unscrewing itself–it was taking longer than usual to restart, which it usually does if it’s attempting to self-correct, I took the opportunity to throw myself into bed for a couple hours and allow my brain to recover from its partially liquified state. Should not have done that, for the system, it done fooled me. It came up just fine. I could, again, sort of see that there was a device there. But it was still an unknown device. Well hey. It’s something, just not what I’d call progress. So, alright, whichever. USB sometimes has its preferences. That’s fine.

I’d shuffled things around in the back of the machine so I’d have room to put the hub without killing me, and that required shuffling the drive over a port. That could have possibly screwed things up. Okay, we can fix that. Yank the hub, stick it in one of the vacant ports in the front of the machine. Move the drive back to where it used to be. Hey look–I have a drive again. We’re in the clear, finally. That only took far too long. So I started to set things up the way I had them before. That meant queuing up the several downloads I have going in the background. So I did that. “This drive has been removed. Please reattach the drive.” Oh really.

turns out, universal plug and play means you must reorganize everything, if you’re going to reorganize anything–clearly, this is what they meant by “play”. That’s what my computer was trying to tell me, when it decided this time I didn’t have a j: drive. I most certainly do have a j: drive, but my fixing of the l: problem made everything go pair shaped. Oh, and Windows decided I didn’t have an SD card reader either–fair enough, since I never used the thing anyway. Like the first drive did before, both of these showed up as unknown devices when looking. Well, hell. I didn’t want sleep anyway. I did want caffeine, though. And vodka. Definitely vodka. So it was do this dance again and see what turns up. Exactly how I invisioned spending my first 24 hours with new hardware.

Once again, into device manager. Once again, play the uninstall reinstall game. For the sake of the card reader, it was also hit up Dell’s website for drivers, just in case a simple reinstall fixes its wagon–it didn’t. Well bloody hell. And the drive in question didn’t move once during the entire arangement of getting everything else to work. Windows just decided it wasn’t gonna play. Oh, and it was *that* drive’s turn to have malfunctioned and not be recognised. this is getting hella old, Microsoft.

Again, do the poking around, figure out where it’s brokoen. Again, curse when the thing that’s broken won’t fix when you shove it into place. So, I did the next best thing. I pulled *that* drive out of the port it had been sitting in since that drive existed, and slapped it into the USB hub alongside the wireless card. And didn’t the damn thing spin up, be recognised and do anything I damn well please like it’d spent its entire life exactly like that. “Show you what’s in your downloads directory? Sure. Here you go.” “Hold very still while your torrent client re-checks every single goddamn file I have because my disappearance threw it for a loop? Whatever you say, boss.” Yeah, screw you, ya something something something.

So now I have 3 working USB drives again. Plus the working USB hub and wireless card I wanted to have in the first damn place. Still don’t have a working SD card reader, but I’ll worry about that if and when I need to. I’ll probably do a system restore at some point if only to see if that puts it in a position to maybe self-correct and undo the mass confusion, but as for right now? The damn thing works, I’m braindead, and I think there’s a sub or two calling my name. Oh, and the next time somebody tells me USB is extremely easy to work with, I won’t be held responsible for any pain caused to any USB stick regions.

In which WordPress 3.5 fixes menu accessibility. Sort of.

If you’ve jumped on the wordPress bandwagon recently, you know they’ve unleashed version 3.5 on the masses. You probably also know the huge thing they’re jumping all over is the improvements they’ve made to their media library. That is not, however, the huge thing I’m jumping all over. Since about version 3.3, users who have visual impairments and who use a variety of screenreading technologies have had a bit of difficulty, without the use of additional plugins, with accessing the various submenus WordPress has to offer. This is because, in 3.3, they’ve moved to a form of javascript flyout menus that are designed only to appear when the top level menu is hovered over with the mouse. Useful, until you run into someone who can’t use the mouse. Enter yours truely, and a few folks he’s hosting. And enter this little used dialogue on the WordPress bugtracker.

I’ve kept an eye on it since 3.3, and it goes through phases where people will poke and prod at it, then leave it alone for a few months. Apparently, somebody poked and prodded at something else, or just didn’t nail the ticket with that prod, and now, things do what they’re supposed to. Well, mostly. On a clean install of WordPress, which I just so happened to bust out before upgrading this site, completely unmodified from the core platform, the menu links that gave me and others trouble in this ticket behave as expected. And hey look, the menus don’t play hide and seak until you do some fancy dancing with your screenreader of choice’s advanced features–a big plus, in my world. Bonus points for that, guys. So now, we switch to this site. Because if I’m gonna break a bunch of folks I’m hosting, I might as well break me first, yeah? Yeah. So I do. And guess what? Not quite perfect.

The dashboard menus still do what they’re supposed to–that is, be damn well good and visible when they damn well need to be good and visible, without the afore mentioned dancing. But the top level links still don’t read like they’re supposed to without help. A tiny bit annoying, but can still be worked around–with the same workaround I’m already using because of what they broke in version 3.3. If you weren’t aboard the WordPress wagon when I was playing with this, let me introduce you to my new favourite plugin.

OZH Admin Drop Down Menus is a plugin that forces your dashboard menus to stay visible, permanently. It has the side benefit, which is the only reason I’m still using it now, of giving the top level menu links a readable label. Since they improved that area of accessibility in 3.5, I wouldn’t suggest installing it on a new install–unless I just got lucky and it’s actually still largely broken. For on already running installs? Definitely continue to use this plugin. And if you need assistance making it more useable from an accessibility perspective, let me know and maybe we can work a little something out.

In which Bell Canada and a crappy modem team up to break my brain. Twice.

I have caffeine. And I have a bit of free time. That means geek entry. If technical things make your brain do melty things, there’s other stuff coming. Or, you can flip through some of what’s already posted. On the other hand, if brain damage is your thing, keep reading (Warning: long post is long). I don’t disappoint.

—————–

Folks who’ve been reading me for a while know this already. But for the new ones, or the ones who haven’t yet found the time to go wandering back through really wicked old entries, a background. I used to work for Dell, back when Dell used to be cool and actually wanna pay me. Naturally, that meant insane amounts of exposure to large doses of the kind of stupid that would be lethal without the proper equipment. Or an international border. whichever was more convenient. The kinds of breakage I had a front row seat to, and the wicked nifty cool shapes my brain had to fold itself into just to figure out 1: how in the 7 levels of hell $person actually ended up breaking their thinggy what I’m being paid to fix, and 2: how in the 7 levels of hell I was going to fix it without a small miracle, copious amounts of caffeine and an IV drip of vodka–only one of which was actually practical while sitting in a call center in the middle of freaking Kanata, made origami look like something your 2-year-old pulled off in his sleep last night–appologies to anyone who’s 2-year-old may or may not have just been mildly offended. I’ve even seen software–and some hardware–who’s manufacturers make an honest attempt to break things by default (see: standards, Microsoft’s lack of). Usually, that kind of is an out-of-the-box flop, though. And usually, I’m the shmuck that gets to appologise to the customer because there really is no way to fix that broken, short of replacing the defective–not something you want to tell someone after they’ve just plunked down $400 for that self same defective. Now, I’m that customer. And Bell Canada gets to play the part of Microsoft.

I do all manner of geeky–and sometimes freaky–things from behind this network. Including helping May with setting up and administering an FTP server. Sometimes, it involves extreme amounts of stress testing. And sometimes, it just involves a simple hey, can someone from outside this network access $service on $port, or do I need to smack me a modem? Up until a few days ago, that was a simple process if you were me. Or, hell, if you were May, who’d tell you herself she’s not quite as technical-minded as I am but she’s kind of busy catching up on posting to her site at the moment. All either May or Myself had to do was pull up a chair and connect. Well, more or less. From behind the network, we could still pull up the external hostname, bounce to it from inside the network, and have it route the connection back to the network on the appropriate port. So basicly, it’s like picking up the landline and dialing your own phone number rather than *98 (or whatever your US equivalent is), and seeing if your voicemail picks up. At some point last week, though, Bell decided to turn off that ability.

I have no idea what the hell they changed, but they apparently pushed an update to the modem we’re using–we’re using Bell’s “Connection Hub”, if you’re curious–that pretty much broke standard networking. Now, if I’m sitting at the machine I’m using right now, behind an otherwise fully functional network, and I try to pull up a service I know is working as expected, I get nowhere. Or, rather, I get somewhere–it still tries to connect to the external hostname. It just times out, as opposed to connecting. Going back to the comparison from earlier, it’s like calling your own phone number, knowing you should be hearing your voicemail, and instead the phone just keeps ringing.

Thinking the modem just developed amnesia–they do that sometimes, I go in and have a look. Sure enough, it ate the settings I’d whipped up to actually allow the public to access things from outside this network. I’d seen this once or twice so was actually kind of expecting a whole other set of issues–amnesia of that variety is usually asign you’ll be soon replacing your modem. So while reimplementing the settings that let things be visible to the greater internet, I was internally preparing to have that conversation with both my ISP and my girlfriend. And only really not looking forward to one of those conversations. so I reminded the modem that yes, in fact, this is a friendly thing, and please to be letting John Q User play with it thanks much. And then I hoped like hell the damn thing wouldn’t forget me 10 minutes after I left the room. I tried connecting externally again, same result. Then we lost internet briefly. Well hell. Here comes 2008 all over again, it looked like. Still, when we came up, I smacked the reboot option–just to cover my ass. And because, hey, if it was 2008 all over again, we’d already lost our settings so what was I hurting? Another reconnection later, and I figure okay, let’s play find the server. Again, dialing my own phone number, expecting to hear my own voicemail, and instead hearing ring ring. Not cool, network. And not the standard performance, either.

Still suspecting the modem might be on its way out, I check again. Nope, all of our settings are there. The modem’s just being a Microsoft product (*). What the blue? So fine. I have access to a server that’s well beyond this network–hint: WTN’s sitting on it. So let’s go see if the service is even visible. Connect to the server, fire up two different FTP clients. Connect from the server, back to the network, to May’s FTP server–the thing I couldn’t reach by the external hostname from the local machine. Doesn’t it work like there’s nothing wrong in the slightest. I can connect, do what I do, then bail. No problem. Alright, next test. C’mere, CanYouSeeMe. Do we exist, at this IP address, and on this port? We do? And you say that more than once? Awesome. So John Q User can play with the thing after all. We just can’t bounce off the hostname anymore. Cute. So why the hell not, and can we fix it?

As it turns out, I don’t actually have an answer for that first question–I’m guessing Bell pushed out an update, but as locked down as that modem is (hint: Google doesn’t turn up any super nifty administrative access levels, a la the modem we had at the old apartment through Rogers), that’s just a guess over here–though that would be the only reason for the modem’s temporary bout of amnesia, assuming it’s not trying to warn us it’s going to fail tomorrow. As to the second question? After about 15 minutes poking around in the thing, it looks as though that has potentially no written all over it. Actually, poking around inside this modem tells me you can’t actually fix, or turn off, much over here–enter breakage the second.

The modem they gave us when we signed up for internets is one of those router combos. Because of the speeds we’re getting and the fact it’s fiber, this is kind of the only modem we can get from Bell–and I’ve not found an equivalent outside of Bell that I can be reasonably confident won’t crap itself in 6 months just on account of the connection expecting too much from the hardware. But so far as router combos go, even the ones provided by the ISP, the thing’s crippled. Problem the first: no bridge mode. As in, at all. At least, not in the sense that you can tell the modem to just be a dumb modem and hook up your own damn router. You can turn off DHCP and wireless access, but that’s about as far as it goes. Why? Part of it’s because, stupidly in my honest, Bell uses this exact same modem for its TV service–not much use to us at the moment, but a trivia type thing I found while poking. So, truely bridge mode would break that in several interesting and not so fun ways. That also means I can’t bypass Bell’s breakage and go buy me a new router–too bad, too, as there are several that’d do the trick quite nicely. But the modem would still be handling the trafick from the router, and playing cop where necessary–or rather, where Bell thinks it necessary, thus defeating the entire purpose of a second, better, more stable router. And problem the second: What access Bell gives you to this modem is, well, basic at best. You can configure wireless network settings, open whatever ports you need (see above for situations wherein that might not be practical), and set up management for dynamic DNS in the event you don’t want to have to fight with a client for doing exactly that (I don’t, personally). And that, right there, is about the extent of your access. Add an exception to the firewall so the router doesn’t block your mystery packet transfer? Not happening. Set it up so specific services aren’t available during certain times of day, or days of week? Not happening.

Rather than having the option of becoming a dumb modem, Bell handed us a dumb router. Then they broke it with an update. Awesome, yeah? And between the two of them, my brain suffered two very significant meltdowns. And I still don’t get to just say screw it and run my own damn router.

(*): The comparison may or may not have had a small something to do with the fact I just got done fighting with Outlook. Maybe. Or was that this morning? Oh well.

Update:

I’m not crazy! This caught someone else too, or at least one other someone else, pushing me just a little bit further towards the theory an update broke it. Awesome job, Microbell. Now when do ya get to fix me?

If you use Network Solutions to host your domain names, here’s a very good reason to stop.

Network Solutions hasn’t been in my top 20 places to send people for geek things for a few years–largely because every so often, they break something so significantly that it tries very hard to take out good portions of the internet. But now, the company’s got themselves in my top 10 places to talk people out of running with. And it’s all because somebody over there decided to fail business 101.

In the website hosting business, there’s two things you need to look after. Paying for your hosting, and unless it’s included (which is more common now than it used to be), paying for your domain name–so people can actually get to where you’ve hosted your site. domain names are usually payd for from anywhere from 1 to as many as 10 years at a time, whereas your hosting package is usually monthly. Here’s the thing, though. Let’s say you’ve got yourself 3 or 4 domain names you’ve registered for this or that project you’re working on. Or, if you’re like me, you’ve got people running their websites off your space and don’t want to be bothered maintaining their own domain names–enter the geek with nothing better to do. So you set up the site, you pick out your domain name, you plop down the usually $10-$20 per year depending on the company and type of domain name, and you pretty much forget it exists until the bill for the next 1, 2, 5 or whatever years comes due. But let’s say, just for the sake of keeping with our hypothetical situation here, you’ve finished your project, or you’ve simply decided to move your personal website to a domain that’s, well, more personal. Either way, you no longer have a use for the domain name, even if you can’t really officially lose it until the registration expires. So it sits there, and you go on about your business–it’ll expire and be done with when it’s done with, right? Wrong. Well, if you’re with Network Solutions, anyway.

Most domain name registrars–the people who actually keep a record of your domain name, who it belongs to, and where you’ve told it to point to–will warn you when your domain’s coming due–the registrar I use (find a nifty little plug for them later in the post) starts poking me about 3 months before the domain expires with a little “Hey bud? You’ve got this thing over here.”. In fact, that reminds me–I need to pay for this domain here shortly, but anyway. Even the ones who let you tell them yes, it’s perfectly okay to automatically renew the registration of those domains (my previous web host let me do that) will still shove warnings under your nose, just in case you’re not using the thing anymore, and/or it completely slipped your mind you’ve registered the domain. Network Solutions? They’ll just bill you. There’s no notification of any kind, no warning, and apparently no off switch for automatic renewal. You just wake up one morning, go scroll your creditcard statement to make sure your monthly subscription to Dropbox went through–you *are* on Dropbox, right?–and wham. Oh, hi, Network Solutions. Fancy meeting you here. It’s more than a little dodgey, and sadly they’re not the only company who does things exactly like that–they’re just the first registrar I’ve heard of doing it. And I’m reminded why automatic access to bank accounts, creditcards, what have you for the most part sends me in the other direction–but that’s another entry for another topic on another day.

If you’re using Network Solutions for anything web or other such geek stuff related, give serious thought to maybe not. And if you’re still not entirely sure, rethink it. Then, pack up what you have, and send your domain names in this direction. I separated my domain’s registration from its hosting a bit over a year ago–which worked out, since the hosting I was using fell through, and I haven’t looked back. I’ve been with my current registrar pretty much problem free since. And yes, I’m pretty sure tomorrow, I’ll be staring at another warning from them that a domain I’m holding onto will expire in 2 weeks–and they won’t sneak it on my creditcard bill. But regardless who you have your domain registered through, it might not aughta be Network Solutions. At least not if you don’t like surprises.

Thanks goes to May for pointing me at this. And much thanks goes to Network Solutions, who once again shows any aspiring business person what exactly not to do. Keep that up and I’ll have to make you your very own category, guys.

Rumour has it Network Solutions offeres hosting as well. If you know anyone hosted through them, feel free to have them get in touch. I’ll help them shuffle domain names around–and, hey, maybe even provide them with a little hosting space. It’s not like I don’t have the room.

Geek stats. Because trivial geek is trivial.

I recently did some tweeking to the server on which this and a couple other sites run. Specificly, I tossed a second hard drive in for the sole purpose of–hey, I likes me some extra space, kay? It had the side benefit of being able to pretend I’m an actual, honest to goodness, proper system administrator. Or maybe it just gave me the extra room to exercise common sense–you be the judge. In so doing, I learned two things about me and my users.

Thing 1: my users don’t actually use much. I’ve probably got the most space going, and that’s at well under a hundred gigs. All told, user data, OS data and miscellanious crap I haven’t gotten rid of data comes to about 5% of the actual primary drive’s available space. Hot damn, I said. Then I looked at where I put my backups.

Thing 2: Holy Christ–backups much? Both drives on the server are 2 TB. So basicly, they’re both smaller than the external HD I’ll be glomming on to when funds come in shortly. I mentioned how much of that space the actual userspace takes up. The backups of said userspace? 55% of the second drive. Yes, nearly 1 TB of the second drive’s 2 TB is backups. As opposed to about 86 GB of the primary’s 2 TB actually being used. Paranoid sysadmin is paranoid, perhaps? I mean, drive failures aren’t entirely common, but hell, should one mysteriously decide to show up and say hi, I’d likely be offline for all of an hour–not counting how long it takes folks to get around to replacing drives. Not bad for a mostly improvized server job, yeah?

Short version: I likes backups. Apparently, way too much. Also tiny users. I have that much diskspace why, again? Oh, right–I have uses. Just uses. Stop asking.

So. Anyone want hosting? I’ve got the room.

The basics of what Twitter ate, and how to work around it.

I still live on Twitter, even if they occasionally go and break their API without warning. Which is kind of what happened yesterday. Users of a few different clients ran into an issue where they could receive tweets, mentions and DM’s all the day long. Posting? Different story. Twitter threw back a 411 error–which, just for the record, does not mean what Twitter would like to think it means. I’ll let you know what that is when Twitter lets me know. No one has any idea just yet how to fix it. But like that’s stopped me. So late-ish last night, I put together a vaguely quick attempt at fixing the issue. It involves an entirely different–and yes, supremely simple to use–program and, for those who need it, support files for the screenreader I use. You can download the zip archive of both the program and the scripts for JAWS for Windows from over here. Instructions on how to use the program from the perspective of a visually impaired person are right this way. If there’s a question that isn’t answered here, feel free to come find me, and I’ll see what I can do. In the meantime, happy breaky day!

Hey Apple? Stop shrinking the SIM already.

Apple has this thing about not playing well with others. It started with the software, then slowly graduated to the hardware. Now, they’ve gone and shrunk the SIM. Again. They invented the micro-SIM. that thing made aranging to make use of phone service, you know, outside of my carrier, a little fun. and now with the iPhone 5–yet another reason not to upgrade to the iPhone 5 just yet, they’ve gone nano-SIM. which means, you guessed it, if you want to even keep the SIM from your old iPhone, you’ll need to do some trimming. And grabbing a SIM from another carrier if you’re, oh we’ll say, hiding out in the states for a few weeks? Yeah, no. Some carriers may not even get the nano-SIM for a few months–especially if they don’t actually sell the iPhone. I get it, Apple–you don’t like to play nice. But really. Enough with the SIM shrinkage. Damn thing’s hard enough not to lose when half awake at half past dark.

Alibi3col theme by Themocracy

© 2006-2014 by me. All Rights Reserved. Failure to comply will be met with an angry stare. -- Copyright notice by Blog Copyright

mapes_trang
starting-blast landlocked