Category: tech stuff

The easy as pie CPanel WebFaction migration guide.

for reasons of plenty, I’ve had to end up switching hosting away from the server I won’t be running for much longer. The host I picked, I did largely based on the fact they advertise themselves as being a host for developers–which, for me, translates as a host for geeks. And so far, it looks that way.

I’m coming from a vantagepoint of having full access to my server, so that was something to get used to. But WebFaction, my new host, pretty much lets me do most of what I could do on my own server with a minimal amount of problem–at least so far. The getting set up was a lot easier than I expected, and I expected it to be fairly simple to begin with.

A little background. My server runs cPanel, largely because some of the folks I host aren’t as technically minded as I am, so if they want to make themselves a brand new email address at 4:00 AM, I want to let them. The down side of that, of course, is CPanel likes to get in the way of most skilled sysadmins. I’ve learned to work around it for the most part, and push it out of my way where I can’t, but generally speaking I always hear of it being a fight to accomplish some complex task mostly because the folks at CPanel have a different idea of how things ought to be laid out than, well, most normal people. That said, it’s mostly working around CPanel’s general assumptions that makes migrating to any host in general, and WebFaction in particular, a little bit of a trick. If you’re used to it, then it’s a non-issue in about 5 seconds. If you’re not a sysadmin, then it gets even more fun–but I can probably help you work around that if you’re reading this.

The bulk of the steps will be carried out in your new host’s control panel of choice–WebFaction has a very nice one that takes a bit of getting used to largely on account of they have a different concept of how websites come together than most people are used to, but the basic principles should be relatively translateable. And if you’re considering WebFaction, their support times are trying very hard to compete with mine when I’m awake–no support request I’ve put in has been left longer than an hour.

When I moved May and I over, the steps were almost entirely the same–except, of course, that mine were a bit more involved on account of I’m also running the DNS infrastructure for the server I’m soon to be shutting down. Moving us over went largely like this:

  • Create the necessary platforms on the new host:
    • For May, that’s a couple domain names, a database, a couple email addresses.
    • Me was a couple domain names, a few databases, a few legacy subdomains, and all the necessary pointers to the old server so other people I’m hosting over there don’t break–and also because I haven’t yet migrated my mailing list over yet. Oops.
    • So the new host knows of, and related infrastructure before it even needs to be forced to use it.
  • Back up the necessary databases from the CPanel server
    • Log in to the CPanel box with SSH, if you have SSH access, and: mysqldump -u username -p database > database.sql
    • Where username is the login name you use to access the database (hint: check the relevant config files for, for example, WordPress to find it), and database is the MySQL DB you’re wanting to back up (again, check the relevant configuration files). This puts a copy of the database as it is right now in the root of your home directory–or in whichever directory you’re sitting in, if not that. It will ask you for your database password, at which point again, check your configuration files if you don’t know it.
  • FTP (or, preferably, SFTP) the .sql file from old host to new–for this, I use WinSCP, simply because I can connect to both old and new at once and tell the thing to pull from one and push to the other. And, well, since I’m lazy, that’s exactly what I do.
  • Depending on the size of your database(s), you’ll have time while they move to go back to your new host’s control panel and create the new databases if you didn’t already do that. You can create the user(s) for them as well, which helps. WebFaction is pretty flexible with DB names, which also means you can probably have the same database name, username and password you had on CPanel, which ought to prevent breakage. I didn’t take that route, but that was for largely OCD reasons.
  • Your database transfer should be done now. Taking the info you used to create your databases on your new host, SSH into your server (WebFaction provides you SSH access by default) and then:
    • mysql -u username -p database < database.sql
    • where username is the username you picked for your new database, and database is of course the new database name. Again, it will ask you for your password–give it the one you set for the new database, not the one from your old host, unless of course they’re exactly the same, or things will break. It’ll take a second or two, but then the contents of database.sql will appear in your new database.
      • Note: WebFaction runs its database server on the same server as your web stuff, which is defined by localhost. MySQL uses this by default, so this command will work. If you’re on another host, like for example DreamHost, they let you create a database hostname to reach a separate, shared MySQL server. To import your database into that, you’ll want: mysql -h -u username -p database
  • We’re at a pause point here, as we can’t migrate any farther until we finish setting our infrastructure up on the new host. Right now, your new host knows your domain name exists, but doesn’t know what you’re planning to do with it.
  • On WebFaction, they divide the concept of web hosting into 3 categories–domains, such as, which let you host your email and generally just point to the server, applications, which are what actually serves up your web content (think WordPress, or your forum software of choice), and websites, which essentially connect applications to domain names–so you can tell, for example, to pull its content from the myblog application.
  • On other hosts, generally speaking as soon as you create a “website account”, or “web hosting account”, it gives you space on a server and doesn’t much care what you put in that space. WF tries to customize its environment for the application you’re running, if it can get away with it.
  • Either way, you’ll want to create that space now. On WF, create a static/CGI/PHP application if you’re running, say, WordPress. You could, if you felt like being creative, just create their standard WordPress application, but WF automaticly hands you a database with it then and generally makes more work for you in the long run, but that’s an option.
  • Connect the newly created application to your previously migrated domain name using a website record.
  • Now, return to your FTP client. Connect to your old host and download everything in the public_html folder of your account–that’s where CPanel stores pretty much all website data. Optionally, if your client supports it, tell it to upload it to webapps/appname on your new host, where appname is the name of the application you created above–you did create one, didn’t you?
  • Depending on how much you have up there, it could take a while–mine took a couple hours overall. Now is a perfect time to double check things, then do some preliminary testing. Some web hosts give you a subdomain you can use to test things before they go live. In WebFaction’s case, you get a subdomain in the form of, where panelusername is the username you use to log in to your control panel. Configure the website you created above to accept connections from both your domain name and, or your new host’s equivalent if not WebFaction. That way, you can access your web content before you actually switch your domain over.
  • Tripple check you’ve created all the email addresses you need while you’re in the panel. Once you change over your name servers, which is the second last step–and last step you’ll actually be able to perform by yourself, any email addresses you’ve neglected to create will stop working on account of they don’t exist on the new server, and you’ve told everyone to forget about the old one.
  • Now is the waiting game. depending on how long it takes for your content to be transferred, I’d advise you grab a coffee or several.
  • When that’s done, and before doing anything else, pull up your webfactional subdomain in a web browser. Make sure there are no errors or anything of the sort–if there, you’ll need to edit configuration files. Most commonly, the error you’ll see is related to databases. Replace all the database info in the affected configuration files with the info from the database you just created, and those problems should solve themselves.
  • Once you have everything working on the webfactional domain name, and are sure everything is set up for when you bring your actual domain name over, it’s time to make the switch. Contact your domain registrar, provided it’s not the same as your old host, and change your nameservers to be the following:
  • <

  • If your domain registrar is your old host, I’d recommend you transfer it first–I’ve had very good luck with Misk for all things domain. Then make the changes listed above.
  • And that’s all you can do on your end. Now, everyone else needs to catch up with you. It should take about 24 hours or so for everyone to realize you’ve moved–so don’t go cancelling anything on your old host just yet. Once the nameserver changes have updated globally, then you’re safe to cancel things. And at that point, you’re hopefully successfully migrated away from CPanel to wherever your new host is hanging.

I had a few more specialised tasks running, such as a Cron job for scraping the various RSS feeds I read, but those I pretty much scattered in amongst the larger tasks that required waiting for. And now, this site and everything that goes with it lives on a shiny new web server I’m not directly maintaining. If you’re hosted on the server I do maintain, you shouldn’t feel a thing.

Switching out really is that simple if you know exactly where to look. And if you’re lost at any point, Google is your friend–and so are the comments. Now, let’s go see if I need to finish breaking anything else on my new host before I get too comfortable.

Bank of Montreal learns the gentle way why default passwords are bad for you.

This post could have also been titled: BMO is not smarter than a ninth-grader.

It will probably surprise all of no one that there’s at least one version of your typical ATM’s user manual floating around the internets. It’ll probably also surprise all of no one that–at least as of last check–a lot of them are still running Windows XP, which presents its own security issues by itself. So fast forward to the year of the adventurous teen, and what you run up against is exactly the kind of thing that would land you in federal jail on the wrong side of the border.

Matthew Hewlett and Caleb Turon were bored on a lunch break. And, as anyone who knows kids can probably figure out, lunchtime boredom plus access to the internet equals this can only end badly. In this case, it ended with a copy of an ATM user manual. So, the kids did what kids do best–they decided, hey, I wonder if any of this junk actually works. So they show up at a grocery store with a Bank of Montreal ATM, flip open their copy of the manual, and start testing things. They manage to bypass the standard program John Q. Customer sees when he wants to yoink money from the machine, and get into the actual machine OS. Well, or rather, they get to the point where the machine asks them for the OS password.

Now, if these guys are security conscious, the story ends here. They probably guess at a couple different passwords, get told to buz off, and away they go back to class with nothing having been upset. But that would be boring, and if there’s anything I’ve learned it’s that major corporations don’t do boring very well. In this case, major corporations also don’t do security very well.

The manual had a list of possible default passwords for the machine. The kids, because hey, they got this far, decided it’d be fun to just cruise on down the list. And wouldn’t you know, on that list of default passwords would be–surprise surprise–the very one that gave them access.

“We thought it would be fun to try it, but we were not expecting it to work,” Hewlett told the Winnipeg Sun. “When it did, it asked for a password.”

They managed to crack the password on the first try, a result of BMO’s machine using one of the factory default passwords that had apparently never been changed.

They took this information to a nearby BMO branch, where staff were at first skeptical of what the two high-schoolers were telling them. Hewlett and Turon headed back to the Safeway to get proof, coming back with printouts from the ATM that clearly showed the machine had been compromised.

The teens even changed the machine’s greeting from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.”

Give BMO credit, though–this could have ended a lot worse than it actually did. Rather than, say, jump the gun and haul both kids before a judge (I’m looking directly at you, about 95% of US corporations), they did the smart thing–though perhaps not as smart as, say, changing that damned default password.

The BMO branch manager called security to follow up on what the teenagers had found, and even wrote them a note to take back to school as explanation for why they were late getting back to class.

According to the Sun, the note started with: “Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security.”

BMO has apparently learned from a couple 14-year-olds exactly how important being allergic to default passwords actually is. And from the looks of things, they may or may not have actually done something useful with it–at least one would hope, since given people know this kind of thing’s out there, it’s only a matter of time.

So if your local geek, geek for hire, or tech support employee is standing in the room glaring daggers at either you or your computer monitor while potentially contemplating the quickest way of separating you from your career without getting his hands dirty, stop for 5 seconds and think. “Did I change that standard issue password?” Because odds are pretty freaking good one of you already knows.

Why I will be a #Uber convert for as long as they’ll let me.

It’s a way too familiar story if you live pretty much anywhere. Your options for getting from A to B if you don’t feel like driving are limited to friends with cars, public transportation, or a handful of taxi companies who all charge very similar prices, take way too damn long to get to you, may or may not actually know where you are or where you’re going, and definitely don’t speak proper English. If you live in Ottawa, at least, you have the “advantage” of those same taxi companies working out of the same central office where the same half-awake souls may or may not properly take and pass along your request for a ride. And pretty much no one, without a significant amount of arm twisting, can or will tell you where the hell your ride is when it’s been an hour and a half after they told you 15 minutes. Uber takes all that headache and makes it run away.

My favourite Uber story to this day is still from the early days with the company. May and I were going out for an evening, just because–well, let’s be honest–we were due. Our first instinct was to call for a taxi. Uber was still new, and though we’d used them before we hadn’t entirely settled on them yet. So we called our cab, got the standard 5-15 minutes and it’ll be here. Awesome. Cool our heels for 15 minutes or so, we’ll be on our way. Out of curiosity, we popped up the Uber app. The app told us there was a driver sitting 4 minutes away from our house. Just for background, 4 minutes away could be just down the street for all we know–there’s a shopping mall that’d be maybe a 5 minute drive from our house if I feel like exaggerating.

Half an hour passes. No cab. We call to check. “Oh, it’ll be just another 5 minutes. He’s on the way.” Another 15 passes. Another phone call. Still on the way. In all, an hour and 15 minutes pass–no cab. That Uber driver’s still 4 minutes away. My next phone call to the taxi company is to cancel the ride. We went with Uber instead–both to where we were going, and back. And what I found was amazingly surprising.

Not only did the ride cost significantly less than a traditional taxi, but the app wasn’t kidding. When the thing says 4 minutes away, you’d best be putting your shoes on and grabbing your keys, because he’s out front in approximately 4 minutes. The driver knew exactly where he was going. There was proper freaking English. And the icing on the cake: I didn’t have to whip out my user manual for taxi drivers. We call that epic win in my book.

And this right here is exactly why I will stick to being a Uber convert for as long as it sticks around. If they don’t collapse, and if Ottawa doesn’t force them to implode, the local cab company is going to be hurting for my business–unless, of course, they can compete with Uber on at least price. However, since that’s not exactly happening…

In which I actually learn things. Who knew?

This thing’s due for an update. I have a couple minutes free in class. Therefore, update. And it’s a something.

Last week, I officially started what I term my geek training. 6 eternities and a forever later, I walked into the first class of a computer systems technician program at Algonquin College. And in that first week and a half, I actually learned something useful–including a couple different keyboard shortcuts for Linux I didn’t actually know existed. Considering how much time I spend in Linux, that’s a something on its own.

The thing I think I’m going to absolutely adore about this program, though, is it’s almost entirely hands-on. For instance: I’m sitting in a Windows course right now. There’s a theory component to it, which is why I’m sitting here writing this (it helps that he’s talking about things I already know), but then there’s a hands-on, lab component to it–where I get to install Windows in a VM, play with it, break it, and generally prove I know how to do the things we just talked about in theory. The same thing applies for the course I’m taking on Linux–which falls right into part of where I want to be anyway, so that works. Our theory classes, plus our lab work, involves connecting to a Linux server on campus–the server runs an instance of Ubuntu, if you’re curious what I get to play with a couple times a week.

That was a problem, I think, in school environments I was in before–my first run at college, and then the upgrading I did last year to get into this program. That was almost all theory, so you had people going on and on about junk and you just got to sit there, kick back, listen and try your damnedest not to fall asleep. Now, they let me play. And they test me on what I’m playing with–so I break all the things, fix all the things, and get graded on it. Only thing it’s missing is getting paid for it. But, I’ll take it. And now, I suppose I ought get back to paying attention to this professor’s droning…

There will be a better entry eventually. But hey, first time since October. Work with me some. College geek is in college.

More posts by email things.

So a way back when, I found something that sort of did the trick for receiving posts by email. Mostly, except not really. It sent you your posts by email, but you got one email with anywhere from one to who knows how many posts depending on how active I decided to be when posting. I’d experimented with ways to solve that problem before, one of those ways being what lead to me needing to rebuild this website (more on that in another, later entry), but they ended up not quite being what I was looking for. Welp, problem solved.

As of shortly before the actual rebuild process for this place finished, when you decide to sign up for posts by email, you’ll be given the choice. Get one email per day containing however many posts I toss this way during that day, or let the system email you every time I post something new and vaguely useless. It may very well end up being that the individual emails prove slightly more popular–I hardly do the 5000 posts per day thing these days, plus it may be moderately easier to actually make changes if I need to. But for now, both options are there, and both options are still working.

for my next trick: further twitter integration. Because hey, all the cool kids are doing it.

Rock bottom: charging $27 to install free software.

My former employer gets a little loopier every few months, I’m pretty sure. This time, the loopy shows up in the UK, in the form of a nearly $30 charge to install Firefox on some of their business level machines. Now, I’m not above charging someone for basic services–I used to willingly charge people for virus removal, and that became second nature to me after about 6 months. But the difference there is they called me, and their machine really needed help. This is a configuration option the customer had access to when purchasing their new machine. They don’t do such fullishness anymore, but yeah, I can see that maybe creating an issue or five down the road. Guys, you’re losing it…

Once more with feeling: Default passwords are bad. Not kidding.

If you’ve been reading this thing for any amount of time, you’ll probably notice I tend to come up with all manner of very strongly worded opinions. Particularly in the neighbourhood of geek things. Like, for instance, when it comes to folks who set up a piece of hardware–like, say, a router, or a server–and decide to leave the default password in place. So your state-of-the-art Lynksys router, which you’ve had for all of 24 hours, has become a hot spot for the local script kiddy and the mass amount of software he’s employing even as I’m writing this so he can expand his porn collection–and all because, well, you didn’t follow the first rule of basic security. Change the goddamn password. That goes double if you run a website for a school district, and its default login credentials are, uh, well, only slightly above no login credentials at all.

A Texas school district is learning the hard way about website security basics. If you’d like to keep your site from being compromised, the very least you can do is reset the default login. According to a post at Hackforums, the Round Rock Independent School District of Austin, TX was using the following name and password for its admin account. (h/t to Techdirt reader Vidiot)

hacked – idiots used default login/pass

u; admin
p; admin1

Needless to say I’m not exactly world’s most qualified hacker, and if it were me on the delivering end of all of that, I figure it’d take me about a minute to gain access. Provided I was 1: doing it manually and 2: not trying very hard. I’m going to go out on a bit of a limb, here, and disprove the theory that you get what you paid for. Whatever the school district paid the folks what set up and apparently didn’t maintain the website, I’m making the offfer right here–not, you know, that I figure it’ll go anywhere, but hey. Take the amount that supposed third-party company brought in. Divide it by 2. Now, write me a check for that amount. Stick it in the mail. Upon receipt, I’ll hand you a website infinitely more secure/stable than that hot mess. No? Well, I tried. In the meantime, for the love of all things holely somebody please provide SharpSchool with a better selection of passwords. Because clearly, they’ve got approximately nothing.

System administration. Because the vodka industry needs some love, too.

Warning: the below post is probably long, and definitely geeky. You’ve been warned.

I’ve had this blog and several others hosted on a server I run and pay for since around the neighbourhood of 2010 or 2011. Naturally, this means I go beyond the whole finding random things to post about idea and dip into the territory of the sysadmin. Awesome, insofar as experience goes–not, mind, that said experience gets me any closer to being employed, but you’ll have that. But the more I play around with it, the more I think it gets me ready/comfortable with the idea of actually doing something like this and getting paid for it. Besides, I like a challenge.

So I’ve been running this particular server since August of 2012, or thereabouts. And in that time, yeah there’s been just a tiny little bit of broken here and there. But I usually had some warning or could guess that, hey, what I’m about to do will very likely end in spectacular fashion with me spending the next week and a half picking the pieces off my floor. This time, not so very much.

I maintain a small platform where I can stick random bits of info, like documentation for things I’ve figured out about otherwise less than stellarly documented programs. Or, you know, random things that just might turn out to be useful to me a year and a half later. That platform is powered by MediaWiki, who’s probably best known for being the thing used by Wikipedia. So you know, it’s been poked at, prodded at, tested the hell out of, and generally considered stable enough. Well, that or Wikipedia is partially owned by MediaWiki, but hey whichever. So I figure, why not? It’s scaleable, so my small little documentation platform oughta be no sweat. Which is largely true, until it breaks.

I’d never actually bothered digging into the code, if I’m being honest. I figure eventually I’ll get to it, then things happen, and it doesn’t really get gotten to. You know the deal. Fixing the broken, though, necessitated a quick little dig through the surface layer of code. The bright side: now I know why it’s relatively light on database usage. Can I trade, now?

Here’s a little bit of a primer, if you’re one of those folks who’re on the border of techy but not quite ready to slide across it yet. Most software, like wordPress for instance, pretty much leans on whatever database you’ve set up for it. Everything hits the database, no questions asked. Unless you run some kind of a caching plugin (I do), even the basic trying to access the website hits the database. Database goes down, site goes down. MediaWiki does that, to a point, but there are enough layers between the database and you that it’s not entirely obvious. One of those layers is the extensive use of regular expressions for damn near everything. Almost nothing in the software is actually pulled from the database after, perhaps, the first initial load. Exceptions might be made for things like menus, but that might also be stored in the code itself somewhere and I just haven’t bothered finding it yet. But everything else, like for instance the actual page content? Cached somewhere on disk, then hit with a regular expression. Awesome, in theory. Works perfectly, again also in theory. Until theory goes out the window and they release a server software update that pretty much breaks the place. I applied that server update. Had no idea anything was broken–because barely anyone uses what I’ve set MediaWiki up for, and nothing else went sideways. So all was right in the world. Until my documentation actually needed to be flexed.

In fixing the broken, I learned exactly two things, real quick. Thing the first: Even on non-Windows systems, updates still break pretty–I knew that already, but it’s occasionally nice to have that confirmed once in a while. Especially when you know a few people who’ll gladly insist they’ve never had an update problem with $OtherSystem like they’ve always had with Windows. And thing the second: If you release an update to a pretty significant piece of software that breaks compatibility in new, interesting and creative ways, and pretty much no one sees it coming, you’re doing it wrong.

Let the record reflect I still love the sysadmin gig. Let the record also reflect I’d still love to be paid for the sysadmin gig. But I’m kind of wondering now how many paid sysadmins are sitting in an office wishing they could fire themselves a developer. Other people’s broken is never a fun thing to come home to. Now, I speak from experience.

The only Heartbleed left now is the NSA.

So pretty much everything exploded this week. If you were paying attention, you were probably warned not to go near things like your online banking site, or pretty damn near anything that advertises itself as having a secure connection. This is because of a pretty lethal bug in the software that provides that secure connection, in several cases, that pretty well rendered your secure connection worse than no security at all. There’s a pretty nice, if a little technical, explanation for it written up by the guys I’m paying for the use of this server, but the cliff notes version is the hole’s a few years old, and can provide someone who knows what they’re doing with access to pretty much any information stored in the memory of a server with the buggy software. So if someone knew how to take advantage of that security hole, they could potentially have access to usernames, passwords, creditcard numbers–basicly anything that happened to be in that server’s memory at the time.

There’s an updated version of that software in the wild now that plugs this security hole (note: not that anything on the server uses secure connections at the moment but I’m running that updated software now anyway), so as people get around to applying it that should be much less of a holy hell what in creation have I done kind of problem. Which is awesome, for guys like you and me. A little less awesome, though, for guys like the NSA.

The internet is still reeling from the discovery of the Heartbleed bug, and yesterday we wondered if the NSA knew about it and for how long. Today, Bloomberg is reporting that the agency did indeed know about Heartbleed for at least the past two years, and made regular use of it to obtain passwords and data.

While it’s not news that the NSA hunts down and utilizes vulnerabilities like this, the extreme nature of Heartbleed is going to draw more scrutiny to the practice than ever before. As others have noted, failing to reveal the bug so it could be fixed is contrary to at least part of the agency’s supposed mission:

Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute, a Bethesda, Maryland-based cyber-security training organization.

“If you combine the two into one government agency, which mission wins?” asked Pescatore, who formerly worked in security for the NSA and the U.S. Secret Service. “Invariably when this has happened over time, the offensive mission wins.”

So when the smoke clears, the NSA will have at least a little bit less access to John Q. User’s data–at least until they end up mandating another hole in some other layer of security software. But until then, it looks like the fine folks at stalker central will end up being the only ones dealing with a case of heartbleed when it’s all done and dusted. Now if it was only that easy to switch off the exploits they helped introduce.

How I ended up firing Windows XP.

So for anyone who happens to be paying attention, april 7th is XP dies a death day. Microsoft has decided after what’s probably shot past the 10 year mark to drop support for the OS. Which, escentially, means if you’re still running that version of Windows, you’ve just officially volunteered your machine to play host to all manner of new and interesting malware creations–you have probably also had your spamming ass slammed by my oversensitive firewall, but that’s another story. Because it’s me, and because I never turn down an excuse to see how far I can stretch things until they break, my finally tossing XP wasn’t entirely a conscious “this needs to happen” type decision.

I’ll freely admit I put off switching operating systems until almost the last minute. Largely it was lazyness–I have a crap ton and a half of stuff that needs moved from one OS to the next, and when the thought crossed my mind initially I was in the process of throwing together a multiple-part archive of pretty much all of it so the machine I was using at the time could be wiped for the upgrade. But other parts included things like I wasn’t entirely sure I wouldn’t be replacing the machine I was using a ways down the road, or I couldn’t 100% guarantee Windows 7, which is where I was planning to migrate to, would run on that machine–I figured it would, because the thing originally shipped with Vista, but Vista was also 7 years ago so that wasn’t exactly a very stable benchmark either. So I was alternating between holding out until I could find a new machine, and doing the occasional bit of digging to see if my machine would collapse under the OS or not.

Things kind of happened in fairly short order after that. Plans developed that saw May getting herself a new machine, so the Windows system she was using–which at the time ran Windows 8 (don’t get me started)–sort of stopped having any actual use. My machine had started showing its age, and there was a point that I actually wasn’t entirely sure it’d last long enough for me to do what needed doing with it to keep my various crap from falling into system failure oblivion. Fine time for me to start experimenting with new backup systems, right? So I played around with that (that’s another entry), and managed to get things to a point where if the system spontaneously caught fire it wouldn’t do anything more than torch my corner of the office. Which, okay, would have sucked royally, but my stuff was safe.

Okay. So that’s one headache down. Now I was comfortable enough that if the system decided to fry every circuit going, or if Microsoft decided to change their mind, pull support early and launch an update that escentially disabled every system in the place still running that OS, I wasn’t gonna be hurting too horribly bad. That made the next steps very nearly natural. Since May’s new machine was here and set up, May’s Windows machine became my Windows machine. Since I will never willingly use a Windows 8 machine for anything other than something new to put Windows 7 on, my next project became wipe the machine, and toss on an OS that doesn’t make me want to consider buying stock in migraine medication. I spent the next couple days manually rebuilding the machine, including hunting up wireless network drivers that I could have swore Windows 7 had built in when we bought that damn card. Then it was take a better part of the next week or so downloading and restoring the backup from the old machine, and my eventual turned emergency OS swap ended up happening with only the removal of a couple strands of hair.

And for the last couple months or so, well before Microsoft flipped the switch what turns all your XP into hacker heaven–yes, this apparently may or may not include most ATM’s, I fired XP and haven’t looked back. I may kick myself for it in 6 months when I go looking for something I knew I had on the old machine and poof, it forgets to exist, but you’ll have that. And in future, I do believe I’ll start the upgrade process well in advance of potential catastrophic implosions. On the other hand, that was kinda fun. Perhaps I’ll do it again…

In which tech failures happen in 3’s.

Things have a tendency of getting all kinds of eventful up in here. Particularly when they don’t *really* need to be. If it’s not family making, breaking, remaking, switching up and then completely forgetting about plans in the span of 5 minutes, or things bouncing in just about every direction except the one you want them to go on the education front, it’s technology conspiring to do all manner of screwing with your head, and your whatever you were planning to use that technology for. And because epic failings must be had in 3’s for reasons no one can figure out, when the fun gets going, everyone gets a turn.

My warning was the laptop. I’ve had it for it’ll be 2 years about now, and the only problem I’ve ever had with it was a failing fan. I knew the fan was going for several months, but could never find a place where I had the time, the energy and the money at the same time so it could be delt with. When I had the time and/or energy, there were financial things needing to be shoved out of the way before they came round to bite us in the ass. I actually delayed my run at college by a bit in hopes I could put together all 3 in a reasonable amount of time, or that it’d sort itself out and we’d be golden in time for classes to actually start. It looked like it was gonna do exactly that, and things were falling into place for me to start the course I’m in the middle of now, so I was starting to breathe a little teeny tiny bit easier about it. It could hold out long enough for us to get hands on money, which should come just before the Christmas break, we were thinking. Which would have been amazing timing, if it had worked out that way. School’s out, send the laptop off for repairs, hopefully have it back maybe a week after school gets back in session in the new year. And just when I was comfortable with that plan in theory, the thing gave out completely. Two days before class started, and if I’m lucky I could get the thing to give me half an hour before it shut down to avoid overheating. Well now. There goes careful planning.

I should have probably taken that as a sign that I maybe aught to just back everything up on every machine I own, stick it somewhere central like, and hold out until I could replace the equipment wholesale. While I was dealing with the laptop, I was seeing signs my desktop, also known as the primary machine I use for pretty much anything heavy, wasn’t gonna be much longer for this world. It hasn’t gotten critical yet, but it’s inexplicably shut down on me a few times, I’ve seen pretty freaking unrecoverable blue screens more often than I’d like, and it’s having to work harder at doing things I know it could do without breaking a sweat not entirely all that long ago. This one, at least, I could more easily expect. It’s given me 7 years, and a lot of wicked heavy usage–most of this site was born out of that machine, for starters. It’s not completely toast yet, but I’m not liking its chances for seeing its 8th year. Plus, it runs Windows XP still and, well, let’s be honest–while the machine could probably easily run 7 instead (it shipped with Vista initially), I’d just be replacing it shortly anyway. So before it puts me in the same situation the laptop just tried to, it’s on its way out. Bright side: the machine I’m replacing it with actually has a little bit better specs. I’d be slightly jealous, if I wasn’t just told I could take it for myself.

I mentioned things happening in 3’s, and did they ever. The first sort of warning I got that made me think the desktop might be in slightly worse shape than it turns out it is had actually more to do with the external drives I keep connected to it. I do a lot of things with music, TV shows, movies and the like. So I keep some pretty large external drives around–unless you wanna get fancy, a lot of what I plan to collect won’t fit on your average internal drive. At one point I had 3 connected, and was talking about adding a 4th down the road. Across those 3, I had quite a few years of music, videos, backups from other drives, random things that I hadn’t gotten around to sort and put where they should be. So basicly a crap ton of stuff. Two of those drives flirted with failure of the highest order. And one of them needed two attempts before it finally just irreparably met its maker. I managed to pull most of what I needed off the drives before they went, and can get my hands on the rest once I figure out what needs to be gotten and then remember where I got it from the first time. But the way they were readying to go lead me to believe maybe the desktop was on its way out quicker than I’d like it to be. The drives would show up for a while, then either I couldn’t actually access one, or the other would disappear entirely. But I could plug them both into another machine and at least mostly do what I needed to. So that was a thing to deal with–particularly given if the desktop had went as quickly as I was expecting, I still didn’t have the laptop back and fixed so that might have slightly caused problems.

So now, the laptop’s mostly working as it should, the desktop’s on its way to being replaced and I’ll be needing to rebuild my video library. Again. All told, not entirely too bad for a season or two in the life of a semi-crazed geek. And I should be relatively clear of tech issues for a good while. I wouldn’t say no to another 7 years of mostly smooth operation. And hey, maybe by then I’ll be doing something that actually allows me to pull a wad of cash out of my wallet and emergency replace pretty much everything that has ever come apart on me on 24 hours’ notice. Hey, a geek can dream, can’t he? But in the meantime, I suppose I should go reformat my brain. This forecasts to be another intensely crazed week on the education front–which I should probably actually write about before I’m completely done with it. Eh, maybe in the spring.

In which Star Trek becomes a little less like science fiction. You saw it coming.

With the exception of the origional series–well, and the damage they started doing to the franchise with the last couple movies they turned out, you might say I’m a bit of a Star Trek fan. Well, okay, probably more than a bit–days like today would be mighty fine use cases for transporter technology, if we’re being completely honest. So I keep an eye on things that look like they might have been slightly inspired by the land of full-fledged civilizations dotting the final frontier. Which means my interest is a little bit increased when I read about a researcher that has developed the capability of 3D-printing a nearly completely plastic handgun, or the ones who’ve improved on that to put together, again using a 3D-printer, an honest to god pistol.

Okay, so maybe vaguely inspired projects that involve replicating new and interesting ways to kill each other isn’t the healthiest way to start off a Star trek inspired post. I mean hey, I’m screwed up, but not quite that screwed up–well, most of the time. So maybe let’s skip right to the “directly inspired from Star Trek” pile, then, yeah? For that, we skip across the border and land us in Canada, where a software engineering company has put together its very own attempt at a universal translator. At the moment, the goal is only to make the accents of those folks in call centers overseas seem just a little less like about half to three quarters of the problem in any customer service conversation since the dawn of customer service conversations. Having bin on the serving end of some of the conversations that have resulted from a few of those overseas accents, if I had the money handy right here right now, I’d be looking wicked hard at where to sign up. And hey, if it ever gets beyond the experimental stage, perhaps the folks behind it will be cellebrating by cracking open a bottle of an equally experimental and equally interesting present-day version of synthehol–complete with the ability for you to sober up quickly should you need to. You know, in the event your designated driver’s off in the corner drowning himself in the real thing, the fool, and you’ve just blown what should have been your cab money. Of course if this ever stops being experimental and goes mainstream, I wonder if designated drivers will still actually need to be a thing.

From the directly inspired by Star trek, we fly right on over to the directly pulled straight out of star Trek. And we land in North Carolina, where a city councillor there named David Waddell has submitted his resignation–in Klingon. “Today,” he says, “is a good day to resign.”. Not exactly a direct translation, but I mean what are you expecting from a 21st century non-Klingon? It beats the hell out of another politician deciding he wants to spend more time with his family, anyway. so, now, who’s gonna get cracking on this transporter thing? Anyone? I’ll wait…

Fun with passwords. Or, why your 25-year-old sysadmin might be looking a little grey.

Default passwords are a thing, and for a fairly decent reason. Your crap needs to be relatively secure, even if you haven’t actually done anything useful with your crap since the start of its existence. Default passwords are also incredibly, incredibly bad for you. It’s why most actual corporations force you to change it from the default the first time you log in, whether or not they force you to change it on a subsequently frequent basis later on. Because not doing so can be a real problem for you, your content, and your sysadmin. Most of this, you’d think, would be pretty common sense–even if you’re not the technical sort. But, I’m putting it here, so you can safely assume it’s not as common as I’d prefer. This came pretty much full circle yesterday, and the only reason it didn’t get blogged yesterday is educational things have conspired to fry me.

As probably a few of you will figure out, I’ve run this site on a dedicated server for a few years. I also happen to have added a few people to the list of things running on this server in that time. In doing so, I use what I think to be relatively standard practices for security–you get an account, with whatever domains/services/whichever you need access to. You get a username of your choosing, and because I neither want nor need to know what your actual password(s) is/are, I give you a standard default password–and very strongly recommend, as in you really, really want to do this before I scramble the thing for you and hand you a generated one that’s at least 32 characters long, that you change the thing. Like now. As in before you even decide to turn around and install WordPress–which you should, because flexible. Because yes, the thing is secure. Mostly. But default passwords are usually three things. Easy to remember, short enough so as not to be overly confusing for folks who aren’t exactly up to trying to translate, commit to memory and not completely flub a 32-character-long password, and probably not difficult to figure out for your average script kiddy with a brute force program and some free time to devote to finding themselves a new machine they can borrow to spam the hell out of someone or someones. In other words, change it or you really do deserve to be slapped across the forehead with the clue stick. Gently, of course.

So I was on my way out the door yesterday with the half dozen things that usually follow me out the door when my phone pretty much blew up. I pull it out on the bus and find myself staring at a screen full of mail server failure notices. I’m talking very nearly a hundred of the freaking things. Well, I figure. This isn’t altogether too pretty of a thing to be seeing if you’re me. Did a server people are trying to send to decide to pick yesterday to suffer a fatal issue, or has something on my end gone and broke itself?

To figure out how this applies, let me summarize roughly what happens when you try and send someone an email. Your machine, through Outlook or some other program, sends the mail you’re working on to a server–either owned by your ISP, or your website provider, or the company you work for–with instructions that basicly says “This needs to get to”. Your mail server, then–that’d be the thing Outlook just got done talking to, flips through the internet equivalent of a phonebook to figure out which other servers are accepting mail for When it finds one or several, it tries to contact them. Assuming it gets an answer from one, it asks two questions. “Do you actually accept mail for” And, if the answer to that question is yes, “Does person exist in your info on”. Assuming both answers are yes, one of two things happens. Ideally, your mail is then sent to the receiving server, who then tells your mail server, “Okay, I’ve got it. Thanks for dropping by.” and that’s that. Transaction complete. Or, slightly less likely, the server’s experiencing problems–or one of the servers it relies on is experiencing problems–and your mail server is told to escentially try again later. Which it will, repeatedly every so often, until either the mail is delivered or it just plain gives up on account of the destination’s well beyond broken. If the answer to the second question comes back a no, the receiving server escentially tells your server, “I don’t have anyone named person here.”. Okay, so that’s a problem. And it’s a problem you should probably know about so you’re not trying to repeatedly send mail to and wondering why in the sam hell that rat bastard hasn’t gotten back to you in 6 months. So your mail server turns around and automatically sends you a quick email saying basicly “I tried to send your mail to person, but the folks at don’t know who that is. Sorry about that. Oh and by the way, you should probably tell person his address doesn’t exist–or make sure the sneak gave you the right one already.”. Okay so maybe not that last part, but you get the idea.

When my server sends people the “ doesn’t know who person is” email, it also copies that email to me. Not because I feel like snooping in on the juicy details of the morning’s gossip that you’ve accidentally sent to the slightly mistyped but still mostly correct address of the chick you usually have coffee with after work, but because in the event this kind of thing happens consistently, there’s either something wrong with the receiving server–which I may need to yell at someone about, or work around temporarily–or there’s something wrong on my server’s end, either with your account or with the server in general–which I need to fix, or prod you to fix, in order to prevent further much larger problems. So when an account on my server started generating several emails to random addresses that didn’t exist, the server got several “this person doesn’t exist here” notices from servers it was trying to deliver to. As a result, I got several copies of “I tried to deliver this, but they don’t exist” emails. And because it’s 2013, I’m a geek and there isn’t a smartphone alive today that doesn’t let you, I got to handle most of those on the way to class–and discover that those emails were coming from entirely random addresses on my server that *also* didn’t exist. Well then. Don’t we have us a situation. I couldn’t do entirely too much about it at the time except diagnose on account of I was mobile, I was on 3G and I wasn’t in one place long enough to haul out the laptop and make things happen, but at least now I knew there was something amiss in techville.

When I got where I was going, I had a bit more time to play find the hole. And what I found was the mail traffic was being generated by an account that hadn’t actually been accessed since it was set up and the person who owned it installed a version of WordPress. Since then, that account had escentially been sitting there doing not much. Unfortunately, because it hadn’t been accessed except the one time it took to install WordPress, that also meant its default password was still its current password. And, as a quick check would tell me when I got back to a network I could actually use without the restrictions of a not very well set-up firewall, it was that default password stil being set for months on end, on a public-facing system, that lead to the account being accessed by places and in ways that it might not aughta be. Having no idea at the time, though, my priority was escentially turn off the tap. So I disabled that account before class started, and it sat there being disabled until I could get a look at it when I was free–see also: when I confirmed that yes, in fact, the thing was accessed in ways it shouldn’t have been by a password that should have had a lifespan of 5 minutes.

That account will more than likely end up deleted, on account of it was never actually used and so really, nothing’s being lost by killing it. Which also means I don’t need to send an actual user an email basicly saying “by the way, because you fail at security basics all your crap is now compromized. Thank you.”, which works just fine for me. But this is a thing that could actually happen to a system or service you would probably much prefer it didn’t. think of everything that comes with a default password in place already. Routers, any modem purchased in the last maybe 5 years, university or college email/network accounts, the afore mentioned actual work related systems, the list goes on. They don’t come with default passwords because they’re worried about John Q. User developing amnesia and not having the slightest idea what their password is. They come with default passwords because they’re usually set up automatically, usually in batches, usually for several dozen to several thousand people at once. This also means if you feel like giving it a couple months, that common, default password can and will be found on Google. Which means anyone with 5 minutes free who knows the service exists and you have access can easily also have access. Which in turn means if they decide to use that access for less than legal purposes, or less than insanely irritating purposes, it’s not them that catches hell for it–it’s your access, therefore it’s your problem. Changing that default password, preferably the second you sit down in front of the system in question and access it for the first time, significantly reduces the likelyhood of it becoming your problem. It also just so happens to be exceedingly smart thinking, since in the case of people who maybe used to have access and shouldn’t anymore, it prevents them from deciding to borrow your access to try and get back at whoever decided they no longer needed it. And you’ll have just prevented, at least temporarily, your friendly neighbourhood sysadmin from developing a few of those grey hairs. That gets you bonus points somewhere. And hey, if it’s a thing I have anything to do with and you’ve just prevented me from having to piece together a working copy of your account long enough to beat you with it before telling you you should probably change your password, I swear I’ll be your best friend for life. Which will be a lot easier if you’ve also resulted in me having one or two fewer heart attacks. Now if the rest of the world would just come along quietly we’ll have it made.

You know your skills are in demand when…

So. I mentioned once or twice my end goal being putting the geek abilities that result in, among other things, the existence of this website on paper. Someone asked me once what I’d use as an indication the skills I’m looking to prove I have and expand on are ones that would be in reasonably–meaning reasonable enough to pay for–demand. Until recently, I wasn’t entirely sure–beyond the fact that just about every organization of just about every size needs IT help these days, even if some of the smaller ones tend to outsource those needs to someone not actually covered by them. And then, the media handed me a benchmark. Thanks, Dawson College.

A student who used to attend that school found a bit of a flaw in their information portal. That flaw made it possible for anyone who’s anyone to get their hands on student information that didn’t need to be gotten hold of by anyone who’s anyone. The student brought it to the attention of the school and the company who developed the software they use. As thanks for his efforts, the school expelled him. contrast that with the folks what developed the software–who had the option of charging him for trying to hack their software, and instead offered him a job. Measurement of demand established. That it had the grannies over at the Globe and Mail sticking their necks out so the folks over at Techdirt could lop it off at the shoulders is what ya call an added bonus.

My end goal is to walk away from my education with the ability to do escentially what this student accomplished. It helps that the college I’m staring at seems to be a little more with the times–hell, their website is entirely powered by wordPress. And if the job postings that end up landing in my lap aren’t evidence enough I’ll be able to at least get people to talk to me when I can put this junk on paper, the fact the guys he supposedly broke the law to help out didn’t see it that way and wanted to pay the man just about solidifies it. If nothing else, it decreases the likelyhood of my being expelled for trying. That counts for something, at least…

Dear CPanel. You need to support Postfix. I’ll even ask nicely.

Since my former web host gave me the boot for fairly ridiculous reasons, I’ve had the pleasure of getting extremely familiar with a server and software of my very own. Part of the setup I’ve got going on now involves CPanel, which escentially lets me set up a website, email address, or any number of other things automatically inside of about 5 seconds as opposed to doing the configuring all manual like and probably contributing to my brain damage in the process. It actually isn’t too different from the control panel software the old host uses–except that they insist theirs is custom-made, but you’ll have that. There’s the occasional minor issue with the software, but over all they can be worked around or otherwise plain ignored if they aren’t already in the process of being fixed (see also: IPV6 eventually). I can’t say I love CPanel, but I’m fairly sure it wants me to. And it’s almost convinced me. Almost, except for one minor problem.

I like to be able to tweak, adjust, reshuffle, arange, configure and otherwise mess with pretty much anything I can get my hands on. If it can be changed and not result in flatlining the server, I’m all over it like white on rice. For the most part, CPanel lets me do this thing and doesn’t complain too much. Try something funky with spam settings? Sure, here ya go. Shove an extra layer of security over web trafick? Let me help you with that. And if by some freak accident I completely bork the thing, I’m usually only about two commands away from tossing the breakage aside and restoring to a last known reasonably good configuration–thank christ, since one thing doing this on my own has shown me is I’m an absolute fail at storing my pieces of configuration files in 50 million places. But where CPanel’s limits show up isn’t necessarily in CPanel itself but rather in the software it chooses to support.

Fast forward to my only real, niggling issue with CPanel. Hardly a dealbreaker, but it would definitely work towards making me a lot more open to not trying to roll my own. CPanel doesn’t handle email quite the way I’m used to it handling–even when I wasn’t hosting my own email. For starters, CPanel installs Exim as its mail transport agent (MTA). Now, don’t get me wrong–Exim’s good for what it does. I have no real complaints with Exim. I just can’t do anything overly useful with it without recompiling the source–something CPanel doesn’t do, and so if I were to attempt it, I’d probably be walked over as soon as the nightly updates ran. It’s not as flexible with logging as I’d prefer either, giving too much information in some areas and yet too little in others.

I’d have much rathered if CPanel supported, either natively or otherwise, the use of Postfix for its mail relaying. I’ve started advocating for as much on their feature requests site in recent days. Based on what I know, the two are very similar. But for all their similarities, the way they handle is almost completely different–at least if you’re me. For starters, Postfix leaves more to the configuration files and less hardcoded so direct access to the source is required–again, useful given CPanel doesn’t compile its MTA and doesn’t give you the option of doing so. Additionally, Postfix is a more security-focused MTA, in the sense that it can be jailed/chrooted without breaking the rest of the system similar to how cPanel already gives you the option of locking individual users into a jailed environment so they can’t affect anything outside their own space. The ability for Postfix to drop priveleges doesn’t hurt its case any either. Postfix also tends to handle message delivery differently from Exim–generating a message for each individual address, rather than grouping messages addressed to more than one recipient into one bulk message. This has the added advantage of a single address that generates a temporary failure doesn’t cause the MTA to hold back on delivering that or any other message to anyone else who just so happens to be using the same mail destination–something that’s come up to very occasionally annoy me.

I’m noticing as well that Exim, unlike Postfix, is relatively quiet when potential problems crop up. For instance, Postfix can be configured to send email on certain types of failure, not just to BCC you when the server itself generates a delivery status notification. So if Postfix is encountering a resource issue, let’s say it’s close to running out of diskspace, it can alert you by email. It can also log the details of an SMTP interaction for more involved diagnosing. For instance: figuring out at which point in the transaction is a connection falling apart, so I can better figure out what needs a good solid tweak in the nose to do what it’s told.

I like CPanel well enough, now that I’m not improv learning it as I go–or having to fight with it to do what it aught to be doing pretty well out of the box. I’d like it even more if it supported the Postfix mail agent. And for that, I’d even be willing-ish to say please. Now if we could just skip right down to the part where all I have to do is flip a switch, we’ll be in business. Your move, CPanel.

How I handle backups. Or, happy world backup day!

For most of the world, it’s Easter. at least, on the east coast, for the next… we’ll say… less than an hour. But for anyone who maybe doesn’t cellebrate easter, or has maybe more important things on their plate besides that, today is also world backup day. In honour of that, let me tell you how I work.

I’m insanely paranoid about my backups. To the point where at any given time, it can be pretty well guaranteed I know exactly what’s backed up where, and have backups of those in at least two other places. Let me run things down on a basic level. The server hosting this website has 2 hard drives, both of them 2 TB. On the first is everything I’m running–the OS, the software that runs the site, email, you name it. On the second, is every single configuration file, line of code, database, log file, random thing that just doesn’t really have a home in any other category. And on that drive, it’s backed up in 3 different locations–just in case one of them goes on vacation. Or, you know, on the off chance I need to quickly pack up and slingshot my crap from this server to some other in an aweful goddamn hurry. The advantage of also doing it this way is, pretty much on demand, I can grab a copy of that backup, and pull it to any location I choose with enough room to hold it–like, we’ll say, somewhere local if I suspect some fool’s intent on nuking the server. It also allows for a bit more flexibility–let’s say, for instance, I decide to once again fire up a Dropbox instance on the server. Configuring it to serve as a thing to hold backups would be only too easy, and actually be moderately a painless process. The advantage to that of course being I’d have local access to those backups, regardless what my definition of local is, so long as I have access to Dropbox. Kind of makes emergency “Oops I screwed it good” recovery a thing.

What does that mean for the hosted folks? In short, barring a nuclear bombardment that takes out the entire eastern/central region of North America, anything and everything data is relatively breakageproof. Of course if a nuclear bombardment on that scale ever becomes a thing, I suspect “where’s my crap” won’t be the first question on the list. But this also gives me a personal thing I can use later, should I ever manage to stop being bounced around and actually shove my foot in a professional door just enough so that it’s not slammed on my nose. I’ve had absolutely no professional training in this or any other area, and I’m more comfortable with the backup solution I have right now than I would be if I was paying someone else to do it. Largely, I suspect, because I know exactly where everything is and it’s a simple copy/paste if ever I need to unbreak something. But, I think, also because if it does go sideways, I don’t need to worry about holding someone else to account who doesn’t have a dog in this fight. It’s my data. It’s my friends’ websites. It’s another friend’s email. It’s all very good reasons for me to pay the fuck attention. And that, I think, is how I work best. Which reminds me. I think I’m due for a local copy pull…

If you used any of these passwords for, well, anything, please deposit your user’s license.

It’s a little late for best/worst of 2012 lists, but no one ever said I stuck to a schedule. Besides, this one amuses particularly because, well, server admin. So it’s kind of a big deal, if you get me. And also it beats the royal hell out of an entry wherein Amazon tries screwing folks over twice just for fun, which is probably nothing new by this stage. Of course that could also mean I’ll have nothing to write about in a day or two and get back to that one, but hey you’ll have that. As for now, you’ll have the worst passwords of 2012.

Like one of the commenters to that article, I’m very glad–and yeah, okay, a little surprised–that “admin” isn’t on that list. Personally “master” is almost as bad, but considering how many people almost never actually change the default passwords to things, and those default passwords are remarkably insecure as it is, that’s a thing. Equally disturbing is that passwords like “Jesus” actually exist and don’t cause impressive amounts of damage to the folks what use them. My personal favourite on that list is “welcome”. Why? No, as in, why in the hell? As a password, even if it’s an absolutely brainless password, that doesn’t make sense. As in any. As in at all. As in please, just stop doing anything computer right now, and go back to pen and paper. Typewriter, even. It’s safer. Plus I won’t have to fix you later.

Related: If you use a thing I maintain and have a password remotely close to any of these, I’m probably gonna wanna have a conversation with you. Of course by the time I find this out you’ll probably be wanting to have a conversation with me about exactly how it is we’re gonna unbugger the crap somebody who got hold of your password buggered while you were too busy up in the weak sauce–which will make the conversation I want just that much easier to have. I like it when things work that way. Of course I like it even better when the passwords belonging to folks I fix don’t end up on one of these lists, but hey, you can’t have everything. Just remember to leave your user’s license with me when you’re done and we’ll all be fine. Or better yet, just change your bloody password.

Did your internets grow a wednesday wabble? Here’s probably why.

What do you get when you take an ISP accused of being a spammer, the organization doing the accusing, the several security organizations defending the accuser, and one hell of an axe to grind? If you answered a wicked nifty cool DDoS attack, you get yourself a cookie. But since I have no cookies, you can settle for vodka. The attack in question started out just aimed at spamhaus, who manages an antispam blacklist for primarily mail trafick to prevent certain types of spam from hitting a mail server (disclosure: it’s one of the 4 I use, and use heavily). When a bunch of organizations jumped in to help Spamhaus minimise that attack, it escalated. The attack ended up aimed at the folks what provide a backbone to the internet (because someone’s going to ask, it’s explained better than I ever could).

The long and short version is, if one of the connections that make up the backbone of the internet ever takes a dive, large chunks of the internet can potentially take that dive right behind it–it happens every once in a great while, usually because somebody cocked up. But sometimes, it can be triggered for any number of reasons. On Wednesday, it was denial of service time.

Now, these things can typically handle a hell of a lot of trafick. They’d have to, considering pretty much any and all internet trafick eventually passes through them to get, well, anywhere. So you’d think they’d be pretty close to difficult to attack. And you’d be right, more or less–the attack from Wednesday measured at, well, about , eh?

So if you were growing an issue or two on Wednesday, it could have been your local technology. It could have been your ISP mucking something up. Or, it very likely could have been that someone really did just try and break the internets. I might actually be somewhat vaguely impressed–if the attempt at calculating that bandwidth bill didn’t just cause my brain to implode. I hope these folks had uncapped connections…

A 3-strikes blog post for global 3-strikes copyright systems.

It never ceases to amaze me exactly how tightly folks will cling to the very same logic that blows up in their collective faces within about 6 months of it being deployed. Perhaps not entirely without some degree of amusement, you see it most often in the two worlds who could use a wake-up call the most. The entertainment world, and the political world. Between the two of them, they’ve managed to piece together a mamoth bad idea on a global scale–and one that could have been predicted to implode before it even got off the ground–in the form of a 3-strikes copyright policy (6 if you’re in the US). In keeping with the entertainment and political worlds’ tradition in this arena, my own 3 strikes system–3 epic failures anyone who used their brain could have seen coming.

Strike 1: File who?

I’ve mentioned it in passing before, but it gets its very own special mention here because, uh, this suddenly isn’t exactly a unique situation. Person happens to be the account holder, but may not necessarily be the most technical case on the block. They likely have the internet for email, Facebook, school and if they’re into that kinda thing and have a brain cell to spare, maybe a little Twitter, but that’s the extent of their internet usage. Not so much, perhaps, for that person’s roommates, but the laws as they stand now don’t really go for that kinda thing–you own the internets, therefore you get the nail. It results in, rather irritatingly if you’re the do your homework check your email go to bed type, needing to have the basic idea of file sharing explained to you before the industry tries a nd fails to sue the everloving pants off you. Win or lose, the New Zealand industry got what they wanted–regardless who did the sharing from where and when, the account holder they went after turned around and cancelled the account–thus probably creating a brand new issue for herself in the process where her education and the like’s concerned. But, hey, there’s no more of that nasty file sharing coming from that address now is there?

Strike 2: Not our material? You’re still guilty!

I enjoy laughing my ass off at the DMCA. Not so much at the folks what get slapped by it–I myself was indirectly and falsely slapped by it not all that long ago–but at a majority of the folks doing the slapping. And with the onset of the US’s 6 strikes policy, all it takes is someone sending you–or rather, your ISP–a DMCA notice (whether it’s an accurate one or not) for you to start heading down the path towards a very rocky internetting experience. The system they’re using to track, identify, process and send those notices for this 6 strikes system? Well, that would be the same system that became highly confused and decided that a mod for Guild Wars, a computer game, was actually a copy of at least one NBC TV show, none of which remotely resemble computer games or mods thereof. No info on whether or not this is court bound, but were this actually to fall under their 6 strikes system (and there’s no reason to think it wouldn’t) the accusation may be all that’s necessary for the ISP to be required to start taking action. For TV shows that weren’t being shared and may not have even existed. Go copyright!

Strike 3: Serving your country is not a defense.

Back to New Zealand for strike 3, and perhaps the more ridiculous of the 3. Where at least the other 2 the argument, if shakey and pretty much unproveable, hadn’t completely entered the realm of being entirely out to lunch, this one left the ball park–and, arguably, the country. Again we have a multiple roommate situation–this one, they’re all in the millitary. The guy who’s name the account’s in, and thus the one who ended up fielding the accusation, was in Afghanistan during the time the industry’s precious copyrights were being violated. The others in the house were apparently deployed in various locations around New Zealand at any given time, so figuring out who did what and when was more than a little bit of an issue. But far be it for the industry to let a little detail like that get in the way. So when the account holder was back from Afghanistan, he had that to deal with. How did he deal with it? Well, see, the thing about serving in a permanent war zone–so I’m told–is you don’t really have a lot of time for stupid when you get back, what with getting used to the fact you’re no longer serving in a permanent war zone and all that junk. So rather than very likely have to drag it out in court, all for events that couldn’t be proved and couldn’t be connected to him by more than an IP address tied to him just based on lack of proximity alone, he paid up. And somewhere, in a press release yet to be written, he’s about to be added to the “file sharers we caught” list. And there just went getting shot at in defense of democracy as a legal defense against copyright.

I’d love to be a fly on the wall in some of the rooms where conversations like these happen, if only because I can’t even guess at the mental and verbal backflipping that goes on to make anything remotely like this sound like something that doesn’t smell entirely of overdone crap on an underdone cracker. Somebody somewhere has to have spoken up and pointed out to these folks that maybe, just maybe, there’s a better option out there other than trying to kill a mosquito with a bazooka and hitting their own feet instead. But, hey, what do I know? I’m just one of those online folks the industry doesn’t wanna hear nothing about or from. Then again, maybe that’s their problem…

Because macdonalds has to find *something* to do with their wifi.

Now this is an interesting take. A Macdonalds in Verginia has opted to allow customers free iPad usage while they eat. And they’re providing the iPads. apparently, the restaurant is leasing the iPads from a French company, who’ll be the ones actually in charge of their maintenance–and, presumedly, their replacement should some shmuck decide to get creative and find ways to walk off with one–they’re secured to the table, so creativity might have to be required to pull it off. I imagine anyone who does any kind of anything while mobile will probably still bring their own gear, if only because I can’t see someone checking their email on the restaurant’s iPad. But, hey, if all you want to do is shlept through the news or something while you eat, why not? The restaurant has apparently blocked Youtube, so shlepping through the news or something might be your only option if you’re borrowing one of their pads. Still, it’s an interesting thing to keep an eye on. In the meantime, it does make me wonder exactly how this conversation would have played out had our local one up here gone and done something similar. Hmm. Now I wanna test things., 5 months later.

So. Here’s a thinggy for long-time readers. Remember the epic server move of August of last year? You know, the one where everything and its asociated user had to be shuffled off a server I no longer had any actual stake in inside of 5 minutes–and where I was met head on by an email blockage issue? Sure you do. But I’ll let you refresh yourself just in case you don’t. In the meantime, I’ll catch things up–because the stats tell me I’m not the only one with the issue.

In August, when I fired up this server, I was slapped with an IP address–well, several IP addresses, actually–that had a poor reputation, according to Here’s the problem with that. Because they decided my reputation–which they don’t really tell you a whole lot about–was poor, several major ISP’s and a few smaller ones were permanently rejecting email sent to them with the ever so helpful message that if I believed this message was rejected in error, to please contact the recipient using alternate means. Helpful, but not really. I fought with it for a few weeks and got pretty much nowhere. Senderbase doesn’t actually have any way to contact them. No support address, or any real contact page, and the information I was able to piece together on a possible contact got me pretty much no response. A back and forth with the guys running the datacenter this server’s sitting in told me they have just as much luck with these folks. So figuring I’d deal with it later, after I finished ironing out the kinks that came with a move of this variety, I was handed a new IP address from a different block entirely. This one, at least, had a neutral reputation when I got it–and it’s supposedly only improved from there, but again, I have no idea according to what metrics.

So I set email to go out using only that IP address and pretty much forgot about it. Because it worked. so I saw no need to continue aiming guns at heads. ISP’s that used to take one look at the server and laugh their asses off now accepted email from that same server as though there was nothing at all wrong in the world. I was a happy geek. Still am, but largely because the damn thing still does what I told it to. So fast forward to this week. I’m doing a check on other things, just to make sure I don’t need to go behind the scenes and do some sort of wicked nifty cool brand of tweeking. Which, okay, is major amounts of fun–but only after generous amounts of caffeine and nearly as generous amounts of vodka. Or a vodrumoke, if one would prefer (all of 3 people might actually catch that reference, including the one what said it). So it’s during this routine scan for breakage that I decide, hey, let’s take the server’s primary IP address and run it by those bastards at Senderbase. Let’s see if they’ve wised up any. Hint: if you thought for even 2 seconds that they might have, I’m going to have to revoke your license to read this blog.

Not only did they decide the primary IP address of this server still has a “poor” reputation, but they escentially also decided to forget that I used that IP address for pretty much anything. Where before, I could get an idea of how much email has been blocked by Senderbase, so far as it’s concerned now, I’ve got nothing. Senderbase lets me ask it about my server’s IP, then sneers at me and says “Look, bud. I don’t actually know the guy, but I hear he’s no bloody good. Hey–that’s just what I hear, alright? Whatcha want?”. It can’t even tell me what the IP’s DNS reverses too, which is–well, odd and quite doable using the good IP, but hey, whatever. I just find it highly interesting that, 5 months on, it’s forgotten pretty much everything about this server except its reputation–which supposedly improves over time, but I’m still waiting. In the meantime, if you run your own mail server and actually rely on Senderbase to handle even part of your antispam policies, you’re an idiot. And if I can find some way of getting email to folks what use you and not actually have to go through you, consider it done. Now. About that vodrumoke.

Beware corporate spying from China! … Or maybe not.

I’m going to blame the fact everything these days seems to be political when coming out of the US, even if it really doesn’t need to be. Because honestly, that’s about the only reason I can think of for a congressional committee, based on not much other than it wanted something to generate headlines, to go into an investigation having decided two Chinese telecom companies were involved in some high level spying–and improvising a report to say as much at its conclusion. The committee, investigating companies Huawei and ZTE, pretty much said the two companies were allowing the chinese government to use their equipment to hide trojan horses (escentially, software and/or hardware backdoors) that would allow the government to gain access to sensitive information, or to use that hardware to launch a cyber attack–basicly, bring down any service or website they so choose. Rather than coming up with some veriety of proof on their own, it was left to Huawei and ZTE to escentially prove they weren’t.

Leaving alone the fact it’s virtually impossible to prove the nonexistence of something–people have been trying to do that with religion for an age, and leaving alone the fact that not long after the release of this report, the whitehouse came out with its own and cleared the company, the question has to be asked. Did anyone on this committee happen to maybe consider that pretty much everything tech these days has spent at least some time in China before making it to wherever it’s now being used? Did no one maybe bring that up to the committee before they got the idea to hey, let’s go ahead with this investigation and see what sticks?

Of course it may be that, you know, being vaguely technical-minded that explanation comes far more natural to me than it would to, say, a career politician in his 50’s. But you would think that, you know, if China was actually on the lookout for ways to accomplish something like that, there’d be ample opportunity for them to do so without needing to expect that of one or two of their own companies who happen to have a market in the US. And you’d think at least one of these politicians, in their 50’s or no, would have somebody vaguely technical-minded on their staff who’d speak up about it. Of course the fact that they might not may very well be why we have things like this in the first damn place. at which point, look for one of those folks to be made aware in the near future that Apple makes pretty much all their iThings in China–well, until some point this year, anyway. I wonder how long it’d take for that investigation to unfold. Oh, wait–US companies with Chinese interests good. Chinese companies with US interests bad. I forgot that’s how these things work these days. Silly me. Oh well. The thought was fun while it lasted.

Tech support license: revoked, sucker.

When I lived at the other apartment in Ottawa, every so often we’d get calls from nonsensical numbers that couldn’t be called back, blocked or even properly traced. They’d call for one of two reasons. Either to try and sell us tech support (me and the former roommate are both more than capable of our own tech support), or to offer us air duct cleaning service (we lived in an apartment and didn’t actually, uh, *have* air ducts). Oddly enough, our number was on the DNCL (Do Not Call List). Come to find out, we weren’t the only ones with the problem–and two of the companies responsible have been slapped. The smackdown went global, with the US and others joining in the festivities earlier this year. Of course, by now that phone number isn’t even in service and the new one hasn’t been slapped in any lists of that variety, as in ever, but it’d be interesting to see if this actually had any kind of affect. I mean beyond being some wicked little poetic justice if one of those guys was the one what rang me. In the meantime, I think we’ll be keeping our current phone numbers the hell off the DNCL, thankya please. I’m not interested in tech support for my very much not infected machines.

Documentation is key. so where the hell is yours?

I’ve been known to get my hands dirty with this or that random project. Occasionally, resulting in the consumption of something a bit stronger than the coke I often keep nearby. Sometimes, I do it pretty much by the seat of my pants–this looks like it goes over here, so let’s see what this does. And sometimes, either by choice or by force, I’ll actually have to go hunting for documentation. Occasionally, the hunt points me to the developer’s website, the developer’s twitter, the developer’s blog–but not, in fact, the developer’s documentation. Or any documentation, for that matter. A user manual? A half-page thing on someone’s personal, but publicly accessible, WIKI? Yeah, no.

admitedly, I occasionally have that very same problem with my twitter app of choice, but in this case there’s documentation, it’s just not in English. So it *could*, if it was absolutely needed, be translated. Awesome. Useful. I should get on that, eventually. But in cases where there’s no documentation, as in whatsoever, for this or that program, script, basic language or other such extra utility, it has to be asked–and Slashdot asks it–what the hell are you thinking?

You want your program, script, language, basic little utility to be used, yeah? And not solely by geeks with little else to do between job searches and family things but to try busting things, yeah? Yeah. thought as much. So, uh, how about manualing the hell out of it? Nothing says “oh crap” more than smacking the help option and being directed to a website that tosses me a 404 error instead of something useful, like a FAQ. And, if I don’t feel like playing a guessing game–usually because I’ve got 80 million other things to do as it is–nothing convinces me to toss your program in the maybe later pile faster. And probably increases the likelyhood of me forgetting I have that program, simply by virtue of its presence in the maybe later pile. I’m not averse to doing a little RTFM every now and again. Hell, maybe I’ll catch something obvious that gives me an excuse to redo something and easily waste away an evening I can’t spend watching hockey. But by all means, couldja maybe pretty please try and WTFM–write the fucking manual? It helps, I promise. Or, at least, it makes you immune to entries like this one. Which is always good.

Useless Sack of Bull, or why USB is of the devil.

I pretty much live on USB. Have for half an age. Kind of a requirement with about 90% of what I do. I have 3 external drives, all of them USB. I have an admitedly not used printer. That’s USB. The keyboard is USB. The mouse, if I’d gotten it back from the former roommate before he started being a tool, is also USB. The new wireless card (more on that below) is USB. Oh and I have an iPhone. that’s USB if anything useful needs to happen. Basicly, USB runs my life. Which is awesome, squared. At least until it decides to stop working. Which brings us to today–well, yesterday now.

I got my hands on a wireless N card a bit over a year ago, since the card this machine came with was trying real hard to head maybe in a that-a-way type direction. When I got the card, the N wireless standard was still fairly new–so new it was still considered experimental. The card did what it was supposed to, for the most part. But recently, especially when doing fairly network intensive things like copying files from one system to the other, I started pushing the card’s limits. And it started pushing back. Dropping connections, sometimes not actually picking the connection back up, and once requiring a restart to actually fix the thing–I’m somewhat blaming windows for that last one. Productivity doesn’t really get to happen if you have to check every so often to make sure your system didn’t drop your productivity on the floor halfway through. So yesterday, since May and I wanted breakfast anyway, we figured we’d bounce off a restaurant and land at Staples. So we did, and I grabbed a USB wireless card. I’m getting a little low on ports, as is she, so we grabbed a couple hubs to go with–nothing fancy, just your basic 4-port jobs. Brought them back home, then figured we’d relax a bit before I started setting things up. It was only gonna take a few minutes, but it didn’t need to get done right away–most of the intensive stuff could wait a couple hours. So I put it off until yesterday afternoon, then decided I’d take the couple minutes I’d need to actually get things set up. It was gonna be quick and easy. Slap the hub in place, slap the card in the hub, install both, go on about my day. Yeah, about that.

The USB hub installed no problem, once I figured out what the hell the extra cable was for. The card? That took a little convincing. Well, and a CD–really, who the hell packs driver software on a CD anymore, D-link? But then the fun popped in and said hi. The instalation of either card or hub, or both, caused one of my external drives to hit the deck. It was recognised, but you couldn’t actually *do* anything with it without getting permission and I/O errors up the wazu. Weirdness squared, since nothing I’d done went anywhere near the drive that gave me the fit. Oh well, you’ll have that. So figuring what was just your typical Windows wonkyness, I hit the restart button. Hey, they aren’t kidding that 90% of problems with Windows can be solved, at least temporarily, by a restart. This one slid itself neatly into the 10% that couldn’t.

I brought the machine back up, went to call up the problem drive. “Windows can’t find l:”. Wait wait what? Oh no you didn’t. “My Computer” tells me nope, that drive ain’t showing up. Different letter, maybe? Windows develops amnesia sometimes. Nope, that doesn’t do it either. Alright, let’s drop into device manager and see what ate itself. Oh, well that’s cool. Where my external drive should be, there’s an “Unknown Device” staring at me instead. Oh and hey look. Uninstalling it and reinstalling it? Still an unknown device. And Windows ever so helpfully informs me that a USB device attached to this computer has malfunctioned and could not be recognised. Where’s my vodka, again?

I fought with that for several hours. Then, when I thought the system might be in the process of unscrewing itself–it was taking longer than usual to restart, which it usually does if it’s attempting to self-correct, I took the opportunity to throw myself into bed for a couple hours and allow my brain to recover from its partially liquified state. Should not have done that, for the system, it done fooled me. It came up just fine. I could, again, sort of see that there was a device there. But it was still an unknown device. Well hey. It’s something, just not what I’d call progress. So, alright, whichever. USB sometimes has its preferences. That’s fine.

I’d shuffled things around in the back of the machine so I’d have room to put the hub without killing me, and that required shuffling the drive over a port. That could have possibly screwed things up. Okay, we can fix that. Yank the hub, stick it in one of the vacant ports in the front of the machine. Move the drive back to where it used to be. Hey look–I have a drive again. We’re in the clear, finally. That only took far too long. So I started to set things up the way I had them before. That meant queuing up the several downloads I have going in the background. So I did that. “This drive has been removed. Please reattach the drive.” Oh really.

turns out, universal plug and play means you must reorganize everything, if you’re going to reorganize anything–clearly, this is what they meant by “play”. That’s what my computer was trying to tell me, when it decided this time I didn’t have a j: drive. I most certainly do have a j: drive, but my fixing of the l: problem made everything go pair shaped. Oh, and Windows decided I didn’t have an SD card reader either–fair enough, since I never used the thing anyway. Like the first drive did before, both of these showed up as unknown devices when looking. Well, hell. I didn’t want sleep anyway. I did want caffeine, though. And vodka. Definitely vodka. So it was do this dance again and see what turns up. Exactly how I invisioned spending my first 24 hours with new hardware.

Once again, into device manager. Once again, play the uninstall reinstall game. For the sake of the card reader, it was also hit up Dell’s website for drivers, just in case a simple reinstall fixes its wagon–it didn’t. Well bloody hell. And the drive in question didn’t move once during the entire arangement of getting everything else to work. Windows just decided it wasn’t gonna play. Oh, and it was *that* drive’s turn to have malfunctioned and not be recognised. this is getting hella old, Microsoft.

Again, do the poking around, figure out where it’s brokoen. Again, curse when the thing that’s broken won’t fix when you shove it into place. So, I did the next best thing. I pulled *that* drive out of the port it had been sitting in since that drive existed, and slapped it into the USB hub alongside the wireless card. And didn’t the damn thing spin up, be recognised and do anything I damn well please like it’d spent its entire life exactly like that. “Show you what’s in your downloads directory? Sure. Here you go.” “Hold very still while your torrent client re-checks every single goddamn file I have because my disappearance threw it for a loop? Whatever you say, boss.” Yeah, screw you, ya something something something.

So now I have 3 working USB drives again. Plus the working USB hub and wireless card I wanted to have in the first damn place. Still don’t have a working SD card reader, but I’ll worry about that if and when I need to. I’ll probably do a system restore at some point if only to see if that puts it in a position to maybe self-correct and undo the mass confusion, but as for right now? The damn thing works, I’m braindead, and I think there’s a sub or two calling my name. Oh, and the next time somebody tells me USB is extremely easy to work with, I won’t be held responsible for any pain caused to any USB stick regions.