7 months and still a geek.

So remember when I had all these plans for doing all this stuff and junk? Remember when that was going to be a thing? Yeah, neither do I. But apparently that was in August–7 months and 2 days ago, at least according to the last time I touched this website. So what’s kept me busy?

The short version: Life sometimes sucks. The slightly longer version: I’ve been alternating between doing the job I’ve had since last February and getting my life something vaguely resembling back in order. It’s resulted in no shortage of doing everything at once and forgetting I’ve left half of it in the air, but that’s apparently how 2017-2018 me rolls. It’s only because I happen to have found half an hour while at work that I can even give this thing a poke here and there for old time’s sake. Perhaps this time around I’ll actually, you know, stick with it like I used to before it all went to hell.

While I’ve been ignoring this thing, a bunch of stuff’s happened. Like Ottawa eventually at some point maybe possibly getting Lyft, assuming we ask nicely. And my hockey team actually looking like there might be a slim chance the next time it gains the playoffs it’ll do slightly more than roll over and play dead. And if this management’s worth more than the last one, it won’t do something braindead in the off season–like, for instance, deciding they can’t afford to keep Austin Matthews. I swear to chocolate, that is probably the one thing guaranteed to have me not watching another Leafs game. Not that I’ve been watching much hockey this year–yes, I know, I’m surprised too, but you’ll have that.

The job itself’s going well, even if the pay itself isn’t. I’m still getting my hands dirty at every opportunity, and there’s been plenty–one of our customers is currently putting up with a pretty major outage, so I’ve been spending the bulk of the day poking around inside their equipment and waiting on other people from other companies in other parts of the country to get their asses in gear. I’m learning a lot about technology that I thought I knew about from school, only to find out they only slightly scratched the surface, which is both extremely nice and way freaky. For example, going into this job I assumed a router was a router was a router. Oh, I know business level routers and such are a hell of a lot more flexible than, say, the router that comes built into your ISP’s modem, but they get a lot more involved than that. In particular, if you can afford to set up a proper VOIP system, you’ve got separate connections for your voice circuits and your data circuits (read: your phone and internet run through separate lines). Apparently, there is such a beast as a router explicitly designed to handle voice connectivity. This I did not know until I started working at Nova, and only because at times like today’s major incident I end up needing to poke at one. So I’m getting paid, albeit not well, to take the things I’ve been paying to learn and spin them around a few times, occasionally spitting out something slightly more useful than I had an hour ago.

Beyond that, though, it’s been pretty routine. Get up, go to work, come home, chill, try to find that social life–I’m actually figuring out how to use that again, and–oh yeah–replace a dead desktop–the thing was over 7 years old and finally gave up the ghost in October. That gave me an excuse to poke around inside the thing, which of course having nothing to lose I did in about 45 seconds. The long and short of that poking? Computer’s dead, hard drive’s perfectly fine. So one USB enclosure later and the data that was on my now retired desktop llives on one of my external hard drives. As for the drive that used to belong to that desktop? It has a new life now as someone else’s video drive–I already have 3 external drives, I did not need a fourth. The drive itself is maybe 3-4 years old, so has plenty of life left–it was the only part I ever had to replace in what was essentially a hand-me-down computer. And just as soon as I get my financial life in slightly more of an order, a desktop that is not a hand-me-down computer is on my shopping list.

That’s life, if you’re me. There’s a bunch of other things too, but this post’s already longer than it should be. Perhaps hell will freeze and I’ll remember what this thing’s supposed to do. And perhaps I’ll land a job that wants to pay me $50k. Let’s see which one of these things is likely. While we’re seeing, let’s see if submitting this makes the site crash. Hey, you’d freeze and panic too if you ran into something you’d forgotten how to do–like, for example, tolerate my pointless rambling. There will be actual content. Just, well, perhaps not today. Mostly because chasing other people has fried my brain. A lot has changed, but sometimes, technology is still wicked evil.

So life happened. It’s still happening.

So a funny thing happened. I got all enthusiastic like about having some free time to do the geek things I’ve been putting off because academia. I even have, written down somewhere I’ve probably forgotten exactly where, very specific plans re: what I was hoping I might accomplish between the end of said academia and, uh, now. And then stuff happened and now suddenly it’s August and I need to relearn how to do basic things–like, you know, having a social life. Or tinkering with PHP without bringing the whole damned server down around my ears (that’s harder than you think when you haven’t touched it in an age). Or remembering the proper credentials for getting into a website I took great pains in securing after a complete rebuild before those security precautions locked the thing down to the point where it required manual, behind the scenes intervension. So basically it’s been a bit. But with good reason. See, what I wasn’t planning on was life deciding it was going to rather considerably pick up speed after I left school. Since it did, a bunch of crap happened, most of it good, some of it not so much, all of it in very short order.

I’d planned to kick back and take it easy for a month or two after leaving the college. I should have known better than to plan anything, because the minute I did, the universe had other ideas. Not long after I was finished, I had a rather sudden family emergency to deal with. Certain members of my family are still dealing with the aftermath of that emergency, and out of respect for them we’ll not be delving into too many details, but I will say it’s been way too long since I’ve had any reason to throw everything I owned into a suitcase that fast. While we were dealing with that, I got a call back here in Ottawa for a job interview–this was, keep in mind, mid-February, so considerably quicker than I had any reason to expect.

The interview was for a company I hadn’t really heard of until I’d applied for a position there. The position, which they’ve essentially generalized as network operations analyst, is pretty much exactly what my time at college was–some exposure to everything from a Windows server to the networking gear connecting it to the rest of the world. The interview took a bit, but was pretty much just your standard “How would you solve X problem in Y situation” type conversation. And in that interview, something else I wasn’t planning for happened. The conversation circled around for a bit, then the guy doing the interview–who, as it turns out, would also be the guy I would end up directly reporting to–walked out of the room to have a conversation with someone further up the food chain. 20 minutes later he was back and I was signing an employment contract. I walked out of that interview with a foot in the door for a paycheck.

Since that was definitely not on the immediate agenda when I got up that morning, and since I had a week and a bit to get me settled before I started, that meant a lot of very quickly moving parts in very many moving directions and I spent more time on the phone in that week than I did the 6 months previous. By the time I stepped foot in the office for the first time as an actual employee, my head had been spinning for 3 days–and there was still a ton I had to do, most of it involving learning how to not break their systems. But it became official nonetheless, and I ended up the latest name on the Nova Networks roster.

The next bit was essentially me learning exactly how they do things, which is still taking some getting used to and I’ve been there for a few months already. And while I was knee deep in that, I was also officially graduating from the college–with flimsy little diploma thing and everything, which they were thoughtful enough to mail to me ages before graduation, just in case I said to hang with it and hit the bar instead (it was tempting). It was a good excuse to catch up with people, and I discovered–not for the first time–I wasn’t the only one to land a job pretty much right out of college. A few of those folks actually landed jobs at the same company I did, but not necessarily with the same team, so there’s that. Honestly the alcohol would have been fun, but tying up loose ends seemed the marginally better choice. Besides the alcohol came later.

With all that out of the way, I found the room to start getting the rest of my life back on track, so that’s been a thing. It’s a bit of a trick, particularly given it involves a wee bit of financial creativity in spots and as nice as the job is I’m not exactly rolling in finances with which to be creative, but barring a complete implosion the likes of which I haven’t seen in a number of years, it shouldn’t be too extremely painful for too extremely long. The only thing now is to remember exactly where I left that social life.

It’s been crazy, and will probably get crazier, but I think I’m starting to get used to it. Which, more than likely, means I’ll find some other excuse to forget how to get back into this thing. That’s what happens when life happens. But who knows? With things becoming slightly more routine now and academia not sucking out my soul, maybe–just maybe–the rest of my old habbits will catch up with me. Or maybe I need another drink.

So how did you spend your summer vacation?

I’ve managed some kind of personal best–three months or so without having done more than respond to a few comments over here. Well, that and do the usual updating for security reasons and, um, malware prevention reasons. So why have I been quiet? Simply put, I need a vacation from my vacation.

College kicked my ass. so much so that I’ve lined up to do it again in a week and change. so I thought I’d take the summer off and let my brain recharge. apparently, if you’re me, that means you get a poke from a long-time friend a week or so after the dust settles who asks if you happen to by any chance know Linux. I tell her I may have heard of it, and she lets me in on a possible something I might be interested in. This possible something, as it happens, involves setting up an Asterisk phone system for a small startup based in the US. That project ended up branching off into a few other areas of Linux administration, primarily for the same company, and it’s kept me largely out of trouble. Needless to say I’ve had my hands full, and every minute of it has been essentially exactly what I just finished doing the month before I started. And now they’re talking about the possibility of developing a system based on exactly what I just set up that they can potentially sell to businesses who could use a halfway decent system without being whacked over the head by a price in the millions and a contract with Microsoft. So that’s apparently a thing.

When I haven’t been busy with that, which hasn’t been very often, I’ve been busy catching up on all the things I couldn’t catch up on because I pretty much lived at the college. Things like, say, a social life. I’ve been to see the family a handful of times, been actually managing to meet up with some folks I’ve been meaning to do that with for a while, and started sort of reconnecting with one or two people I’ve had to let go of for life reasons. And in and around all of that, I’ve gotten myself mixed up with a completely different sort of project locally–you can sort of see what it looks like over here. That project’s still very much in the initial stages, but the brains behind the operation has plans, so this has the potential to be either incredibly amazing or wickedly embarrassing–and I’m having just a wee bit of difficulty figuring out if I care which. So basically when college does start up again I may just be looking slightly forward to the break.

I had plans for this summer. They mostly involved being lazy. Instead I’ve been up and all over the place. and this is why I just about never make plans. It’s been fun, and I’d do every minute of it over again in a heartbeat, but now I need a vacation. So how was your summer?

Education: 1 James: 0

Up side: It hasn’t been 4 months since the last time I looked at this thing. Slightly less up side: Academia and I have become incredibly close over the last couple months. to the tune of I may have to tell the next person I’m dating that I can’t marry her on account of I’m married to the college.

I’m in semester 3 of a 4-semester program, and it’s not slowed down for more than 5 minutes since I started. Which is awesome, if you’re me, but slightly less if you’re other people who may want to hear more than the occasional 4 words from me. But on the bright side, I’ve discovered exactly why I wanted this program in the first place–they grade me on my ability to do sysadmin related things. Which, well, I may or may not have had a small amount of experience with before my webfaction migration. Professor says make me an email server, to which my almost immediate answer is give me 5 minutes with Postfix. This is probably the most fun I’ve had at any level of schooling ever–and this stuff people actually want to pay me for. Since when is that a thing?

My time not spent in class is spent toying around with Ubuntu, usually for something exceedingly school related–like, say, the above mentioned mail server, or messing with windows Server 2008 because apparently someone somewhere thinks I want to get paid to set up and fix MS Exchange servers for a living. And that’s the way it goes until April, after which everything becomes optional until September.

Things I’ve had reinforced since this semester started, in no particular order:

  • If you thought being a Windows user was an exercise in headache, spend an hour as a Windows sysadmin. Particularly spend an hour sysadmining a new Exchange server. I have not seen something fail so hard in my life, and I’ve seen a lot of fail. And when it fails, you are not fixing it with a reinstall–unless you’re reinstalling your OS. In short, pray it doesn’t fail. You’ll thank me later.
  • Thoroughly tested does not necessarily mean working. If you’ve tested the hell out of your VM networking setup at home, then bring it into the school environment having passed all your tests, it *will* implode. And sometimes, it’ll look pretty while it does it. Go in with a plan C, because plan B will probably blow up right after plan A did.
    • This is doubly true if you’ve got multiple network cards to play with–VMWare likes to break them both if it disagrees with something you’ve done to one. Then good luck figuring out which one.
  • There are 80000000 ways to accomplish the exact same task. If you decide to do it the overly complicated way, there are 80000001. But if you break something doing it the overly complicated way, there are about 45000000000 possible points of failure.
    • Things you should not do if you get to that point: send your lab partner an email that just says “I broke it”. Your lab partner is very likely to congratulate you and keep working on what he’s doing. Particularly if your lab partner is me.
  • The world really and truly does run on caffeine. I thought it was a myth, even when I was working night shifts handling my 7500th call because the latest Windows update tanked something. Then I came to college. Nope, definitely not a myth. There be people there who consume far more caffeine than I ever have, and I thought I had a lot. Some of it’s justified–the workload will kill a lesser being, and some of these people have families, jobs, and actual social lives to attend to when they’re done. And some of us just don’t sleep. Ahem. *cough* Hi.
  • And lastly: Whatever you do, however and wherever you do it, do not ever dev on the prod box. It is going to break, and break horribly, and when it does, they will hear your frustration down the hall. And some of us, having warned you it would happen, will probably be laughing as we head off to refill our caffeine.

This semester’s not done yet, and I’m already starting to formulate vacation plans and junk for when it is, but it’s things like this that are why I picked this program. It’s also things like this that are why other people tend to hear a whole lot less from me when I’m in the midst of said program–or, in terms of last summer, recovering from having been pasted to the wall by this program. Education is kicking my ass. But if I come out of this mess with even a little more than I had when I went in, it’ll be worth it. Now, about this caffeine thing…

Support for windows 8 ended on Tuesday. downgrade to Windows 7 now.

Microsoft does this far too often to be healthy. They’ll release a halfway decent version of Windows, give it a year or several to run its course, then push out a flopper as a replacement. The flopper goes flop, Microsoft realizes perhaps they might not oughta have done that, so they come back with a slightly less floppy version. Meanwhile, they’ve pulled support for the not-so bright idea, while the version of Windows it was supposed to replace… goes on relatively untouched for a while yet. It happened with that thing that came out before Windows XP–yeah, you know the one. It happened with Vista. And now, it would appear, it’s happening with Windows 8. Effective this past Tuesday, Microsoft killed it. So if you were running that in the hopes of holding out until windows 10 fixed its multiple issues, you’re out of luck. Bright side: they’ll still support Windows 7 for the time being–and that, at least, lacks some of the things Windows 10 needs fixing. Not-so-bright side: you didn’t have plans for this weekend, did you?

Looks like Microsoft pulled support for Internet Explorer 8, 9 and 10 at the same time, but you weren’t running that anyway, right? Right. Carry on. Now if you don’t mind, I’ll be over here not upgrading my OS.

Geek training, now with actual geek tools.

College is awesome, if for no other reason than while I’m not being paid, I’ve still got plenty to keep me occupied during a day. And now, the stuff I have to keep me occupied just became a whole lot more relevant. I’ve been taking this program for pretty much exactly a year, now, but the thing about this program is it’s taken that long just to get to the parts most people who go through it are more likely to use once they’ve found someone who’ll pay them. Not necessarily by choice, but definitely by design–there’s just that much actual background material that needs covered before you get there. You can’t, for example, throw up a web server on a Linux machine if you don’t know how to make Linux do your tellings. Well, you can, but I’m not supporting you. So the first year and change was pretty much this is how you make the things go. Now comes what I like to think of as play time.

The entire reason for me taking this course is to put the skills I already have on paper. I’ve done the Linux administration thing. I’ve done the website maintenance thing. I’ve done the hosting thing. But that’s been a thing I do when I can find both the free time and the spare money–both of which have rather recently come into some shortish supply. So the first half of the program was spent largely covering ground I’ve already covered on my own time and fighting with the occasional professor for reasons far too well known to anyone who’s done the college thing from the perspective of someone with a disability. It’s been fun, but not quite what I signed up for. From this semester onward, though, it gets interesting–and, very likely, significantly easier if you’re me, considering the difference between me and a certified geek is, well, not much.

For instance, one of the courses I’m taking this year is rather self-explanatorily called PC Troubleshooting. Essentially, while there’s a relatively small theory component to the course (there’s only one two-hour lecture a week), the entire point of that course is you walk into the lab, the professor hands you a computer, and your task is to 1: find out what’s wrong with it and 2: fix the damn thing. While all the while being very thankful your professor isn’t quite mean enough to make you nearly relive one of the stereotypical tech support experiences in the process. If you’ve been reading for half as long as the site’s been online, 1: congratulations–I’m impressed, and 2: you probably know on some level this used to be that thing I’d get paid to do, only not in the hands-on sense quite so much–I’d do the finding out what was broken, but then I’d usually be sending someone else with the parts to fix the broken (call center work has its advantages). So this has the potential to be very similar, minus the paycheck.

In another instance, this semester’s Linux course has a component that will involve you setting up and configuring web and email services. Now, I wouldn’t call myself an expert in the area, but I’ve rolled my own in both cases. I’ve also handed a large portion of that rolling to legitimate hosting software when I’ve needed to–see also: 4:00 AM phone calls because person A needs a new email address. I’ll probably learn something, but I’m expecting this to largely just be that thing I’ll do while half awake and walk off with a decent enough grade to matter. Which means I can give just a little more attention to that component of the program that requires I be able to do the same thing on a Windows server. Because, you know, Windows is precisely what I’d want running my business resources.

We’ve sat through the geek training. And while I’ve discovered not for the first time I suck at the theory portion (this is why me and school weren’t on speaking terms for several years), it’s the practical aspect that will probably concern an employer more than anything else–and I’ve got that covered. Now, we get the actual geek tools. And this, right here, is exactly what I came for. Now, about plans for summer…

The easy as pie CPanel WebFaction migration guide.

for reasons of plenty, I’ve had to end up switching hosting away from the server I won’t be running for much longer. The host I picked, I did largely based on the fact they advertise themselves as being a host for developers–which, for me, translates as a host for geeks. And so far, it looks that way.

I’m coming from a vantagepoint of having full access to my server, so that was something to get used to. But WebFaction, my new host, pretty much lets me do most of what I could do on my own server with a minimal amount of problem–at least so far. The getting set up was a lot easier than I expected, and I expected it to be fairly simple to begin with.

A little background. My server runs cPanel, largely because some of the folks I host aren’t as technically minded as I am, so if they want to make themselves a brand new email address at 4:00 AM, I want to let them. The down side of that, of course, is CPanel likes to get in the way of most skilled sysadmins. I’ve learned to work around it for the most part, and push it out of my way where I can’t, but generally speaking I always hear of it being a fight to accomplish some complex task mostly because the folks at CPanel have a different idea of how things ought to be laid out than, well, most normal people. That said, it’s mostly working around CPanel’s general assumptions that makes migrating to any host in general, and WebFaction in particular, a little bit of a trick. If you’re used to it, then it’s a non-issue in about 5 seconds. If you’re not a sysadmin, then it gets even more fun–but I can probably help you work around that if you’re reading this.

The bulk of the steps will be carried out in your new host’s control panel of choice–WebFaction has a very nice one that takes a bit of getting used to largely on account of they have a different concept of how websites come together than most people are used to, but the basic principles should be relatively translateable. And if you’re considering WebFaction, their support times are trying very hard to compete with mine when I’m awake–no support request I’ve put in has been left longer than an hour.

When I moved May and I over, the steps were almost entirely the same–except, of course, that mine were a bit more involved on account of I’m also running the DNS infrastructure for the server I’m soon to be shutting down. Moving us over went largely like this:

  • Create the necessary platforms on the new host:
    • For May, that’s a couple domain names, a database, a couple email addresses.
    • Me was a couple domain names, a few databases, a few legacy subdomains, and all the necessary pointers to the old server so other people I’m hosting over there don’t break–and also because I haven’t yet migrated my mailing list over yet. Oops.
    • So the new host knows of canadianlynx.ca, the-jdh.com and related infrastructure before it even needs to be forced to use it.
  • Back up the necessary databases from the CPanel server
    • Log in to the CPanel box with SSH, if you have SSH access, and: mysqldump -u username -p database > database.sql
    • Where username is the login name you use to access the database (hint: check the relevant config files for, for example, WordPress to find it), and database is the MySQL DB you’re wanting to back up (again, check the relevant configuration files). This puts a copy of the database as it is right now in the root of your home directory–or in whichever directory you’re sitting in, if not that. It will ask you for your database password, at which point again, check your configuration files if you don’t know it.
  • FTP (or, preferably, SFTP) the .sql file from old host to new–for this, I use WinSCP, simply because I can connect to both old and new at once and tell the thing to pull from one and push to the other. And, well, since I’m lazy, that’s exactly what I do.
  • Depending on the size of your database(s), you’ll have time while they move to go back to your new host’s control panel and create the new databases if you didn’t already do that. You can create the user(s) for them as well, which helps. WebFaction is pretty flexible with DB names, which also means you can probably have the same database name, username and password you had on CPanel, which ought to prevent breakage. I didn’t take that route, but that was for largely OCD reasons.
  • Your database transfer should be done now. Taking the info you used to create your databases on your new host, SSH into your server (WebFaction provides you SSH access by default) and then:
    • mysql -u username -p database < database.sql
    • where username is the username you picked for your new database, and database is of course the new database name. Again, it will ask you for your password–give it the one you set for the new database, not the one from your old host, unless of course they’re exactly the same, or things will break. It’ll take a second or two, but then the contents of database.sql will appear in your new database.
      • Note: WebFaction runs its database server on the same server as your web stuff, which is defined by localhost. MySQL uses this by default, so this command will work. If you’re on another host, like for example DreamHost, they let you create a database hostname to reach a separate, shared MySQL server. To import your database into that, you’ll want: mysql -h database.host.name -u username -p database
  • We’re at a pause point here, as we can’t migrate any farther until we finish setting our infrastructure up on the new host. Right now, your new host knows your domain name exists, but doesn’t know what you’re planning to do with it.
  • On WebFaction, they divide the concept of web hosting into 3 categories–domains, such as the-jdh.com, which let you host your email and generally just point to the server, applications, which are what actually serves up your web content (think WordPress, or your forum software of choice), and websites, which essentially connect applications to domain names–so you can tell, for example, myblog.com to pull its content from the myblog application.
  • On other hosts, generally speaking as soon as you create a “website account”, or “web hosting account”, it gives you space on a server and doesn’t much care what you put in that space. WF tries to customize its environment for the application you’re running, if it can get away with it.
  • Either way, you’ll want to create that space now. On WF, create a static/CGI/PHP application if you’re running, say, WordPress. You could, if you felt like being creative, just create their standard WordPress application, but WF automaticly hands you a database with it then and generally makes more work for you in the long run, but that’s an option.
  • Connect the newly created application to your previously migrated domain name using a website record.
  • Now, return to your FTP client. Connect to your old host and download everything in the public_html folder of your account–that’s where CPanel stores pretty much all website data. Optionally, if your client supports it, tell it to upload it to webapps/appname on your new host, where appname is the name of the application you created above–you did create one, didn’t you?
  • Depending on how much you have up there, it could take a while–mine took a couple hours overall. Now is a perfect time to double check things, then do some preliminary testing. Some web hosts give you a subdomain you can use to test things before they go live. In WebFaction’s case, you get a subdomain in the form of panelusername.webfactional.com, where panelusername is the username you use to log in to your control panel. Configure the website you created above to accept connections from both your domain name and panelusername.webfactional.com, or your new host’s equivalent if not WebFaction. That way, you can access your web content before you actually switch your domain over.
  • Tripple check you’ve created all the email addresses you need while you’re in the panel. Once you change over your name servers, which is the second last step–and last step you’ll actually be able to perform by yourself, any email addresses you’ve neglected to create will stop working on account of they don’t exist on the new server, and you’ve told everyone to forget about the old one.
  • Now is the waiting game. depending on how long it takes for your content to be transferred, I’d advise you grab a coffee or several.
  • When that’s done, and before doing anything else, pull up your webfactional subdomain in a web browser. Make sure there are no errors or anything of the sort–if there, you’ll need to edit configuration files. Most commonly, the error you’ll see is related to databases. Replace all the database info in the affected configuration files with the info from the database you just created, and those problems should solve themselves.
  • Once you have everything working on the webfactional domain name, and are sure everything is set up for when you bring your actual domain name over, it’s time to make the switch. Contact your domain registrar, provided it’s not the same as your old host, and change your nameservers to be the following:
  • <

    • ns1.webfaction.com
    • ns2.webfaction.com
    • ns3.webfaction.com
    • ns4.webfaction.com
  • If your domain registrar is your old host, I’d recommend you transfer it first–I’ve had very good luck with Misk for all things domain. Then make the changes listed above.
  • And that’s all you can do on your end. Now, everyone else needs to catch up with you. It should take about 24 hours or so for everyone to realize you’ve moved–so don’t go cancelling anything on your old host just yet. Once the nameserver changes have updated globally, then you’re safe to cancel things. And at that point, you’re hopefully successfully migrated away from CPanel to wherever your new host is hanging.

I had a few more specialised tasks running, such as a Cron job for scraping the various RSS feeds I read, but those I pretty much scattered in amongst the larger tasks that required waiting for. And now, this site and everything that goes with it lives on a shiny new web server I’m not directly maintaining. If you’re hosted on the server I do maintain, you shouldn’t feel a thing.

Switching out really is that simple if you know exactly where to look. And if you’re lost at any point, Google is your friend–and so are the comments. Now, let’s go see if I need to finish breaking anything else on my new host before I get too comfortable.

Bank of Montreal learns the gentle way why default passwords are bad for you.

This post could have also been titled: BMO is not smarter than a ninth-grader.

It will probably surprise all of no one that there’s at least one version of your typical ATM’s user manual floating around the internets. It’ll probably also surprise all of no one that–at least as of last check–a lot of them are still running Windows XP, which presents its own security issues by itself. So fast forward to the year of the adventurous teen, and what you run up against is exactly the kind of thing that would land you in federal jail on the wrong side of the border.

Matthew Hewlett and Caleb Turon were bored on a lunch break. And, as anyone who knows kids can probably figure out, lunchtime boredom plus access to the internet equals this can only end badly. In this case, it ended with a copy of an ATM user manual. So, the kids did what kids do best–they decided, hey, I wonder if any of this junk actually works. So they show up at a grocery store with a Bank of Montreal ATM, flip open their copy of the manual, and start testing things. They manage to bypass the standard program John Q. Customer sees when he wants to yoink money from the machine, and get into the actual machine OS. Well, or rather, they get to the point where the machine asks them for the OS password.

Now, if these guys are security conscious, the story ends here. They probably guess at a couple different passwords, get told to buz off, and away they go back to class with nothing having been upset. But that would be boring, and if there’s anything I’ve learned it’s that major corporations don’t do boring very well. In this case, major corporations also don’t do security very well.

The manual had a list of possible default passwords for the machine. The kids, because hey, they got this far, decided it’d be fun to just cruise on down the list. And wouldn’t you know, on that list of default passwords would be–surprise surprise–the very one that gave them access.

“We thought it would be fun to try it, but we were not expecting it to work,” Hewlett told the Winnipeg Sun. “When it did, it asked for a password.”

They managed to crack the password on the first try, a result of BMO’s machine using one of the factory default passwords that had apparently never been changed.

They took this information to a nearby BMO branch, where staff were at first skeptical of what the two high-schoolers were telling them. Hewlett and Turon headed back to the Safeway to get proof, coming back with printouts from the ATM that clearly showed the machine had been compromised.

The teens even changed the machine’s greeting from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.”

Give BMO credit, though–this could have ended a lot worse than it actually did. Rather than, say, jump the gun and haul both kids before a judge (I’m looking directly at you, about 95% of US corporations), they did the smart thing–though perhaps not as smart as, say, changing that damned default password.

The BMO branch manager called security to follow up on what the teenagers had found, and even wrote them a note to take back to school as explanation for why they were late getting back to class.

According to the Sun, the note started with: “Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security.”

BMO has apparently learned from a couple 14-year-olds exactly how important being allergic to default passwords actually is. And from the looks of things, they may or may not have actually done something useful with it–at least one would hope, since given people know this kind of thing’s out there, it’s only a matter of time.

So if your local geek, geek for hire, or tech support employee is standing in the room glaring daggers at either you or your computer monitor while potentially contemplating the quickest way of separating you from your career without getting his hands dirty, stop for 5 seconds and think. “Did I change that standard issue password?” Because odds are pretty freaking good one of you already knows.

Why I will be a #Uber convert for as long as they’ll let me.

It’s a way too familiar story if you live pretty much anywhere. Your options for getting from A to B if you don’t feel like driving are limited to friends with cars, public transportation, or a handful of taxi companies who all charge very similar prices, take way too damn long to get to you, may or may not actually know where you are or where you’re going, and definitely don’t speak proper English. If you live in Ottawa, at least, you have the “advantage” of those same taxi companies working out of the same central office where the same half-awake souls may or may not properly take and pass along your request for a ride. And pretty much no one, without a significant amount of arm twisting, can or will tell you where the hell your ride is when it’s been an hour and a half after they told you 15 minutes. Uber takes all that headache and makes it run away.

My favourite Uber story to this day is still from the early days with the company. May and I were going out for an evening, just because–well, let’s be honest–we were due. Our first instinct was to call for a taxi. Uber was still new, and though we’d used them before we hadn’t entirely settled on them yet. So we called our cab, got the standard 5-15 minutes and it’ll be here. Awesome. Cool our heels for 15 minutes or so, we’ll be on our way. Out of curiosity, we popped up the Uber app. The app told us there was a driver sitting 4 minutes away from our house. Just for background, 4 minutes away could be just down the street for all we know–there’s a shopping mall that’d be maybe a 5 minute drive from our house if I feel like exaggerating.

Half an hour passes. No cab. We call to check. “Oh, it’ll be just another 5 minutes. He’s on the way.” Another 15 passes. Another phone call. Still on the way. In all, an hour and 15 minutes pass–no cab. That Uber driver’s still 4 minutes away. My next phone call to the taxi company is to cancel the ride. We went with Uber instead–both to where we were going, and back. And what I found was amazingly surprising.

Not only did the ride cost significantly less than a traditional taxi, but the app wasn’t kidding. When the thing says 4 minutes away, you’d best be putting your shoes on and grabbing your keys, because he’s out front in approximately 4 minutes. The driver knew exactly where he was going. There was proper freaking English. And the icing on the cake: I didn’t have to whip out my user manual for taxi drivers. We call that epic win in my book.

And this right here is exactly why I will stick to being a Uber convert for as long as it sticks around. If they don’t collapse, and if Ottawa doesn’t force them to implode, the local cab company is going to be hurting for my business–unless, of course, they can compete with Uber on at least price. However, since that’s not exactly happening…

In which I actually learn things. Who knew?

This thing’s due for an update. I have a couple minutes free in class. Therefore, update. And it’s a something.

Last week, I officially started what I term my geek training. 6 eternities and a forever later, I walked into the first class of a computer systems technician program at Algonquin College. And in that first week and a half, I actually learned something useful–including a couple different keyboard shortcuts for Linux I didn’t actually know existed. Considering how much time I spend in Linux, that’s a something on its own.

The thing I think I’m going to absolutely adore about this program, though, is it’s almost entirely hands-on. For instance: I’m sitting in a Windows course right now. There’s a theory component to it, which is why I’m sitting here writing this (it helps that he’s talking about things I already know), but then there’s a hands-on, lab component to it–where I get to install Windows in a VM, play with it, break it, and generally prove I know how to do the things we just talked about in theory. The same thing applies for the course I’m taking on Linux–which falls right into part of where I want to be anyway, so that works. Our theory classes, plus our lab work, involves connecting to a Linux server on campus–the server runs an instance of Ubuntu, if you’re curious what I get to play with a couple times a week.

That was a problem, I think, in school environments I was in before–my first run at college, and then the upgrading I did last year to get into this program. That was almost all theory, so you had people going on and on about junk and you just got to sit there, kick back, listen and try your damnedest not to fall asleep. Now, they let me play. And they test me on what I’m playing with–so I break all the things, fix all the things, and get graded on it. Only thing it’s missing is getting paid for it. But, I’ll take it. And now, I suppose I ought get back to paying attention to this professor’s droning…

There will be a better entry eventually. But hey, first time since October. Work with me some. College geek is in college.

More posts by email things.

So a way back when, I found something that sort of did the trick for receiving posts by email. Mostly, except not really. It sent you your posts by email, but you got one email with anywhere from one to who knows how many posts depending on how active I decided to be when posting. I’d experimented with ways to solve that problem before, one of those ways being what lead to me needing to rebuild this website (more on that in another, later entry), but they ended up not quite being what I was looking for. Welp, problem solved.

As of shortly before the actual rebuild process for this place finished, when you decide to sign up for posts by email, you’ll be given the choice. Get one email per day containing however many posts I toss this way during that day, or let the system email you every time I post something new and vaguely useless. It may very well end up being that the individual emails prove slightly more popular–I hardly do the 5000 posts per day thing these days, plus it may be moderately easier to actually make changes if I need to. But for now, both options are there, and both options are still working.

for my next trick: further twitter integration. Because hey, all the cool kids are doing it.

Rock bottom: charging $27 to install free software.

My former employer gets a little loopier every few months, I’m pretty sure. This time, the loopy shows up in the UK, in the form of a nearly $30 charge to install Firefox on some of their business level machines. Now, I’m not above charging someone for basic services–I used to willingly charge people for virus removal, and that became second nature to me after about 6 months. But the difference there is they called me, and their machine really needed help. This is a configuration option the customer had access to when purchasing their new machine. They don’t do such fullishness anymore, but yeah, I can see that maybe creating an issue or five down the road. Guys, you’re losing it…

Once more with feeling: Default passwords are bad. Not kidding.

If you’ve been reading this thing for any amount of time, you’ll probably notice I tend to come up with all manner of very strongly worded opinions. Particularly in the neighbourhood of geek things. Like, for instance, when it comes to folks who set up a piece of hardware–like, say, a router, or a server–and decide to leave the default password in place. So your state-of-the-art Lynksys router, which you’ve had for all of 24 hours, has become a hot spot for the local script kiddy and the mass amount of software he’s employing even as I’m writing this so he can expand his porn collection–and all because, well, you didn’t follow the first rule of basic security. Change the goddamn password. That goes double if you run a website for a school district, and its default login credentials are, uh, well, only slightly above no login credentials at all.

A Texas school district is learning the hard way about website security basics. If you’d like to keep your site from being compromised, the very least you can do is reset the default login. According to a post at Hackforums, the Round Rock Independent School District of Austin, TX was using the following name and password for its admin account. (h/t to Techdirt reader Vidiot)

hacked – idiots used default login/pass

u; admin
p; admin1

Needless to say I’m not exactly world’s most qualified hacker, and if it were me on the delivering end of all of that, I figure it’d take me about a minute to gain access. Provided I was 1: doing it manually and 2: not trying very hard. I’m going to go out on a bit of a limb, here, and disprove the theory that you get what you paid for. Whatever the school district paid the folks what set up and apparently didn’t maintain the website, I’m making the offfer right here–not, you know, that I figure it’ll go anywhere, but hey. Take the amount that supposed third-party company brought in. Divide it by 2. Now, write me a check for that amount. Stick it in the mail. Upon receipt, I’ll hand you a website infinitely more secure/stable than that hot mess. No? Well, I tried. In the meantime, for the love of all things holely somebody please provide SharpSchool with a better selection of passwords. Because clearly, they’ve got approximately nothing.

System administration. Because the vodka industry needs some love, too.

Warning: the below post is probably long, and definitely geeky. You’ve been warned.

I’ve had this blog and several others hosted on a server I run and pay for since around the neighbourhood of 2010 or 2011. Naturally, this means I go beyond the whole finding random things to post about idea and dip into the territory of the sysadmin. Awesome, insofar as experience goes–not, mind, that said experience gets me any closer to being employed, but you’ll have that. But the more I play around with it, the more I think it gets me ready/comfortable with the idea of actually doing something like this and getting paid for it. Besides, I like a challenge.

So I’ve been running this particular server since August of 2012, or thereabouts. And in that time, yeah there’s been just a tiny little bit of broken here and there. But I usually had some warning or could guess that, hey, what I’m about to do will very likely end in spectacular fashion with me spending the next week and a half picking the pieces off my floor. This time, not so very much.

I maintain a small platform where I can stick random bits of info, like documentation for things I’ve figured out about otherwise less than stellarly documented programs. Or, you know, random things that just might turn out to be useful to me a year and a half later. That platform is powered by MediaWiki, who’s probably best known for being the thing used by Wikipedia. So you know, it’s been poked at, prodded at, tested the hell out of, and generally considered stable enough. Well, that or Wikipedia is partially owned by MediaWiki, but hey whichever. So I figure, why not? It’s scaleable, so my small little documentation platform oughta be no sweat. Which is largely true, until it breaks.

I’d never actually bothered digging into the code, if I’m being honest. I figure eventually I’ll get to it, then things happen, and it doesn’t really get gotten to. You know the deal. Fixing the broken, though, necessitated a quick little dig through the surface layer of code. The bright side: now I know why it’s relatively light on database usage. Can I trade, now?

Here’s a little bit of a primer, if you’re one of those folks who’re on the border of techy but not quite ready to slide across it yet. Most software, like wordPress for instance, pretty much leans on whatever database you’ve set up for it. Everything hits the database, no questions asked. Unless you run some kind of a caching plugin (I do), even the basic trying to access the website hits the database. Database goes down, site goes down. MediaWiki does that, to a point, but there are enough layers between the database and you that it’s not entirely obvious. One of those layers is the extensive use of regular expressions for damn near everything. Almost nothing in the software is actually pulled from the database after, perhaps, the first initial load. Exceptions might be made for things like menus, but that might also be stored in the code itself somewhere and I just haven’t bothered finding it yet. But everything else, like for instance the actual page content? Cached somewhere on disk, then hit with a regular expression. Awesome, in theory. Works perfectly, again also in theory. Until theory goes out the window and they release a server software update that pretty much breaks the place. I applied that server update. Had no idea anything was broken–because barely anyone uses what I’ve set MediaWiki up for, and nothing else went sideways. So all was right in the world. Until my documentation actually needed to be flexed.

In fixing the broken, I learned exactly two things, real quick. Thing the first: Even on non-Windows systems, updates still break pretty–I knew that already, but it’s occasionally nice to have that confirmed once in a while. Especially when you know a few people who’ll gladly insist they’ve never had an update problem with $OtherSystem like they’ve always had with Windows. And thing the second: If you release an update to a pretty significant piece of software that breaks compatibility in new, interesting and creative ways, and pretty much no one sees it coming, you’re doing it wrong.

Let the record reflect I still love the sysadmin gig. Let the record also reflect I’d still love to be paid for the sysadmin gig. But I’m kind of wondering now how many paid sysadmins are sitting in an office wishing they could fire themselves a developer. Other people’s broken is never a fun thing to come home to. Now, I speak from experience.

The only Heartbleed left now is the NSA.

So pretty much everything exploded this week. If you were paying attention, you were probably warned not to go near things like your online banking site, or pretty damn near anything that advertises itself as having a secure connection. This is because of a pretty lethal bug in the software that provides that secure connection, in several cases, that pretty well rendered your secure connection worse than no security at all. There’s a pretty nice, if a little technical, explanation for it written up by the guys I’m paying for the use of this server, but the cliff notes version is the hole’s a few years old, and can provide someone who knows what they’re doing with access to pretty much any information stored in the memory of a server with the buggy software. So if someone knew how to take advantage of that security hole, they could potentially have access to usernames, passwords, creditcard numbers–basicly anything that happened to be in that server’s memory at the time.

There’s an updated version of that software in the wild now that plugs this security hole (note: not that anything on the server uses secure connections at the moment but I’m running that updated software now anyway), so as people get around to applying it that should be much less of a holy hell what in creation have I done kind of problem. Which is awesome, for guys like you and me. A little less awesome, though, for guys like the NSA.

The internet is still reeling from the discovery of the Heartbleed bug, and yesterday we wondered if the NSA knew about it and for how long. Today, Bloomberg is reporting that the agency did indeed know about Heartbleed for at least the past two years, and made regular use of it to obtain passwords and data.

While it’s not news that the NSA hunts down and utilizes vulnerabilities like this, the extreme nature of Heartbleed is going to draw more scrutiny to the practice than ever before. As others have noted, failing to reveal the bug so it could be fixed is contrary to at least part of the agency’s supposed mission:

Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute, a Bethesda, Maryland-based cyber-security training organization.

“If you combine the two into one government agency, which mission wins?” asked Pescatore, who formerly worked in security for the NSA and the U.S. Secret Service. “Invariably when this has happened over time, the offensive mission wins.”

So when the smoke clears, the NSA will have at least a little bit less access to John Q. User’s data–at least until they end up mandating another hole in some other layer of security software. But until then, it looks like the fine folks at stalker central will end up being the only ones dealing with a case of heartbleed when it’s all done and dusted. Now if it was only that easy to switch off the exploits they helped introduce.

How I ended up firing Windows XP.

So for anyone who happens to be paying attention, april 7th is XP dies a death day. Microsoft has decided after what’s probably shot past the 10 year mark to drop support for the OS. Which, escentially, means if you’re still running that version of Windows, you’ve just officially volunteered your machine to play host to all manner of new and interesting malware creations–you have probably also had your spamming ass slammed by my oversensitive firewall, but that’s another story. Because it’s me, and because I never turn down an excuse to see how far I can stretch things until they break, my finally tossing XP wasn’t entirely a conscious “this needs to happen” type decision.

I’ll freely admit I put off switching operating systems until almost the last minute. Largely it was lazyness–I have a crap ton and a half of stuff that needs moved from one OS to the next, and when the thought crossed my mind initially I was in the process of throwing together a multiple-part archive of pretty much all of it so the machine I was using at the time could be wiped for the upgrade. But other parts included things like I wasn’t entirely sure I wouldn’t be replacing the machine I was using a ways down the road, or I couldn’t 100% guarantee Windows 7, which is where I was planning to migrate to, would run on that machine–I figured it would, because the thing originally shipped with Vista, but Vista was also 7 years ago so that wasn’t exactly a very stable benchmark either. So I was alternating between holding out until I could find a new machine, and doing the occasional bit of digging to see if my machine would collapse under the OS or not.

Things kind of happened in fairly short order after that. Plans developed that saw May getting herself a new machine, so the Windows system she was using–which at the time ran Windows 8 (don’t get me started)–sort of stopped having any actual use. My machine had started showing its age, and there was a point that I actually wasn’t entirely sure it’d last long enough for me to do what needed doing with it to keep my various crap from falling into system failure oblivion. Fine time for me to start experimenting with new backup systems, right? So I played around with that (that’s another entry), and managed to get things to a point where if the system spontaneously caught fire it wouldn’t do anything more than torch my corner of the office. Which, okay, would have sucked royally, but my stuff was safe.

Okay. So that’s one headache down. Now I was comfortable enough that if the system decided to fry every circuit going, or if Microsoft decided to change their mind, pull support early and launch an update that escentially disabled every system in the place still running that OS, I wasn’t gonna be hurting too horribly bad. That made the next steps very nearly natural. Since May’s new machine was here and set up, May’s Windows machine became my Windows machine. Since I will never willingly use a Windows 8 machine for anything other than something new to put Windows 7 on, my next project became wipe the machine, and toss on an OS that doesn’t make me want to consider buying stock in migraine medication. I spent the next couple days manually rebuilding the machine, including hunting up wireless network drivers that I could have swore Windows 7 had built in when we bought that damn card. Then it was take a better part of the next week or so downloading and restoring the backup from the old machine, and my eventual turned emergency OS swap ended up happening with only the removal of a couple strands of hair.

And for the last couple months or so, well before Microsoft flipped the switch what turns all your XP into hacker heaven–yes, this apparently may or may not include most ATM’s, I fired XP and haven’t looked back. I may kick myself for it in 6 months when I go looking for something I knew I had on the old machine and poof, it forgets to exist, but you’ll have that. And in future, I do believe I’ll start the upgrade process well in advance of potential catastrophic implosions. On the other hand, that was kinda fun. Perhaps I’ll do it again…

In which tech failures happen in 3’s.

Things have a tendency of getting all kinds of eventful up in here. Particularly when they don’t *really* need to be. If it’s not family making, breaking, remaking, switching up and then completely forgetting about plans in the span of 5 minutes, or things bouncing in just about every direction except the one you want them to go on the education front, it’s technology conspiring to do all manner of screwing with your head, and your whatever you were planning to use that technology for. And because epic failings must be had in 3’s for reasons no one can figure out, when the fun gets going, everyone gets a turn.

My warning was the laptop. I’ve had it for it’ll be 2 years about now, and the only problem I’ve ever had with it was a failing fan. I knew the fan was going for several months, but could never find a place where I had the time, the energy and the money at the same time so it could be delt with. When I had the time and/or energy, there were financial things needing to be shoved out of the way before they came round to bite us in the ass. I actually delayed my run at college by a bit in hopes I could put together all 3 in a reasonable amount of time, or that it’d sort itself out and we’d be golden in time for classes to actually start. It looked like it was gonna do exactly that, and things were falling into place for me to start the course I’m in the middle of now, so I was starting to breathe a little teeny tiny bit easier about it. It could hold out long enough for us to get hands on money, which should come just before the Christmas break, we were thinking. Which would have been amazing timing, if it had worked out that way. School’s out, send the laptop off for repairs, hopefully have it back maybe a week after school gets back in session in the new year. And just when I was comfortable with that plan in theory, the thing gave out completely. Two days before class started, and if I’m lucky I could get the thing to give me half an hour before it shut down to avoid overheating. Well now. There goes careful planning.

I should have probably taken that as a sign that I maybe aught to just back everything up on every machine I own, stick it somewhere central like, and hold out until I could replace the equipment wholesale. While I was dealing with the laptop, I was seeing signs my desktop, also known as the primary machine I use for pretty much anything heavy, wasn’t gonna be much longer for this world. It hasn’t gotten critical yet, but it’s inexplicably shut down on me a few times, I’ve seen pretty freaking unrecoverable blue screens more often than I’d like, and it’s having to work harder at doing things I know it could do without breaking a sweat not entirely all that long ago. This one, at least, I could more easily expect. It’s given me 7 years, and a lot of wicked heavy usage–most of this site was born out of that machine, for starters. It’s not completely toast yet, but I’m not liking its chances for seeing its 8th year. Plus, it runs Windows XP still and, well, let’s be honest–while the machine could probably easily run 7 instead (it shipped with Vista initially), I’d just be replacing it shortly anyway. So before it puts me in the same situation the laptop just tried to, it’s on its way out. Bright side: the machine I’m replacing it with actually has a little bit better specs. I’d be slightly jealous, if I wasn’t just told I could take it for myself.

I mentioned things happening in 3’s, and did they ever. The first sort of warning I got that made me think the desktop might be in slightly worse shape than it turns out it is had actually more to do with the external drives I keep connected to it. I do a lot of things with music, TV shows, movies and the like. So I keep some pretty large external drives around–unless you wanna get fancy, a lot of what I plan to collect won’t fit on your average internal drive. At one point I had 3 connected, and was talking about adding a 4th down the road. Across those 3, I had quite a few years of music, videos, backups from other drives, random things that I hadn’t gotten around to sort and put where they should be. So basicly a crap ton of stuff. Two of those drives flirted with failure of the highest order. And one of them needed two attempts before it finally just irreparably met its maker. I managed to pull most of what I needed off the drives before they went, and can get my hands on the rest once I figure out what needs to be gotten and then remember where I got it from the first time. But the way they were readying to go lead me to believe maybe the desktop was on its way out quicker than I’d like it to be. The drives would show up for a while, then either I couldn’t actually access one, or the other would disappear entirely. But I could plug them both into another machine and at least mostly do what I needed to. So that was a thing to deal with–particularly given if the desktop had went as quickly as I was expecting, I still didn’t have the laptop back and fixed so that might have slightly caused problems.

So now, the laptop’s mostly working as it should, the desktop’s on its way to being replaced and I’ll be needing to rebuild my video library. Again. All told, not entirely too bad for a season or two in the life of a semi-crazed geek. And I should be relatively clear of tech issues for a good while. I wouldn’t say no to another 7 years of mostly smooth operation. And hey, maybe by then I’ll be doing something that actually allows me to pull a wad of cash out of my wallet and emergency replace pretty much everything that has ever come apart on me on 24 hours’ notice. Hey, a geek can dream, can’t he? But in the meantime, I suppose I should go reformat my brain. This forecasts to be another intensely crazed week on the education front–which I should probably actually write about before I’m completely done with it. Eh, maybe in the spring.

In which Star Trek becomes a little less like science fiction. You saw it coming.

With the exception of the origional series–well, and the damage they started doing to the franchise with the last couple movies they turned out, you might say I’m a bit of a Star Trek fan. Well, okay, probably more than a bit–days like today would be mighty fine use cases for transporter technology, if we’re being completely honest. So I keep an eye on things that look like they might have been slightly inspired by the land of full-fledged civilizations dotting the final frontier. Which means my interest is a little bit increased when I read about a researcher that has developed the capability of 3D-printing a nearly completely plastic handgun, or the ones who’ve improved on that to put together, again using a 3D-printer, an honest to god pistol.

Okay, so maybe vaguely inspired projects that involve replicating new and interesting ways to kill each other isn’t the healthiest way to start off a Star trek inspired post. I mean hey, I’m screwed up, but not quite that screwed up–well, most of the time. So maybe let’s skip right to the “directly inspired from Star Trek” pile, then, yeah? For that, we skip across the border and land us in Canada, where a software engineering company has put together its very own attempt at a universal translator. At the moment, the goal is only to make the accents of those folks in call centers overseas seem just a little less like about half to three quarters of the problem in any customer service conversation since the dawn of customer service conversations. Having bin on the serving end of some of the conversations that have resulted from a few of those overseas accents, if I had the money handy right here right now, I’d be looking wicked hard at where to sign up. And hey, if it ever gets beyond the experimental stage, perhaps the folks behind it will be cellebrating by cracking open a bottle of an equally experimental and equally interesting present-day version of synthehol–complete with the ability for you to sober up quickly should you need to. You know, in the event your designated driver’s off in the corner drowning himself in the real thing, the fool, and you’ve just blown what should have been your cab money. Of course if this ever stops being experimental and goes mainstream, I wonder if designated drivers will still actually need to be a thing.

From the directly inspired by Star trek, we fly right on over to the directly pulled straight out of star Trek. And we land in North Carolina, where a city councillor there named David Waddell has submitted his resignation–in Klingon. “Today,” he says, “is a good day to resign.”. Not exactly a direct translation, but I mean what are you expecting from a 21st century non-Klingon? It beats the hell out of another politician deciding he wants to spend more time with his family, anyway. so, now, who’s gonna get cracking on this transporter thing? Anyone? I’ll wait…

Fun with passwords. Or, why your 25-year-old sysadmin might be looking a little grey.

Default passwords are a thing, and for a fairly decent reason. Your crap needs to be relatively secure, even if you haven’t actually done anything useful with your crap since the start of its existence. Default passwords are also incredibly, incredibly bad for you. It’s why most actual corporations force you to change it from the default the first time you log in, whether or not they force you to change it on a subsequently frequent basis later on. Because not doing so can be a real problem for you, your content, and your sysadmin. Most of this, you’d think, would be pretty common sense–even if you’re not the technical sort. But, I’m putting it here, so you can safely assume it’s not as common as I’d prefer. This came pretty much full circle yesterday, and the only reason it didn’t get blogged yesterday is educational things have conspired to fry me.

As probably a few of you will figure out, I’ve run this site on a dedicated server for a few years. I also happen to have added a few people to the list of things running on this server in that time. In doing so, I use what I think to be relatively standard practices for security–you get an account, with whatever domains/services/whichever you need access to. You get a username of your choosing, and because I neither want nor need to know what your actual password(s) is/are, I give you a standard default password–and very strongly recommend, as in you really, really want to do this before I scramble the thing for you and hand you a generated one that’s at least 32 characters long, that you change the thing. Like now. As in before you even decide to turn around and install WordPress–which you should, because flexible. Because yes, the thing is secure. Mostly. But default passwords are usually three things. Easy to remember, short enough so as not to be overly confusing for folks who aren’t exactly up to trying to translate, commit to memory and not completely flub a 32-character-long password, and probably not difficult to figure out for your average script kiddy with a brute force program and some free time to devote to finding themselves a new machine they can borrow to spam the hell out of someone or someones. In other words, change it or you really do deserve to be slapped across the forehead with the clue stick. Gently, of course.

So I was on my way out the door yesterday with the half dozen things that usually follow me out the door when my phone pretty much blew up. I pull it out on the bus and find myself staring at a screen full of mail server failure notices. I’m talking very nearly a hundred of the freaking things. Well, I figure. This isn’t altogether too pretty of a thing to be seeing if you’re me. Did a server people are trying to send to decide to pick yesterday to suffer a fatal issue, or has something on my end gone and broke itself?

To figure out how this applies, let me summarize roughly what happens when you try and send someone an email. Your machine, through Outlook or some other program, sends the mail you’re working on to a server–either owned by your ISP, or your website provider, or the company you work for–with instructions that basicly says “This needs to get to person@place.com”. Your mail server, then–that’d be the thing Outlook just got done talking to, flips through the internet equivalent of a phonebook to figure out which other servers are accepting mail for place.com. When it finds one or several, it tries to contact them. Assuming it gets an answer from one, it asks two questions. “Do you actually accept mail for place.com?” And, if the answer to that question is yes, “Does person exist in your info on place.com?”. Assuming both answers are yes, one of two things happens. Ideally, your mail is then sent to the receiving server, who then tells your mail server, “Okay, I’ve got it. Thanks for dropping by.” and that’s that. Transaction complete. Or, slightly less likely, the server’s experiencing problems–or one of the servers it relies on is experiencing problems–and your mail server is told to escentially try again later. Which it will, repeatedly every so often, until either the mail is delivered or it just plain gives up on account of the destination’s well beyond broken. If the answer to the second question comes back a no, the receiving server escentially tells your server, “I don’t have anyone named person here.”. Okay, so that’s a problem. And it’s a problem you should probably know about so you’re not trying to repeatedly send mail to person@place.com and wondering why in the sam hell that rat bastard hasn’t gotten back to you in 6 months. So your mail server turns around and automatically sends you a quick email saying basicly “I tried to send your mail to person, but the folks at place.com don’t know who that is. Sorry about that. Oh and by the way, you should probably tell person his place.com address doesn’t exist–or make sure the sneak gave you the right one already.”. Okay so maybe not that last part, but you get the idea.

When my server sends people the “place.com doesn’t know who person is” email, it also copies that email to me. Not because I feel like snooping in on the juicy details of the morning’s gossip that you’ve accidentally sent to the slightly mistyped but still mostly correct address of the chick you usually have coffee with after work, but because in the event this kind of thing happens consistently, there’s either something wrong with the receiving server–which I may need to yell at someone about, or work around temporarily–or there’s something wrong on my server’s end, either with your account or with the server in general–which I need to fix, or prod you to fix, in order to prevent further much larger problems. So when an account on my server started generating several emails to random addresses that didn’t exist, the server got several “this person doesn’t exist here” notices from servers it was trying to deliver to. As a result, I got several copies of “I tried to deliver this, but they don’t exist” emails. And because it’s 2013, I’m a geek and there isn’t a smartphone alive today that doesn’t let you, I got to handle most of those on the way to class–and discover that those emails were coming from entirely random addresses on my server that *also* didn’t exist. Well then. Don’t we have us a situation. I couldn’t do entirely too much about it at the time except diagnose on account of I was mobile, I was on 3G and I wasn’t in one place long enough to haul out the laptop and make things happen, but at least now I knew there was something amiss in techville.

When I got where I was going, I had a bit more time to play find the hole. And what I found was the mail traffic was being generated by an account that hadn’t actually been accessed since it was set up and the person who owned it installed a version of WordPress. Since then, that account had escentially been sitting there doing not much. Unfortunately, because it hadn’t been accessed except the one time it took to install WordPress, that also meant its default password was still its current password. And, as a quick check would tell me when I got back to a network I could actually use without the restrictions of a not very well set-up firewall, it was that default password stil being set for months on end, on a public-facing system, that lead to the account being accessed by places and in ways that it might not aughta be. Having no idea at the time, though, my priority was escentially turn off the tap. So I disabled that account before class started, and it sat there being disabled until I could get a look at it when I was free–see also: when I confirmed that yes, in fact, the thing was accessed in ways it shouldn’t have been by a password that should have had a lifespan of 5 minutes.

That account will more than likely end up deleted, on account of it was never actually used and so really, nothing’s being lost by killing it. Which also means I don’t need to send an actual user an email basicly saying “by the way, because you fail at security basics all your crap is now compromized. Thank you.”, which works just fine for me. But this is a thing that could actually happen to a system or service you would probably much prefer it didn’t. think of everything that comes with a default password in place already. Routers, any modem purchased in the last maybe 5 years, university or college email/network accounts, the afore mentioned actual work related systems, the list goes on. They don’t come with default passwords because they’re worried about John Q. User developing amnesia and not having the slightest idea what their password is. They come with default passwords because they’re usually set up automatically, usually in batches, usually for several dozen to several thousand people at once. This also means if you feel like giving it a couple months, that common, default password can and will be found on Google. Which means anyone with 5 minutes free who knows the service exists and you have access can easily also have access. Which in turn means if they decide to use that access for less than legal purposes, or less than insanely irritating purposes, it’s not them that catches hell for it–it’s your access, therefore it’s your problem. Changing that default password, preferably the second you sit down in front of the system in question and access it for the first time, significantly reduces the likelyhood of it becoming your problem. It also just so happens to be exceedingly smart thinking, since in the case of people who maybe used to have access and shouldn’t anymore, it prevents them from deciding to borrow your access to try and get back at whoever decided they no longer needed it. And you’ll have just prevented, at least temporarily, your friendly neighbourhood sysadmin from developing a few of those grey hairs. That gets you bonus points somewhere. And hey, if it’s a thing I have anything to do with and you’ve just prevented me from having to piece together a working copy of your account long enough to beat you with it before telling you you should probably change your password, I swear I’ll be your best friend for life. Which will be a lot easier if you’ve also resulted in me having one or two fewer heart attacks. Now if the rest of the world would just come along quietly we’ll have it made.

You know your skills are in demand when…

So. I mentioned once or twice my end goal being putting the geek abilities that result in, among other things, the existence of this website on paper. Someone asked me once what I’d use as an indication the skills I’m looking to prove I have and expand on are ones that would be in reasonably–meaning reasonable enough to pay for–demand. Until recently, I wasn’t entirely sure–beyond the fact that just about every organization of just about every size needs IT help these days, even if some of the smaller ones tend to outsource those needs to someone not actually covered by them. And then, the media handed me a benchmark. Thanks, Dawson College.

A student who used to attend that school found a bit of a flaw in their information portal. That flaw made it possible for anyone who’s anyone to get their hands on student information that didn’t need to be gotten hold of by anyone who’s anyone. The student brought it to the attention of the school and the company who developed the software they use. As thanks for his efforts, the school expelled him. contrast that with the folks what developed the software–who had the option of charging him for trying to hack their software, and instead offered him a job. Measurement of demand established. That it had the grannies over at the Globe and Mail sticking their necks out so the folks over at Techdirt could lop it off at the shoulders is what ya call an added bonus.

My end goal is to walk away from my education with the ability to do escentially what this student accomplished. It helps that the college I’m staring at seems to be a little more with the times–hell, their website is entirely powered by wordPress. And if the job postings that end up landing in my lap aren’t evidence enough I’ll be able to at least get people to talk to me when I can put this junk on paper, the fact the guys he supposedly broke the law to help out didn’t see it that way and wanted to pay the man just about solidifies it. If nothing else, it decreases the likelyhood of my being expelled for trying. That counts for something, at least…

Dear CPanel. You need to support Postfix. I’ll even ask nicely.

Since my former web host gave me the boot for fairly ridiculous reasons, I’ve had the pleasure of getting extremely familiar with a server and software of my very own. Part of the setup I’ve got going on now involves CPanel, which escentially lets me set up a website, email address, or any number of other things automatically inside of about 5 seconds as opposed to doing the configuring all manual like and probably contributing to my brain damage in the process. It actually isn’t too different from the control panel software the old host uses–except that they insist theirs is custom-made, but you’ll have that. There’s the occasional minor issue with the software, but over all they can be worked around or otherwise plain ignored if they aren’t already in the process of being fixed (see also: IPV6 eventually). I can’t say I love CPanel, but I’m fairly sure it wants me to. And it’s almost convinced me. Almost, except for one minor problem.

I like to be able to tweak, adjust, reshuffle, arange, configure and otherwise mess with pretty much anything I can get my hands on. If it can be changed and not result in flatlining the server, I’m all over it like white on rice. For the most part, CPanel lets me do this thing and doesn’t complain too much. Try something funky with spam settings? Sure, here ya go. Shove an extra layer of security over web trafick? Let me help you with that. And if by some freak accident I completely bork the thing, I’m usually only about two commands away from tossing the breakage aside and restoring to a last known reasonably good configuration–thank christ, since one thing doing this on my own has shown me is I’m an absolute fail at storing my pieces of configuration files in 50 million places. But where CPanel’s limits show up isn’t necessarily in CPanel itself but rather in the software it chooses to support.

Fast forward to my only real, niggling issue with CPanel. Hardly a dealbreaker, but it would definitely work towards making me a lot more open to not trying to roll my own. CPanel doesn’t handle email quite the way I’m used to it handling–even when I wasn’t hosting my own email. For starters, CPanel installs Exim as its mail transport agent (MTA). Now, don’t get me wrong–Exim’s good for what it does. I have no real complaints with Exim. I just can’t do anything overly useful with it without recompiling the source–something CPanel doesn’t do, and so if I were to attempt it, I’d probably be walked over as soon as the nightly updates ran. It’s not as flexible with logging as I’d prefer either, giving too much information in some areas and yet too little in others.

I’d have much rathered if CPanel supported, either natively or otherwise, the use of Postfix for its mail relaying. I’ve started advocating for as much on their feature requests site in recent days. Based on what I know, the two are very similar. But for all their similarities, the way they handle is almost completely different–at least if you’re me. For starters, Postfix leaves more to the configuration files and less hardcoded so direct access to the source is required–again, useful given CPanel doesn’t compile its MTA and doesn’t give you the option of doing so. Additionally, Postfix is a more security-focused MTA, in the sense that it can be jailed/chrooted without breaking the rest of the system similar to how cPanel already gives you the option of locking individual users into a jailed environment so they can’t affect anything outside their own space. The ability for Postfix to drop priveleges doesn’t hurt its case any either. Postfix also tends to handle message delivery differently from Exim–generating a message for each individual address, rather than grouping messages addressed to more than one recipient into one bulk message. This has the added advantage of a single address that generates a temporary failure doesn’t cause the MTA to hold back on delivering that or any other message to anyone else who just so happens to be using the same mail destination–something that’s come up to very occasionally annoy me.

I’m noticing as well that Exim, unlike Postfix, is relatively quiet when potential problems crop up. For instance, Postfix can be configured to send email on certain types of failure, not just to BCC you when the server itself generates a delivery status notification. So if Postfix is encountering a resource issue, let’s say it’s close to running out of diskspace, it can alert you by email. It can also log the details of an SMTP interaction for more involved diagnosing. For instance: figuring out at which point in the transaction is a connection falling apart, so I can better figure out what needs a good solid tweak in the nose to do what it’s told.

I like CPanel well enough, now that I’m not improv learning it as I go–or having to fight with it to do what it aught to be doing pretty well out of the box. I’d like it even more if it supported the Postfix mail agent. And for that, I’d even be willing-ish to say please. Now if we could just skip right down to the part where all I have to do is flip a switch, we’ll be in business. Your move, CPanel.

How I handle backups. Or, happy world backup day!

For most of the world, it’s Easter. at least, on the east coast, for the next… we’ll say… less than an hour. But for anyone who maybe doesn’t cellebrate easter, or has maybe more important things on their plate besides that, today is also world backup day. In honour of that, let me tell you how I work.

I’m insanely paranoid about my backups. To the point where at any given time, it can be pretty well guaranteed I know exactly what’s backed up where, and have backups of those in at least two other places. Let me run things down on a basic level. The server hosting this website has 2 hard drives, both of them 2 TB. On the first is everything I’m running–the OS, the software that runs the site, email, you name it. On the second, is every single configuration file, line of code, database, log file, random thing that just doesn’t really have a home in any other category. And on that drive, it’s backed up in 3 different locations–just in case one of them goes on vacation. Or, you know, on the off chance I need to quickly pack up and slingshot my crap from this server to some other in an aweful goddamn hurry. The advantage of also doing it this way is, pretty much on demand, I can grab a copy of that backup, and pull it to any location I choose with enough room to hold it–like, we’ll say, somewhere local if I suspect some fool’s intent on nuking the server. It also allows for a bit more flexibility–let’s say, for instance, I decide to once again fire up a Dropbox instance on the server. Configuring it to serve as a thing to hold backups would be only too easy, and actually be moderately a painless process. The advantage to that of course being I’d have local access to those backups, regardless what my definition of local is, so long as I have access to Dropbox. Kind of makes emergency “Oops I screwed it good” recovery a thing.

What does that mean for the hosted folks? In short, barring a nuclear bombardment that takes out the entire eastern/central region of North America, anything and everything data is relatively breakageproof. Of course if a nuclear bombardment on that scale ever becomes a thing, I suspect “where’s my crap” won’t be the first question on the list. But this also gives me a personal thing I can use later, should I ever manage to stop being bounced around and actually shove my foot in a professional door just enough so that it’s not slammed on my nose. I’ve had absolutely no professional training in this or any other area, and I’m more comfortable with the backup solution I have right now than I would be if I was paying someone else to do it. Largely, I suspect, because I know exactly where everything is and it’s a simple copy/paste if ever I need to unbreak something. But, I think, also because if it does go sideways, I don’t need to worry about holding someone else to account who doesn’t have a dog in this fight. It’s my data. It’s my friends’ websites. It’s another friend’s email. It’s all very good reasons for me to pay the fuck attention. And that, I think, is how I work best. Which reminds me. I think I’m due for a local copy pull…

If you used any of these passwords for, well, anything, please deposit your user’s license.

It’s a little late for best/worst of 2012 lists, but no one ever said I stuck to a schedule. Besides, this one amuses particularly because, well, server admin. So it’s kind of a big deal, if you get me. And also it beats the royal hell out of an entry wherein Amazon tries screwing folks over twice just for fun, which is probably nothing new by this stage. Of course that could also mean I’ll have nothing to write about in a day or two and get back to that one, but hey you’ll have that. As for now, you’ll have the worst passwords of 2012.

Like one of the commenters to that article, I’m very glad–and yeah, okay, a little surprised–that “admin” isn’t on that list. Personally “master” is almost as bad, but considering how many people almost never actually change the default passwords to things, and those default passwords are remarkably insecure as it is, that’s a thing. Equally disturbing is that passwords like “Jesus” actually exist and don’t cause impressive amounts of damage to the folks what use them. My personal favourite on that list is “welcome”. Why? No, as in, why in the hell? As a password, even if it’s an absolutely brainless password, that doesn’t make sense. As in any. As in at all. As in please, just stop doing anything computer right now, and go back to pen and paper. Typewriter, even. It’s safer. Plus I won’t have to fix you later.

Related: If you use a thing I maintain and have a password remotely close to any of these, I’m probably gonna wanna have a conversation with you. Of course by the time I find this out you’ll probably be wanting to have a conversation with me about exactly how it is we’re gonna unbugger the crap somebody who got hold of your password buggered while you were too busy up in the weak sauce–which will make the conversation I want just that much easier to have. I like it when things work that way. Of course I like it even better when the passwords belonging to folks I fix don’t end up on one of these lists, but hey, you can’t have everything. Just remember to leave your user’s license with me when you’re done and we’ll all be fine. Or better yet, just change your bloody password.

Did your internets grow a wednesday wabble? Here’s probably why.

What do you get when you take an ISP accused of being a spammer, the organization doing the accusing, the several security organizations defending the accuser, and one hell of an axe to grind? If you answered a wicked nifty cool DDoS attack, you get yourself a cookie. But since I have no cookies, you can settle for vodka. The attack in question started out just aimed at spamhaus, who manages an antispam blacklist for primarily mail trafick to prevent certain types of spam from hitting a mail server (disclosure: it’s one of the 4 I use, and use heavily). When a bunch of organizations jumped in to help Spamhaus minimise that attack, it escalated. The attack ended up aimed at the folks what provide a backbone to the internet (because someone’s going to ask, it’s explained better than I ever could).

The long and short version is, if one of the connections that make up the backbone of the internet ever takes a dive, large chunks of the internet can potentially take that dive right behind it–it happens every once in a great while, usually because somebody cocked up. But sometimes, it can be triggered for any number of reasons. On Wednesday, it was denial of service time.

Now, these things can typically handle a hell of a lot of trafick. They’d have to, considering pretty much any and all internet trafick eventually passes through them to get, well, anywhere. So you’d think they’d be pretty close to difficult to attack. And you’d be right, more or less–the attack from Wednesday measured at, well, about

, eh?

So if you were growing an issue or two on Wednesday, it could have been your local technology. It could have been your ISP mucking something up. Or, it very likely could have been that someone really did just try and break the internets. I might actually be somewhat vaguely impressed–if the attempt at calculating that bandwidth bill didn’t just cause my brain to implode. I hope these folks had uncapped connections…

A 3-strikes blog post for global 3-strikes copyright systems.

It never ceases to amaze me exactly how tightly folks will cling to the very same logic that blows up in their collective faces within about 6 months of it being deployed. Perhaps not entirely without some degree of amusement, you see it most often in the two worlds who could use a wake-up call the most. The entertainment world, and the political world. Between the two of them, they’ve managed to piece together a mamoth bad idea on a global scale–and one that could have been predicted to implode before it even got off the ground–in the form of a 3-strikes copyright policy (6 if you’re in the US). In keeping with the entertainment and political worlds’ tradition in this arena, my own 3 strikes system–3 epic failures anyone who used their brain could have seen coming.

Strike 1: File who?

I’ve mentioned it in passing before, but it gets its very own special mention here because, uh, this suddenly isn’t exactly a unique situation. Person happens to be the account holder, but may not necessarily be the most technical case on the block. They likely have the internet for email, Facebook, school and if they’re into that kinda thing and have a brain cell to spare, maybe a little Twitter, but that’s the extent of their internet usage. Not so much, perhaps, for that person’s roommates, but the laws as they stand now don’t really go for that kinda thing–you own the internets, therefore you get the nail. It results in, rather irritatingly if you’re the do your homework check your email go to bed type, needing to have the basic idea of file sharing explained to you before the industry tries a nd fails to sue the everloving pants off you. Win or lose, the New Zealand industry got what they wanted–regardless who did the sharing from where and when, the account holder they went after turned around and cancelled the account–thus probably creating a brand new issue for herself in the process where her education and the like’s concerned. But, hey, there’s no more of that nasty file sharing coming from that address now is there?

Strike 2: Not our material? You’re still guilty!

I enjoy laughing my ass off at the DMCA. Not so much at the folks what get slapped by it–I myself was indirectly and falsely slapped by it not all that long ago–but at a majority of the folks doing the slapping. And with the onset of the US’s 6 strikes policy, all it takes is someone sending you–or rather, your ISP–a DMCA notice (whether it’s an accurate one or not) for you to start heading down the path towards a very rocky internetting experience. The system they’re using to track, identify, process and send those notices for this 6 strikes system? Well, that would be the same system that became highly confused and decided that a mod for Guild Wars, a computer game, was actually a copy of at least one NBC TV show, none of which remotely resemble computer games or mods thereof. No info on whether or not this is court bound, but were this actually to fall under their 6 strikes system (and there’s no reason to think it wouldn’t) the accusation may be all that’s necessary for the ISP to be required to start taking action. For TV shows that weren’t being shared and may not have even existed. Go copyright!

Strike 3: Serving your country is not a defense.

Back to New Zealand for strike 3, and perhaps the more ridiculous of the 3. Where at least the other 2 the argument, if shakey and pretty much unproveable, hadn’t completely entered the realm of being entirely out to lunch, this one left the ball park–and, arguably, the country. Again we have a multiple roommate situation–this one, they’re all in the millitary. The guy who’s name the account’s in, and thus the one who ended up fielding the accusation, was in Afghanistan during the time the industry’s precious copyrights were being violated. The others in the house were apparently deployed in various locations around New Zealand at any given time, so figuring out who did what and when was more than a little bit of an issue. But far be it for the industry to let a little detail like that get in the way. So when the account holder was back from Afghanistan, he had that to deal with. How did he deal with it? Well, see, the thing about serving in a permanent war zone–so I’m told–is you don’t really have a lot of time for stupid when you get back, what with getting used to the fact you’re no longer serving in a permanent war zone and all that junk. So rather than very likely have to drag it out in court, all for events that couldn’t be proved and couldn’t be connected to him by more than an IP address tied to him just based on lack of proximity alone, he paid up. And somewhere, in a press release yet to be written, he’s about to be added to the “file sharers we caught” list. And there just went getting shot at in defense of democracy as a legal defense against copyright.

I’d love to be a fly on the wall in some of the rooms where conversations like these happen, if only because I can’t even guess at the mental and verbal backflipping that goes on to make anything remotely like this sound like something that doesn’t smell entirely of overdone crap on an underdone cracker. Somebody somewhere has to have spoken up and pointed out to these folks that maybe, just maybe, there’s a better option out there other than trying to kill a mosquito with a bazooka and hitting their own feet instead. But, hey, what do I know? I’m just one of those online folks the industry doesn’t wanna hear nothing about or from. Then again, maybe that’s their problem…