feren

rainingmeat, markvd and asetwoman take note....

While it can be cathartic, it's actually rather important that you don't shout at your disk arrays.

Yes, the Mac had it first -- and then it was ported to XScreenSaver. But now, at long last, Flurry has been made into a Windows-compatible screen saver.

Maybe I'm late to the party on this, but it's such a nice screen saver that I cannot help but gush about it. After I installed it I was pleased to find that it is aware of dual displays in Windows. With just a simple check mark in the settings panel it began to render two different flurries, one on each of my panels. That's just damn cool.

He showed me this addictive vector-based Pong-variant and now I can't stop playing the damn game. After showing it to twanfox tonight I discussed it a bit with him and had something of an insight about the game during the chatter. It's so deceptively simple for the first six levels that you find yourself mocking the opponent, I said. You're all "HAHAH stupid AI!" and then suddenly the fucker has skills.

Go ahead and try it for yourself if you don't believe me. My first round had me dead on Level 6 with a score of 17,845.

As the night moves on I continue to go back to challenge my AI pong-playing overlord. I also continue to drink Tanqueray gin (or Tanglefoot as my Texan uncle calls it). As each task progresses I'm sure my coordination will stumble from "coordinated" into the "hilarious to watch" territory while playing.

I understand if you can't talk to me again

Thanks to tugrik and a host of other people I know (I'm looking at you, Zephyr... as well as you, mindslide) I have finally cracked under pressure like the little technophile I am. Tonight I ordered two beautiful things that are encased in black:



Yep, I've officially joined the Cult of Apple. Or, perhaps it's more accurate to say I'm returning to my roots... after all, I did get started in the world of computers "back in the day" with an Apple ][e. Either way, I'm glad to be working for $employer at the moment because I got an excellent educational discount on both the iPod and the MacBook. That's a 60GB iPod in black that I ordered, along with the new 13.3" widescreen MacBook with the 2.0GHz Intel Duo chip, also encased in ebony. I'm looking forward to doing some lightweight video editing with the MB and toting my MP3s with me in the truck instead of having to burn albums to CD for the truck's CD changer.

So now I get to wait impatiently for each box to show up. Looks like the iPod will be here first, with the MacBook following shortly after. At least I had them shipped to the office so they wouldn't sit around on my front porch for any monkey to find and steal...

we're changing highways

Dear Lazyweb,

I have an Abit KN8 motherboard. It claims to support USB 1.1 and 2.0 on-board via the 4 USB ports on the back panel and the three headers provided on the motherboard. The board is running bios revision 14 (NF-CK804-6A61Fa1DC-14) compiled 11/11/2005 and released 11/30, which purports to be the most current version. As near as I can tell I have installed all the latest "motherboard drivers" from nVidia and Abit. The BIOS setting for integrated device is set to "USB 1.1/2.0" which is the only option that invokes the 2.0 standard. As near as I can tell, everything should be working.

( Of course, it doesn't. )

Help. Make USB 2.0 go so I too can join this fantastical year of 2001.

[Edit 1828 Central 12/13]: It's fixed. Apparently the solution was "Via the Device Mananger, uninstall all USB devices, hubs and controllers exactly three hundred times, reboot and reinstall them again -- each time hoping you will just happen to install the drivers in the undocumented MAGIC ORDER that will allow the onboard 2.0 controller to coexist peacefully with the onboard 1.1 controller."

I'm standing in my light

... and said I'd only buy a premanufactured one from a major retailer. I'll put it this way, folks: I spent all day yesterday (about 20 hours) building the system, only to find I had to spend another $610 ($399 + $179 + Uncle Sam's cut of the take) to make the system run. Granted, almost all of that will be refunded when the defective/inadequate parts are sent back under RMA, but that doesn't make my wallet feel any better.

What makes it feel worse is that after spending another 10 hours on it today, it still. Doesn't. Run. Reliably.

I have given a name to my pains, and it is Integrator's Lament. Right now I believe I have a terminal case of it.

First off, it's important to understand I've been running a dual-head display system on my PC for the last sixteen months or so. With that knowledge, you'll better understand how this avalanche got started and lead to the final result.

On Thursday night I found that Dell was having another sale on their wonderful UltraSharp 2005 FPW monitor. I had picked up one of these a few weeks ago to replace the giant 21" Sun CRT that was sitting on my desk and I've loved every minute since. The panel is bright, it's widescreen, it's sharp as heck and I have space available on my desk again. I decided to buy this second one because my old Sony Trinitron Multiscan 200sx has been feeling its age lately. When I wake the monitors up from standby the LCD snaps to life (given its digital nature this is expected) and the Trinitron ... well, it doesn't. What it will do is take 30 seconds to warm up and, once glowing, spend a minute or two flickering, buzzing and rolling like an old TV before it stabilizes. I take that as a sign, so I ordered the second 2005FPW on Thursday night with the intent of using it to replace the Trinitron.

( All seemed well until.... )

So there you have it, step by sickening step: that's how the purchase of a $410 monitor spurs me into building a whole new PC from the ground-up that's almost three times the cost of the instigating part.

Grab that cash

This is a belated entry. It was intentionally delayed to try and maintain an advantage in a game of cat-and-mouse I was playing. Since the Super Happy Mega Fun Round is over now and I've returned to the usal day-in day-out dance, I can post this.

Sometime earlier this week, my personal server was compromised. For those who haven't been playing along at home, I have been doing hosting type things for a few years ( and can briefly recap how it all got started. )

On Wednesday morning I was sitting down at work, sipping on my coffee and preparing for a long day of listening to people building shit with their mouths instead of with their hands. As usual routine I logged into the server and started skimming the mail that had collected since I'd gone to bed. The subject of one in particular grabbed my attention: ** URGENT *** it said. Phishing attack on your server. I read on. The message warned that an attacker was using my server to harvest Amazon accounts and passwords. The informant included the phishing URL and so I was able to check things out and confirm -- sure enough, there was a very nasty set of web pages nestled into one of the subdirectories of a site I'd recently taken on hosting responsibilities for. I know the owner of the site and knew she hadn't done it -- especially since I hadn't yet given her access to the system to maintain her pages. I started getting a sense of low-grade concern, so I backed up the files for evidence and then wiped out the offending directory. Low-grade concern would later give way to frustration and outright dismay.

Okay, I've been compromised, I thought. And I don't know how bad the attack was. Did they r00t it? Are other bad things going on? I better go find out. Thus began a 6 hour journey through the box. I found a couple of things right away that made my stomach sink: programs like top suddenly refused to run, citing dynamic links that had NEVER existed on the server. I kept digging and I eventually got my confirmation: an IRC "bouncer" program had been installed on the machine, listening on an unauthorized TCP port, disguised to look like my production MySQL daemon. Several key binaries like /bin/su and /bin/login had been replaced with trojans. One tool reported a number of cloaked processes running and loadable kernel modules installed, along with evidence of signatures for two prevalent "root kits."

The first law of running a system is that when you've been compromised, you do not try to recover the system as it stands -- you can't be certain that you caught every little dastardly thing the attacker has done. The appropriate procedure is to back everything up for evidence if you can, back up your data files (so you can use them as incrementals to the weekly backups that you're doing... you are doing weekly backups, right?) and then burn the whole damn system to the ground so you can do an install from scratch with clean, trusted media. The problem with this is that the machine in the hosting facility doesn't have a tape drive, and I'm not physically there so I can't swap media in and do an install myself. This momentarily stumped me until I started just making tarballs of everything important (all 24 websites that I host, all the mail files for my users, all the home directories of my users, etc etc) and pulling them off the system to a temporary storage facility. I didn't want to give my attacker any indication that I'd noticed him so, aside from removing the page to prevent further phish from being hooked, I left most everything in place until I was ready to have the system nuked. Wednesday night I was up late, making tarballs and FTPing them down to my PC (hooray for 6Mbps DSL lines and FileZilla!). I stayed home from work on Thursday because I still felt relatively crappy and worn down (small wonder, right?). Time was passed copying more files around between machines and trying to make sure I'd covered all my bases by backing up every last configuration file that I might need again. At around 2:30 PM or so, while talking with shaddragon, I called it good and sent a service ticket to my hosting provider. In the letter I explained what had happened and gave their techs permission to burn the box down and do a complete reinstall. Shortly after the system suddenly went unreachable, which told me they'd yanked the machine from their network at the very least as a security precaution. All I could do was wait. Later that evening came a follow-up e-mail from the hosting provider -- my request to have Fedora Core 4 installed (since they won't do FreeBSD) would cost me $150/hr since they don't provision Core 4 at this time, just Core 3. I talked with points for a bit and he pointed me to an FC3->FC4 migration path that could be done remotely, which was perfect. I gave the representitive my blessing to do Core 3 and waited. And waited. And waited. Eventually I went to bed. Total cost of the day's effort? 19 some hours of my time, a bottle of vanilla Smirnoff vodka and three 2L bottles of Diet Sunkist. Oh yeah, and more hair from my head.

When I got up Friday morning I still wasn't feeling great, so I opted to stay home from work again. Good thing I did, because at around 10:30 in the morning I was contacted by the tech team to verify my request (I'd forgotten to give my authorization code) for the rebuild. Once they had the proper documentation they went to work, promising it would be done in "2 hours or so." I didn't get the system back until about 2:30 PM yesterday. I ran the migration and got the system up on an FC4 userland with an FC3 kernel. Since I wasn't about to go through all this suffering and NOT have the latest and greatest versions, I spent the following two hours and change wrestling with getting "yum" to work in a way that made sense to me. In the middle of the final bulk upgrade the system was suddenly halted by root, which severely pissed me off. Either I'd gotten hacked in the three hours since installation (mostly unlikely) or the hosting company had shut down my machine -- in the middle of a huge upgrade -- for no discernable reason. More waiting. Eventually the system came back and I went back to work. First I brought over the websites, then I had to screw around with the pre-installed Apache in order to make it run the way I wanted while supporting the features I needed. That was an adventure. As several of the websites I host depend on the DB back-end to make them go, I had to get the MySQL database system up and running next. This was a relatively painless install for me... but after all the work, I found Apache's PHP wouldn't talk with it. twanfox was able to lend a bit of insight into that and I got things straightened out. With PHP and MySQL talking I could finally do an upgrade on the phpBB system that FrostFire uses (just to make sure I was current... again, with this much pain I deserve the newest and best). With the websites in place I turned my attention to getting the first of the hosted MUSHes back online, just to make sure I could get predictable behavior on this new OS. I had one small issue and then FrostFire was up and rolling again, so I started working on e-mail. That was at around 8pm last night. I worked on e-mail until 4:23 this morning, at which point I gave up and went to bed.

My desire to do database-backed virtual mail accounts seems to have been a touch... optomistic. I'm in the process of giving it one last college try, then I'm going to fail back to the tried and true old way of just having a shell account for everyone who has e-mail on my system. Not my ideal way of handling it, but I can't have the mail system down much longer.

I've done things I know you'll never understand

I went over to Circuit City today and talked to the sales rep in the TV department for a bit. I explained my current annoyance at Comcast and asked three simple questions about DirecTV. First, how much will this cost me per month when all the features I want are turned on (meaning the package has the channels I want, HD service is enabled and the HD DVR subscription is turned on)? Second, do they supply my local NBC/ABC/FOX/PBS/etc affiliates in HD over the dish, or do I have to go to an off-air antenna? Third, what does DirecTV get me that Comcast doesn't (in other words: mister salesman, earn your keep and "sell" me on this product)? The answers surprised and pleased me:

• With all the features I want, the cost per month of DirecTV is considerably less than my current Comcast bill. This was surprising given the calculations I was working under yesterday, but serves to illustrate my point about DirecTV failing the test of putting their pricing up front. With DirecTV, DVR service is about $5.99 per month. I already knew their HD service is $10.99 per month. The basic service package is $41.99. Apparently, tax is already handled by the service costs. Total monthly invoice: $58.97. That's about $16 per month less than Comcast is charging me (although it wouldn't include any "premium" channels). I can add a premium channel with DirecTV for something like $12.99 per month, which would still put DirecTV under Comcast for price by a margin of about $4.
• Despite what I'd read on the various sites, I can indeed get my local network affiliates in HD via the dish, which eliminates the need for an off-air antenna. At this point it is evident that for my requirements, DirecTV is equal to Comcast and comes in at a lower pricepoint -- something that is always attractive to potential customers.
• DirecTV offers a number of benefits over cable. A big benefit: DirecTV programming is inherently digital across the board. Comcast has a number of "analog" channels still, almost one hundred of them. Simply put, analog stations look like crap on the big screen because you can see the overcompression that Comcast is using. While DirecTV also does compression, all their material is digital so it is handled better. A second advantage over Comcast is that because DirecTV is all digital, almost all the stations support 5.1 surround sound. Hooray, my theater system will no longer go to waste when I'm watching regular television! For the money I spent on the Onkyo and the speakers, everything I watch should be in 5.1 DTS. Third, the DirectTV DVR is based on Tivo and Tivo doesn't suck. While I want to root for Motorola, the simple fact of the matter is that the Comcast DVR solution is still immature, has a lousy GUI, lacks sufficient storage and is prone to a lot of glitches. The DirecTV HD Tivo has a 250 GB HD, so it can store 30 hours of HD content and over 200 hours of standard definition content. This is a vast improvement over my current situation because the Comcast DVR can only hold 30 hours of standard definition content and something like 4 hours of HD.

Faced with a better product for less money per month I bowed to economic pressure and played the part of consumer whore. I plopped out the $599 at Circuit City and came home with the DirecTV HD tuner/Tivo device ($499 after the mail-in rebate). I got a bit of a runaround on the phone but finally reached the right department to schedule the installation of the remaining tuner and the dish. So, in one week hence, I will be up and running on DirecTV and can cut Comcast loose. I'll have to stay home for it because there's a 4 hour window when the installer will arrive. Of course, nobody will tell me when that four-hour window might be, so I consider the entire day a loss. In that respect DirecTV (or maybe the installer is from Circuit City, I dunno exactly in this case... things get all confused when you buy DirecTV service from Circuit City) is no different than Comcast or the phone company. But hey, small price to pay, right?

So, in summation: For me, Comcast blows more than DirecTV and thus is being dropped.

This is my show

Dear Lazyweb,

I'm trying to find any form of documentation available to (in)validate a behavior on the Internet that involves DNS and lazy, web browsing users. It is not uncommon for DNS administrators to put something akin to the following in their zone files for a particular domain (assume best practices followed for SOA including proper $ORIGIN statements, etc):

                        IN      A       207.36.86.138
www                     IN      A       207.36.86.138

This has the effect of allowing somebody to type "http://black-panther.us/" into their web browser and get to my web page because an A RR (207.36.86.138) is returned that would be the same as if they typed in "http://www.black-panther.us/". As I said above, this is primarily done to allow lazy web browsers such as myself to type only the domain in the URL bar and get taken to the website. I could go so far as to say that this is now expected behavior on the public Internet. However, just because something is expected doesn't mean it's correct (the opposite is far too often the case, where broken behavior has come to be expected or even accepted as correct). Hence, I ask you, the all-knowing web: where is this behavior documented as being acceptable in the relevant RFCs or DNS best practices papers? So far I have reviewed a slew of RFCs, including 1912, 2181, and 1033, and I have yet to see this described as something that is actually approved and correct. RFC 2219 somewhat references the behavior I'm describing in the second paragraph of section 1 ("Rationale"), but is using it to outline a case for the remainder of the RFC. I've found no allusion to this in the "Best Practices" documentation I've scanned during my scrounging, either.

So is this just a common practice by lazy administrators like myself to keep lazy users like myself from kvetching, or is this actually documented somewhere as being appropriate?

I find it both amusing and, simultaneously, frustrating that I can tell you which RFC indicates an underscore cannot be used in a name (RFC 952) but I'm drawing a complete blank on this.