by R.I. Pienaar | Apr 2, 2009 | Uncategorized
I was quite excited about the new UK edition Wired. I’m not anymore.
I got my first exposure to the Wired while in school in South Africa, I think the ones we got were months behind the time and stupidly expensive, but hey we had no internet so it all seemed awesomely futuristic and ahead of its time.
The thing though that always stuck in my mind about the US edition Wired were the ads, I can clearly remember ads for Harleys, or weird american Fugly cars, even from the editions I read back in school, the ads were of products we never saw in South Africa, they were kewl, done in a style unlike anything we saw there and all just seemed so, idylic.
Fast forward a few decades, I still buy the US Wired now and then, and I still only remember the ads? Few months ago I bought one, I can clearly remember the ads for Dexter and Californication, but can’t really say much about the magazine content otherwise, eventhough I read it end to end and felt interested, even drawn to it at the time. I recall something about malware peddlers? who knows.
Why is that from a magazine that costs 6 pounds I don’t remember anything of substance other than the ads? It’s because they were different from what I see on the tube, in the cinema, on the tv, on the billboards, they were off far-off kewlness.
Enter Wired UK. The editorial content is still pretty shoddy, the signal to noise ratio is still shockingly poor for a ยฃ3.90 magazine literally filled to the brim with ads, except, now they’re the same shitty ads I see on the Tube, Train, Cinema and TV.
I read the whole thing, a day on I remember some vague predictions – one prediction sticks to mind, male birth control only around 2021? I dont think so – but mostly I remember how the ads pissed me off as instead of interesting, they’re just dominating and a reminder that I paid too much for something whose main purpose clearly is to sell ads.
I’d pay ยฃ12/month for a Wired UK without the ads, someone need to develop Tivo for paper.
by R.I. Pienaar | Apr 1, 2009 | Usefull Things
Today while giving my stats a quick glance I noticed a big jump in mail, can’t say if its Conflicker related, but the graph below speaks for itself:
The bots are very clever and very close to real mail servers, they retry emails like they should, they don’t use bad HELO strings, their address lists seems better than most – they aren’t doing a lot of dictionary attacks etc.
But they still seem to not synchronize their SMTP too well, and they do pump out a lot of mail, I see about 100+ attempts from the same IP in batches meaning they fall foul of a lot of my statistical rate limiting etc.
I suspect after today there will be a lot of unhappy people who relied on greylisting for their defenses.
by R.I. Pienaar | Mar 23, 2009 | Usefull Things
We all know not to use the default mysql config, right?
Well I accidentally left a machine to defaults, then tried to load a massive dump file into it, a month later I finally killed the process loading the data. I gave up on it ages ago but it got to the point where it was some curiosity to see just how long it will take.
As you can see from above, it was pretty dismal, slowly creeping up over time – the big jump in the beginning is when I scp’d the data onto the machine. So after killing it I had another look at the config and noticed it was the default distributed one, tuned it to better use the memory for innodb buffers and got the result below.
That’s just short of 2 days to load the data, still pretty crap, but so much better at the same time.
by R.I. Pienaar | Mar 21, 2009 | Usefull Things
A lifetime ago when I still gave a damn for FreeBSD I wrote about ipfw tables, I still really love ipfw’s simple syntax and really wish there was something similar for Linux rather than Human Error Guaranteed convoluted syntax mess that’s iptables.
Anyway, so in my case I have machines all over, one off VPS machines, dom0’s with a subnet routed to them and so forth. I often have rules that need to match on all my ips, things like allow data into my backup server, allow config retrieval from my puppetmaster etc. I do not want to maintain my total list of ips 10 times over so how to deal with it?
This is a good fit for ipfw tables, you create a table – essentially an object group like in a Cisco PIX or ASA – and then use it to match source IPs.
In the last week I’ve asked quite a few people how they’d do something similar with iptables but no-one seemed to know, I had people who were happy to maintain the same list many times. People who would use tools like sed to insert it into their rules and everything in between. I think I know a better way so I figured I’ll blog about it because it’s obviously something people do not just understand.
Iptables ofcourse use chains, and you can jump to and from chains all you want, this is very simple, so lets create a chain with all my IPs
-A my_ips -s 192.168.1.1 -m comment –comment “box1.com” -j ACCEPT
-A my_ips -s 192.168.2.1 -m comment –comment “box2.com” -j ACCEPT
-A my_ips -s 192.168.3.1 -m comment –comment “box3.com” -j ACCEPT
This creates a chain my_ips that just accepts all traffic from my IP addresses, now lets see how we’d allow all my ip addresses into my webserver?
-A INPUT -p tcp –dport 80 -m tcp -j my_ips
So this is something almost as good as a ipfw table, I can reuse it many times on many machines and my overall configuration is much more simple. It’s not quite as powerful as a table but for my needs it’s fine.
Combined with a tool like Puppet that manages your configurations you can ensure that this chain is installed on any machine that uses iptables, ready to be used and also trivial to update whenever you need too without having to worry about human error incurred from having to maintain many copies of essentially the same data.
In my environment when I update this table, I check it into SVN and within 30 minutes every machine in my control has the new table and they’ve all reloaded their iptables rules to activate it. Testing is very easy since puppet allows you to use environments similar to Rails has and so if I really need to I can easily test firewall changes on a small contained set of machines, distributed object group management with version control and everything rolled into one.
by R.I. Pienaar | Mar 19, 2009 | Uncategorized
I had a thought recently when dealing with Apple and Microsoft on warranty fixes just how different things are, thought I’d sum up my experiences here:
Dell
I had a 15 inch Dell laptop, 3 year extended on-site warranty that I purchased to cover any issues. During the time I had the laptop it all worked well except the battery died after about 2 years.
Contacted Dell about this, they pointed out batteries are consumables and so not covered, that was expected. The kicker though was that I couldn’t even buy a new battery from them because since they only covered batteries for the 1st year, and the machines has been off the production lines for more than a year they simply stopped making them.
2 year old laptop, 1 year left on it’s warranty and it was useless, awesome.
Microsoft
My Xbox 360 is showing the dreaded 3 red lights of death, Microsoft has admitted the problem and offers a 3 year extended warranty for this problem. I went to their site, saw I can book the machine in online for fixing, after filling everything in the page said it’s not available in my country, contact support.
Contact support, tell them the problem and clearly point out I have filled in the form and that I am in the UK and thus not covered by the service offered by the form. Support droid points me back to the same support page, but warning me that its not covered in all countries and that I should contact them if I am not covered.
I’ve gone through this little circle jerk 4 times now, each time with the same circular logic applied by the drones, I’m about to just towel fix the 360 or upgrade to a 360 Elite.
Apple
I have a black 1.5 year old macbook, it’s pretty sweet but so far I’ve had a HDD and a battery die on me. It too is on 3 year extended warranty.
The HDD dying was inconvenient, I had to book in with a Genius but they swapped it witout question or cost, I just had to reinstall my stuff – easily done with time machine. I walk past an Apple Temple daily so no biggie there, they kept to their time schedules and the booking went smooth as can be, 3 days later my macbook was fixed.
When the battery died they first said its a consumable and not covered, I pointed out it died suddenly and not gradually and so it must be a fault rather than consumption. They posted free of charge a new battery, and paid for the old one to go back. The next battery arrived the next day without fault.
So all things considered, so far the Apple tax has proven a absolute bargain to me.
