Feed on
Posts
Comments

Rate limited SSH

Aug 2nd, 2009 by

Today’s perl frustration: swatch. 3.1.1’s man page states it supports thresholds in N seconds. This is contradicted by a Debian bug report that claims it’s a bad man page and to use “throttle threshold” instead. Looking at the code, it mentions “^threshold” in several places so that’s not even right. Turns out threshold per-second isn’t even implemented! Upgraded to 3.2.3, it works beautifuly now.

Still no travel trailer. Getting financing is taking much longer than I expected. It’s certainly not like walking in one day and purchasing a car. BoA basically laughed at me, giving me some vague reason and refusing to offer an explanation of what it meant. I got burned by the interest rate on the truck, and to this day still hold a grudge. So I’ve been leary at what the dealer’s lenders could come up with. After running the numbers, the difference between 8% and a relatively insane 15% just isn’t that much on the principle I want to write paper on, especially if I’m paying it off in 2-3 years.

tifa receives thousands of ssh brute-forced attack daily and I finally got around to doing something about it. Turns out I can use iptables’ “recent” module. Here, ssh connections are blocked if there are more than three attempts from the same address in sixty seconds (assuming default DROP action):

-A INPUT -p tcp -m tcp --dport 22 -m recent --set --name ssh --rsource 
-A INPUT -p tcp -m tcp --dport 22 -m recent ! --rcheck --seconds 60 \
   --hitcount 4 --name ssh --rsource -j ACCEPT

I like this much more than other bolt-on solutions that do things like appending to /etc/hosts.allow or add iptables drop rules. While those certainly work, they clutter up and aren’t self-cleaning.

Tags: , ,

Posted in Uncategorized | No Comments »

RPC-XML and Apache2 sadness

Jul 17th, 2009 by

From http://cpansearch.perl.org/src/RJRAY/RPC-XML-0.66/README.apache2:

At present, this package does not work with Apache2 and the soon-to-be
mod_perl2. The changes to the API for location handlers are too drastic to
try and support both within the same class (I tried, using the compatibility
layer). Also, mp2 does not currently provide support for  sections, 
which are the real strength of the Apache::RPC::Server class.

As time permits, and the Apache2/mod_perl2 API develops, I intend to have
versions of both Apache::RPC::Server and Apache::RPC::Status for that 
platform.

I am sad. :( Back to working with a RPC::XML::Server server.

Posted in Uncategorized | No Comments »

Woot new new apartment

Jul 15th, 2009 by

I have a new apartment at Riata in the works. I originally didn’t consider it because my coworkers had me believe it was super expensive, but after actually checking it out, it wasn’t bad at all.

I had put down an application fee at another property, and was quite excited about it, but eventually started having second thoughts. I’ve gotten quite used to taking my bike out into the neighborhood here for casual after work cycling, the new place is on top of a bigger hill with no neighborhood access. Riata is flat, has some neighborhood, easy access to Parmer, problem solved.

The new new place should work out pretty well for medium distance cycling too. Sunday afternoon I drove Parmer to see where it would take me. Turns out it takes me 25 miles north over gently rolling hills, with little traffic (once beyond 620) and wide shoulders to nearly Lake Georgetown. Taking it all the way up to RR 2338, then west takes me to a little community called Andice. There and back would be about 60 miles. I haven’t figured out a good route afterwards, since riding along 183 is out of the question, and Hwy 29 isn’t much better. Ideally I’d like to find a 120 mile route up north.

The mechanics finally gave up on my truck after two weeks in the shop. They couldn’t cause a leak and gave me blessing to put radiator sealant in. I picked up some sealant tablets (GM branded, too) from Champion Chevrolet and dropped them in. It’s interesting, because the main ingredients listed on the pack are crushed walnut shells and ginger root. It seems to be working, as I’ve driven almost 3,000 miles and the coolant level hasn’t budged at all. This is even with my 800 miles of 75+ MPH driving to Oklahoma a couple of weekends ago in 100+ F weather.

I finally decided on buying a travel trailer. I had toyed with the idea of buying one a few weeks ago when I needed to rent one for Burning Man. I went as far as going to Buda to a couple of lots and checking them out. I didn’t know what to do with it outside of Burning Man, then realized I could totally rent a spot for it in west Texas and have it as a weekend getaway.

I really like the idea of having a trailer to tinker on, such as lining the roof with solar panels and wiring it up for a wind turbine. I figure 360 W of photovoltaic + 100 W of wind production is clearly a solution looking for a problem. Unfortunately I don’t think it’s feasible to generate the 160 A at 12 VDC to run a 13,500 BTU air conditioner with this.

So settled on the Puma 19 FS, which is a 20′ trailer with a bunk sleeper in the rear. Brand new they seem to be going for $16k, but I found at least one of last year’s model in Corpus for $10k. I need to find out where I can get a loan for that. Interestingly, people totally finance these things for 10-20 years. I guess if you just bought a $100k coach, that might be feasible.

Of all the times I’ve mentioned my trailer idea, more than once somebody has asked me “why don’t you get a popup?” I don’t really know where this comes from. Pop-ups are a horrible idea for BM. They’re tiny, and you’ll be spending a good amount of time inside for a solid week. Not only that, they’re made of clear vinyl and plastic. That’s begging to be a sweltering solar oven in the desert sun. I experienced this firsthand while on the lot in Buda in the middle of a hot Texas afternoon. They were the hottest things on the lot! Oddly, the Airstream trailers were pretty toasty too compared to the traditional trailers and 5th wheels. I decided this would be a good test to see what’d they’d be like with no A/C and no vents open, since it doesn’t get much hotter than here.

Tags: , ,

Posted in Uncategorized | No Comments »

Remembering Tulsa

Jul 15th, 2009 by

I’ve been reading wiki about Tulsa and it seems to be such a distant time and place. I’ve been back several times since moving to Austin and I’m an outsider with no ties to it anymore. I can barely remember what it was like to live there for four years. I’m sitting here looking at a panoramic photo of Tulsa, and I can’t think of anything I ever did that was uniquely Tulsan. Did I just rot in front of the TV after work each day?

The notable things I do remember about living there:

  • My group of friends, which ran 20-30 people thick at any given time.
  • My eighty mile out-and-back bicycle rides to Keystone Dam.
  • Many hours spent cycling along Riverside.
  • Spending lots of time at Ryan’s house hanging out and/or helping remodel and/or destroy things.
  • Trying to balance running a business along with full time school at TCC and TU.
  • Living with Courtney, then CJ & Jess.
  • Hanging out at Eric’s house, and/or going out with Colleen to Sutures, 71st Depot, or Full Moon Cafe.

I did so, so much driving when I lived there. Outside the random roadtrips to South Carolina, Wisconsin, and then my practically regular commute to Kansas City every other weekend, a lot of driving was for work. Regular weekly trips to Stigler to check on the office. Frequent trips to POP sites to check on gear. I traded in truck #1 (a ’97) at 130,000 miles. Truck #2 (a ’00) got traded in at 80,000. Truck #3 (the ’03) had 50,000 when I moved to Austin. That comes out to 260,000 miles in seven years. Nearly 40,000 miles a year of driving. That’s down to 22,000 miles per year since I moved.

Frankly it’s all a bit depressing to think about. Did I just not do all that much on my own and whittle away my early 20s? I will have to think about what I’m doing now to make sure in five years I can answer “what the hell did I do in Austin” with some level of memory and accomplishment.

Work seems like it consumes so much of my life. When I ran the company, I was always plotting, putting out fires, worrying about this or that. Giganews was great in that I could stop thinking after 6 PM and walk away. The work I left could easily be picked up the next day. Now I’m back to plotting and scheming how to make things better at the current job. I can’t walk away after 7 PM, it’s a series of problems that keep eating at my mind.

Tags:

Posted in Uncategorized | No Comments »

Reading: better late than never

Jun 22nd, 2009 by

It took right at nine months, but I finally finished reading The Snowball: Warren Buffett and the Business of Life. Why, that averages out to 100 pages a month!

Posted in Uncategorized | No Comments »

Engine coolant drama

Jun 13th, 2009 by

The truck has been in the shop all week and I’ve realized it’s a great way to save money and diet. All of a sudden, shopping and cheeseburgers are not convienient. Lots of bike riding in the meantime. This morning I feasted at Taco Shack and loaded my backpack full of groceries from Randalls. This afternoon I went for a cooker ride around the neighborhood. My weight is varying wildly, which I blame on the heat.

Things aren’t looking well for the truck. They still haven’t found the leak, but discovered cylinders on the same side of my busted O2 sensor is running hotter than the other. The concern now is that the initial lifter rattling is a sign that the engine has a sludge problem, due to coolant seeping in somewhere. Even if the leak is fixed, is it too late? We don’t know yet how bad it is, nor if it is recoverable.

I haven’t been able to decide what I want to do with it. I got a couple of quotes on new & used engines. A crate engine+install is around $4200, whereas a used engine with 41k miles is $2900 installed. I keep coming up with different numbers for replacing heads, could be anywhere from $1000 to $3000. At that point it’s worth the extra grand to put a new engine in.

Alternatively, I could just put that money toward buying a new one. I really, really do not want another truck payment. 2009 Silverados are $32k, wtf? 2007-2008s are still in the mid-$20s. I’ve pondered buying a 4WD Z71 if I did get another, since I’ve been in a few spots where that’d be handy. Ironically, I found a 2006 Z71 at a Mercedes/Lexus/Maserati dealer in Dallas that was a trade-in.

Right now I’m leaning toward a new engine, just to get it over with. If the shop comes back and says they can make it go away with a $1k head gasket replacement, that works for me!

I’m anti-vehicle this week. The bicycle is doing very well at getting me around. Unfortunately it takes careful effort to go someplace without being a sweaty, smelly mess. I have a horrible craving for a bacon cheeseburger at Roaring Fork or Trudy’s.

Tags:

Posted in Uncategorized | No Comments »

Jun 3rd, 2009 by

I learned two things this week. The first being the reason why my 2611 broke at home after a day. I had an ACL on my egress interface that blocked DHCP traffic so my router could never renew its lease.

The other was how to get back to my apartment from 360 on a bicycle. If I go to the top of 360 & 183 and take Jollyville south, this meets Mesa which is only 4-5 miles from home via the back way. A mile of gradual climing, then relatively flat on Mesa. It’s a longer distance, but it’s certainly easier than a 202 b.p.m. pulse, crank-bending frontal assault on the hill that is my driveway.

Tags:

Posted in Uncategorized | No Comments »

IPv6, really big numbers, MySQL

May 18th, 2009 by

For lovers of storing IP addresses as integers in MySQL tables, there’s a snag when doing this for IPv6 addresses. A 128-bit number is too big to stuff into a BIGINT type. All Fs integer equivalent is 340,282,366,920,938,463,463,374,607,431,768,211,455. An unsigned BIGINT tops out at 18,446,744,073,709,551,615.

These are your options:

  • Store it as a VARCHAR(39) in full ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff form. Which of course, is a horrible idea since you can’t easily sort and it’s prone to garbage-in, garbage-out problems because of the various forms of valid shorthand. (Admittedly, I’ve done this in places with v4 addresses and have almost fully recanted in my code!)
  • Denial. “IPv6 is just a fad.” “I’ll have a new job before I have to deal with it.”
  • Wring your hands. File countless MySQL bug reports asking for native IPv6 and IPv6-capable INET_ATON, INET_NTOA functions. (The former still needs to be added in MySQL 5.x)
  • Fan the flames. Proclaim you never had this problem in PostgreSQL because of native data types that handle IPv6 and CIDR, and all MySQL ninnies should escape their new Oracle overlords and convert.
  • Split up a v6 address at the 64-bit boundary, stuff the two halves into dual BIGINT columns. You could even go as far as saying if one BIGINT column is null, then it must be a v4 address.
  • Store it in a DECIMAL(39). You’ll still need to invent a way to convert the address to integer and back. To do this in perl, Net::IP’s intip() method will at least give you IPv6 -> integer. To get it back, you’ll have to roll your own inet_ntoa6 function. Don’t forget Math::BigInt. Alternatively, here’s some MySQL stored functions for INET_ATON6 and INET_NTOA6. You can either use these directly, or use them as inspiration for your own inet_ntoa6().

Since I have apps that require storing v6 addresses now, I’ve chosen the latter.

Tags: ,

Posted in Uncategorized | No Comments »

5,000 mile 6to4 journey

May 16th, 2009 by

So here’s a traceroute to the anycast 6to4 address from my parents’ place. It winds up in Frankfurt, Germany! Their upstream, MBO is multihomed to Level3 and Sprint. I assume they’re defaulting to Level3, since the path to the Sprint 6to4 is 120 ms.

traceroute to 192.88.99.1 (192.88.99.1), 64 hops max, 40 byte packets
 1  * * *
 2  192.168.1.1 (192.168.1.1)  2.534 ms  1.691 ms  1.416 ms
 3  invalid.mannford.ok.mbo.net (64.111.243.1)  52.790 ms  50.316 ms  38.353 ms
 4  10.255.2.1 (10.255.2.1)  43.310 ms  50.755 ms  48.458 ms
 5  10.255.0.1 (10.255.0.1)  46.152 ms  44.434 ms  46.582 ms
 6  core7200-1-ser-5-0.mannford.ok.mbo.net (216.150.101.13)  46.222 ms  45.412 ms  51.211 ms
 7  core7513-1.mbo.net (216.150.100.31)  50.435 ms  47.729 ms  50.265 ms
 8  gw-espire.mbo.net (216.150.100.45)  48.338 ms  58.902 ms  48.981 ms
 9  so-10-2.hsa1.Dallas1.Level3.net (209.246.148.209)  59.113 ms  62.695 ms  64.900 ms
10  vlan51.csw1.Dallas1.Level3.net (4.68.122.30)  79.931 ms  66.449 ms  76.519 ms
11  ae-63-63.ebr3.Dallas1.Level3.net (4.69.136.153)  55.804 ms  60.723 ms  71.074 ms
12  ae-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  77.580 ms *  79.353 ms
13  ae-2.ebr1.Washington1.Level3.net (4.69.132.86)  95.636 ms  106.422 ms  98.889 ms
14  ae-91-91.csw4.Washington1.Level3.net (4.69.134.142)  102.153 ms  85.858 ms  92.550 ms
15  ae-92-92.ebr2.Washington1.Level3.net (4.69.134.157)  111.244 ms 113.997 ms  117.641 ms
16  ae-43-43.ebr2.Frankfurt1.Level3.net (4.69.137.57)  181.691 ms 
    ae-42-42.ebr2.Frankfurt1.Level3.net (4.69.137.53)  181.550 ms 
    ae-43-43.ebr2.Frankfurt1.Level3.net (4.69.137.57)  183.324 ms
17  ae-92-92.csw4.Frankfurt1.Level3.net (4.69.140.30)  187.870 ms 
    ae-62-62.csw1.Frankfurt1.Level3.net (4.69.140.18)  181.219 ms 
    ae-72-72.csw2.Frankfurt1.Level3.net (4.69.140.22)  186.367 ms
18  ae-2-79.edge3.Frankfurt1.Level3.net (4.68.23.75)  176.536 ms 
    ae-1-69.edge3.Frankfurt1.Level3.net (4.68.23.11)  179.577 ms  186.361 ms
19  tenge-1-3.cr2.NBG1.content-core.net (212.162.19.34)  193.185 ms 187.075 ms  188.304 ms
20  Tenge1-3-57.cr2.FRA3.content-core.net (212.123.123.202)  196.904 ms 211.622 ms *

Tags: ,

Posted in Uncategorized | No Comments »

We apologize for the inconvenience

May 13th, 2009 by

A big thing that I see a lot in the content and service provider world, when some outage or negative event happens the line is always “we apologize for the inconvenience.” This is another saying that irritates me to no end. I say this because over the past 36 hours tifa’s host, The Planet, had a couple of outages. I noticed in all their posts they never once mentioned inconvenience.

Every hosting customer of every company I’ve worked for are almost all universally businesses, using our network connections or servers to run their business. When something happens to their infrastructure, it’s not a mere inconvenience. It’s a risk with a measurable negative effect, that is in essence, causing pain to the bottom line.

Going to the store and finding there’s no milk is an inconvienience. Making plans with a friend who later flakes is an inconvienience. Not being able to access your online banking or buy tickets online is an inconvienince to the consumer, but not for the company who’s job is to provide the online services. For some of them, their entire business is built on your mouse clicks, SMS messages, telephone calls and eyeballs.

I personally will not insult your intelligence by apologizing for an inconvienience to your business, if you won’t insult mine by claiming an event stopped you from earning part of your $500 billion annual revenue on your Windows 2000 server (true story).

The corollary to this is, if you really do have a healthy revenue stream that depends on your internet connection and servers, then for god’s sake, invest in it! Let’s be honest, things can and will happen. It’s basic risk management. People will make honest mistakes, automated systems will be mis-programed, power supplies fail. There’s only so much you can do. The technology and know how to help is certainly out there.

I’ve seen far too many solutions riddled with single-points-of-failures that could’ve survived with even basic things such as bonded/teamed NICs in servers or redundant firewalls. Hell, even doing backups and actually practicing restores is worthwhile.

Otherwise, I have zero sympathy when your only Windows 2000 server is down for patches or when human error disconnects something, and you claim you’re losing millions. (another true story)

Posted in Uncategorized | No Comments »

« Newer Posts - Older Posts »