Monthly Archives: May 2004

I have been smote by the computer gods…

Today, on the verge of triumph, I was struck down in a most heartbreaking way. Just after I had completed work on a significant part of the data collection framework of the monitoring project I've been working on constantly over the past could weeks, the hard drive of the server it was located on decided to eat itself. No warning, no possiblity of recovery. It's just done. There's a miniscule possibility that it might be an electronic problem instead of a physical one, so I'm going to scrounge around work to see if there's another drive of the same model, and see if I can swap the electronic components of the drive with a working one. It's a long shot, but it might work.

This setback torches a good amount of work, which makes me extremely unhappy, and will most likely lead to excessive alcohol consumption. The one good thing is that I have copies of most of the scripts located on other servers, so I can recreate the data collection code pretty easily, but the database is gone. That means I'll have to recreate 18 tables from either memory or what I see in the SQL statements in the code I do have. The recent upgrades I made to the display portion of the project are totally gone too, which sucks a lot as well.

This mishap and the results highlight an oft-overlooked task in the computing world, aptly known as “BACK YOUR SHIT UP, DUMBASS”. Backing up files and databases to other locations is frickin easy, so don't let this happen to you. You know damn well phase one of my rebuilding effort will be to set up a backup system, and make sure that it works….

English [CENSORED]!?! Do you speak it!?

Yah, someone accused one of my last few posts of not being in english, and in a way they really aren't. I've been working on some technical projects over the past couple weeks, so my brain has been in the computer dork mindset, which leads to all sorts of technobabble. I'll try to translate some of it here… My wireless LAN project was basically a way to encrypt all of the traffic going between computers on the wireless network (my laptop, Joe's laptop, and the communal Windows machine in the living room) and the gateway machine, which is the computer that connects to the internet. The reason that I'm doing that is because the encryption protocol used on my wireless accees point is inherently flawed, leaving it wide open for breakin by a patient person. IPsec (IP security) is a much better alternative, offering a very secure encryption that's not easily broken. The concept of a honeypot is basically something that is left wide open that people will get into and meddle with, for the purpose of learning different methods of attack from the not-so honest people out there. The honeypot is meant to be infiltrated, so anything bad to it isn't really damaging.

The laptop stuff was Matt and I being total dorks, although in this case, Matt was definitely leading the way. Basically his PHP-code based retort translates to the following: open your laptop, and while the laptop is unloved, pour love into it. The humor is really lost in translation though… I seriously laughed out loud when he typed that.

Hmmm… now to current events… I haven't been up to all that much. I'm fairly confident that the pre-mentioned IPsec stuff will be stable and do what I want, which is good. That means it's not just a learning experience… 🙂 I've been spending a lot of time at both work and home working on the latest revision of the server monitoring program that I wrote to keep tabs on things at work. It will probably keep me busy for quite a while, but I've got the data collection framework in place, and it's collecting and storing the data as it should, albeit from one server, and only when I'm testing things. I'd like to get it on other servers soon to make sure it behaves as it should, but I -really- want to get some form of an automatic update system set up first, so that when I do make updates, I won't have to log into a bunch of servers to update things manually. There's also a lot of work to be done… Apart from the data collection I still have to create the alert system that will notify us when things are 'out of whack', the log averaging and trimming system that will give us a cool historical record of server performance, tendencies and general changes, and the whole display and admin interface that you need to use it all… It's quite the undertaking, but I look forward to the challenge. Once Josh gets done with his current projects he may lend some of his rather extensive talents to the project, and Joe Doss really wants to dominate my interface/display pages with his CSS kung-fu. Greg also said he would help, so we'll see where we can fit him in… 😉 Ok, enough geek talk.

I went out with JDoss, his girlfriend Abby, and her friend Allison to see Shrek 2 this evening, and it was hilarious. Most of the humor was totally directed at adults, which was cool. The computer animation was really good, although there seemed to be quite a few parts where the spoken words were noticably out of sync with the animation on the screen. I know that it's exceedingly difficult to replicate human expressions, but it did seem like the first Shrek movie, and other CG movies, have been more successful in their timing. Oh well, it was still friggin hilarious. I enjoyed the company too! 🙂 Thanks for the invite Joe!

Too Much Coding…

Yes. Matt and I are dorks. We accept it.

(15:39:09) Mike: I think this is two days in a row I haven't even taken the laptop out of the bag
(15:41:36) Matt: omg ur breaking up!!1 quick!! $fp = fopen(“laptop”,”a”); while(!loved(“laptop)) fputs($fp,”<3");
(15:41:55) Mike: rofl
(15:42:24) Matt: gah i really have to stop working on php
(15:43:07) Mike: lol
(15:43:33) Mike: what really scares me is that it's syntactically correct
(15:43:48) Matt: lol except for the missing “
(15:43:52) Matt: damn typing too fast

Ignorance…

Wow… my cousin Steve is pretty ignorant…

(21:17:03) Steve : windows is beter than linux

All of this because he went to a trade school that educated him in Windows administration… Here… I'll open up the discussion to things Windows is better at.

Windows is better than linux at:

1. propogating worms and viruses

2. wasting SysAdmin's time dealing with said outbraks and other security vulnerabilities

Who else wants to continue?

Samba problems

In my continuing project to segregate my wired and wireless LANs, I came across an error when connecting a windows box on the wireless subnet to my samba box on the wired subnet… Windows and samba were talking, but not agreeing… The following netbios error showed up in ethereal, which didn't help much at first: “not listening for called name”. I poked around, and found nothing, and then remembered that I had my samba configuration set to only allow access from 192.168.0.x, my wired lan. Changing that access list fixed the problem, so there ya go.

This post has been encrypted by the IPsec encryption system…

There's definitely some computer dork stuff happening here… first is the current uptime on my webserver…. pretty interesting that I happened to catch it at just the right moment…

23:21:14 up 100 days, 0 min, 3 users, load average: 0.07, 0.02, 0.00

The second thing is that I think I've got a good setup going for securing my wireless network much more than it currently is… I'm in the process of setting up each legitimate wireless client to use IPsec tunnels to encrypt all of their traffic to the internet or my wired LAN… I hit a few hurdles, but I'm getting there… Everything's working right on my laptop in linux, but I've yet to try to make it work in windows… I think I need to make a different kind of cert for that. We'll see when I get there.

I hit two main snags, the first being that I forgot to modify my IPsec ruleset beyond my model ruleset (from the VPN at work), so it was only encrypting traffic directly between the laptop and the gateway box. Once I figured that I was being too restrictive, a.k.a. not encrypting everything except the traffic destined to stay on the wireless subnet, I fixed the rules and things started working right. The second part I was having trouble with was the fact that my decrypted traffic was essentially hitting the firewall twice… it would pass through successfully as ESP packets, as intended, but when they were decrypted, they were sent back through the firewall again, and filtered because they weren't IPsec or DHCP related. After a couple hours of searching all over Google, I came across the magic newsgroup post… It mentioned that you could use the MARK target in iptables to mark the ESP packets coming in with a particular mark value, and also noted that each decrypted packet also carried that mark value. So, if you allow the regular packets carrying that mark value, the problem is solved! I was really pulling my hair out over that one…

Now that I've got it working as intended, I'm going to test it for a while to make sure it's stable, and then hopefully, I'll whip up some certs and get Joe's laptop on the encryption, and everything will be cool like the other side of the pillow. I could probably even open up the wireless LAN as a honeypot, and then mess with people that enter… Heheh…

Rule #3: Spammers are dumb.

Mike sent me this video clip from the Daily Show on Comedy Central, recorded a few weeks back. Very funny… The spammer guy on here is quite the genius… it's sad that we have to deal with this crap every day because of guys like this…

Yahh, it’s over now….

Hmmm… song by Alice in Chains, or my stint on midnights? Well, both. As far as working 13 days in a row goes, this stretch of midnight shifts wasn't all bad, but it would have been a lot nicer had I not been coughing my head into oblivion the whole time. The cough is better now, but I still hack my brains out when I lay down, which is kinda necessary in the process of sleeping. It's part of the reason I'm up now, the other being that Joe and Shauna were a little loud when they got back… apparently they decided to do the dishes, because all I heard was plates and glasses banging around. Hmm…. hope it was the dishes they were doing!

My midnights ended friday night/saturday morning, which left the weekend mostly open. I finished up the midnights a day earlier than I normally would have due to Darin's bachelor party on Saturday night. It was a really good time, except for the fact that Jon menioned that he got laid off on Thursday… 🙁 Very shitty… He had worked at his job for close to three years, just bought a house, and gets married at the end of the summer… definitely a sucky time for a sucky event. 🙁 Other than that, the party was great, but no details will be released to protect the 'innocent'.

Sunday was mothers day, and I spent it at home with my family. My grandma Neir, cousin Ellie, and her daughter Karlee came up to visit as well, which was cool. The latter two live in Colorado, so we don't get to see them all that often. Dad cooked up steaks for everyone, and they were delicious. He got a little wet in the process from the thunderstorms and their associated downpours that passed over, but I don't think he cared much.

Today was one of my recuperation days, where I try to shake the midnights out of my system and get back on a normal schedule. I sorta did, waking up at 9am after about 9 hours of sleep, but I felt I could have slept for another couple of hours. I didn't, mostly due to the nagging cough, but that's all right. I took on a geek project today… I installed a new firewall for the network here, and got the configuration set up so I can interface with the VPN at work. That way Joe and I can do stuff from home with no added configuration to our machines, and it's nice and secure.

I wish I was tired right now, but I guess that doesn't really happen when you go to bed after being up for only 13 hours. I guess my body thought I was taking a nap, because when I woke up, I didn't feel like I was going to be able to get back to bed anytime soon. Arg. Oh well, I don't have to work tomorrow either… 🙂

This defies all logic…

Good one Matt… Note the times…

(03:37:40) Mike: I can't believe you're still up
(03:40:28) Matt: yeah
(06:29:00) Mike: christ man go to sleep
(06:48:22) Matt: too late for that
(06:48:33) Mike: did you sleep at all?
(06:49:24) Matt: ope
(06:49:29) Matt: nope*
(06:49:41) Mike: ….
(06:50:28) Matt: heh, shit, im workin OT Tongiht too
(06:50:41) Mike: ……..
(06:52:23) Mike: you get bright one of the day award

Trying something out

I'm trying out a new look for the site, I dunno if I'll stick with it though. If you can't tell the difference, or you keep your monitor at 800×600, I made the page width fixed at 800 pixels. I'll probably have to resize some of the content images so they don't dominate the layout, but that's not a big deal really.