We received a rather polite email today from cydoor to "please stop calling their product spyware. You can read the whole email in this article.. the part that amused me most is this:

In regard with your article, I would like to bring your attention to your categorization of our ad-serving technology as spyware#&46 I believe that this categorization is mistaken, and I would like to show you why. I would also like to request that you update your description of Cydoor to be a mild adware.

"Hi mom, how's your pc?"
"oh it has a mild case of adware.. I downloaded something for it"
"That's not bad then, it's only a *potentially unwated program*.."
"Yah, it's nothing, you should have seen the severe case of scamware ...'s computer had last week!"

Well then..

dslreports has been under a massive DDOS attack.. a combination of synflood and bad requests. What's showing in image is actually not accurate, since the attack is much larger than this, but it should give you an idea of what we've been dealing with since last night.

My personal belief is the reason for this is our recent series of anti-spyware articles much like Ben Edelman experienced. I've no evidence to back that up but would love to compare logs.

Ever since I started posting logs of IPs that post spam on my weblog or spam my referrer log, I've been hit with regular trackback attacks. Daily and consistent. What's the relation to the dslr attack? IPs from attacks to my personal server and to the dslr servers are mostly hijacked, trojaned machines on comcast, sbc and other big providers. Big providers who are completely capable to detecting this kind of behaviour and cutting those customers off. Why aren't they doing it? Maybe because they are more concerned with spreading their legs for RIAA and catching small-time file traders instead of making sure their networks aren't used in massive DDOS attacks that take down legitimate websites who provide security resources for everyone?

What will it take to get Comcast to listen? Are you out there SBC?

Comcast cable customers will be kicked off their network and accounts closed if they get caught three times hosting filesharing. There is no similar provision for customers whose machines are used as part of a botnet. Why not? Why isn't this issue as important? Because websites like ours do not have the deep pockets to affect legislature? Because a customer that cannot secure his machine is more important than one who chooses to download movies illegally?

Every broadband customer should be held responsible for securing their machine and if they are incapable of doing so, they should not be allowed on a public network. And no, I can't afford to buy a few senators to make sure that this even gets discussed in a public forum outside of my weblog.

On the errant child's computer in the crontab of a logged in account:

* 23,0,1,2,3,4,5 * * * /usr/bin/osascript -e 'tell application "Finder" to sleep'

(It tells the computer to put itself to sleep every minute of every hour between 11pm and 5am.. of course if the computer is already asleep it doesn't do anything)

I don't who is in charge of Verizon's mail servers, but they need help, now. A few days ago, a few users of dslreports complained that they are not receiving any email from us. Things like password reminders, notifications they asked for, etc.. It's not spam they're missing but legitimate mail. After checking the logs and seeing nothing but tons of time outs trying to connect to verizon's mail servers I did the very first step any admin would take, mainly:

$ dig verizon.net mx

;; ANSWER SECTION:
verizon.net. 13452 IN MX 0 relay.verizon.net.

okay..

telnet relay.verizon.net 25
Trying 206.46.170.12...

That was from the dslreports mail server.. hmm... could be Verizon's server is down?

$ ping relay.verizon.net
PING relay.verizon.net (206.46.170.12) 56(84) bytes of data.
64 bytes from relay.gte.net (206.46.170.12): icmp_seq=1 ttl=243 time=44.9 ms
64 bytes from relay.gte.net (206.46.170.12): icmp_seq=2 ttl=243 time=44.7 ms

--- relay.verizon.net ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1010ms

rtt min/avg/max/mdev = 44.751/44.833/44.916/0.227 ms

Well.. the server is obviously up, but is the mail server? From another host:

$ telnet relay.verizon.net 25
Trying 206.46.170.12...
Connected to relay.gte.net (206.46.170.12).
Escape character is '^]'.
220 sc002pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY ready Mon, 14 Feb 2005 18:08:02 -0600

Well.. gee.. look at that, Verizon is obviously filtering out mail.dslreports.com and not allowing us any connections. Blacklists? Nope, clean as a whistle (btw, Derek, yours is consistently timing out from that site).

I emailed the typical addresses one would try to contact a mail admin.. nothing.. no reply, no acknowledgment, no bounce.. great.. In the meantime some of our users started asking Verizon. As customers they have a bit more leeway than I.. Here's what Verizon came back with:

said by Verizon Online Support Center:

Verizon will not accept mail from senders that are not recognized on the senders mail system as a recipient. This is a problem on dslreport's side and will need to be corrected before mail from this address will be accepted.

The domains that are being looked into for you are not part of any blacklisting issue, but rather a part of a Sender Verify process. A While [sic] ago, servers were installed to verify sender e-mail addresses. All sites would need to be sender verified. if a sender is not valid, or their domain has not been validated, the message will be returned back to them. Any site that is not set up for sender verification will be allowed to pass through our system.

Thank you.

I explained to the user how there is no way they could have tried to verify the sender (although that would have failed, this was one of our bounce addresses) since they never even attempted to accept the message.. kind of hard to do that without basics..like say.. server handshakes or maybe a connection?

They had a nice reply back:

said by un-named Verizon Online Support Agent:

I have passed the information along to our engineers. It seems that you have not understood our explanation of the Sender Verification process. I would suggest that you feel free to research this for yourself. You will see that the Sender Verification process is actually an industry standard.

Industry standard.. erm... whatever.. how is that connection doing? Right.. none.. and apparently they're working with us on it too! Funny, I didn't notice. Not a peep, none. Great job Verizon, way to serve your customers.. I've some gmail invites for all you poor Verizon users.

At this point, I'm guessing (this is really a guess) that they have some sort of limit of how many mails they will bounce based on failed sender verify and then blacklist the host.

There is something very amusing about this (plain text message, sent from a mac, no attachment, discussing mail rejections as spam in a bit of an overzealous manner):

Your message to: admin@<removed>.net was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED:

Subject: Mail rejections

VIRUS ALERT

The <removed> Internet Spam Shark and Virus Viper Firewall found a virus in an email to you with

Subject: Mail rejections

From: <kasia@...>

Amusing..

It's amusing to read now, after the correction, but imagine being an employee of O'Reilly media and reading this::

received an anonymous IM rumor from someone a few minutes ago claiming that "Everybody has been laid off" at O'Reilly Books

What a way to start a work week, anyone hide a mike by the O'Reilly watercooler?

[For those who didn't follow the link, it's not true]

Someone I know is getting weird emails from a gmail account and asked me to look into it. Obviously, first things first, I checked the headers for the originating IP. Guess what? It appears gmail doesn't include that in headers.

I suppose we now have to rely on google to get anywhere with harassing emails, spam and other badness. Google -- policing the Internet, great.

This is a first.. an attempt at patenting something I could produce prior art for! Me and thousands others!

Patent Application:

Herein is described an implementation of an object persister, which serializes an object to preserve the object's data structure and its current data. The serialized object is encoded using XML and inserted within a message. That message is transmitted to an entity over a network. Such a transmission is performed using standard Internet protocols, such as HTML. Upon receiving the serialized object, the receiving entity deserializes the object to use it. Rather than include copies of referenced objects within the serialized object, the object persister includes references to those objects. This avoids redundant inclusion of the same object and potentially infinite inclusion of the object itself that is being serialized.

.. and since when is HTML a protocol.

[via Ray]

I haven't been attending a full time job in the last few weeks, one might think that should give me quite a few hours of free time, right? Not so! It appears I'm far more busy now than I ever was working. I just don't get paid as much doing it.

I think I found a new disorder:

Out-of-work-so-I-have-tons-of-time-for-all-kinds-of-projects-itis.

I wake up in the morning with the idea that I have all these free hours to do all these things I have always planned on doing, except it turns out once my day fills up.. well, it fills up.

I need a job so I can start to relax again!

1. If your new employer buys books, take advantage! Read them!

2. Work extra hours to finish a project that's off-schedule, it will come in handy when it's time for a performance review.

3. Always document your code, you never know when someone else might need to read it.

4. Keep daily notes on your progress, it comes in handy when you need to take a few days away from a project.

5. Take advantage of any training your employer provides, it makes you a more valuable employee.

6. Start your work day early, you can get more done in the morning before the office fills up with coworkers.

7. Don't abuse company resources, that next raise may depend on it!

.. and finally ..

8. Keep your personal items at work to a minimum, it's easier to carry out when it all fits in one box.

9. Label your office supplies, that way you can claim them as your own when it's time to pack your box.

10. Accrue your vacation days so when you get laid off you have extra paid time.

The October 2004 edition

• You consider two consecutive days without any sort of work a vacation.


• "I asked for his ssh key and he sent me his private one" makes you double over in laughter.


• Instead of sitting and eating in an airport, like the rest of the population, you walk around until you can spot a power socket.


• One might find two-or-more gadgets or accessories whose names start with a lower case i in your car.


• The sentence "Secure electronic voting" makes you laugh.


• farting robot sounds really cool.


• Your preferred airline is American just because they have power sockets on some seats (and you know exactly which rows)

I've got more but I'll save them for next year's list.

Prior editions:
February 2003 and Nobember 2002.

This is really cool!

Google SMS

Now this is an sms feature I may actually use.

[via David, whose post on this seems to have vanished]

Nobody likes the crunch of tight deadlines and working overtime to make up for lost productivity at some point in the project. It's stressful, annoying and bound to make the worst whiners out of the best troopers. It would appear that the preceding is one thing all programmers from all corners and platforms can agree on, right?

Well, there is one thing that's almost as bad -- having too much time in a project. Like say, finishing a couple days early. Too much time equals too much creativity. Too much creativity equals your mean, lean program is suddenly a code-bloated monstrosity sprouting features like growth on a ten-month old potato. Christ, give me a tight-deadline anytime over this.

With the recent increase of break-in attempts via ssh, here's a little checklist of making sure your server is as secure as you can make it while still being able to access it from the outside.

• Do not run ssh in Protocol 1 compatibility mode. This is sadly, enabled by default in many installations, you can test yours by simply telnet-ing into it.

  % telnet unix-girl.com 22
  Trying 66.198.51.100...
  Connected to cygnus.unix-girl.com.
  Escape character is '^]'.
  SSH-2.0-OpenSSH_3.7.1p1
  

  Mine's safe, unsafe configuration would show:

  SSH-1.99-OpenSSH_3.7.1p1

  To disable Protocol 1, set this in your sshd_config file.
  Protocol 2
  

• Do not allow root login via ssh at all. Root is probably the most common targeted account for brute-force attacks. To disable root login in sshd_config:

  PermitRootLogin no

• Enable key authentication, keys are more secure than passwords. In sshd_config:

  PubkeyAuthentication yes
  AuthorizedKeysFile .ssh/authorized_keys

  In your home directory:
  

  % vi ~/.ssh/authorized_keys
  -- insert public key in the file -- :wq
  % chmod -R og= ~/.ssh/
  

• Disable password authentication altogether: I'm not that sure of this one, it is a lot more secure but then you'll either have to sprinkle your private key in places (I don't want that) or keep a backup system with your private key on it to which you can access from everywhere without using a key.
  

  
  PasswordAuthentication no
  



• Make sure you do not have any of these accounts on the system:
  
  • admin
  • test
  • guest
  • user
  • webmaster
  
  These are a huge magnet for brute-force attacks.


• Make sure these common (and others) accounts use /bin/false or /bin/nologin for shell:


• mysql
• oracle
• server
• backup
• data
• apache
• web
• nobody

.. and have no passwords:



% passwd -l mysql
...



You do not need to login to those accounts, ever, if you do you're doing something wrong.
• Make sure you're using the configuration file for sshd that you think you are. I've seen many servers where the file used is in /usr/local/etc instead of the more intuitive /etc/ssh/. This is determined by the -f flag in sshd startup.

  If you find two of these, it's probably best to just delete the one you're not using so as not to confuse yourself.

I'll add more as I think about it..

I'm seeing about four times as many attempts at ssh entry & scanning in logs on various, mostly-unrelated servers.. I wonder if there's some vulnerability that has not been reported yet?

Something is definitely going on... are others seeing this too?

Edit: found it.

Yesterday, I had to resize tables. Who knew they would reach 4GB each in such a short period of time? They do grow quickly.. don't they.

Today, I had to deal with aftermath of a server running out of space (damnit, I will install some better monitoring, I promise!) and learned that you need 2.2GB of free space to run repair on a 2.4GB table.

Time to prune some data.

When searching for help with hpux + http authentication issues came accross the original Apache http server anouncement on comp.infosystems.www.servers.unix from 1995.

Folks, we in the Apache Group are happy to announce a new public-domain HTTP
server based on patches to NCSA's 1.3 httpd called "Apache".  It fixes many
bugs, in both performance and functionality, and it includes the following
new features: 
 
      Content negotiation (for all you who want to do HTML 3 right!)
      Multiple Domain Names (http://foo.com/ & http://bar.com/)
      Custom error responses (internal redirects to pages or script)
      Send "as is" file types - for including HTTP headers with documents
      More HTTP spec compliance
      DBM-file based user authentication

Ah.. the good old days
link

Once upon a time I used to spend time and effort reading rumors on usenet (back when it was useful) about new! improved! faster! sexier! processors. 200mhz! Oh, I remember that one well. I couldn't afford the Intel wonder but I did get the Cyrix (anyone remember them?) for $400 about a week after it first came hot-fresh and new off the assembly lines. At the time, that was a lot of money for me -- so it was definitely a sacrifice. I was at the top of technology -- following the news, getting the newest and greatest and processing the hell out of my computer.

I remember the 300, the 600.. who can forget the 1ghz? That was something. Somewhere along the way things changed.. I'm stuck in a time warp. My desktop is a dual 600mhz Intel (and I got those for free, they used to run the original dslreports website).. and well, it's good enough. My laptop is a mere 1.25ghz (g4, mind you) and it's just fine and dandy. My work desktop is somewhere in the 2ghz range (I don't even know where) and that's fine and dandy too.. sure, it builds our code fast... that's nice, I suppose.

I just don't care anymore. Somewhere somehow I saw a reference to a 3ghz cpu. First reaction was "when did that happen?".. second was.. "oh I don't care anyway". In a way that's a bit liberating -- I no longer have to spend far too much money to stay on top of things (I just don't care anymore) -- but it's also a bit sad. Somewhere along the way the whole speed race lost its magic.

Here's to the 5ghz cpu, early, bet I won't notice it on time anyway.

My server was down earlier today for mysterious reasons. A switch at the data center was cycled and my box never came back on (the only one that didn't).

• Login via serial console to verify network device is actually alive - check
• Cycle the server for good measure - check
• Cycle the switch again - check
• Ping setup-knowledgable person on IM (idle) - check
• Try several cell calls to various people with no good result - check
• Get a hold of a person who might help - they're too busy right now - check
• Watch the only person left who knows more than you about the setup (I know nothing) go to bed - check
• Start pinging every IP in your range in desperation - bingo!

Bang-head-on-wall *check*

# uptime
22:52:34 up 206 days, 23:19, 1 user, load average: 109.87, 62.86, 27.35

Don't ask :)

It's been raining and thundering all day today and I'm feeling lazy. That means veggie burgers for dinner (I have the routine down to less than 10 minutes including fresh veggie slices and spicy spread) and watching some movie I've seen 10 times (hmm.. feels like an Indiana Jones night) with my favorite buddy while doing some light no-brain-required work on the powerbook.

That's about when I discovered an obscure server I once used to rely on for my email appears to be bouncing messages destined to my inbox.. No problem.. login in, fix sendmail (cough) all happy again. A realization struck me. This is the first time I logged into that system in about 2 years.. and I remembered the root password.

My brain always amazes me.. I have trouble remembering where I left my cell phone half the time (until it rings, I mean buzzes) yet I can remember a root password (one of those good ones, random numbers, letters and let's not forget mixed case and a sprinkling of funky symbols) I have not used in three years. That's not all.. actually.. I can remember login passwords to all kinds of systems.

We geeks are just wired oddly. Time to sprinkle some ssh keys though.

RAGM - Random Access Geek Memory - Remember all things obscure forget the useful ones.

Did you hug your sys admin today?

I used to be one.. long time ago before I crossed over to programming. It's true, sys-admins are very much like minor deities.

The "leading Access Control features such as Tickets@Home".. I wrote that.

Think I can use that as leverage asking for a raise? "Hey, I wrote the leading access control feature such as tickets@home"!

Well.. no.. but pr is still funny.

As noted here I am working on a conversion of a ClearCase repository to Subversion. Since there appear to be no resources for this available I wrote a simple perl script that handles the conversion in a relatively simplistic manner. In short, it checks out each version of a ClearCase file and checks it into Subversion, therefore creating the history. It's simple but effective and it worked quite well to convert our entire repository (some 30+ hours for the whole thing..).

Anyone who wants it, it's here, but please make sure to read the documentation, particularly the limitations before you attempt to use this thing.. and by all that is holy, run a test run and backup!

Oracle client for linux is 386MB.. insane.. that's of course just the installation file which I'm still downloading. I'm sure the actual install is bigger.

There's a small, "instantclient" which is under 10MB and unables you to use JDBC and (burp) SQL*Plus.. but for what I need it's not enough..

When the hell did a DB client (*CLIENT* not the DB itself) get so freaking large? Someone needs to put Oracle on a diet..

It's a bit funny (to me anyway) just how specific my work environment needs are. This topic, of course, came up in a conversation today.. and made me think about just how particular I am.

When I code, I like a big monitor.. so I rarely actually do any coding on my powerbook (unless it's something small and scripty) and will use my desktop with the big monitor for that purpose when working at home. I had a sun box as my desktop machine in my first programming job and having that big, sun monitor forever warped my expectations of a programming desktop. Big monitor, tiny font, lots and lots of xterms. That's one of the reasons I really did not enjoy windows programming during my short Delphi experience.. there is just no easy or logical way to arrange this on a windows box.. not with having to click to focus!

Amusingly enough.. when I do sys-admin type work (which I tend to in the evenings) I can work just fine using my powerbook on my lap.. on the couch.. but yet I cannot seem to program comfortably that way.

Not surprisingly.. we're all creatures of habit. Some of them more odd than others.

iEmployee.com is written by some not very bright people. Forget that the damn thing has to be hacked to work in a browser other than IE.... I can get around that.. whatever.

Their whole session security relies on a session ID in a url. That's right.. knowing the URL you can get into someone elses session. That site contains nice things like my social security number, address.. date of birth.. employment information (after all it's an HR company).. why do they even bother with ssl if this is their idea of a security model?

I think I'll suggest at work we drop these morons.

Considering the kind of information they provide online, wouldn't security be a top priority? Pretty please?

Most of the things I normally compile for unix involves "configure, make, make install" with the occasional sprinkling of "make test" for good measure. That's pretty typical. Then there are the more complex packages that actually require reading instructions before you can compile them, sure.. reading is good for you. But why, in the name of all that is holy, would you include installation instructions in an html document for something that needs to be compiled on a command line? Especially when it's *just text*. I don't care about pretty gifs and paragraph formatting! I just want to compile and install!

Damnit.

I'm researching switching our source control tool from the feature-rich and appropriately expensive Rational ClearCase to the open source and apparently quite nice and stable now, Subversion.

It appears that conversion scripts from CVS to Subversion are a dime a dozen, however I've been having a hard time finding any information on converting from ClearCase to Subversion.. I suppose it wouldn't be particularly hard to make a script to convert all our history.. but I'm more interested in finding out about pitfalls and things to watch out for from people who have done this before.

Anyone have any info?

No, this isn't the old one, it's a brand spanking new one. Mine's upgraded.. spent all of five minutes on it too. Phew, life is rough.

Side benefit of using open source software, all those nice script kiddies and hacker-wannabes work hard and long hours to discover security issues for us. Thanks guys, warm fuzzies.

[via David]

.. of code.

The code I usually work on has been actively used and developed for the last three years. That's really not unusual for what is essentially a very elaborate website with a massive transactional back-end (all written in Java) that talks to many different ticketing systems. It's a very complex project. I often find myself re-writing code because something has changed that facilitates better, more efficient or just simpler processing -- sometimes that something is my own logic and knowledge padded by the additional experience gained since the last time the code was touched. I often find myself wishing I had the time and schedule flexibility to re-write much larger and more complex parts of the code, but as we all know, wishful thinking is just that and schedules are often unforgiving. Today was one of those days.

A code-base, like the one I just described, is really like a big, elaborate gum ball.. when it first starts out it's all smooth, shiny with an underlying sweetness that just begs to be enjoyed. As time goes.. that changes, it gets chewed up, sweetness goes away and before long it just looks like a chewed up, sticky, used-up piece of gum. Other coders add their own tidbits.. and before you know it you have one, gigantic, messy, sticky ball composed of patched-on pieces that doesn't even remotely resemble the sweet and juicy round thing it once was.

I have a theory.. any project that's been actively developed for more than three years needs to be scrapped and started from scratch using the experience gained in building the original code-base. Much like a stepped-in piece of used gum scraped off the bottom of a shoe.

Now isn't this the stupidest analogy ever? It was so bad I just had to blog it ;)

A new workstation recently arrived on my desk and this prompted an experience I have not had in a while. Installing a whole new linux system. Now I'm practically a pro. I've done this dozens of times. I'm very comfortable in unix and can hack my way through most problems. Given that, the installation was a snap despite some problems:

• Burning the cds incorrectly -. I'm an idiot and didn't realize burning them on my powerbook with the default osx tool might cause problems -- eek screwed up file names. Wisely, I also burned just the iso images. Mounted them on my other pc and did a network install.
• The pc not having a floppy drive to boot from (this is tied to the above problem of not having a bootable cd). Lots of old pcs in the office.. So one floppy drive dangling on a cable and propped by a pile of books was the solution.

All things considered, that's an easy install and would have been even easier if I wasn't a dumbo. So what did I have a problem with? The RedHat (I installed Fedora core 1) up2date agent crashing on startup. Once again, I'm a geek, took me 2seconds to find a problem. Missing font! I installed all the default font packages, well it appears I missed some obscure Helvetica size whatever font. Give me a break guys. How do you expect Linux to ever make it as a desktop OS if an entire application silently (to the user not running this from a terminal it just disappears without a trace or an error message) fails because of a lack of a font!

Ludicrous. Stupid. Silly. Amateurish.

This is an application that's part of a RedHat (well, Fedora) distribution, it should be a bit more mature and better than this by now. Especially considering this application is supposed to keep your system up-to-date with all the newest security fixes. Is it a wonder so many new linux users have hacked machines within days of install?

If an application can just silently fail because the system doesn't have whatever font it happens to prefer, then linux has no future on the desktop of your average PC user.

If you're at an airport that appears to have no wireless and no signs pointing to its existance - head for the nearest Starbucks.

I learned that in Cleveland yesterday.. not one sign about it, but there was wireless at the Starbucks (and nowhere else).

Apparently the entire world is under the impression that if they continuously bother me while I'm really busy it will somehow make me work faster.

Well, it won't.

It will make me more irritated, more annoyed, more frustrated and more prone to obscenity. But! It cannot possibly make me work faster.

It's a very simple concept. If something has gone horribly wrong and it needs to be fixed *right now* and I am aware of it and already working on the issue, what do you think I'm doing? That's right, working as fast as I can. Now it is entirely possible that 'my fast as I can' is not quite fast enough but still, does not change the fact that it's simply not humanly possible for me to work faster than my maximum physically-allowable work speed. My brain will explode otherwise. Perhaps my fingers too. My wrists are sure to complain as well.

But you can bet your sweet code blocks that I will not insert multiple return statements anyway. Hah, take that, oh argumentative ones.

I'm often asked "what is it like to be a programmer". It's a good question! After all, programming, being the glamorous and exciting profession it is generates much curiosity in the less-typing inclined portion of the population. Oh, alright, I got the question once and it was from a six year old, but who's really counting? The question still deserves to be answered and who better than I? A typical (in my limited view of the universe - from my living room couch where I am located presently) programmer. Please keep in mind that my view of the programming universe may not apply to other typical (not me) programmers.

An average day in an average life of an average programmer.

A good start to any programming day is to drink coffee (lots of coffee) and make realistic and plausible goals for the days accomplishments. Say, fixing the few outstanding issues in the current project and feeling good about yourself and your productivity at the end of the day.

Around midday, as you get through your second pot of coffee, answer all your email and deal with the usual morning interruptions of questions, phone calls, general chit-chat it's time to start the initial debugging work on the first (and usually the hardest) of the list of bugs to fix for the day. Ah, productivity! Fuzzy, warm, green feelings.

Lunch time!

As afternoon rolls in, the day usually starts to look much more organized and flows in a pattern. Much like a flowchart. Created by a disorganized manic depressive. Who likes to smoke pot. The pattern is very usual and typical.. start up debugger, get through one statement, get interrupted, answer questions, discover application core dumped while waiting for your input (weblogic likes to make our lives exciting that way), go get coffee while weblogic restarts. Rinse, repeat until around 5pm.

The evening shift.

Watch all your co-workers leave the office as you fumble some data, debug some QA problems and discover it's now dark outside. Turn up your iPod to tune out any possible interruptions, code madly, try not to insert too many offensive comments in between removing the hacks you said would only be there for a couple days (three years ago) and finally watch everything fall into place and code operate properly. Success! Bug fixed! One.

Kick the chair as you leave the office.

There has been much noise recently about Google's new mail service and its privacy policy. Specifically, the biggest concern appears to be the storage of the email itself. What should have been the service's main selling point (who has 1GB worth of email sitting around anyway?) is now the biggest point of contention. "What will they do with all that information".

I have to admit, the privacy policy is worded pretty ambiguously and leaves many open doors for all kinds of nefarious schemes.

We will never rent, sell or share information that personally identifies you for marketing purposes without your express permission.

"But we will happily sell all other information". I suppose that in itself isn't quite as bad as it sounds. What company doesn't sell their customer information these days? We sell ourselves and our info for a discount at a grocery store, why not for a mail service. Note, it specifies "for marketing purposes".. so does this mean they will for other purposes?

Residual copies of email may remain on our systems, even after you have deleted them from your mailbox or after the termination of your account.

What exactly is "residual copies" of email? What conceivable reason would Google have for storing more than one copy of an email (other than backups, obviously) on their system? Considering Google is using the content of the email to target ads, this is probably something as simple as using a sampling of email to test and improve their targeting algorithm.. but if that's all it is, I wish they would say as much in the privacy policy.

Google employees do not access the content of any mailboxes unless you specifically request them to do so (for example, if you are having technical difficulties accessing your account) or if required by law, to maintain our system, or to protect Google or the public.

This is the biggest open door. "Protect Google" -- who defines what is needed to protect Google? Of course.. Google, in other words, as long as they can justify "it's good for the company" they can do what they please.

The policy is pretty badly written, leaves too many questions and doesn't explain Google's intentions as clearly as it should, but I would think they're too big of a company to get away with anything too nefarious for too long. I have a feeling that thanks to all the noise this is causing, we'll see an amended policy within days.

If your IP is 216.114.176.211, you have a virus and you're sending it with my email address as return address.

If your mail server is smtp.scotland.net, configure your bloody box to discard viruses not bounce them.

That is all.

This new worm is particularly annoying, since an AV scanner may not catch it at the server level, the infected file is password protected. If you're running postfix, you can block the subjects it arrives with at the server level using header_checks.

In /etc/postfix/header_checks add these lines:

#
# w32.Beagle.j worm
#
/^Subject:.*E-mail account disabling warning/ REJECT Suspected W32.Beagle change subject
/^Subject:.*E-mail account security warning/ REJECT Suspected W32.Beagle change subject
/^Subject:.*Email account utilization warning/ REJECT Suspected W32.Beagle change subject
/^Subject:.*Important notify about your e-mail account/ REJECT Suspected W32.Beagle change subject
/^Subject:.*Notify about using the e-mail account/ REJECT Suspected W32.Beagle change subject
/^Subject:.*Notify about your e-mail account utilization/ REJECT Suspected W32.Beagle change subject
/^Subject:.*Warning about your e-mail account/ REJECT Suspected W32.Beagle change subject

It will reject the email with the message "Suspected w32.beagle change subject". That's all, postfix rocks.

Diego muses on the percentages of very qualified women vs men in fields like Computer Science:

if, say you have a CS class of 40 people, maybe 5 at most would be women. But of those five women, two would be very good. And there would be maybe three, at most four good computer-scientists-in-brewing on the boys' side.

There is actually a very simple answer to this. A woman has to work twice as hard and be twice as good as the average man to get anywhere in a male-dominated field. I know only a few female programmers but they're all very good if not excellent.. can't really say that for majority of the male programmers I know.

I had a perfect example of the different expectations today as I was upset over what I felt was a mistreatment at work and one of the reactions I received was "you're being bitchy".. It wouldn't have occured to the same person to say that if I was a man, but there is always a slant when the other gender is involved.. This is probably not a intentional or even a conscious decision, it's just how our society has predispositioned us to think.

Women have to be smart and tough to make it in CS. That's why the percentages are so much higher.

Richard Stallman was nice enough to give a talk at the Greater Hartford GLUG meeting. It was tempting enough and I braved the drive through Hartford during rush hour and attended. I'm glad I went. Everyone knows the history of gnu and linux but it's always good to hear it from the proverbial "horse's mouth".

Stallman is a good speaker, throws in enough humorous references to keep the crowd interested and is anything but boring. I suppose I could summarize his stance on non-disclosure agreements (they're bad), free software (free as in freedom not free beer) and general state of software development today, but that's really easy to find on the web in numerous papers and books he's written, so I won't.

I agree with much of what he says. I believe in open source, I think software patents are ultimately evil and I think the government has no business bending over for corporations and passing laws like the DMCA. I don't think *all* software has to necessarily be free. There is room in our communities for both. I can't imagine excellent products like Photoshop (gimp is nice, but it's not photoshop) and autocad would ever come into existence if all software was free. Support fees only go so far for products like these. Companies other than hardware manufacturers need an incentive to create good, professional software and income is probably the best one of them all.

These companies have the right to write software, keep the source private and charge money for it, but they do not have the right (this is in my view, not in legal terms) to tell the users how they can or cannot use their software. They should be responsible for flaws and lack of quality. Most of all, they do not have the right to invade, control or do anything to the user's computer just because their software is on the machine. I think it's a quote from "Good Omens".. "The devil should learn to write agreements from the software manufacturers".

The halo on Saint InGNUcius's head? I was right.. it's a hard drive plate.

If one ever searched for a perfect candidate for the professorate of absent-mindedness they would come up with me at the top of the list. My picture should be in the dictionary next to the definition. I should be awarded the honorary title just based on the first thirty years of my life. When you combine that with my amazing powers of observation (not) and the incredible ability to be oblivious to my surroundings it's a wonder I survived into adulthood. Particularly considering all the experiments I did when studying electricity through home-made lamps and assorted lethal devices around the age of ten.

That's all normal (for me) but it is amazing that I also happen to be an inexhaustible fountain of useless knowledge. Have a topic? I probably know some completely weird and useless factoid about it. When I was in grade school I used to win quiz contests with one half of my brain focused on some incredibly stupid and dangerous experiment and the other half wondering if the cute boy from the other team likes me. I can name authors of books I never read, Latin names for plants I've never seen and quote from movies nobody cares about. All this before my first morning coffee.

I'm often asked "How do you know all this".

I don't know. Really, it all just accumulates in my brain pushing out useful information, like simple regular expressions, the last location of my car keys and the fact that I promised to finish up a certain project. And that's just an example from today's afternoon, morning was more exhaustive.

It's not easy to reconcile these things. How can I remember lyrics to songs I haven't heard in fifteen years but not remember a simple algorithm I've used many times in the last three years? I can name the capital of Manchuria but didn't notice a coworker came by and left a note on my desk while I was sitting there (no headphones involved). I can say "happy new year" in Cantonese but forget my mom's birthday.

One of the childhood stories my mom loves to tell everyone involves me at around the age of twelve, a small storage area and a vacuum cleaner she sent me for. I went there, didn't see it, came back, "no, no, it's there, look again". I looked.. didn't find it, she came with me, the damn thing was right in the middle of the room and only a blind person could miss it. I'm not blind, I'm just incredibly oblivious to my surroundings.

There might be some medical term for this - but for once, I don't know what it could be. Maybe it's part of the Nerd Attention Deficit Disorder.

This is only useful to those who use Scarab bug-tracking software and are not happy with its e-mail handling options. Might also be useful to those who wish to mock my perl (I'm a Java-programmer, dammit).

Scarab e-mail filtering script. That write-up probably leaves a lot to be desired, but it's a start. This filter has been in place at work since mid-December and so far everyone is satisfied with it.

I cannot imagine anyone out there hasn't figured this out yet.. but postfix just totally and completely rocks. After years of dealing with the hell that is sendmail this is a breath of fresh air.

I wanted to configure postfix to listen on two ports (smtp and 26) for those whose ISPs block outgoing port 25 and turns out it was a one liner change.. how great is that.

In master.cf:

26 inet n - n - - smtpd
# postfix reload

Done.

It appears I missed a whole new trend in online discussions. Me! The queen (well, former) of IRC and forum discussion boards! Lately, the flamer on usenet! (It was one post and they really got under my skin, I already repented).

::emotion depiction::

When did this happen? It's not that I'm scared or bemused or even petrified by a new trend.. it's that it completely and utterly went right by me and I didn't notice it until very recently. What happened there? Am I no longer on the memo list?

Man, I guess this is what it felt like to our parents.

*sigh*

er, ::sigh::

This is a really cute tshirt but someone made a boo-boo..

"There's no place like ~/" would have been much more logical.

Microsoft's answer to the IE phishing bug..

The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER.

I have a better solution, how about using a browser that is not vulnerable to a huge security hole that apparently the browser maker isn't in any hurry to fix?

Laughing yet? Good! That is funny.

I have recently discovered ddr (that's Dance Dance Revolution for those who never heard of it) and it's more fun than jumping on a pad to house pop music ought to be. Good source of exercise for the nasty winter days when running outside is not an option and the treadmill sounds about as appealing as writing CS I projects.

Next time I'm in California (CT Is amazingly arcade-poor) I'll have to visit an arcade and make a fool out of myself in public on a nice, metal pad. (Hi Matt!)

(Stats? I'm getting As and AAs in "light mode" songs but still have problems with "standard mode".. I'll get better!).

If one is up at nearly 2am on a Sunday night merrily debugging various server issues that really can wait a few hours (the few hours I need of sleep) I would think that is a big, flashing sign of an issue. With bright colors and blinking lightbulbs around it.

I admit it, I have a problem. If I see an issue I can't walk by it.. I have to roll up my sleeves and dig in (well, not in a physical sense, of course) no matter how useless that may be at the time (face it, if a server is throwing i/o errors one after another it may be a bit late to try and figure out if I have a current backup). It's not that I'm a workaholic, really, I'm not.. I haven't spent all of today working at all... it's just that I can't walk past something like this. Help.

In the great tradition of google and assorted filtering tools Mark Lindner came up with a filter for gaim.

It's fun to annoy your co-workers with!

To quote Mark:
Sappnin' dere, homey. Why duzn't ya give dese rap filters some damn try? Dey be great.

It's the little things in life that make us happy. Today is the last day I have a windows box on my desk at work. At least for a while.

I have the utmost respect for windows programmers, truly, I do.. I just don't make a very good one myself. Having me write windows software is a bit like having a VB programmer who has never used unix write apache modules. In my short, yet ever so annoying foray into the world of Microsoft-based-os programming I experienced Delphi programming and creating installation scripts with Wise (whose scripting language is the weirdest damn thing I've ever learned).

I cheated though.. I wrote my test utilities in perl.

Today, i lovingly deleted all my personal files, cheerfully cleaned out the application list and shutdown the machine. It's being taken away tomorrow morning and I'll be left with my ever so much slower and older, but yet reliable, trustworthy and linux equipped pc.

I'm all smiles, it's the little things.

I have nothing against courier-imap as a server itself. When it works, it works well and it's stable. I do have a serious issue with how it's written. This is the same piece of software whose programmer wants you to use an rpm if you're running redhat instead of compiling from source, like any sane person would choose.

So we have an enforcement of "don't compile as root" (generally a good idea but enforcing it is a bit rude, unless you're the sysadmin), a strongly-expressed preference for users to use rpm for installation instead of compiling themselves.. and then.. this..

strace output of a login failure using MySQL:

[pid 2921] write(6, "j\0\0\0\3SELECT alias, cryptpw, \"\", "..., 110) = 110
[pid 2921] read(6, "\304\0\0\1", 4) = 4
[pid 2921] read(6, "\377(\4You have an error in your SQL"..., 196) = 196
[pid 2921] fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 2921] read(6, 0x807d5a8, 8192) = -1 EAGAIN (Resource temporarily unavailable)
[pid 2921] fcntl64(6, F_SETFL, O_RDWR) = 0
[pid 2921] write(6, "\1\0\0\0\1", 5) = 5
[pid 2921] shutdown(6, 2 /* send and receive */) = 0

Courier log output from the same event:

Dec 26 10:21:58 coral imapd: Connection, ip=[127.0.0.1]
Dec 26 10:22:15 coral imapd: LOGIN FAILED, ip=[127.0.0.1]

Hint: any possible debug parameter is turned on.

That's right.. it's a simple SQL syntax error and one has to use strace to figure out that this is why a user cannot login..

So is the courier-programmer telling me I'm too dumb to compile it myself but have to know how to use strace to debug an SQL statement? I guess so! Sheesh.

I should not expect better from courier, I've seen their annoying, arrogant error messages before.. but this one takes the cake..

configure: WARNING: === I think you are trying to run this configure script
configure: WARNING: === on Red Hat/Fedora. You're doing too much work!
configure: WARNING: === It's much faster to create installable binary RPMs
configure: WARNING: === like this: http://www.courier-mta.org/FAQ.html#rpm
configure: WARNING: === When you do this you may find that RPM will tell you
configure: WARNING: === to install some other software first, before trying to
configure: WARNING: === build this one, and even tell you the name of RPMs you
configure: WARNING: === need to install from the distribution CD. That's much
configure: WARNING: === easier than trying to figure out the same from some
configure: WARNING: === cryptic error message.
configure: WARNING:
configure: WARNING: === Even if you don't intend to use everything you need to
configure: WARNING: === have in order to build via RPM, you should still do as
configure: WARNING: === you're told. All the extra stuff (LDAP, SQL, etc...)
configure: WARNING: === goes into RPM sub-packages, which do not need to be
configure: WARNING: === installed.
configure: WARNING: === But, if you insist, you can simply add '--with-redhat'
configure: WARNING: === parameter to this configure script and not see this
configure: WARNING: === error message. You should also do this when upgrading
configure: WARNING: === and you didn't use RPM with the older version.
configure: error: ... in either case you better know what you're doing!

Yes, I know what I'm doing.. no, I don't want to have to use a stupid option to avoid a dumbass message and it's not RedHat/Fedora!!!

I hate arrogant programers but what I hate more is arrogant programers who can't program the checks properly in their annoying scripts. Did I mention I detest rpm?

For future reference.. `cat /etc/redhat-release` spare the dumbass errors, detect the OS correctly.

So they go through the trouble of checking for RedHat and throwing you out.. but don't bother with providing an option to specify where openssl lives.. just crap out during make.. (yes, I know, hack makefile). No wonder they need this RedHat check.. Why make configure scripts more usable when you simply tell the less-immersed users to go away?

I'm writing a mail-filtering script in perl and while testing just sending all e-mail to myself. Made a typo and exchange - which is our *main* mail server, sadly - returned this error..

did not reach the following recipient(s):

c=US;a= ;p=TIXX;o=SYRACUSE;dda:SMTP=krapszo@tickets.com; on Tue, 9 Dec 2003
13:42:31 -0800
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a=
;p=tixx;l=SYRS-MAIL0312092142YSQZTSW0
MSEXCH:IMS:TIXX:SYRACUSE:SYRS-MAIL 0 (000C05A6) Unknown Recipient

My first thought at seeing this mess was "Good lord, what the hell is my script doing to the headers (I am modifying them)!

Took a second eye to notice that I misspelled my own bloody name and this is exchange's way of saying "Unknown Recipient". If you squint real hard you'll notice that message at the end of the pile of cryptic, useless (to me) information.

That is just hideous and disgusting.

This is an amusing yet rather scary look at just how software patents might influence your average e-commerce website.

The evilness of software patents illustrated.. see this is why those who are proponents of such actions will go straight to hell to enjoy an eternity of programming Fortran under windows 3.1.

[via Justin]

Ran across this picture when browsing Rasmus's pictures from Bangalore..

Impressive, isn't it? I don't think our president knows what open source is.. heck, I doubt he could spell it.

Really, it's always the most obvious, easy thing that's wrong but takes the longest to figure out.

I use postfix and have multiple domains setup in mysql.. the beauty of this setup (as if I need to explain) is that my users are not local users but rather live happily in my database and I don't have to worry about all kinds of security issues. Not to mention adding new users and domains consists of inserting sql statements.. how's that for sexy?

Considering that my users are not local, you can see why I would want my spamassassin settings to live on per-user basis in the db. It's easy to set that up.. there's a nice helpful document here that explains it all including a sample table. Lovely!

Of course I was having problems getting this to work.. running spamd in debug mode.. and it's not even connecting to the db! Looking at mysql logs.. sure enough.. no connection attempt.. google search.. yes, looks like a lot of people are having the same problem but nobody has a solution.

Finally.. (what I should have done first).. "man spamd"

-q, -sql-config
Turn on SQL lookups even when per-user config files have been disabled with -x. this is useful for spamd hosts which don’t have user’s home directories but do want to load user preferences from an SQL database.

Ah.. there it is.. -q -x and works like a charm.

Trivia: how many people know that Jeremy added this spamassassin feature? Small world, huh?

I realized this morning that I have five, (count them: 1, 2, 3, 4, 5) on-going projects that I'm actively working on. This isn't work-related, just my own little side-projects to simplify (heh) my life. At least that's the long-run intention. This isn't a new development by far.. I've always had several things going on at once.

Why isn't that I tend to do this?

Anyone who has better time management skills than your average five year old realizes that it's better to finish something before starting a new project. The biggest time-sucker is finding that particular spot where you left off the last time you worked on the task. Now assuming you spend about an hour a day on some project, each day a different one, and it takes you 15 minutes to arrive at the spot you left off last time.. that's a lot of wasted time. That's where I am.

Now to attempt to answer the question why is it that I divide myself into many projects instead of concentrating on one and actually finishing it.

Boredom.

I get bored easily. If I work on something for too long and don't have quick gratification of immediate results I tend to get bored with the task. That's a terrible trait in a programmer.. after all.. any decent-sized project takes weeks before you start seeing a result! Hours upon hours of work.

So I could approach my little side-projects the way I do work. Schedule, and well, just do it... but I'm afraid that will take the enjoyment out of it.. and what fun would that be.

Or I could continue the way I have been, wasting precious time (oh, how I wish I didn't need to sleep), tediously working through the more boring parts and delaying that good proud-of-myself feeling I get when I manage to do something really cool.

I suppose programming is much like running a long race.. you start out all excited and full of joy, sweat through the middle, force yourself to keep going towards the end and always manage to find that little push to finish looking strong. After that it's just all joy and pride and happy, good feelings. You did it, went for the long one and finished without quitting. You tell yourself you'll never put your body through this again.. but before you know all you remember is the good stuff, forget how bad the bad parts were and sign up for the next one.

Except for that one bruised toe.. that's still there over a month later.

So approaching programming like running.. I guess it's time to sweat and finish these off one at a time. But will I still enjoy it if I do?

Robert Scoble is sorry for our troubles.. where 'us' is everyone who gets caught in the horrible virus-infected-new-machine problem.. That was nice, particularly coming from a Microsoft employee. Certainly feels better to read 'yes we have a problem' as opposed to 'you didn't do the right thing, so it's your fault'.

Thanks!

But it would make me happier to hear that Microsoft is working on a better security model.. What I'd love to see in windows.. is well, essentially the unix security model. Root/Administrative account that isn't used for logins.. just via a tool (sudo, for instance) to explicitely update/install etc.. stuff.. Of course with that goes a very fundamental change to the OS... Do not require system changes to install application unless those applications actually affect the system. Much like unix.

I know many people think that the reason there aren't many linux viruses is because it's not quite as popular. That's actually not really accurate.. it's because even if a user executes an email attachment on a linux machine, unless he's running as root (and most people who use linux know better) the virus won't be able to do anything bad to the sytem. So linux viruses are kind of pointless.

Every couple months or so I hear a horror story from a friend about connecting their new PC or laptop to the Internet. These are not dumb people.. they're just not half as geeky as you and I may be..

Seems logical, to most..

• Buy a new machine
• Go to microsoft.com to update the buggy windows everyone keeps talking about.

.. oops, machine already infected with some virus or trojan in less than 5 minutes after being connected to the net.. not only that, it's so busy popping up messenger spam that it won't even shut down for the required crash.. which is fine since it won't boot up again without some major fixing and updating.

Sounds familiar?

If it doesn't, you're probably not a windows user or knew enough to use a firewall.. see most people don't. Actually, most people don't know what a firewall is.

This isn't new information.. everyone knows this, right? I can see you nodding your head.. so how come the company that makes the software that comes pre-installed on nearly every new PC sold in US does not seem to realize this? Why does windows *still* have this lousy, crummy security model? Maybe instead of a new MS office version #121338734723 it's time to fix the buggy damn OS?

I've had enough.. sorry friends/family/whoever has my phone number.. your windows won't boot? Call Microsoft. I'm going on geek-strike.

There is one thing that I hate more than being micro-managed... and that's being micro-managed by someone who isn't my boss. As any programmer will tell you, being productive is hard enough at times.. without someone on an ego trip deciding that you're not 'allowed' to do something without his permission because he says so.. now there are perfectly valid reasons for someone to say that.. but in this case, not even a whiff of them was anywhere within a hundred mile radius..

But wait! There's more!

So we covered..

• micro-management == bad
• micro-management by not your boss == double bad

Remaining point...

Micro-management by not your boss in an incredibly rude manner that includes charming phrases like "crapping all over the database"... and trust me, I know I didn't affect or break anything.. I wouldn't be bitching about this otherwise... not to mention it was a test to benefit this particular wonderful person's underling.. (that poor guy) not me.

I had a point.. oh yes.

Work can be hard enough... it's not so hard to be nice to your co-workers (even the ones who are one engineering level below you) particularly when they're trying to help and aren't exactly being brain-dead (unlike the other day..shh) and getting in the way. Mmkay?

Maybe it's a gender thing.. good god, I hope it's not a gender thing..

As anyone who is reading this probably realizes, I'm a unix person. Not only am I a unix person, I'm also a unix programmer. Which just means I program under unix - under normal circumstances anyway. Recently, I've had the opportunity to be exposed to the world of windows programmers.

I have a few things to say.

I'm sorry I have ever made fun of windows programmers.

I am sorry I ever made light of your work and accomplishments.

I am very sorry.

You guys (that's the windows programmers 'you') have to work under conditions I would equate to working in salt mines in 19th century.

Instability, cryptic non-transparent technology, mouse, good lord, everything is mouse-driven. I am in awe and amazement that given the environment and constant non-code-related problems you guys accomplish anything.

My hat's off to you. If I wore a hat anyway.

I just changed the time zone on my west-coast based server to eastern time..

It was really as a convenience to some other people not myself.. but dang it, it just feels so.. wrong..

This article describes pretty much how I felt when I opened my powerbook box..

Apple does pay wonderful attention to detail. The packaging, the products, everything is esthetic and pleasing. It's a lost art, pity.

A glass of nice, white wine and a new powerbook to play with.

I'll post pictures tomorrow once I figure out how to get my card reader to work.

It's pretty :)

About a year ago, I bragged about a linux box I have reaching a full year of uptime..

Guess what this one is about?

Two years! (well, yes, of course, same box).

[kasia@geddy ~]$ uptime
11:16pm up 235 days, 18:05, 18 users, load average: 0.25, 0.16, 0.11

Now to put that in terms of the older kernel that rolls over at 497 days..

[kasia@geddy ~]$ fup
11:19pm up 2 years, 2 days, 20:35, 18 users, load average: 0.01, 0.09, 0.08

[deity] bless whoever invented the ups!

mrtg is an extremely handy little graphing tool, contrary to its primary use (routers) I've been using it for graphing pretty much everything on my server and compiling a page of daily graphs to glance on now and then..

Sure, it may sound like a waste of time.. but the pretty little graphs saved my behind today..

Here's a graph image of my server's memory usage earlier today.. a perl script with a glaring bug in it caused this.. and would have probably caused a server crash if I hadn't noticed the increasing memory usage.

How hard is it to do this? Easier than making windows crash..

1. Download and install mrtg.

2. Create a small script to gather the 4 inputs mrtg is looking for.

3. Configure mrtg to call the above mentionied script and gather information and graph it.

That's about all..

If you promise not to laugh at my bad perl, you can take a look at my memory script here and the snipnet for mrtg configuration file here.

Posted in a forum about the 12-year old girl sued by the money-hungry RIAA cyborgs.

"Hey, if the little bitch wasn't stealing then she wouldn't be coughing up a couple grand to settle."

Something about hell, baskets, fried brain cells, conformity, not sure, but lots of words come to mind.

Impressive:

I accidentally ran over my PowerBook with my dad's SUV today.

It's not very often that someone gets to say that. But perhaps what's even more surprising is the fact that I'm writing this on that very same PowerBook. Hold a 12" PowerBook G4 and you can just tell it's sturdy. It's thin, but not flimsy, and the aircraft-grade aluminum case makes it feel like a lump of metal, rather than a sophisticated high-tech gadget.

Today, the original dslreports server was officially retired.

*sniff* I'll miss the little guy.

A friend purchased a brand new laptop recently (last week, very recently).. she plugged it in.. and wham.. it's infected with msblaster and won't stay up for more than 60 seconds.

How is this possible?

Simple.. windows XP comes by default with the firewall disabled and configured for dhcp.

"She should have patched it"

Well, yes, except before she had the time to open the windows update website it was already infected (hard to believe, I know..).

"She should have enabled the firewall first".

Actually.. she didn't know the damn thing was already online.. and even though virus protection was enabled, it was not up to date.. .

Ah, see, a trend.

Windows XP - not up to date.
Virus protection - not up to date.

How can computer manufacturers sell machines that are so obviously out of date on important security patches (more than a month for the patch that would have prevented msblaster from infecting the system).

"In this world of viruses and attacks people should know better"

No, you shouldn't have to spend a day patching a brand new computer you just spent $3K on just so you can take it online. That's wrong.. when will the consumers put a stop to it?

Next time you buy a computer.. and it's more than a month out of date on security patches.. call them, complain, demand a refund. If you can't use your computer thanks to a virus infection -- that's a defective product.

Someone should be responsible, and it shoudln't be the consumer paying $$$ for a product they cannot use without some serious work involved. If a car manufacturer sold a knowingly defective car.. they would be sued out of their pants.. so why is it that people put up with this crap when it comes to computers?

Stewart asked me about the netflix queue listing I used to have on my weblog.. (was a pain in the ass to maintain due to page design changes and expiring cookies, not worth the hassle) which made me think..

Wouldn't it be cool if you could get your netflix queue as an RSS feed? Password protected.. of course.. don't want the whole world to know the particular brand of pornography I enjoy.. (wink)

Some virus statistics.. To a mail server with around 800 users..

Week statistics:

Total msgs Received: 103730
Total msgs Sent:      15899
Spam:                   507
Misc Viruses:            81
Sobig rejects:         5473

Peaked on Wednesday.. has been going down a bit since.. but still coming in at a rate of over 1000 a day.

Flooding my bloody inbox.. I've gotten couple dozen copies of the damn thing before I put a stop to it by blocking it at the server level. It doesn't affect my pc, since I don't use windows, but it does affect my server resources, time and sanity (yes, it takes time to hit the delete button).

Postfix rocks.. and Steve has a tip on how to block the virus if you're using it.

Linux users may laugh at windows users.. but in reality we're all equally affected by these problems and insecurities. Maybe it's time to start attacking the real problem.. the idiots who write these things. You want to prove that windows is insecure? Give up.. it's been done.. thousands times over. It won't make your pathetic little life any fuller and it won't get you laid, it will just annoy the hell out of people like me. In other words, the people you really want on your side.

Rumors about new powerbooks being released in the very near future.. and since my new one is backordered.. I've decided to cancel that order and wait for the really, really new ones.

I just wish someone would confirm the gossip :)

I did order a new iPod today though.. 15GB.. ah, I feel like a kid again.. all these new toys.

A brand new 15" powerbook is making its slow way to my doorstep to serve as my brand new mobile computing unit to replace my rather old and quirky 400mhz dell mobile unit.

Neat.

Now these lovely people are hitting my site as well.. and my conclusion is, they're just grabbing recently updated weblogs from weblogs.com or blo.gs.

Mark is exactly correct as to how it's done.. (see comments in my previous entry), it's a fake img link back to the weblog they're targetting.. So the IPs are not bots.. they're real users of said sites.. maybe if I published a running list of the IPs, their users will get annoyed enough that they will stop this? Maybe?

Maybe if every targetted blog did?

First hit recorded is probably the coder/owner..

What an annoyance, referer spam bots (a whole lot of them) hit my friend's website.. resulting in over 7000 hits today from nearly 2000 unique IP addresses. All for about 25 domains. All porn sites, of course.. all but one. We expect slimy behaviour from porn sites, right? That doesn't suprise anyone.. but it seems a wannabe webhosting company akiraweb is using this lovely method to advertise their website. Not nice.. So looking for hosting? Go elsewhere.. anywhere else. Don't give these assholes a dime.

For those who are already filtering referer spam with mod_rewrite rules.. here's a few domains to add [text file].

And here's a complete list of their 1574 unique IP address for your hosts.deny file.. not like they probably don't have more anyway.. but.. what the hell.. [Nevermind, see my comment below].

I'm annoyed.. they've been going at it for hours and are not stopping.. so.. akiraweb is now getting all this spam traffic.. have a taste of your own medicine guys... Thankfuly, these are stupid bots.. they do follow redirect.. tested and confirmed, heh. At least that's worth a modemecum of amusement.

Complain to them about all those annoyings bugs here. I have a list.. I'll post it there as soon as enough noise opens up so I don't stick out like the sore, complaining, annoying thumb I am.

Just ask Jeremy.. he's listened to enough of my yim-for-linux rants by now.

"Oh look a link in a msg, let's click...[core dump]"

sigh.

[via Jeremy]

New worm out and its target is windowsupdate.com. Oh well.

Steve is doing analysis.. he's my tipster over at dslr.

It could be for a similar reason. I receive many emails from people asking me questions about something they found on my weblog.. or for help with various configuration issues.. I try to answer most of them, but sometimes I'm just too busy and sometimes the author is rude or didn't make the slightest effort to answer the question for himself.

I don't mind helping people.. and I'm always greatful to get a note thanking me for something I wrote, but I am a busy person and don't have the time (or inclination, really) to fix something for someone who isn't willing to at least learn.

So if you emailed me and haven't heard back, sorry, use google, or post a question in a forum.. someone there may have more time and patience than I.

Matt writes:

I'm in the process of learning to do everything I do on the computer without touching my mouse.

I love it when I'm good influence on my friends. I've been 'mouse-free' for years.. almost, technically I do use the mouse whenever I need to attack a ton of popping up aim windows at the most inopportune moments.. Say, when my laptop is hooked up to a projector and half the company is watching, that's usually a good time for a friend to take advantage of my forgetfulness (no aim when laptop in view of large groups of people on a large screen!) and practice better sexual harassment techniques on me.

Seriously, mouse decreases productivity.. if you can learn keyboard shortcuts (better yet, just use emacs, dude) you'll find you can work faster, easier and amaze local chicks with your leet text editing skills without touching a rodent.

While I'm talking about mice (mouses?).. point-and-click programming should be banned.. visual editors are horrible, horrifying and petrifying.

Updates every 5min.

Last time it went down, I was out white water rafting.. this time I was hiking..

Maybe it's a hint.. stop all this exercise crap and be a proper geek. Where are my potato chips..

Spotted in my logs..

12.221.111.178 - - [27/Jul/2003:13:15:41 -0700] "HEAD /logs/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello HTTP/1.0" 404 0 "-" "-" 12.221.111.178 - - [27/Jul/2003:13:15:41 -0700] "HEAD /logs/active/access_log?hellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello HTTP/1.0" 404 0 "-" "-" 12.221.111.178 - - [27/Jul/2003:13:15:41 -0700] "HEAD /access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello HTTP/1.0" 404 0 "-" "-"

As of today I am an (un)happy owner of a new windows box at work. That's right.. windows.. Thankfuly I don't have to give away my trusted linux box on which I do all my work currently..

So now I have to learn how to use windows all over again (it's been a while) and I get to re-learn Delphi (I haven't used it since version 3.0 and that was a long time ago). What was that? No ; before an else? Who designs a language like that!

It could have been worse.. it could have been Visual Basic.. the horror of horrors.

Oh, don't worry, I'm still a Java programmer, this is just a side trip.

I went white water rafting today.. a 4 hour drive to Pennsylvania.. (it was a ton of fun and sunburn). I had a feeling before I left that I should bring my laptop.. (I've 128K internet access through my cell phone, it rocks) but decided that's just too geeky..

So what happens? The nice server that's been working perfectly fine for months decides to go down causing several hours of site downtime.. and a whole lot of unhappy people trying to page me and failing (I was in the middle of a river trying to not fall out of the raft).. Couldn't have picked any better time but when the only two admins are both away..

I swear, the machines know something.. they spy on us.. how am I supposed to have a life when the computers are out to get me?

I was chatting with a friend, as I tend to do, and for one reason or another we started to talk about Delphi.. you bring up Delphi, of course Pascal comes to mind.. and Pascal was my first programming language in college (yes, I'm old). An old story came to my mind (as it tends to in my old age) and I remembered the very first computer I ever used.. I wish I could remember the model (does anyone recognize it?) This was back in Poland and I was 12 or so.. the year would have been probably 1985 (remember however, Poland in 80s was far behind on technology). A friend's father bought him an Atari computer. This thing had no hard drive or even a disk drive.. had to hook up a cassette player to load programs from .. and it had no operating system. What it did have was a pascal interpreter on an eeprom.. and that was my very first exposure to computer programming.

That's when I knew.. "this is what I want to do". Computer programming.. computer.. well.. something to do with computers. Of course, as a child back then it never occurred to me that people got paid to just, well, take care of computers and their users (it would seem as too much fun to be paid for!) so system administration didn't even occur to me. Programming.. however.. such fun! Needless to say I practically took up residence in my friend's house.. down to the point that our mothers became best friends out of pure necessity of talking about 'us kids'.

So what was your beginning in computers? If in fact you are someone who does something with computers.. I'm one of the lucky few to do what I always dreamed about.. how about everyone else? Is this something you always wanted? Was it accidental? Necessity? What, why and when?

It'll be interesting to see what others have to say.. here or in their blogs, I'm not picky, that's what trackback is for :)

Every now and then slashdot links to a story on dslreports.. this time around they linked to a very busy and long thread in the forums.. News stories are easy, threads are worse (much more heavy-weight and intensive on servers).. so it bogged down the servers a tad requiring me to balance traffic around and such..

Interesting tidbit.. A large percentage of the hits were IE users.. A very large percentage..

So.. uh.. slashdot users? IE? Come-on guys! So why all the Microsoft bashing?

I wanted to setup a simple cron job that would send an output of a simple file to a simple e-mail address.. something like..

tail -10 whatever.txt | mail -s "here's whatever" whomever@spamme.com

No, of course that's too easy.. when you use a picky postfix server that rejects addresses like, say root@hostname as invalid..

Back to the drawing board... Write a complex perl script or see if there's any way of doing this with a shell one-liner.. and this is where postfix compatibility with sendmail really pays off..

tail -10 whatever.txt | sendmail -f dumbass@localhost.com -s "here's whatever" whomever@spamme.com

Voila.. Reply-to is set, postifx is happy.. a one liner after all.

I'm a bit annoyed that I couldn't find a way of doing this with mail though.. Google failed me..

(yes, save your "reconfigure postifx" comments.. that's unnecessary and too much work)

Yahoo News:

According to the Web site, which had been taken off the Internet by Wednesday afternoon, hackers were urged to prove their skills by defacing as many Web sites as they could during a six-hour period on Sunday morning, Allor said.

Skills? What skills? Ability to run a script written by someone else? Give me a break..

Karl has a weblog and Karl just said what I've been thinking for a while.. go Karl.

Using linux on your desktop can sometimes be a lot like playing the lottery.. and for once, linux isn't at blame. This is about web browsing.

I use two browsers on regular basis

• opera - which I simply adore


• mozilla - I don't have too many complaints about it other than the fact that it's a memory hog (at the moment opera is using 23MB and mozilla over 70, I have more pages open in opera than mozilla)

Why am I using two browsers? Some sites refuse to work in opera, some in mozilla.. but typically I can get them to work in one or the other.. and half the time the only reason I can make them work in opera is because it can pretend to be IE.

I don't blame the browsers.. I blame IE (in other words, Microsoft) and lazy programmers.

Why Internet Explorer?

IE is very, very lose about html and JavaScript syntax. It will allow for all sorts of problems (missing </td> tags for instance) and JavaScript which is not formatted properly and shouldn't work does indeed work in IE. IE is also very good at hiding JavaScript and HTML issues from the user.

It can be argued that this is a good thing.. that may very well be true, but it is not a good thing when programmers and web designers only test their sites in IE.. unfortunately many do. So perhaps this is more of a programmer problem than an IE problem.. Microsoft is just an enabler.. sort of a broken-HTML-dealer.

Those pesky, lazy programmers.. I've seen plenty of sites that check a browser version and serve different pages to avoid those compatibility issues.. which is great, I suppose.. except half the time they only check for IE and netscape.. Hello.. there are other browsers in the world!

Then there are websites that proclaim "we only work in IE" and will not allow another browser to even view the site. Half the time those sites work just fine in Opera! One must wonder if those programmers are too dumb to test with other browsers or if they're getting paid to shun the linux and netscape users.

So, given that the conclusion of this little tirade is that many programmers are simply lazy or stupid I think someone ought to start a hall of shame for those websites that promote any of the above mentioned behavior.. I would but I'm too busy switching between browsers.

.. of the sex.com domain... down to shoot-outs with police..

.. is the beginning. No matter how many times I've done this - it never fails.. when I have to start a new project I hit a wall. It's not the lack of ability.. it's not lack of confidence in my skills.. it's just.. well, okay, I lie. It's usually lack of confidence in my ability to finish the project... heck, finish, I have a hard time just getting started.

The funny thing is, when I do get started it normally takes me about half an hour to get into the groove and just.. go.. everything comes together.. Code flows from 0 to 60 in less than 5 seconds... and I do have the ability to finish just about every project thrown my way.

So given the fact that in my short experience as a programmer I have yet to fail in a project, why such a disapointing lack of confidence at start?

Now, I know my typical entries are half-serious and light-hearted, this one isn't meant to be. This is something that bothers me.. a lot. I could be 30 times more productive if I could overcome this problem.. so why?

Steve has a righteous rant about commerce websites that do not allow dashes or spaces in credit card numbers. He's right.. it's stupid.. there is no security in that. It's nothing but lazy and sloppy programming.

Funnily enough, his hall of shame includes a company dear to my heart (err... wallet).. Tickets.com.. my employer.. I'll, uh.. mention it.. somewhere. *blush*

Apparently just run several hundred emails through spamd at once... Disappointing.

Linux is great.. I have this old, old machine that serves as nothing more than an obscure email and web server for a domain hardly anyone uses anymore, but hey, it sits in its own little place on a friend's business dsl line and does its job well. This box is now up to 624 days of uptime and we're all being supremely careful about it staying up.. Really, perimeter around it, alarm on power button and cables and all that.. (actually, just kidding, but I've grown to enjoy watching the days add up..).

This box is old.. P166 with a dinky little 4GB hard drive that's now ancient in computer years.. This is where the comment "linux rocks" comes in play.. see, old hard drives tend to start having issues.. This one is no exception and it's starting to have some bad sectors.. uhoh.. better be careful, right?

Well.. (can you stand the suspense?)

This past week the shadow file became corrupted.. okay, no big deal, nobody can login.. who cares.. my friend is known for sprinkling VNC windows with open root shells all over the place so it's easy to replace the file from backup using existing VNC session.

Well.. then the passwd file becomes corrupted.. that's a bigger problem the box is now bouncing emails. Oopsie.. Same open shell windows.. restore from backup.. no problem.

Unfortunately.. the files restored freshly from backup got written to the same disk sectors.. can you guess it yet? That's right.. corrupt again! Well, solution simple.. sprinkle some fake-o files in the naughty inodes and write passwd and shadow to a nice, clean, non-corrupted ones.. Go figure it worked.

Why does linux rock? Try doing things like this on windows and stabilizing the machine in the process without restarting! The ancient, little linux box is still up and running and happily adding up days.. well, until more bad inodes show up.. But this is why we have backups :)

It seems Jeremy and I are not the only ones who excel in ability to find information rather than stored knowledge..

Really, that's great.. all this time I thought I was alone with my dirty, little secret!

Oops, nevermind, turns out this was meant to be under wraps..

It's probably the coolest case around but man.. all that time!

Since from all of my E3 pictures the one with a nYKo booth-babe is most popular I thought I would add a picture nYKo sent me in an e-mail as well..

Enjoy!

Posted on cnet:

According to a statement from Microsoft, the company will license SCO's Unix patents and the source code. That code is at the heart of a $1 billion lawsuit between SCO and IBM, which is aggressively pushing Linux as an alternative to Windows in corporate back shops.

Hm.. this will not end well.

Scott is happily using linux on the desktop now... which is great. Everyone should do that.. Particularly those without any grey hair -- RedHat can take care of that problem quickly!

His entry from today brought out one of my minor linux-user-related pet-peeves. (One of very, very many, I assure you, but I don't really have the time nor the inclination to iterate through that list today.. not to mention I don't really mean to bore my readers to tears).

I'm sure everyone (really, I'm sure) who uses linux (unix, etc) on semi-regular or even occasional basis has used the

kill -9

.. command. You have? Stop it!

No, really.. it's bad. 9 is probably the most mis-used over-used and abused kill signal of them all.. Browser hangs? Kill -9 it, right! See? It's even a verb.

Why is it bad? Its translation into human language is essentially "kill with extreme prejudice".. which nine out of ten times is actually not necessary at all and a simple

kill -TERM

would suffice so the poor, abused application can do any post-processing it may need before moving into the underworld.. Using -TERM (or really just kill as it's the same thing) allows the program to do anything it needs before going away.. like cleaning up temporary files, removing stale file locks and other nastiness that can be avoided.

So repeat after me.. -9 bad.. TERM good.

History of Internet with helpful pictures..

They missed one major event..

1994 - Kasia gets a 486 and a modem -- discovers there are other computer geeks out there..

To put advertising in sqlplus quit message.

SQL> quit;
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production With the Partitioning, OLAP and Oracle Data Mining options JServer Release 9.2.0.1.0 - Production

I mean really.. we already bought it, we know what features it has, thanks though!

That's all that was wrong with my laptop.. a couple of screws on the back became loose and apparently that caused it to stop delivering current to the power supply.

Good thing there was no surge thanks to this.. discovered it as I was about to take it appart to take a look inside..

"hmm.. why are these loose.. let's tighten them and see.." doh.

Life is looking up :)

Tired of those spammers looking for formmail vulnerability?

My count for April is 138 unique hits.. this is one solution..

This formmail.php script will send a complaint report to a visitors ISP and/or just to you when a visitor triggers it in the following ways...[more]

[Link via Jeremy]

Long time ago in a blog far away (okay, not really, but on a different server) I whined about a co-worker's bracing style. Today, much to my delight we've come to a compromise!

He will stop using the horrid, evil, disturbing and annoying indentation and I will stop putting the opening brace at the end of the line. In other words, we'll both use the bsd style. My (rather questionable) sanity has been saved for a little longer.

Sorry k&r.

Beginning in May a new rule will be enforced regarding domain records, vnunet:

Under the new rules, domains with incomplete or incorrect records will be suspended for 15 days and then deleted if the records are still not amended.

What is the reasoning for this?

"It's similar to the number plate on a car. The DVLA has to have contact details for each driver so that if you're involved in an accident they can contact you," said Brown.

"In the same way, if a domain is involved in spamming or cyber-squatting, the owners need to be contactable."

Except, of course, the DMV database isn't easily searcheable by anyone with whois access (no, you need to pay some slimy company a fee to get that info).

Icann's efforts could be affected by the reluctance of owners to place their details on a public database, which could be 'harvested' and used by spammers and bulk mailers.

You think? I get an average of 30 pieces of spam a day to the email address associated with my domain record.. that's the only thing I use that email address for.. (apparently that only thing is spam, nobody has ever attempted to contact me about any of my domains).

How about the reluctance of owners to place their details on a public database because they fear for their privacy and don't want any random nutcase (like, say one that's been emailing them for 3 years with scary content that would indicate the person desperately needs psychiatric help) having easy access to their physical address!

Why is it that privacy is always the last thing on everyone's mind with these things.. it's not just businesses that own domains.

So reason is cybersquatting and spamming? Why not only apply it to those domains?

Wouldn't it be quicker and easier to query the server first? It's not windows.. such a waste of bandwidth.. (probably not their own anyway, but still).

24.91.103.152 "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
24.91.103.152 "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
24.91.103.152 "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
24.91.103.152 "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
24.91.103.152 "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
24.91.103.152 "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
24.91.103.152 "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
24.91.103.152 "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
24.91.103.152 "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
24.91.103.152 "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
24.91.103.152 "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
24.91.103.152 "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
24.91.103.152 "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 289
24.91.103.152 "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 289
24.91.103.152 "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
24.91.103.152 "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306

Many of us coders have a hard time deciding just what to use for a job title.. there are so many different terms that essentially describe the same job.. developer, engineer, programmer, coder, hacker.. In theory, anyway, they describe the same job. I'm sure many would argue against such simplification. but before you fire off an angry comment bear with me, please, I will explain.

What matters is how I introduce myself to people. It really varies vastly from situation to situation. Most of the time it's a simple "I write computer software".. which usually elicists a response of "aaah..." and a vaguely blank stare... When I introduce myself to one of my mom's friends I make sure to throw in a term "engineer" in there somewhere so my mom can stick her nose up in the air "see? My daughter is an *engineer*" even though she has very little clue about what I really do.. and frankly the idea of an engineer her friends probably have is about as close to my job as Moscow is to Bundtown, Tennessee.

"Why do you sit in front of the computer all they long like this? "
"uh.. mom.. " sigh.

The problem of what to call my job arrives when I talk to someone in my field. Another geek.. because everyone has their own pre-conceptions about what a programmer is and what (s)he isn't.

So after careful consideration of this problem.. well, okay, the reality is closer to "after having nothing better to think about during a boring meeting.." I've decided to define my terminology a little better. I write code for a living, but while I may have the same official job title as some other coders I know I don't really think I should be classified the same way some of them are because there are so many different types of programmers that one general term of "programmer" is just not descriptive enough to be useful.

So there is the term "programmer" -- easiest definition, of course, "one who programs". That is what I do, it's what we all (the general code-writing "we") do.. So this one's easy.. a programmer is someone who writes code.

Then there's "software engineer" -- "one who engineers software". Not every programmer is a software engineer.. in fact I would dare say that vast majority of programmers are not. We all know the type.. they write their code, they do a really good job, code is functional, it does what it should.. but that's where it ends. The finer points of design and esthetics escape them... they just don't think about writing software in those terms.. it's just a job to them. Those people who go the mile above and take time to think through design and would not be caught dead copy-pasting code without at least giving the thought to how it functions as part of the overall design are software engineers. They engineer, not just code.

Lastly, but not leastly.. there are "hackers" -- not in the definition made notorious by media (for whom geeks behind keyboards are not exciting enough.. they had to make them into dangerous masterminds) but in the original term of well.. hacking stuff together. I'm sure we all hack code every now and then.. In a hurry.. need to patch a bug in production version.. a hack is sometimes the only way.. but then there are programmers who never do anything *but* hack. Often solving some of the most complex problems and producing some of the most brilliant solutions that neither of the types listed above could ever come up with.. Unfortunately more often than not.. they're the only ones who can even understand the flow of the code.. so if such a coder gets hit by a steam train.. people left over to maintain their code are essentially screwed. I once attempted to work with such code.. it would have been easier to convert a catholic priest to judaism than to understand how this particular project worked. But it did work and well.

So going by above definitions.. I would have to say I'm a software engineer. Of course next time I introduce myself to someone and give them this entire spiel about how I define my job title they will be asleep by the time I reach the term "software". Maybe I should just say "I'm a professional geek". It's quicker.

.. of a geek..

It's Friday night.. so am I out on a fun date?
Yah right..

Seeing a movie?
Nope..

Bar hopping?
I wish..

So what am I doing? Trying to figure out a bug that's been bugging me for a few days.. this is where I should type "kill me now" but that's becoming such a cliche.. Sometimes I wonder if I picked the right profession.. of course anything else would probably be incredibly boring.

Routing traffic to a machine that doesn't realize it's supposed to accept that traffic will not work.

*sigh*

This is a little weird.. never seen this problem before on a linux box (or any other unix box for that matter) and I couldn't find anything on the almighty google.. (if you can't find it with google, does it exist?).

[root@ ~]# date
Thu Apr 3 21:54:41 EST 2003
[root@ ~]# ps -ef | grep ps
root 28932 28595 0 Mar20 ttypb 00:00:00 ps -ef
root 28933 28595 0 Mar20 ttypb 00:00:00 grep ps

Rebooting the box made it go away (eek, rebooting to fix a linux problem).. but it still bothers me that I can't find the cause for it..

Scott asks:

How much longer before Microsoft starts charging developers for the "privilege" of writing software for Windows? Pathetic.

It's not as outlandish as it sounds at all.. if you consider that game platform companies make up for their loses on hardware by selling software development kits for their consoles. Everyone's favorite, Micro$oft has sampled the 'charge for development' market with their xbox platform and I'm sure the accounting wheels are already turning calculating how they could capitalize on same with windows.

After all.. MS could claim losses on windows sales due to software piracy (that good-old equation when they think everyone who copied would actually pay for a copy otherwise).

Dave Winer says:

Here's an idea. Should Google take who's doing the search into account when doing its page rank work?

Considering that google already filters results based on location this isn't a particularly big step to take.. of course the difference here being that current filtering is done based on the domain the uh, searcher (is that a word?) used (ie: google.fr, google.de) not his origin. The same database is used to generate the results so it is very much related.

Now, the simplest solution would be to use some sort of database which geographically maps IP addresses, right? Wrong. Last time I checked one of those it located my San Jose-based server somewhere in Honduras. (No, it's an American ISP, really).

So given that IPs are not reliable for location verification (we all knew that anyway) how about a cookie? Great, more cookies... then of course everyone forever forgets to set one before performing the search.. so I can just imagine myself being frustrate enough to say "screw it" instead of doing the search again..

Hm, then again, doesn't pretty much anyone have an amazon cookie? Maybe google could just use that.. given that 90% (probably more) Internet users use IE and it's a given a new security hole will show up sooner or later it shouldn't be hard for google engineers to exploit that and read Amazon's cookie.

So yah, good idea, but will it be implemented? Given that it would require additional action from the user.. probably not as part of original google but rather as a google service (google restaurants! google movies!.. whatever).

It's funny to watch traffic slowly trickle down on one server and pick up on another.. but the sad part is that my ttl is set to 3600s.. and I made the DNS change about 12 hours ago.

Still seeing considerable amount of traffic on the old server.. that means there are quite a few servers out there that don't respect ttl settings.. that really stinks.

I've been watching my spam to see what's the highest rating spam assassin ever gave it.. this is the highest I found so far.
Who says spam can't be fun :)

Content analysis details: (41.90 points, 5 required)
MLM (0.9 points) BODY: Multi Level Marketing mentioned
EARN_MONEY (0.7 points) BODY: Message talks about earning money
JODY (2.9 points) BODY: Contains "My wife, Jody" testimonial
BANG_MONEY (2.2 points) BODY: Talks about money with an exclamation!
BULK_EMAIL (2.4 points) BODY: Talks about bulk email
ORDER_REPORT (2.9 points) BODY: Order a report from someone
FINANCIAL (4.3 points) BODY: Financial Freedom
SECTION_301 (1.1 points) BODY: Claims compliance with spam regulations
UNDER_BILL_1618 (4.3 points) BODY: Claims compliance with Senate Bill 1618
EXCUSE_3 (0.1 points) BODY: Claims you can be removed from the list
INVALUABLE_MARKETING (2.9 points) BODY: Invaluable marketing information
RISK_FREE (0.7 points) BODY: Risk free. Suuurreeee....
CANNOT_BE_SPAM (1.5 points) BODY: Claims "cannot be considered spam"
COPY_ACCURATELY (2.9 points) BODY: Common pyramid scheme phrase (1)
INITIAL_INVEST (2.8 points) BODY: Requires Initial Investment
BAYES_70 (2.2 points) BODY: Bayesian classifier says spam probability is 70 to 80%
[score: 0.7811]
REMOVE_PAGE (0.3 points) URI: URL of page called "remove"
NORMAL_HTTP_TO_IP (0.9 points) URI: Uses a dotted-decimal IP address in URL
SUBJ_ALL_CAPS (0.7 points) Subject is all capitals
RCVD_FAKE_HELO_DOTCOM_2 (2.8 points) Received contains a faked HELO hostname (2)
FORGED_HOTMAIL_RCVD (1.1 points) Forged hotmail.com 'Received:' header found
CASHCASHCASH (0.0 points) Contains at least 3 dollar signs in a row
FROM_HAS_UNDERLINE_NUMS (0.7 points) From: contains an underline and numbers/letters
PRIORITY_NO_NAME (0.6 points) Message has priority setting, but no X-Mailer

Some have emailed me asking what is it exactly what went wrong in my postfix setup. It's not actually anything I did wrong, it's that I misunderstood (or rather over-estimated) the way postfix works. I assumed it would differentiate between real (as in /etc/passwd) users and virtual (only lives in mysql) users for a local-delivery domain. It doesn't. A domain is either virtual or local can't have it both way.. so while it will deliver mail to virtual users configured for a local domain it will not write the files with the virtual uid/gid combination but use nobody/nobody instead as a lookup of the user in local passwd file fails.

I actually see this as a bug, since it *does* deliver the mail.. shouldn't take much more to enhance it to be smarter about who the user really is.. after all..

- exists in mysql = check
- doesn't exist in passwd = check
- user is valid = check

hmm.. gee.. maybe it's a virtual one.

This is only an issue with a domain configured as local, purely virtual domains do not have this problem.

Of course, I could be missing some big point here.. like an inherent security risk in this (I can't imagine what.. but smarter people than I wrote this).

Is postfix insisting to use nobody/nobody instead the virtual uid/gid when creating mail.. sigh.. I've checked every setting 1000 times by now and all seems correct including the entry in the db. Time to go outside before I tear all my hair out.

-rw-------    1 nobody   nobody        476 Mar 16 08:35 1047832514.V303I27c00b.cygnus
-rw-------    1 nobody   nobody        480 Mar 16 08:47 1047833231.V303I27c00c.cygnus

mysql> select * from users where address='test';
+--------------------+---------+---------------+---------+------+------+------------------+--------+-------------------+
| id                 | address | crypt         | name    | uid  | gid  | home             | domain | maildir           |
+--------------------+---------+---------------+---------+------+------+------------------+--------+-------------------+
| test@unix-girl.com | test    | nbzzN9gUKKwYw | testing | 3001 | 3000 | /data/vmbox/test |        | /data/vmbox/test/ |
+--------------------+---------+---------------+---------+------+------+------------------+--------+-------------------+
1 row in set (0.00 sec)

main.cf:
virtual_uid_maps = mysql:/etc/postfix/vuids.cf
virtual_gid_maps = mysql:/etc/postfix/vgids.cf

vuids.cf:
user = postfix
password = whatever
dbname = maildb
table = users
select_field = uid
where_field = address 

vgids.cf:
user = postfix
password = whatever
dbname = maildb
table = users 
select_field = gid
where_field = address 

Maybe it will come to me later.

(..and unix-like systems for the picky).

Can you spot the difference between the two? It cost me several hours of heavy searching as to why the hell postfix refuses to compile!

Line 1:

make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -m'

Line 2:

make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm'

This is the main problem with unix/linux/whatever *nix thingy you're using.. it's soo easy to make a little typo that will cause endless headaches as the errors returned are anything but pointing in the right direction.

Main issue I have: the first thing that comes to mind when something won't compile is incompatible libraries, missing libraries, gcc versions, etc.. who the heck thinks of a small typo at first?

Oh well. Moving on.

I should add.. while maybe on windows a small typo like this wouldn't be an issue.. there's a reason for that.. windows doesn't even give you the opportunity to mess up this way. Yay for linux.. the pain that it is sometimes.

I finally figured out what happened to my Internet connection.. no, it's not a regional outage.. it's just that the customer service people can't differentiate between e-mail problems and connectivity problems (can you please cycle your modem?). The outage in my area was for e-mail.. not connection.

Now since, all my neighbors have their cable tv (none of them have cable Internet that I know of) and all theirs works fine, that leave one choice (can you cycle your modem please?) .. especially since apparently there was a cable tv truck on my street yesterday morning.

Something that has happened once before and also left me Internet-less for a few days. (I need you to go to the back of your modem and pull the plug, count to 10 and plug it back in). Big clue: I do no subscribe to cable tv. I refuse to. I don't watch tv I have no intention of paying for it.

That's right, once again, (cycle your modem please) the cable tv division came by, saw my hook up (with filters so I don't actually get channels just noise) and pulled the plug. Guess what that disconnects? (now cycle your modem again).

Of course, a technician cannot come before Monday so i'll be going to the office to work this weekend (this couldn't have been at a worse time work-wise). What does customer service say? Please cycle your modem!

AT&T cable tv & AT&T cable Internet do not even talk to each other. One doesn't know what the other is doing, one has no clue what the other is doing, in fact I'm not sure one knows the other exists.

I'm feeling great after spending an hour on the phone with various customer reps trying to explain to them that cycling my modem will not create a signal on wire and therefore will not restore my connectivity.. yes, I realize some people that call in are idiots and I realize those customer service people get paid very little and know very little.. but honestly, cycling your modem doesn't fix everything. Maybe an inter-company memo explaining that people that have cable Internet are not necessarily stealing cable tv and need that line connected? Please?

Maybe this is just another of their tactics to get me to subscribe to cable tv. DIsconnect my Internet access every 6 months for a week at a time.

I wish I could get decent dsl where I live.

Spotted in my logs:

compatible; MSIE 5.5; Windows NT 4.0; Privacy is Required

That's nice, really. That's about all it means too.. what's the point?

Should I post his IP? :)

Who wrote the Courier configuration scripts because a unix programmer would know better than to presume he knows what the user wants better than the user..

configure: WARNING: === Do not compile Courier-IMAP as root. Compile
configure: WARNING: === Courier-IMAP as a non-root user then su to
configure: WARNING: === root before running make install. You must now
configure: WARNING: === remove this entire directory and then extract the
configure: WARNING: === source code from the tarball as a non-root user
configure: WARNING: === and rerun the configure script. If you have read
configure: WARNING: === the INSTALL file you should have known this. So
configure: WARNING: === you better read INSTALL again.
configure: error: aborted.

Not only presumptuous.. but arrogant as hell.. Of course, takes 10 seconds to hack it, but it's annoying nonetheless.

After few years of being careful with my web-space due to hard-drive-size limitations.. I think I can finally say I have space!

Filesystem            Size  Used Avail Use% Mounted on
/dev/hda3              72G  3.0G   65G   5% /
/dev/hda1              99M   17M   76M  19% /boot
/dev/hdb1             113G   33M  106G   1% /disk1
none                  756M     0  755M   0% /dev/shm

My new server is now plugged in and all fresh and ready to be configured, setup, played with and all the other fun stuff you do to a remote linux box that will host lots of web-related stuff.

I know everyone is just dying to know the config (yah right).. so here it is:

P4 1.7Ghz (one is all I need).
1.5GB RAM (a RAM fairy dropped off more than I ordered)
2 hard drives.. 80GB & 120GB (IDE.. SCSI would be nice but more expensive).

It's now happily sitting in the datacenter at a colocation awaiting orders.

I'll be moving this site to it sometime next week (I've lots of configuring to do first).

Thanks Jeremy, Steve and Jeffrey for all your help! You guys rock.

Is sitting in Jeremy's apartment waiting to be taken to the datacenter. Can't wait to play with it.

Here's some pictures of the server Jeremy took for me since I'm such a horribly impatient person and wanted to see it right *now*... There's the box, the server, Jeremy's shoes and a kitty cat. While that is my box it is not my pussy..

Opera releases "Bork" edition:

Two weeks ago it was revealed that Microsoft's MSN portal targeted Opera users, by purposely provided them with a broken page. As a reply to MSN's treatment of its users, Opera Software today released a very special Bork edition of its Opera 7 for Windows browser. The Bork edition behaves differently on one Web site: MSN. Users accessing the MSN site will see the page transformed into the language of the famous Swedish Chef from the Muppet Show: Bork, Bork, Bork!

Can't fight them with logic and fairness, beat them with humor!

After seeing one too many of my friends/aquaintances/online-buddies spend another evening at home debugging cryptic code written by someone else.. I say no more!

Time for action.

I present to you D.A.R.E.

Developers Against Ruined Evenings.

Tagline: D.A.R.E. to comment!

I'm sure this serves some legitimate purpose.. but it just appears so slimey..

NameProtect engages in crawling activity in search of a wide range of brand and other intellectual property violations that may be of interest to our clients.

Found crawling my site.. It does appear to respect robots.txt so in it goes before someone decides to sue me over using their name.

Programming is a tough field. To become successful as a coder one has to come in with knowledge, experience, ingenuity, quick wit and very good problem solving skills.

True, there are plenty of programmers out there who couldn't code their way out of a paper bag and will continue existing in a nine-to-five world for the rest of their professional lives drinking bad coffee and never writing much more than the mundane and boring.. but those people are not what I would refer to as "true professional programmers". They're.. just programmers.

The people I'm thinking of are the ones for whom programming is pure joy and excitement. They live for that moment of clarity when an incredibly complex problem becomes simple and solve-able with a few keystrokes and well placed braces. These are the *real* programmers. The ones who get to work on new and exciting things.. stuff that hasn't been done before.. They publish articles and gain admiration of other geeks worldwide. They get all the hot chicks too. Oh, alright that last one was a stretch.. and anyway not all great programmers are guys.

These people, these heroes of the computer world are probably the most abused profession in modern age. What other employees are not only asked to but expected to work endless hours of overtime without extra pay?

Have you ever applied for a job where the description included "50+ hours a week expected" ? I have. I'm a programmer.

In what other profession do people leave the office, drive home just to sit in front of the computer and work more, on their own time, getting no extra pay or even credit? Pull all-nighters on a regular basis simply because they don't want to stop working -- gotta solve that problem!

And in what other profession do these people not only do all this without a complaint but actually enjoy it!

We truly are the suckers.

I suppose the best compensation is that we actually do love our jobs and hell,most of us get paid pretty damn well. Even if it doesn't include overtime pay.

I like my profession.

You wake up in the morning, prepare the clean clothes to put on after a shower and a network card dongle falls out from between them..

How did it get there? I wish I knew. I blame the cats.

Jason:

For quick changes, or making the same changes to a handful of files and I don't have Emacs up and running, vi is the weapon of choice. vi also seems to be good at very large files.

For long coding sessions where I am in the compile/edit/debug cycle, I prefer Emacs. What do you prefer?

The exact same thing! I do a fair amount of system adminstration (most of it outside of my day job) and emacs just seems horribly silly to load for a script edit. However, for my daily hours of Java programming (as in my day job) vi would never do.. if nothing else (oh, believe me there are plenty of reasons) one cannot write JDE extensions for vi!

Interesting rant.

Hm, well, I'm not nearly as cool, my taste in clothes sucks and I spend my life in front of the computer wearing hole-covered jeans, but I do have to agree on one point. Indeed the best guys I've ever dated were programmers and others assorted computer geeks. I discriminate against windows users though.. we just don't speak the same language.

What is the purpose of this site?

The hacker FAQ

The following list is an attempt to cover some of the issues that will invariably come up when people without previous experience of the hacker community try to hire a hacker. The author is seebs@plethora.net.

I don't normally run mod_ssl so didn't pay attention.. but if you're running it (and RedHat gives you mod_ssl by default, yucky yuck) and have openssl v 0.9.6c or lower.. you're vulnerable to .cinic worm. So go patch up.
May I just add.. RedHat is a pain to patch if you don't use an rpm..

I had to reboot my cell phone today. It sounds funny, but honestly, it's not. It's a brand new phone and I spent several hours inputing all my telephone numbers into it -- I really don't want to have to get a new one.

It was happily charging itself.. then I noticed the battery meter was not changing.. so I unplugged it.. it continued to show the little blinking battery light as if it was still charging.. Opened it (it's a flip phone - Motorola T720) -- the pretty blue light didn't come on and no display.. *sniff*.

Pressing buttons didn't help.. power button non-responsive.. time for a reboot.

Battery out, battery in, turned on okay. Here's hoping this isn't a symptom of something breaking.

*fingers crossed*

It's 2003, high speed Internet access has been around and available to many of us for over four years now. In computer years - that's a lifetime.

What has changed in those years?

In 1999 Slashdot was just a wee website where geeks liked to exchange news that interested them - not the mecca of geekdom capable of nearly DOSing a site by simply linking to it that it is today. DSLReports was a small site Justin ran on his home DSL connection, not the powerhouse of broadband information it is today. In 1999 DSL was new, mythical technology capable of delivering high speed Internet access into our homes at affordable prices. Those were the days when paying $300 a month for an ISDN line seemed like a good deal.

What about today?

In a new poll on dslreports nearly 60% of voters admit to being a former customer of a failed broadband provider. (Poll is in progress, numbers can shift). Even with new technology -- that is a pretty high failure rate.

It's pretty obvious something isn't right.. for four years we've been paying under $50 a month for broadband.. but broadband is failing. People (me included) are complaining about increasing broadband costs.. and they have increased. Gone are the days of $30 a month cable connection and $40 a month DSL line. Providers are capping download speeds, limiting monthly bandwidth allowances and disallowing VPN access on residential accounts... and the prices are still rising.

Is the cost really rising though? Maybe we were just spoiled by years of artificially low costs.. and now they're stabilizing. In 1998 I would have gladly paid $100 a month for a 128K ISDN line.. why am I complaining about a $60 a month 1.8KB line in 2003?

In Asian countries (Japan, Korea) broadband pricess are significantly lower than US.. and falling. I wonder, though, if this is only because of the obvious territorial differences (smaller countries, denser population, cheaper to connect) or if they are just starting to go through the artificially lowered costs we're now leaving.

I wonder how this will all look in 2004.

No, not that kind of date.. Really. Just wanted to make a post at 1/2/3.

Yah, I missed the time and edited it in movable type.. so sue me.

Someone really should start a website containing locations of coffee shops with wireless internet access. Should be able to locate them by zip code, street address, state.. etc. with maps would be helpful.

Unless someone already made one of those and my google searching skills really stink.

I've a linksys wireless router and a pcmcia card in my laptop. There appears to be a bug in the card's firmware -- or it could be the redhat wireless driver.

When transferring larger files, the router floods the card with information at a higher speed than the card can accept and the expectant result is of course an overflowed buffer.. at which point the card has to be reset otherwise it just fills up system logs with error messages and nothing works..

I found a temporary solutions.. which is to limit the transfer rate at the router to 2MBps for wireless and it no longer happens.. slower wireless is better than a card reset every time I want to transfer files to/from my laptop.

Permanent solution? Maybe get rid of bloody redhat on my laptop and put a real linux system on it.

Error (for reference): (kernel ethx) Error -110 writing Tx descriptor to BAP

Traffic graphs for a site affected by a smurf attack yesterday.

Anyone who has ever brought up a dos-formatted file in a recent versions of emacs may (or may not have) noticed that you no longer see the ugly ^M characters at the end of every line.. That is because emacs automagically switches to "DOS" mode for your convenience.

Which is great..

Unless you're trying to get rid of the bloody ^M's easily without going outside of emacs to do it. Then it becomes a pain.

It becomes a bigger pain once you realize there's no easy way to figure out just how to get out of that "DOS" mode.

Well, after long searches.. it's been found.. there is a magic variable that will switch you back to the good 'ol mode that will show off all those ugly ^Ms for your M-% convenience.

inhibit-eol-conversion

So to set it..

M-X set-variable<RET>
inhibit-eol-conversion<RET>
t<RET>

To make it permanent put
(setq-default inhibit-eol-conversion t)
in your .emacs file.

Copycoditis

Main Entry: copy·co·di·tis
Pronunciation: "kä-pE-co-'dI-t&s
Function: noun
Date: December 19, 2002
: inflammation of the programmer caused by a previous programmer copy-pasting code from another source without actually bothering to read or check what said code does. May also include inflammation due to comments from copied code no longer applying to new code yet left in for confusion purposes.

Usage:
"Why is this method deprecated? Oh, it's just copycoditis.. ".

Possible cure:
A large clue-by-four applied repeatedly to the offending programer's head.

I have to learn PHP for this little project I'm doing.. Resisted it until now but I suppose it's time to get assimilated.

Picked up this book. It looked informative enough.. so hopefuly it's a good one.

The kernel upgrade I wrote about yesterday turned out to have gone well after all. The new kernel booted up fine and is completely happy and cheerful. Why did I complain then? I couldn't connect to the machine.. and today I found out why.

This is a dual CPU, dual network card (on-board) rackmount server. It's really a quite nice machine. The only problem is we're not using both network cards. It's a server, not a router and we only need one of them.. so only one is connected to the network. So far so good.

Why couldn't I connect to it after the reboot last night? Quite simple, the wrong network card came up as eth0. The one not connected to a life-giving, data-bit-flowing network cable. Which would explain why I had some trouble connecting to it. It's really not wireless.

That's the problem. The machine randomly assigns eth designations to the two cards on reboot. Sometimes one is eth0, sometimes the other. That can become a problem when only one of them is actually hooked into a live network. Particularly when I do not have local access to the machine.

The only logical explanation I could come up with is something like this..

The linux kernel assigns the eth designation to network interfaces based on the nic's IRQ -- unless they're ISA cards, at which point one has to tell the kernel what to assign where.. but these are not ISA cards. The IRQ is assigned to the card at bootstrap based on the position (I'm really guessing a bit on this one, but it's an educated guess). There is either a bug in how the IRQs are assigned, a bios misconfiguration (I don't have local access, so can't really check easily, remember?) or because both cards are the same make/model/revision it gets confused and assigns the IRQs rather randomly. I find it hard to believe that this would be by design.

At least according to Joel.

I'm doomed.

I must have done a hundred of them.. of course the first time I do one remotely the machine fails to boot... and it's at a data center.. couple hours drive away..

I thought Friday the 13th was last week? Am I stuck in a time warp?

It's not particularly hard to keep morale low, but just in case someone is not sure how to accomplish this, here's a couple of pointers:

• Keep adding and changing requirements on a project that's in last stages of development.
• Don't allow schedule changes despite changing and additional requirements.
• Spend lots of time complaining about really minor visual and setup issues when a project is still mid-development.
• Schedule end of development right around Christmas holidays which in combination with additional requirements and no allowance for extended schedule should assure your employees have no time for Christmas vacation.

I think that about should do it..

CORE Advisory.

Looks like a nasty one..

Status: Vendor confirmed, firmware upgrades are available for some
products, others are still under development.

Severity: High (exploit code, server root compromise, significant
deployment, attacker must entice victim, mostly home user issue).

What is it about unix geeks with ssh access that scares corporate policy makers so badly?

I work from home sometimes.. it's easier than dragging myself into the office on the weekend to fix some bug I'd like to have fixed by Monday.. Since I'm a unix user (home and work) I prefer, very much so, to use ssh instead of VPN.. but in order to test my code I need to be able to hit a webserver.. so of course the solution is tunneling ports via ssh..

Well, no, apparently I cannot do that.. because that's a "security hole". This is so sad it's not even funny.. Anyone with an vpn account can do all kinds of nasty things on the network but knowledgeable people (there's maybe three of us) trying to work using ssh are denied the most basic of tools.

*fuming mad*

This was working the other day.. once again it got turned off.. (not the first time this happened).. not just turned off.. my session killed in the middle of working!

Edit: I should clarify, it wasn't my ssh access that was shut off - just port tunneling was disabled on our ssh box.

When I finished writing my previous entry, I remembered an article that Justin wrote nearly a year ago after he came back from Japan.

All the nifty features that Japanese phones had back then are just now available in the US (in fact, I can find most of them on my new phone).. hm, so maybe I was wrong, we're only a year or so behind Japan, not three..

Nice perspective, I remember being awed by all the cool stuff Japanese cell phones had and ours didn't.. I wonder what they have now?

Specifically, new cell phone.

I visited the local Verizon office the other day to see about switching my plan to one that doesn't charge roaming charges as soon as I set a foot outside of Connecticut (or to be more accurate northern east coast). It seems the new plans are not offered on old cell phones like my old, trusted Motorola Star Tac that I've had for three years or so. I didn't really intend to get a new phone, but what the heck, might as well go for a new gadget.. and since I'm getting something new, might as well get something that's only three years or so behind Japan.

My new toy - Motorola T720.

The color display is kinda cool, the sound is really quite good for a cell phone (8 bit sound card, I think) and everything can be voice-controlled, which I really like for those times when I want to dial when driving (yes, mom, I use a headset).

The battery doesn't last very long, so I spent another $50 on an extended battery that gives me about an hour and a half more of talk time (for about 3 hours total) and some impossible amount of stand-by time.

What I like the most - and this is probably something that's been around for ages, but my old cell phone was just that.. old.. - text messages come with a return address and an easy way to reply. On my star tac they just showed up as phantom-messages and I had to figure out who they were from if the sender didn't sign them.. That can lead to some funny stories to tell your grandkids.

I'd say the phone was definitely worth the extra money it costs.. ($100, after a $100 trade-in rebate).. of course now I have two more years of a Verizon contract.. but heck, I've been using them for six years now anyway.. (back when they were Bell Atlantic around here).

An informative article in Linux Magazine from Steve. Go pick up a copy. It's good.. I know.. after all, I reviewed it :)

Congrats Steve, good job.

According to this newsfactor story, a new study has been published by Aberdeen
Group that claims open source software is more insecure than Microsoft software based on a count of CERT reports in the first ten months of 2002.

Obvious fault in this study that comes to mind is that they're pitting what amounts to a number of open source projects against a number of Microsoft products.. as everyone should know these numbers are highly unequal. An accurate comparison would be to compare a typical server setup with linux and other open source software against a typical Microsoft server and then compare the number of reported vulnerabilities.

I registered, read the "study".. It's a one page report listing CERT report counts. Not only are they counting *all* of open source projects but they're also counting all variants of unix packed into one big headline of "linux is insecure".

So who is this Aberdeen Research Group is and why they're publishing this so-called study?

From their Terms and Conditions:

These sponsored reports, white papers, and supplier profiles provide analysis that may be useful in support of internal technology planning processes, sales training programs, and external customer education programs.

Hmm.. key word.. "sponsored". I wonder by whom?

Certain Aberdeen research activities, and the resulting research documents, are funded by Aberdeen. Other research activities and resulting documents are partially or completely funded by retained consulting relationships or sponsorships with a vendor or multiple vendors. Our documents and Web casts include a statement disclosing sponsorship.

Ah, I see.. I wonder who sponsored this study as the promised statement is not on the report.

Authors of this well-researched (they just used CERT reports) and well-thought out (heavy sarcasm) report?

• Jim Hurley -
  Prior to joining Aberdeen, he was responsible for providing several technology suppliers with insight into buyer needs, and with guiding several successful mergers and acquisitions.
  
  In other words: Marketing Guy


• Eric Hemmendinger -
  Prior to joining Aberdeen, Hemmendinger was a senior product marketing manager with a major systems supplier where he was responsible for a wide variety of strategy, product positioning, and product launch activities. He also has in-depth experience with the design and production of complex commercial and military ships and ship-based system
  
  Hmm.. another marketing guy.

Trustworthy study.. that.. FUD, nothing more.

Incidentally.. for an IT research group they're not very well versed in web technology:

Registering on Aberdeen.com will place a cookie on your CPU that will identify you whenever you access free research in the future. We will not ask you to re-register unless that cookie is no longer available.

One must wonder just how they will place a cookie on my CPU.. and you have to re-register if you lose said cookie? These knowledgeable technical guys can't run a database? Sadly, people will read this crap and believe it too.

That's an understatement. This bloody thing was not made for development. I'm not sure what exactly it was made for.. but it's sure as hell is not debugging Java code. .

Weblogic 4.5.1 was crummy, but at least you could run it in debug mode and it only crashed about 4 or 5 times per debug session.

Weblogic 6.1 amazingly enough got worse. Does Bea not expect people to debug their code in a debugger? Not only is it painfully slow (painfully doesn't begin to describe this) but it core dumps every 10 bloody minutes.

So, let's see.. we have..

1. Slower than molasses.
2. Core dumps at the most inopportune moments.
3. Takes forever to start up without a debugger even attached to it.

Why are we using this instead of JBoss again?

*phew* I feel better now..

Good list from Krzysztof.

One thing I feel needs to be added: Format your code well. Make sure it's easy to read and understand. Comment where needed but don't comment obvious things it makes the code harder to read. If editing someone elses code, format consistently with the original author.

An interesting article on wired.

A survey on e-mail churn found that merchants lose half of their online relationships with customers when those customers change e-mail addresses when they change jobs, switch ISPs or when their inboxes become too stuffed with spam.

I've had the same e-mail address for hm, 6 years or so. Acutally, I'm cheating, it's just an acm forward to whatever my current address happens to be. Things to do: renew my ACM membership before they cancel my forward.

[via: Teal Sunglasses]

Not only is it wrong to claim someone elses words as yours, it's also really stupid to do it when a quick google search can confirm you are indeed not the author of whatever it is you are claiming to be the author of..

My referrer log pointed me to this thread where a person is claiming to be the author of one of my recent entries.. "Types of programmers". I can guarantee, that this amusing posting was typed straight out of Robert Cringley's book..

It's a new, studio sanctioned, Internet-based movie rental service. It debuted today..

Interesting concept, good idea, but probably not the best execution. For one, I think $2.99 to $4.99 to rent a movie that you have to download yourself is a little steep.. After all, Blockbuster only charges $1.99 to $3.99 and provides the movie on a neat, consumer-ready disk. Sure, no late fees.. but what if you want to watch the movie again the next day? Netflix doesn't charge late fees either and it comes out relatively cheap per movie if you watch at least 5 or 6 a month.

Two, it's windows-based only. That will cut out many potential customers.. especially considering that the mac and unix users tend to be more on the bleeding edge of technology than windows users.. so that's a big loss right there.

I think it's a good idea.. just not the time for it yet. They would have to specialize, find their niche.. Maybe foreign and indie movies you can't get elsewhere.. If all they cary is typical, mainstream, Hollywood blockbusters they will not survive long.

Seem to be pretty popular.. so far we have..

1-11 - Scott's original entry.
12 -21 - my entry.
22-34 - Tony Steidler-Dennison
35-47 - again from Scott.
48-54 - Brigham Toskin

Last night I was working on a machine that does not have lsof installed and wanted to find out what pid was holding a certain socket open.

Jeremy told me that fuser could do this. I never knew that... apparently neither did any other *nix geek I asked (work and friends).. how odd that nobody seems to know about this one.. but anyway.. for future reference, before I forget..

Works on linux not on solaris and hpux.
# fuser -n tcp 80

Will list pids which are using that port.. nifty..

output:
80/tcp: 945 9063 9064 9065 9066 9067 9072 9073 9074

On my way to work this morning I was listening to NPR, as I usually do, and heard a segment on the declining numbers of female students entering the computer science major.

I'm sure they are correct in their observation that the numbers are indeed declining, I'm not going to argue that. I am however finding myself disagreeing with their reasoning behind this decline.

One thing in particular that I felt was an erronous conclusion.. the amount of time young boys spend playing video games as opposed to young girls.

I do agree that most video games are geared towards boys, I don't agree that this has anything to do with the probability of a child's future interest in computer science.

Much is talked about how encouragement in the young age leads a child to pick a particular field in the future. I'm sure there is truth in that, I'm not sure this is actually a good thing... I was not encouraged to be an engineer -- it's not a feminine field and my mom is a classic 'old world' mother.. The future occupation she had in mind for me was something a lot more mainstream -- journalism. I am my own example of when encouragement into a certain field doesn't always work.. and if it did I'm pretty certain I would be very unhappy in the profession my mom felt was best for me.

That's one example.. another is a friend of mine who has an MBA. He was strongly encouraged by his parents to go that path.. and in his early 30s decided to go back to school and study what he really wanted.. as working in his profession made him very unhappy.

I suppose what I am trying to say.. if a girl wants to become a programmer... she will.. encouragement or lack thereof has little to do with anything. What children should be taught is to be true to themselves and do what they really enjoy.. not what their parents think is best for them.

Parents don't always read their children's interests objectively.. and sometimes hang on to them for too long.

Yes, there is a decline of women studying computer science, no, I don't think this is something to be concerned about. It will naturally right itself as new generations choose the fields they really desire, not the ones society deems acceptable for their gender role.

I'm getting a new machine at work (my old one keeps crashing, yuck) and got approval to put linux on it instead of our company-standard win2k. I'll be the first employee with linux on the desktop, yay.

All our documentation is in Word format, but that's not a problem since open office works just fine with Word docs.

This will have quite a few benefits for me.. aside from the obvious one, no more windows.

• I'll no longer have to use XDMCP to run X desktop from our sun server on my NT box -- less network traffic.
• I'll work on the local machine, not the sun server -- less stress on that machine (it's shared with a few of my co-workers)
• I"ll never have to see the BSOD again!

I'm sure I'll think of some other ones later..

Scott posted "11 Signs You Need a De-Geeking Intervention". Cute and unfortunately all too familiar.

I see your 11 and I raise you a few more.

12. You own at least three computers and none of them run windows (ok, this one is actually a big plus)
13. You know what SMP stands for.
14. You approach an attractive member of the opposite sex and your best pick up line is "Can I recompile your kernel?"
15. The line works, they take you home and you actually do recompile their kernel (no metaphors here)
16. You read, understood and liked The Cryptonomicon
17. When someone asks you which languages you know, you list C, C++ and perl or Java
18. You think the idea of a halted linux firewall is really cool.
19. You're still reading this and your eyes aren't glazed over.
20. You find the above qualities attractive in a member of the opposite sex
21. You read my weblog

Sadly, I qualify under all of them.

I'm definitely a hippie programmer.. no doubts there.

The truth is that there are big differences in techie types. The hardware people are radically different from the software people, and on the software side alone, there are at least three subspecies of programmers.[..]

Forget about the first subspecies, the lumpenprogrammers, who typically spend their careers maintaining mainframe computer code at insurance companies. Lumpenprogrammers don't even like to program but have discovered that by the simple technique of leaving out the comments--clues, labels, and directions written in English--they are supposed to sprinkle in among their lines of computer code, their programs are rendered undecipherable by others, guaranteeing them a lifetime of dull employment.

The two programmer subspecies that are worthy of note are the hippies and the nerds. Nearly all great programmers are one type or the other. Hippie programmers have long hair and deliberately, even pridefully, ignore the seasons in their choice of clothing. They wear shorts and sandals in the winter and t-shirts all the time. Nerds are neat little anal-retentive men with penchants for short-sleeved shirts and pocket protectors. Nerds carry calculators; hippies borrow calculators. Nerds use decongestant nasal sprays; hippies snort cocaine. Nerds typically know forty-six different ways to make love but don't know any women. Hippies know women.

In the actual doing of that voodoo that they do so well, there's a major difference, too, in the way that hippies and nerds write computer programs. Hippies tend to do the right things poorly; nerds tend to do the wrong things well. Hippie programmers are very good at getting a sense of the correct shape of problem and how to solve it, but when it comes to the actual code writing, they can get sloppy and make major errors through pure boredom. For hippie programmers, the problem is solved when they've figured out how to solve it rather than later, when the work is finished and the problem no longer exists. Hippies live in the world of ideas. In contrast, nerds are so tightly focused on the niggly details of making a program feature work efficiently that they can completely fail to notice major flaws in the overall concept of the project.

Robert Cringely "Accidental Empires".

Slashdot posted a link to the court decision regarding Microsoft.

I grabbed three of the documents (FinalDecree.pdf, Lit11-1.pdf, Statesord.pdf) from Scripting News as the court's server has already been 'slashdotted' therefore nearly unusable.

At a quick glance, it seems they've left enough loop holes that MS should merrily go on its way as a monopoly in the operating systems market and only disclose windows API to a chosen group.

I'll read it in more detail when I'm not at work.

My cell phone service provider, Verizon is switching its web services to MSN. This means I *have to* setup a hotmail account.. I've been trying to delay this as long as possible, but it seems I cannot do that anylonger. Got my 'final notice' in e-mail today.

What does a hotmail account mean to my cell phone? Lots and lots of spam. Wondeful, can't bloody wait.

So anyone who has my cell phone email address.. it will no longer be valid soon.. e-mail me for the new one. Something @hotmail.com -- not sure what yet.

Another question.. what the heck is this butterfly doing to this man's crotch?

.. and rely on ping's output for your app to work.

Excerpt:
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2023ms
rtt min/avg/max/mdev = 2.430/2.445/2.470/0.059 ms

Notice there is no "packet loss" but just loss? There is also no "packets received" just "received" and round-trip is now just rtt and now we have time and mdev now how nice.

Do they just do these things to break other peoples programs?

I don't know about other programmers.. but it never occured to me to standardize the output of my code that's destined to be human readable in order to keep some third party application supported. That's just too funny.. (okay, so I'm easily amused)

Now that I just installed tcsh on my gentoo box I feel that my setup has been completed -- everything else is decoration. I have pretty looking gnome, refresh is (finally) at a pleasant 85, my scroll mouse scrolls and my sound card is ready to play horrible sounds embedded in web pages.

I probably recompiled the kernel few times too many -- I concluded it's best to compile usb support in since I have a usb keyboard (I don't intent to attempt recovering my system w/o a keyboard if a module
doesn't load - Jeremy), other than that I think it went pretty smoothly.. except for the episode with my network..

It's funny, really.. see I crimped my cables maybe 4 or 5 years ago.. back when I was still relatively clueless about the finer things in networking. I used a cute, little colour scheme.. something like..

WO O WG G WB B WBR BR

This worked well for me over the years.. with my old 10BT hub.. I bought a switch/router (the wireless one I mentioned here). My network stopped working.. to my credit it didn't take me long to figure out it was the cables.. Because full duplex fast ethernet needs...

WO O WG B WB G WBR BR

LawMeme:

SearchKing, Oklahoma's premiere parasitic link-farm, is suing Google for tweaking its PageRank algorithm to lower SearchKing's scores.

One might hope this one gets thrown out pretty quickly.. but then again our legal system isn't exactly known for its favouring of logical thinking.

[via: slashdot]

Today was payday.. payday means I can go out and spend some money without feeling particularly guilty.. so I went to CompUSA (yes, I know, but this is CT nothing else here) and bought a WAP and a wireless pcmcia card.

They happened to have a sale on the Linksys wireless access point/router/switch for $99 so it seemed like the obvious choice (I was planning on buying a Linksys wap anyway).. and a Linksys pcmcia wireless card for $60. Not a bad deal at all.

Configuration under linux was a snap and within 5 minutes I was able to get online wireless.. sweet.

Now the bad news.. Apparently the network card I have in the desktop pc (orion) on which I'm installing gentoo doesn't like the new Linksys router. It semi-detects it (sets itself to full duplex) but that's about it.. DHCP doesn't work, static config doesn't work.. yet it works happily with the old 10BT Linksys hub I have. I do have a spare netgear card lying around somewhere, so I'll just replace it tomorrow.. don't really feel like doing that tonight, but this puts my gentoo install off by a day.. It is more than halfway there already, but don't really want to finish it without Internet access.

On the bright side, I'm typing this while lying in bed :) Wireless rules.

Installing gentoo on my desktop today.. so until that's done and over with I'm left with only a laptop as a tool of communication with the outside world.. (well, that and telephones, cars, humans, but those don't count).

If I don't come out in the next several hours, someone come and save me from pulling all my hair out. I don't think I'll look all that great with a big, red, bald head (red from all the hair pulling, see).

-- Update time --

One hour later: Still doing a backup.. what you thought I did that before anouncing a new install? Nah.. that would make too much sense..

8:15PM Started the prep process for compiling.. I wonder if this will be done by tomorrow on my dual 600mhz system..

10:30PM: bootstrapping finished and compiling began.. so that took about 2 hours 15 minutes.. this will take a lot longer.. probably 6+ hours..

8:00AM: It appears to have finished compiling over night.. tonight, kernel!

.. if you live in the US of A.

Thank you DMCA, for bringing absurdity into our daily Internet-based lives.

The Register:

Red Hat has struck a small blow against the DMCA, by publishing a security patch which can only be explained fully to people who are not within US jurisdiction. The company's position here seems to be not altogether voluntary - according to a spokesman "it is bizarre, and unfortunately something Red Hat cannot easily do much about," but like it or not Red Hat has been recruited to the campaign to make the DMCA look ridiculous.

The information I provided (which was just public ping plotter data, nothing internal) is getting misrepresented elsewhere.. I can't allow that, so I'm taking this down.

CNet news:

Tickets.com spokeswoman Melissa Zukerman acknowledged the problems, but said that some fans were able to get through and buy tickets. She likened the Web site problems to fans trying to buy tickets over the phone to a popular concert and getting a busy signal.

"(Giants) fans were very anxious to get tickets," Zukerman said. "The bottom line is that the tickets were sold out."

Ping Plotter graph from Steve.

"Tickets.com sucks" -- Craigslist took the page down, but I was so amused by it I went through the trouble of grabbing a screenshot from my cache.

The Scobleizer:

I did get to the "buy tickets" page three times, but each time I clicked purchase tickets it put me back into an error page that kept refreshing. Not a good experience at all. Big events will continue to happen and it just isn't a good way to sell tickets this way. I wonder if anyone wrote a script to try to get through.

That wouldn't work.. the problem here was just too many people trying to access the pages..

P2P is the source of all evil. At least that's the impression one might get from reading this USA Today article.

Beginning a dialogue about online habits can be difficult, even when kids are receptive, says Anne Collier, creator of NetFamilyNews.org, a weekly online newsletter. "It's too hard to explain to Mom and Dad what they're doing online, and it's just daunting. ... Even though more parents are becoming aware of file sharing, it's still not top-of-mind for them."

Okie dokie, this is such an important issue that could not possibly be covered by like, giving the kid a set of values and morals while growing up.. nope, this is the modern birds and bees talk..

"Sit down junior, we need to talk. Have you heard of the bits and bytes?"

[via: dslr]

Someone apparently is attempting to do some hacking using the comment posting ability in blogs.. (and apparently a really poor and misguided attempt)

In this entry.. this is the code he attempted to execute:

xxx<?php readfile("/etc/passwd") ?>xxx

Apparently he attempted the same thing on Ask's blog since he came to my site through a comment I posted there.

Since he's so nice as to try and get my /etc/passwd file I might as well be nice and post his IP address 63.89.29.6 which is in a block owned by Lally, Mcfarland & Pantello who have a really hideous website.. (they own the whole class C 63.89.29.0.. someone playing at work?)

Someone tell this guy MT is not php.. but even if it was php (of which I know next to nothing).. would it really be *this easy* to get the passwd file? I really don't think so.. but I could be wrong..

Okay, after further reading, apparently it is that easy to get the passwd file using php unless it's run in safe mode.

These are really cool..

"Balcony"
"Belvedere"
"Ascending and Descending" (a personal favourite).

[via: jwz]

I use my credit card company's (who shall remain un-named to protect the stupid) online bill payment system. Went to make a payment today and they added additional security.. Now not only do I have to provide them the last four digits of my social security number when making a payment, but now they also request my mother's maiden last name as well.

How utterly ridiculous.. I know.. this is just in case someone hacked into my account and wants to pay it off for me.. right? Gee.. god forbid something like that should happen..

To access my statement online all I needed was my credit card number and last four digits of my social security number.. wouldn't you think this is the point at which they would like additional security? Furthermore.. if I need the number to access the statement.. what else are they protecting my account from? Obviously someone already has the most valuable commodity.. as in the number itself, if they got this far.

I swear this is an obsession with me now..

When I wrote this entry, I was the number one hit on google for search fix google. I was still the number one hit yesterday.. (I did say I'm obsessing about this.. ).. today.. I'm not even registering on that search.. I've looked lots of pages back.. nothing! Search for 'fix google kasia' (no quotes) registers an old entry of mine as a first hit (from back in August) but not the one that was number one hit just yesterday.

All my other rankings have not changed.. I'm still the number one hit for 'porn clerk stories' and 'python in the nutshell' and other searches I whined about here.

In fact, putting in a sentence from that entry registers nothing at google now.. this is something that was ranked as the first hit on google yesterday.. now it's not even indexed?

This is pretty weird.. I'm starting to think someone at google is playing with this manually.. how's this for conspiracy theory slash paranoia? Someone please tell me there's a rational explanation here.. I just haven't thought of it?

[ref: Irony defined]
[ref: Somebody fix google]

While everyone else with a weblog is complaining their google ranking has dropped mine seems to have soared ever higher. I've been trying to come up with a logical explanation for this and failed.. The only possible difference I can see between my site and others is that I do not actually call it a 'weblog' 'blog' or anything of the sorts.. well, other than in the url anyway.

Is it possible that google's fix to not rank weblogs as high is as ugly as that? I hope not.

[ref: Irony defined]
[ref: Somebody fix google]

I've been busy. My laptop is now running RedHat 8, now before everyone goes off screaming "what? Redhat???".. I just didn't have the time or inclination to attempt installing gentoo on a laptop.. I needed something up and running so I wouldn't have to use win2K, so yes, RedHat. It's pretty.

Here's a picture of the laptop with RedHat, better than the previous one, no?

Speaking of newer linux, thanks to the magic of using a newer kernel I can now use my card reader (for my digital camera) under linux.. very cool.

I named it andromeda, my desktop is orion. Speaking of my desktop, it was just the power supply that blew (ref: this entry), I had a spare, replaced it and all is well *phew*.

Something interesting in Connecticut for once.. I might just go out of curiosity.

[via Scripting News]

I think I need to clean up my bookmarks more often.. found this: "Csh Programming Considered Harmful" post from 1994!

excerpt:
The following periodic article answers in excruciating detail the frequently asked question "Why shouldn't I program in csh?".

woohoo..

Someone pointed this out to me today.. Search google for fix google.

I actually wrote them an e-mail today.. I don't know why this bugs me so much, but it does..
I mean, come on.. number one hit for nanaimo bar?

[ref somebody fix google]

Mark's boss wanted him to stop writing. He didn't, and now he has a resume and this post.

I don't know if I would have the guts.. I'd like to think I would.. but honestly, I don't know. Thankfully my boss is not a pompous ass.

Mark also has a cool cat.

Go Mark.

Nice write up in Jeremy's blog.

I've only used it on Linux.. and have been really happy with that result so won't be trying FreeBSD any time soon, but it's good to know Linux was the right choice :)

I get an amazing amount of google hits.. it seemed high, so went and looked in the logs.. Google is giving me an impossibly high rating for things it really shouldn't.. I mean, I understand why I'm #1 hit for "kasia", that makes a certain amount of sense.. but some of these.. ugh..

Here's some examples.. (there are a lot more like these):
python in a nutshell - number 1 hit over O'Reilly's site for a book of that title.
apache virtual host config - number 1 over apache.org
true porn clerk stories- number 1, over the site that hosts the damn things.
mysql auto increment - beat out mysql.com documentation..

I do know that blogs skew google ratings.. but I suppose the more people complain the sooner they fix it? I'd much rather have the google engine that works as it should (or used to) than more hits. Here's hoping they're working on this.

Catching up on my blog reading.. so doing an 'everything' entry ala Jeremy.

Database refactoring
Awesome.. via Mike.

Jan..
is coming to New York. Don't fall into a tourist trap, Jan.. forget Central Park and the former world trade center site.. go see some real New York.. Lots of good stuff in the village and brooklyn.

Steve..
Update your bloody weblog..

Sys-admins
From The Fuzzy Blog an entry about sys-admins and what makes them professional.

"They don't make you feel stupid".. well.. Sometimes that's not easy. Good example from my days as a sysadmins (yes, I crossed over to the darkside and am a programmer now but used to be one of the legions of hard-working, hard-playing, stupid-joke-cracking sysadmins).

A user once came to me claiming his monitor broke.. "how?" "nothing displays" "did you change anything?" "no, didn't touch anything, I swear!". Okay, see, this is where you can make a user feel stupid with impunity, because he just broke rule #1 "you fiddle with something, you say what you did and save the poor sysadmin countless hours of trying to figure out what the heck happened.". Of course he changed something.. he set the resolution to 1600x1200.. with a 15" monitor that won't work very well.

Chicks dig...
Mark says that they dig OSX.

My t-shirt disagrees. It says that chicks dig unix. Then again, maybe it's just an all-encompassing category..

Today, this chick digs cold medication *cough*.

Ask talks about keyboards and key remapping. This is really a topic dear to my heart.

I'm a unix programmer. I do most of my work in emacs (rest in xterms) and that means I use the ctrl key quite heavily. In my previous job I was lucky enough to have my own Sun machine with the properly placed ctrl key (where the caps lock is on the PC keyboard). Not so much luck in this job. I have a pc (yuck, yuck) which I basically just use as a dumb terminal and make an XDMCP connection to a Sun eserver and work on that (open windows, teehee).

When I first started working here I started to have pains in my left hand. This is scary to someone who types for a living.. if I can't type, I can't program. Turns out the culprit was the incredibly bad design of a PC keyboard. Think about it, which key do you use more often, the caps lock or the control key? Who in their right mind would put a key that's used heavily in a position that is awkward to reach when touch typing and causes the little finger to be twisted in an unnatural manner. I've remapped my keys (Ask has directions on how to do that in his entry) no pain ever since... (my computer at home has had remapped keys for years).

These keyboards look pretty good.. unfortunately I never had any luck getting used to an ergonomic keyboard. I can type really fast, but not on one of those keyboards.. can't quite figure out why that is.

Now the happy hacking keyboard is what I really want to get.. Too bad I can't quite justify spending that much money on a keyboard just now..

One of the things I've been pretty busy with at work is making sure our code is no longer Oracle specific. We want to be able to dump a copy of MySQL on a box and test on that.. since administering a copy of Oracle just for a team of 4 people is asinine.. (right now we share Oracle with another team, we step on each others toes a lot).

So in the process of doing this I discovered the only copy of our schema definition (it's a big one too) lives in Erwin. Yuck. So it's either create a version for MySQL in Erwin (no way, no how am I doing that) or a flat file SQL script. Of course this is about hm, 3K lines or so.. a maintenance nightmare.. not to mention having to maintain two separate definitions of the same schema.. one for Oracle, one for MySQL.

So this is the idea my boss and I discussed: A tool that will store the defintions of tables, views, primary keys, indexes, etc.. and the same tool will either create, update, drop, insert.. whatever is required to keep a schema in synch with a definition. This way I can make it non-database specific, as the tool will know which db it's working on. Schema look ups become simpler as only need to use grep.. and only one copy of the defition needs to be maintained. Need to create a new copy of the db? Just run the tool.. Neat, no?

There is really no accepted standard for SQL. That's a big problem.
There's an "agreed to" standard but that's not really the same as having an actual standard.

By allowing things like:
"DELETE table WHERE id=42"

Oracle is creating a legion of programmers that don't know any better and sprinkle SQL like that in most of their code. That's bad. Bad Oracle.

Proper syntax should be:
"DELETE FROM table WHERE id=42"

Another reminder that S in SQL does not stand for Standard.

Of course without going open source..

In this article...

The MVP initiative will be a big part of Microsoft's efforts to promote a sense of "community" among users and developers, connecting its own product developers with the users most in touch with product issues.

It's a good start.. but you will not create a sense of community by being elitist.. "Yes, you can see our code, but only if we deem you worthy" is not going to cut it. The reason why the open source community is as tightly knit as it is lies in the idea that everyone is important.. Everyone has something they're good at and can contribute.. even if it is only a comment on the layout of a user interface.

This isn't going to help Microsoft develop a sense of community.. the users they are targeting already are deeply involved in 'all things M$' otherwise they would never gain the 'coveted' (I say this very loosely) title of a 'MVP'.

Once again, Microsoft is copying something they don't understand..

I would give them credit for at least attempting to be more open, but I cannot do that with a clear conscience.. I can see the business thinking behind this, and it's not to benefit the users.

Edit: Derrick has a pretty good commentary on this. (via inluminent)

Friend Of A Friend.

I created a basic foaf profile. Not really sure yet if this is good or bad.. it's kind of cool.. of course right now I'm pretty lonely in there, but just learning all about this idea..

If anyone wants to be listed in my foaf (not sure why would anyone want to, but what the heck, at least I won't look so lonesome) drop me a note.

foaf links for your reading pleasure:
What it's all about.
Find profiles or get yourself listed - I haven't done this yet.. still debating if this won't end up just another marketing tool for someone (like spammers...).

More reading in Mark's blog from whom I got the idea.

Saw these two entries in my apache log..

GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.1
GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.1

My first assumption "new MS exploit?"

Actually.. no.. Google search provided an answer:

These requests are generated by someone using IE with Microsoft Office installed. IE will query the server to see if it supports web discussions. This query will only happen if the user has the discussion bar turned on. The discussion bar appears by clicking the "Discuss" icon or View-> Explorer Bar-> Discuss. The bar is off by default.

Go figure.. it's a feature.

I wanted something to pick a random image for my blog but didn't want to spend more than 5 minutes on it.. so this is what I came up with..

Yes, I know, I could get fancy, use perl, size the images on the fly.. etc.. etc.. but I just don't feel this is worth all that effort :)

It's a very stupid little JavaScript that takes lots of assumptions and took me literally 2 minutes to write, but heck why not share it.

The script itself:

<script LANGUAGE=JavaScript>
<!-- JavaScript begin

  function pickNum() {

    var rval = "";

    var n = 9999; 
    var i = 0;

    while(i == 0) {
       i = Math.round(Math.random()*n);
    }

    if(i < 10) 
       rval = "000" + i;
    else if (i < 100) 
       rval = "00" + i; 
    else if (i < 1000) 
       rval = "0" +i;
    else 
       rval = i;

    return rval;
  }

  var img = "<img border=\"0\" " +
   "src=\"/photographs/random/" + pickNum() + ".jpg\">";

// end -->
</SCRIPT>

To use it to display an image in the page.. just use this somewhere in HTML:

This is on linux (obviously), v 0.99.19-beta.

Started it, signed on fine.. but couldn't see any text in IMs at all.. including my own. Nicknames, fine.. text, nada.

Restarted yim.. didn't help, next X, didn't help.. rebooted (oh, the humanity), nothing...

I got tad annoyed at this point.. installed a fresh version.. same problem.

Aha, those famous problem solving skills kicked in and looked inside . ymessenger.. hm, all the files (history.dat, menu.rc, messages.dat and preferences) had a size of 0. I guess something got corrupted and yim just doesn't handle that well.

Removed ~/.ymessenger/, reinitialized it.. (changed my yahoo password as I managed to forget it) and now works fine.

Annoying.

One of my linux boxes (geddy) that serves as a mail/web and shell server for about 15+ people has been up for a full year.. yay.. (RedHat, kernel 2.2.16-22 oldie but works)

[kasia@geddy ~]$ uptime
2:57pm up 365 days, 13:31, 22 users, load average: 0.16, 0.05, 0.01

My sun box at work is up to 334 days.. catching up..

Looking for that special geek girl? There's hope!

I can't tell you how many times I've been at work and one of my fellow engineers will start talking about compiling source code, or using rpm to install a package on linux and all I can do is think about how bad I'd like to "rollback his segments"

(no, I didn't write that, seeing someone use rpm has a reverse effect on me)

.. more from craigslist

(via K. Kowalczyk)

These are great..

Programmer: "What do you mean, I can't initialize things in an assert()?"

I'm busy redoing our database classes to not be oracle specific.. ran accross this gem:
"SELECT MAX(NVL(COLUMN_NAME,0)) + 1 NEW_VAR FROM TABLE_NAME"

Which creates a new variable, select a max on a column, sets that value on a new variable and returns that..

Which accomplishes the same as this:

"SELECT MAX(COLUMN_NAME) FROM TABLE_NAME" + add 1

which is not oracle specific and more efficient on top of that..

Literally..

Reading this entry in Jeremy's blog made me think (a dangerous proposition at any given time).

These graphs are pretty frightening, particularly when you're a programmer. Makes me wonder whatever happened to all those people?

I know.. They're busy complaining they cannot find a job that pays them what they used to make during the dotcom boom.

Case in point.

Not too long ago we were interviewing for a senior engineer position. Granted, the position required lots of experience, good skills, etc.. The one thing we were mostly looking for, however is basically someone bright. Someone who can think on their own and has years of experience to draw on. Pretty basic idea.

One of the candidates we interviewed was a guy with a very impresive resume. Worked for all these big consulting firms. Drove up in a big, white SUV with leather seats (so I check out the cars they drive in, so sue me, you'd be surprised how much you can tell about a person by the car they drive). Wore an expensive, Armani suit. My boss got to interview him first... I was next. Sure, impressive resume.. on paper. Not even the most basic unix skills (one of our requirements, we run unix, duh).. actually.. I really don't think this guy wrote a decent line of code in his life... On top of that, horribly arrogant and seemed rather disturbed that he had to interview with me.. some chick with a Polish accent and obviously not half the years of experience his resume brought with it.
After the interview concluded (I didn't like this guy one bit) we discussed it.. turns out he asked for an exorbitant salary... all based on the fact that he spent all these years consulting... but.. skills on paper and skills in reality didn't seem to match.. The worst part is, I really do believe he was asking for a lesser salary than he was used to making. I wouldn't pay this guy $20 an hour if I had to hire him..

Needless to say he was not hired.. we hired someone with a less impressive resume but a much better head on his shoulders. He didn't even wear a tie to the interview. (Actually in my book that's a big plus)

The point I'm trying to make.. During the dotcom bubble, programmers were spoiled. There weren't enough of them to fill positions in all these newly opening companies and that resulted in huge salaries paid to people who, by my standards, aren't even qualified for junior positions. Having a degree and an Armani suit does not make one a good programmer.

Having worked as a consultant for $200 an hour does not make one worth the salary.

Teachers make pitiful salaries compared to what an average software engineer makes.. why can't we be happy with what we've got..

"There was software development long before there was copyright for software at all. There are software developers who don't rely on copyright as any part of their incentive to develop software... "

Well said.

Yes, I read those, who doesn't? Some are interesting..

These are for my site for this month. These are from last month.

A couple struck me as needing sharing.. one has to wonder..

what to wear under tanktops so sweat won't show
engineer fashion sense [isn't this an oxymoron?]
mating animals thumbnails
kids ballbusting [this sounds pretty sick..]
java goddess [they found the right place!]
marketing sucks software engineer [tee hee]

I think most people are just bored =)

Ask Bjoern Hansen writes about colour modes and disabling them.

I like colours in emacs when I write code.. it's very handy, but outside of that purpose (syntax highlight) they're just annoying. Particularly in xterms... (unalias ls takes care of that).

Newer linux distributions come with vim configured for colours as well... I only use vim when doing quick edits, system administration, that kind of thing.. syntax highlighting is *highly* annoying.. I've yet to figure out a way to actually disable the damn thing (I haven't really looked) but one nice thing I discovered.

If you set your TERM environment variable to VT100, all the annoying colours disappear. Really!

tee-hee

http://www.lindows.com/lindows_screenshots_mseula.php

Can someone please explain this this to me? Has the world gone mad?

The Greek government has banned all electronic games across the country, including those that run on home computers, on Game Boy-style portable consoles, and on mobile phones. Thousands of tourists in Greece are unknowingly facing heavy fines or long terms in prison for owning mobile phones or portable video games.

This feels like some bad Tom Cruise movie!

The Greek government introduced the law in an attempt to prevent illegal gambling.

They saved the country from all those 9 year olds gambling their milk money away on a vicious game of pocket Mario Bros... I hope Bush doesn't read this.. he may think this is a good idea!

So is a standard installation of windws now illegal in Greece? Solitaire!

As I noted couple days ago I am now running Movable Type using mod_perl. It runs nicely.. apparently it can run better when you follow the actual instructions!

Kasia reading and following documentation? Hey, stranger things have happened.. What's next.. commenting my code?

Compiled webalizer and now I have an hourly cron job generating cute (if relatively useless) site traffic statistics.

Webalizer is pretty cool.. written in C, quite fast and definitely cheaper than Web Trends (tm)! (Free is my favourite price...).

I'm having a tad of a problem getting it to ignore my own domain as a referer though..

I just got mod_perl running and my Movable Type is now executing under mod_perl.

It's a *lot* faster.. 3 times at least.

Here's the apache config I put in..

<IfModule mod_perl.c>
       <Location /mtype>
            SetHandler perl-script
            PerlHandler Apache::PerlRun
            Options +ExecCGI
        </Location>
</IfModule>

Now this isn't the best way to do this.. since it involes moving all static pages (images, docs, stylesheets) out of the mtype location.. I'm looking into doing it in a more elegant way.

Huge difference in speed!

This is pretty interesting..

The authors are studying Internet filtering in countries worldwide, including restrictions on Web access in China. There is no master list of blocked sites that we (or, from what we can tell, anyone else) can access. Rather, we test "twenty questions" style, asking about individual URLs, whether based upon a domain name or an IP address.

I have three domains registered with them using the same account. One of them expires in January 2003 and I have just received a renewal reminder for it.. 6 months early. I'm quite sure they will continue to send monthly reminders, they did that last years.

This one (unix-girl.com) expires in 2 days.. and I've yet to see a reminder.. at all.

Both domains are registered using the same register.com login and the same biling information, credit card, e-mail address, etc.

This makes me wonder if perhaps someone has not made an offer on my domain (they do have that after-market domain resell "make an offer" thing) and register.com is hoping I'll just let it expire? Wouldn't be hard at all to script something like this.. "domain_expires < 30 days = dont_remind_to_renew".

....or maybe it's just my paranoia kicking in..

I've been trying to figure it out for a while. I always assumed the length of presence online and 'linkability' of the site played a major factor.. I changed my mind.

So far as I can tell.. it's based on a combination of.. (in the order of weight)

1. Overall ranking of the site with other search terms.
2. Frequency of site updates.
3. Page title.
4. Quantity of use of the search term in the text of the site.
5. Site stability (if your site goes down often, you won't find it ranked high at all).

It seems.. if some of the terms get you ranked high.. you'll rank a lot higher for others as well. There's a definite connection there.

What doesn't matter at all?

• Meta tags. Go figure.


• How long your site has been online. Takes about a month for google to start giving you high ranks.

What do I base this on? Just my recent experience with a new domain and re-location of my site.

Who knew?

Steve has a good tip about that.

Hey, enable trackback Steve!

Looks interesting.. like perl w/o the hacky-aspect of it..

On my list to learn now.. (if I ever find the time).

ActiveBuddy won a patent on IM bots.

ActiveBuddy was granted Patent No. 6,430,602 which covers the method and system for interactively responding to instant messaging requests and the company said it would move swiftly to enforce the patent, a move that is sure to create a brouhaha in the bot developer space.

Why are we allowing software patents again? This technology existed long before ActiveBuddy was a dream in some slimy marketing bastard's head.

Using a Long type in Oracle causes pretty slow persistence. Now I'm not sure if the fault is with our Oracle config (I'm not a DBA, don't know too much about it) or if this is something normal.

Did a test on it today.

2030 characters inserted into a 'long' column 268 times, average: 3.58s, min: 3.23s, max: 6.27s.

Using same server and a CLOB type 268 times, average: 0.43s, min: 0.22s, max: 1.98s.

Odd, no?

Someone I know is starting his first job in the IT field, so to provide him some basic training I directed the poor sucker to the bofh archives.

In my sysadmining days, they provided me with hope and good advice. Passing it on.

Just how many ports does one application server need?

grrr....

more later..

I have an Amazon account, who doesn't? For a reason, I wanted to log out of it today. This is when I discovered there really is no easy way of doing that! Out of all the commerce web sites out there, one would think Amazon would know to provide their users an easily accessible logout button. They have been around forever and pioneered many technologies now used by many commerce web sites.

There's a "view cart", "wish list" "your account", "help" and some marketing thing on top.. but where's the "logout" button?

On the main page.. there is an obscure link:
Hello, Kasia Trapszo. Explore what's New for You today. (If you're not Kasia Trapszo, click here.)

Which leads to a page allowing someone to log-in as someone else.. but nowhere on that page does it say "Hey, this is how you logout!".

I looked in their help..
Nothin on the main "help" page.. but if you click on the "more" option for "using your account" section.. There it is.. "Signing out".

Now this page has a logout button.. and only took me three clicks to get there! Lovely..

This helpful text explains:
If you are using a public terminal, you will want to log off, or sign out, before you leave the terminal. To do this, click the "Sign out" button below. If you don't see that button, visit our home page and click the link that reads "If you're not [your name], click here." On the next page, leave the e-mail and password fields blank and click the Welcome tab at the top of the page. Once you have done this, your name will be removed from the home page, and your 1-Click ordering settings will be inaccessible to anyone using the same terminal after you.

Couple problems with this.. following the directions listed above (don't enter email address etc..) does not provide visible feedback that you have been indeed logged out..

It does however log you out. What is wrong with this picture? To further complicate and confuse users, the "your account" page looks exactly the same whether you're logged in or not.

Now why can't they just put a "logout" button on top of the page like every other commerce site known to mankind? My cynical side makes me think that they purposely do not want people logging out.. that one-click ordering makes thing nice and easy.... more sales.. more money.. but really, doesn't that cost more in the long run as customers complain?

I am hardly a novice Internet user and it took me about 5 minutes to figure out how to log out of my account. I shudder to think what my mom would do when faced with this dilemma at a public terminal.

I caught this ip address going through my site today:

Name: MTL-ppp-154163.qc.sympatico.ca
Address: 65.94.40.185

Example:
65.94.40.185 - - [07/Aug/2002:18:26:34 -0700] "GET /blog/archives/000004.html HTTP/1.1" 200 5618 "-" "Java1.3.1_02"

At a rate of about 60+ requests a minute...

Hmm, dial-up ip, identified as Java 1.3.1 (home grown, obviously) requesting my pages at this rate.. I'd say it's someone up to no good.. I'm guessing it could be a spammer looking for e-mail addresses.

I denied him access.. either a bad guy or a complete moron.. If you're trying to spider a site, you do not flood it with requests!

Time to put in an automated script that will take care of this for me in the future..

Edsger Wybe Dijkstra: 1930-2002

Professor Edsger Wybe Dijkstra, a noted pioneer of the science and industry of computing, died after a long struggle with cancer on 6 August 2002 at his home in Nuenen, the Netherlands.

Dijkstra enriched the language of computing with many concepts and phrases, such as structured programming, separation of concerns, synchronization, deadly embrace, dining philosophers, weakest precondition, guarded command, the excluded miracle, and the famous "semaphores" for controlling computer processes. The Oxford English Dictionary cites his use of the words "vector" and "stack" in a computing context.

I remember memorizing his algorithms in data structures class... Computer science community lost one of its top members yesterday :-(

dontlink.com has a list of websites that don't want to be linked..

Uh.. okay!

As I was re-reading my rant from Friday night, I realized I missed the most important point I wanted to make.

Don't take yourself so bloody seriously... life's too short for that.

A friend sent me this article today.. I realize it's a bit out of date now, but I feel a burning need (no, I don't need to see a doctor, thanks) to respond to this.

I must say I pretty much disagree with everything stated in that article. Now of course, the author has her right to feel the way she does.... here's my view of it.

It is true, there are far fewer females in technical fields. It's not a traditionally female profession and girls are more inclined toward more "liberal arts" oriented fields. We all know that, it's not new information by any stretch of the imagination. What bothers me is the suggestion that we need to somehow "fix" that. What is so wrong with a field that's dominated by men? Why isn't anyone demanding that more women should be encouraged to become truck drivers or construction workers?

I really do not understand the need to somehow make the field "more equal" to both men and women, it's artificial and will not benefit anyone.

Said in the article:

Here are some measures which may help foster an analytical mind-set in children -- especially, but not only, girls.
.
[see the article for the list, it was too long to post here - k.]
.

I fail to see where any of the activities listed are specifically more beneficial to girls over boys. It sounds to me like they would benefit any child, not particularly one destined for a technological career.

Only a very few of my generation happened to be brought up this way (thanks, Dad). It remains to be seen whether the proportion will increase over the next couple of decades.

I'm the proof that nurture does not prevent a girl from interest in science and computers. I was brought up in a classical "girly girl" fashion and my mom wanted me to become a journalist.. not a hacker.

A quick straw-poll of hackers suggests that the reason for wanting more women in the field (hormonal urges aside) is that it is felt that they would bring a different perspective and generate new ideas.

Isn't this a tad of a contradiction? The whole demeanor of the article seems to lead toward the idea that it is the nurture which influences who people become, not nature. In that case, this reasoning is moot.

Do we want to change hackerdom to suit females at all? Or do we want to change female mentality to suit hackerdom? Both involve fairly massive social upheaval, and there is no way to tell whether either of them will be successful in the long run.

Why the constant need for change? Is there something wrong with the community the way it is? Are females not accepted? I've worked as a programmer (and a system administrator before that) for a number of years. While I have encountered sexism in my career, none of it was from the hacker community. In fact, I always felt the hacker community is more accepting toward differences (gender, race, age, etc) in people than our society as a whole.

Women will become more drawn toward this field with time as it becomes more socially acceptable for them to be interested in science and technology. It is not the hacker community that needs changing, it is the way society thinks of a woman's role. Remember, only 50 years ago women were mostly just seen as mothers and wives. Forcing an equilibrium has been proven over and over again to not work.

Forming the female hacker community
In the last year or so, I've seen several attempts to do exactly this, and been involved in at least three. The most active and recognizable of these groups is Linuxchix, a group formed by Deb Richardson as a forum for female Linux users.

.. but isn't this doing exactly a reverse of what this complaint is about? The author complains about the lack of females in the male-dominated hacker community.. so creating a female-dominated community is the fix? I thought we're striving for equality.. not segregation.. Another contradiction.

It was mentioned earlier that the skills at which women typically excel include UI and psychology, language and communications, and group interactions. In conjunction with a solid grounding in technical subjects and hacker culture, female geeks may be able to use these strengths in an as yet largely unconsidered field: that of integrator, leader, and facilitator. Social skills which may be a barrier to hacking may in the end turn out to be what is needed to give direction and support to a project. In particular, the "bazaar"[2] style of development prevalent in the Open Source/Free Software community could greatly benefit from the input of technically-literate females, even if they are not actively producing world-shaking hacks.

This is offensive to me on many levels.. More contradictions in thinking.

To women I say: Use these skills. Don't write them off as "non-hackerly". Don't presume that they're unrelated to technology or hacking. Don't think that they're not needed to bring a project to maturity. And most of all, don't discount their value to the Open Source/Free Software community.

I can agree with this to a certain extent.. with one change: get rid of the "women".. try "people".

The author is seemingly asking for equality and equilibrium, but in the way she expresses it she insults me, as a woman and me, as a computer geek.

Forcing this issue will only anger some and create mediocre programmers out of others... Society will naturally right itself, as it has been doing for the past 50 years.. I resent the implication stated in this article.. and I am a geek chick.

About a year and a half ago, I was playing around with Tomcat source trying to customize some things (work, don't ask). Well, I merrily forgot all about that, until today...

I attempted to get a newer version of tomcat running on that same machine.. it kept giving me really odd errors.. Couldn't figure it out, until I ran a trace on what it was doing.. Low and behold.. It's using the old hacked-up source I haven't touched in over a year instead of its nice, shiny new jar files.

rm -rf and problem fixed.. but in the meantime, several hours of debugging nightmare..

In case someone didn't think there were enough reasons to fight the DMCA, here's a new one..

Brought to you by The Register.

Hewlett Packard has threatened to use computer crime laws and the controversial Digital Millennium Copyright Act to muzzle a group of security researchers who unearthed a flaw in its Tru64 operating system.

The threat comes in a letter to SnoSoft from HP Veep Kent Ferson warning that the security researchers "could be fined up to $500,000 and imprisoned for up to five years" for its role in publishing code that demonstrated the vulnerability, CNET's Declan McCullagh reports.

Why do software companies seem to think that their customers ought not have the knowledge of dangerous exploits? Who is that protecting? Certainly not the customers.... Image is not *that* important.. just look at Microsoft..

I suppose if HP's intent is to alienate the technical community[0], congratulations, mission accomplished.

Makes me ill to think I used to recommend people buy HP printers..

More info on BugTraq

HP is just being plain stupid..

[0] - ugh, what kind of stupid term is that anyway.

I've forgotten about it's existance.. but pornolize.com is quite possibly the world's greatest invention.. I know, crude and rude, but funny as hell :)

Here's one of my recent entries pornolized..

Jerking in the motherfucking rain is cool!

Now I'll go do something good for humanity to balance out the bad karma of riding wet balls.. mea culpa, mea culpa..

Let me just say.. migrating from weblogic 4.5.1 to weblogic 6.1 is pure and complete and utter hell.

Thank you for listening.

(Think John Lennon)

Imagine there's no classes,
It isn't hard to do.
No objects to send messages
No references too
Imagine all the methods
Static and you've got C.
O-ho you might say that that's a nightmare
And you're not the only one
But the language has its uses
And like Java can be fun.

by David Arnow (arnow@sci.brooklyn.cuny.edu) (I think, that's the only reference I found)

Edit: Found more information.

The Register writes in this story:

A Houston computer security analyst has been charged with hacking after demonstrating the insecurity of a county courts wireless LAN.

He's accused of accessing the system March 8 in an alleged intrusion that cost the county a reported $5,000 to clean up.

This type of case could set a very dangerous precedent. Based on the content of the article, this "hacker" didn't actually do anything other than show the insecurity in their wireless lan.. Why is he being charged at all? Why *can* he be charged? Isn't that a bit like charging someone with murder after they showed you how easily you could be choked?

I must be missing something in this story....If all he did was show insecurity.. where did the $5000 cost come from? This? :

District Clerk Charles Bacarisse told the paper that no confidential information was disclosed but the alleged intrusion eventually resulted in the county closing its wireless LAN only a month after it was activated.

.. and this is not the fault of the incompetent admin who set this up for them but the fault of the guy who showed them they have a problem.. They should have taken that $5000 and invested in a decent security expert.. perhaps the one that showed their vulnerabilities in the first place.

Further proof: government and computers don't mix.. they should just stick to using a pad and pencil, we'll all be better off..

Of course, not for everyone, just those that have pockets deep enough to buy themselves representation in the wonderful legislative branch of our government.

According to this story at The Register, representative Berman from California (go figure) is preparing a bill that will allow copyright holders to hack computers and networks if they feel their "property" is being ilegally distributed!

In Berman's words:
"a safe harbor from liability for copyright owners that use technological means to prevent the unauthorized distribution of their copyrighted works."

This is just further proof that not only does our government keep on introducing laws (see the DMCA) that deal with technology and issues they have absolutely no clue about, but also that they're out there to protect and serve the businesses (that have money) not their constituents.

Well, if this isn't one huge middle finger to the citizens of this country (and really, the rest of the world, since the Internet has no borders) then I don't know what is.

I have a co-worker that drives me insane with his brace style[0] and unfortunately I get to work with his code quite a bit[1], so today's rant is about that.
I subscribe to the good old Kernighan & Ritchie style of putting the opening brace last on line and the closing brace first.. In other words this:

if (foo == 0) {
    do something;
} else if (foo == 1) {
    do something else;
} else {
    barf;
}

Simple and easy right? I've been asked[2] to justify this usage many times before in middle of heated debates. It's simple..

1. Clearly identifies the beginning of enclosed code.
2. No need to waste a line just for one brace, hence code can be more compact without sacrificing readability.
3. My favourite CS professor in college used it![3]

Then there is the other quite popular style (some of my co-workers use this, I've no big issues with that).

if (foo == 0) 
{
    do something;
} 
else if (foo == 1) 
{
    do something else;
}
else 
{
    barf;
}

It's still pretty clean and rather readable, even with nested code. It wastes a lot more space, but hey, we're in the 21st century, we have large monitors now.

Then there's this..

if (foo == 0)
    {
    do something;
    }
else if (foo == 1)
    {
    do something else;
    }
else 
    {
    barf;
    }

Can anyone tell me where this style came from? I've never seen it before and it's driving me literally insane (literally). I think it makes nested code hard to read, particularly when I see it mixed in with one of the other styles[4]. It's just.. well.. weird!

Additionally, every time I edit code formatted like this I need to load a different .emacs file or indent the code by hand using the spacebar. That's a big pain...

[0] - hi Burt! ^
[1] - it's actually (usually) *really good* code, just *really weird* bracing. ^
[2] - hi Burt! ^
[3] - ok, so that's not a real reason. ^
[4] - I realize this is a fault of the horrible programmers that edit someone else's code and just mix in brace styles. Either re-style the entire code, or just use the existing! ^

I'm a (*gasp*) computer geek, tough one to figure out no? I mean I have a blog and a domain unix-girl.com.. but I digress.. tonight, being Sunday night, I was going through some logs for my server. Yes, I realize it's not normal, but I'm a geek, it's what I do for fun and general amusement. (Oh, that guy reloaded entry number 31459 *giggle*[0]).
This made me think (*gasp*[1]).

Someone should at some point write up an article about "geek mating rituals", no, really it would be amusing to at least some part of the population (read: me)..

How many of you have ever exchanged blog urls.. then searched through the logs with burning cheeks and heaving beasts[2].. "did he look?" "did she log in?".. How bloody sad for us.. I mean, what is it that normal people do in these situations? My theory is, this is the geek equivalent of waiting by the phone, just not quite as obvious.

Surely it progresses from there.. I'm a little new to the blogging world (I'm certain most of you readers realized my archives only go back a couple of weeks, oh the horror).. but I'm awaiting my first breathless realization "oh!!... he made an anti-microsoft entry!".. this would be about my chosen other whose blog i read, of course (actually, there's more than one, teehee).. I can't help but wonder how far this geek mating will take me.. surely I won't at any point reload someone's blog more than 10 times a day? That's .. so.. slutty...

[0] - okay, so that's an exageration
[1] - no I'm not asthmatic, I do this for emphasis of certain parts
[2] - couldn't resist, sorry..

No, really, I actually have an index page now! With design shamelessly stolen from one of movable-type's templates (well, I did change the colors and some other things a bit..).

I also did a write up about configuring virtual hosts in apache.

I'll create my own design for this site soon, for now this shall do, it's not bad, is it?

Jeffrey Friedl's "Mastering Regular Expressions" is available now and ranks #32 on Amazon today! Nice job Jeffrey! It's a great book, highly recommend it.

You can see my name in it under "thank you" notes.. I was a small help with the Java chapter

In this ananova story:

Hewlett Packard has suspended around 150 staff in the UK over alleged email abuse. It says it's fired a 'small number' of permanent staff so far.
HP says the investigation is focused on "the viewing and sharing of unauthorised and inappropriate material".

I'm curious.. I would assume by "inappropriate material" they mean porn, I wonder how much of it was spam? I get porn spam in my e-mail box (well, not at work, but personal that I do read at work) on nearly daily basis (register a domain with a valid e-mail address and you'll see what I mean).

If they mean joke e-mails.. sheesh.. I think half of my cow-orkers would be fired over that one.. (they should be for the severely unfunny ones and the stupid urban legend forwards).

Read this article at The Register.

"You agree that in order to protect the integrity of content and software protected by digital rights management ('Secure Content'), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update."

"Reasonable efforts to post notices" ? What in the world does that even mean!

This is probably just their way to cover their asses in an event like Code Red, but the ambiguity of this EULA really scares me.

Over at Jeremy Zawodny's blog he writes a response to an article by George Reese at O'Reilly's OnLamp.

Good stuff.. I just have one little correction..

Jeremy says:
Finally, he says "You cannot easily determine from an application what values MySQL has automatically generated." Why would you need to do that? If you code the application properly, that's not going to be an issue. Remember, this is an AUTO_INCREMENT column. It's supposed to be generated AUTOmatically. If your code is generating the values, don't tell MySQL that it should be an AUTO_INCREMENT column. It's as simple as that.

I think what George is thinking about is a function similar to Oracle's sequence.CURRVAL which is easily obtained by using this query:

SELECT LAST_INSERT_ID()

If he wants to duplicate Oracle's sequence.NEXTVAL, it can be really easily duplicated in MySQL by the use of an additional table.

Now this isn't the same as having the nice and easy Oracle function but it serves the same exact purpose and doesn't depend on code to generate the auto_increment value.

Let's say you want to know what is the next value that is generated on an AUTO_INCREMENT column (we'll call it SOME_KEY) on table SOME_TABLE

1. Create a table, let's call this one SOME_SEQQ:

CREATE TABLE SOME_SEQQ (
   QUERY VARCHAR(200)
);

2. In that table now store something like this:

INSERT INTO SOME_SEQQ VALUES ('SELECT MAX(SOME_KEY) FROM SOME_TABLE);

Now when you define SOME_TABLE, just define your SOME_KEY as you normally would an AUTO_INCREMENT column.. something like this, perhaps:

CREATE TABLE SOME_TABLE (
   SOME_KEY INT NOT NULL AUTO_INCREMENT,
   SOME_DATA VARCHAR(20) NULL
   PRIMARY KEY(SOME_KEY)
);

Now in your code, when you want to know what will be the next value generated by your AUTO_INCREMENT column, you just need to query your SOME_SEQQ and increment it. This is also better to query for the current value rather than using the built-in MySQL function as it is *more* fool-proof (if not completely) than that.

Obviously, this is not fool-proof but it's better than nothing and probably the easiest way to duplicate what Oracle does without the use of stored procedures.
Note: this might easily break if you have more than one application inserting data to the same table!

I've done a lot of work duplicating Oracle functionality for MySQL to preserve the flexibility of our code and w/o going database specific on our SQL (we support more than one database, obviously).

Lately I've been generally annoyed with Linux users as a group. One only needs to go and read a few comments on any article on slashdot that deals with Windows to see what I'm talking about.

Good example here.

Reading some of those comments makes me ashamed of being a linux user. Not to mention reminds me why I almost never read slashdot anymore...

It's as if some horrible forumla has been released onto the online community...

"Must hate Microsoft, must bash windows, must recommend linux above all others whether it makes sense or not".

Heck, I hate Micro$oft[0], I wouldn't use windows if someone paid me to[1] and I wish the entire universe would realize that linux is indeed 1000 times better than windows. Then I remember my mom.. how she is struggling with windows[2] and I thank the nearest deity she does't know about linux and how wonderful it is..

This is very simple: Linux is a great operating system.. I love my command line, wouldn't want to live without it, however, it is not suitable for everyone. Now if everyone would just keep that in mind we could all live in happy harmony..

.. and I bet half those slashdot geeks slamming anyone who uses windows are secretly posting from a windows machine themselves..

It's okay (heck, great) to hate Micro$oft, but know why you hate them.. not just becuase a website full of computer geeks tells you to.

[0] anyone reading this that knows me can attest to that
[1] well, except for when I use it at work, that doesn't count! I keep my fingers crossed behind my back the whole time! Besides I cheat, I just run an xserver and use open windows on top of NT.
[2] Thankfully she's not nearly net-savvy enough to find this site..
[3] Damn, I feel like I'm back on a.s.r with these footnotes..

In this article, Computerworld quotes Larry Ellison of Oracle:

While Oracle Corp. is committed to the open source movement and its standards, database code will remain proprietary because there will be difficulties in providing services if customers make alterations to the source code.

While I understand a company that tries to protect source code that cost them quite a bit of money to develop, this has to be the lamest excuse ever. Difficulties in providing services if customers alter the code? Please! If you don't want to go open source, fine, but at least admit to the real reason..

On the other hand, SQLPlus could only be improved by going open source.. I know I would love to put some decent functionality into that thing.. Why can't a multimillion dollar company develop a decent command line client for their really expensive product, when an open source one like MySQL can? (Not only decent.. but an excellent one.) Why go open source with the client? Silly question..

When setting up MySQL, remember the root password you set.

If you forget the root password for MySQL, read the documentation before you go off and reinstall the bloody thing..

If you forget to read the documentation before you reinstall, don't read it after you already reinstalled just to find out there is a really easy way to reset the root password for MySQL. It's just leads to frustration and general annoyance with yourself...

Me? Oh, I would never do something so silly..