VeriSign Destroys The Internet

Okay, maybe that’s overstating things a bit. A small bit.

VeriSign, the company responsible for maintaining the top-level domain registry, started causing hostname lookups for non-existent domains to resolve to a site of their own, which would then show you a directory of sites that might help lead you to what you were looking for. ICANN made them stop doing it for a while, but VeriSign has vowed that they will put the service back into operation sometime soon.

What’s the problem?

Well, it’s formally incorrect behaviour and false information, for one. If I try to look up a name that doesn’t exist, I should get an error indicating that it doesn’t exist, not the IP address of some other site which isn’t what I’m looking for.

It’s annoying. An incorrect name error immediately tells me something is wrong, but if I get redirected I don’t know that until the site loads and I see it’s not the one I expected. With a ton of people being redirected to this single site it’ll get busy, so it could take a while just to find that out. And since the browser considers it a valid site, the misspelled name is now in the browser history, mucking up future lookups.

It impacts other programs and protocols; the Internet is more than just the web, after all. If I try to FTP/IRC/ssh/etc. to a site that doesn’t exist, instead of being told that it doesn’t exist my connection will now either be refused, or it will timeout. That doesn’t tell me that the name was wrong, so I remain unaware that the name I tried was incorrect and wind up thinking it’s just down or busy at the moment. Spam filters that try to check whether the originating domain is valid or not can no longer use that check — every domain name will appear to be valid. Misaddressed e-mail will have to pass through VeriSign’s e-mail servers before bouncing, if they even bother handling it, instead of letting the sender know immediately.

It’s unnecessary. Most browsers already give you the option of automatically doing a search engine lookup if the site you tried to reach doesn’t exist. This change by VeriSign overrides that, unnecessarily.

It’s a solution for a problem that doesn’t exist in the first place, that just causes even more problems. It smacks of being driven by advertising revenue behind their directory, which seems a tad unethical. It’s like having the phone company automatically forwarding you to Bob’s Auto Repair whenever you misdial Joe’s Auto Repair by one digit…

The Bug Stops Here

As they tell you, in theory, there is a very simple procedure for tracking down and fixing bugs:
– Get a description of the conditions that cause the bug.
– Reproduce the problem on your own test systems.
– Use debugging tools to find the cause in the code.
– Fix the bug and prepare a new package with the fix.
– Give the fixed package to the customer. Everyone smiles!

They LIE.
Continue reading “The Bug Stops Here”

A Microsoft Miracle

[Tue Sep 30 16:45:59 2003] [error] [client 68.37.128.146] File does not exist:
/var/www/htdocs/scripts/..%2f../winnt/system32/cmd.exe
[Thu Oct 2 09:47:49 2003] [error] [client 68.65.168.115] File does not exist:
/var/www/htdocs/scripts/root.exe

What is the significance of these log entries?

They mean that I actually went for over 24 hours without a single goddamn Windows virus attack. A miracle indeed.

Move Over FTP

FTP has long been a mainstay of transferring files, but it’s been plagued by problems due to its centralized nature, especially for popular files: if the site is down you can’t get it, central or popular sites are often slow, mirrors get out of sync, etc… File sharing a la KaZaA/Gnutella is an alternative, but then you have to search for what you want and hope it turns up, connections aren’t reliable, what you get might have a virus…

Fortunately, these concepts have been merged into newer programs like BitTorrent and eDonkey, where you download chunks of the file from other people who are also downloading it. The bandwidth requirements are thus scattered across a large number of systems, you don’t depend on a single site, and the result is checked against the original package description to ensure integrity.

As an example, the Slackware 9.1 ISO images were released last week, but it was almost impossible to get on the main site or any mirrors and download it at a decent rate. Using the BitTorrent links instead though, I was able to immediately download both ISOs at over 250kB/s. At the same time, my client exported about half of the ISO data, which in turn helped other people who were downloading the files.

They’re certainly not a complete replacement for FTP yet, but hopefully we’ll see the usage of these kinds of programs on the increase. A lot of large data files like movie trailers, game demos, etc. can certainly benefit from this kind of distribution. Otherwise you’re stuck with services like FilePlanet where you wait forever in ‘line’ to download a file at a way too slow rate…

Pain, Thy Name Is Spam

I’m still getting flooded with those stupid Swen virus e-mails, as is half the planet apparently, but now I have a new spam menace to contend with as well.

In an effort to bypass filters and pose as legitimate e-mail, spammers are sending out e-mails with legitimate From: addresses. If you were to connect to the MX record’s mail server for that person and verify the address you would find that it does in fact exist. Unfortunately, it’s not the person who actually sent the spam… The spammers have huge lists of e-mail addresses they can send to, and they can pose as people on that list as well.

My e-mail address appears to have gotten on one of these lists, so now some people are receiving spam messages that appear as though they are being sent by me. Not only that but it’s the address of my private mailbox, which I had set up separate from a public one specifically to avoid spam. It got leaked somewhere along the way, though it’s hard to tell where.

Not only do I get the blame for these spam messages, but the errors regarding full mailboxes (fairly common with this Swen virus filling peoples’ mailboxes), nonexistent users and domains, etc. all get bounced back to me. Now I’m constantly cleaning viruses out of my public mailbox and error messages out of my private one. I really need to set up those filters…

This ought to be illegal, if it isn’t already. At the very least it’s identity theft for them to send e-mail using my address.

Password Hell

You wouldn’t think that changing your password would be a big deal. Enter your old password, enter the new password twice, that’s it. Except if you’re on a Windows domain…

The domain policy is set up to force us to change passwords every 90 days, as a standard security precaution. It never fails though — within hours of changing the password, the Weird Things start happening. Some shares remain accessible, some start giving me vague authentication errors, some claim they don’t exist anymore…

After a quick trip to the admin’s office, it’s discovered that my account is locked out because of too many failed password attempts. Of course there was no explicit warning of this at my own workstation as I had continued to be able to lock and unlock the console without trouble… I had however left myself logged in on my other development system under the previous password, and it was what was causing the failed password attempts.

Fine, I log out and back in on that system, unlock my account, and everything’s back to normal. Until a few hours later when the Weird Things start up again…

After roaming from office to office checking all of our test systems, I finally find one of our rarely-used systems that I had logged into two months ago to test something and forgotten to log out of. After logging out of that one and unlocking the account yet again, things are *finally* normal for good. Or at least until the next password change.

You’d think there would be a better way of handling this…

E-mail Hell

I’ve got to get my e-mail filtering system back in place.

I’m not being overwhelmed by spam as much as a lot of other people — I only get maybe a dozen pieces of spam a day. It’s still the majority of mail that I recieve though, and they’re getting sneaky enough to use subject lines that make you hesitate and think it just might be relevant, especially when you run a web site. You get a piece of e-mail with the subject “I think this link is broken” only to find out it’s for GENERIC VIAGRA CHEAP! when you open it…

Unfortunately spam is getting trickier to filter out no thanks to things like the use of HTML in e-mail. HTML was never meant for e-mails, but some wiseguys got the idea of making it show up in mail readers if it happened to be present, which encouraged people to use it, which made e-mail client explicitly allow composing in it… Unfortunately, HTML allows things like:

1) Obscuring the real text of the message

I wish you could filter our just on specific words like “Viagra”, but that doesn’t work anymore due to embedded HTML comments. Although on your screen it might show up as all one word, within the raw text it actually looks something like

Vi<!--fdsatfrqrf-->a<!--gehjwghk-->gr<!--iouwhjlkh-->a

They specifically try to block matching against words by inserting random HTML comments all over the place.

2) Tracking your usage

Some e-mails are now including ‘invisible’ images which link back to a website run by whoever sent the spam. As soon as you open it, if your mail client automatically loads HTML data, it contacts the web site and presto, the company now knows that you actually opened the e-mail. E-mail addresses that are verified to be valid are considered more valuable than unverified addresses. Expect to get a lot more spam sent your way…

Time to start tuning those filters a bit more…

Scanning For Intruders…

In my insatiable quest for toys, I finally picked up a flatbed scanner. I had been holding out trying to find a 2400 dpi model around here, but after playing around with it a bit, I doubt I’ll even use the full 1600 dpi of this model all that often (those files get huge!).

There is actually a practical reason for it. As part of the process of cleaning up around here, there are a bunch of things that I’d like to keep around, but just don’t have the space for: pictures, segments from magazines, comic strips, etc. So instead I’m going to scan them in and then I can ditch the originals. Second on the list is the comics found in the back of The Gateway student newspaper I picked up when I was a student at the UofA (besides the ones that already have their own scans online, like Space Moose or Bob The Angry Flower).

First though, was a promise I’d made to my mother to try and reproduce a picture from a photographic proof (the tiny little sample pictures you get to choose from for the final picture) of her parents. She’d tried taking it to photographers and getting them to reprint it, but they wouldn’t do it — apparently they don’t work off of other peoples’ proofs on general principle since it may be someone trying to scam the photographer into getting them the free sample proofs and then taking it to another, cheaper photographer for the final work.

Unfortunately in this case we don’t know who the original photographer was, whether he’s even still in business, or whether he’d even still have the negatives after all this time, and we can’t exactly take her parents down and have another picture taken when one of them is dead… So, we’ve had to take matters into our own hands and thus I’m trying to scan and reprint the photo based off this tiny little proof picture. This is the best I have so far:

(Shrunken down for web viewing, of course. The original file is 3403 pixels by 4797!)

Where Does He Get Those Wonderful Toys?

From Microsoft of all places, actually…

MS is apparently trying to encourage us developers to work on PocketPC programs, so as part of a new promotion they sent free Viewsonic V37 PocketPCs out to those of us who filled out all the paperwork and such early enough. (No, I can’t get you one. MSDN members only and they’re probably all long gone now.)

Not my first choice of PDA due to the general crumminess of Windows CE, but it’ll suffice for the few things I’d want it to do. It’s not like I’m looking for a high-reliability server here. And hey, it was free, so I can’t complain too much.

Copy Control Can Blow Me

Having previously easily ripped a supposedly copy-protected disc I felt lucky and tried again with Delerium’s latest, Chimera. My CD-RW drive didn’t even want to recognize the disc at first, giving me the “I-have-no-idea-what-the-hell-you-just-stuck-in-me” flashing light error, but ejecting and reloading it repeatedly eventually got it recognized. My older drive in the other system just locked up any time I tried to access the disc.

Tracks 2 and on were ripped without incident, but track 1 insisted on being a pain in the ass. Each attempt to rip it resulted in a ton of ATAPI errors and a big blank spot in the resulting file. I even tried the marker-around-the-rim trick to no avail. Eventually I decided to try taking the output from multiple attempts and manually merging them into a single file, but miraculously enough after a few more ejects and reloads, on the third try I got a perfectly clean copy. It took way too long to get there though.

Stuff like this is more likely to make a person like me, who does legitimately buy most music, go and pirate even more tracks. I don’t think I’ll be buying any more Copy Controlled discs anymore, at least.

Black Magic

Behold, the first new keyboard I’ve bought in nearly 10 years:

It’s the same design as the older IBM keyboards (it’s made by a company spun off from IBM’s old keyboard/printer group, Lexmark), with the ultra-noisy solid tactile feedback. And no freaking Windows keys.

There isn’t really anything wrong with the old one, it’s just not as cool as this one. It was getting rather filthy anyway.

We’re From Microsoft And We’re Here To Help

Run for the hills! Microsoft is apparently going to fix Usenet. I didn’t even know it was broken…

I can just see their Newgroup Assistance Wizard now:

It looks like you’re writing a Usenet post! Would you like to:

  • Quote 200 lines and say “me too”.
  • Post a blank message
  • Crosspost to five other unrelated groups
  • Attach a 70-line signature
  • Post in broken HTML

it difficult for the casual person to use effectively, but on the plus side that’s acted as a bit of a filter; you had to have at least some minimum amount of smarts to be able to use a newsreader, find the appropriate groups, follow proper posting procedures, etc. When AOL and WebTV provided simplified access to Usenet, posting from those domains quickly became a badge of dishonour because most people posting from them were, well, idiots. Not everyone, certainly, but enough that the trend was difficult to ignore.

It is a bit elitist to resent the arrival of ‘less worthy’ people, I suppose, but I do worry about its effect upon some of the more popular groups. The arrival of spam destroyed many perfectly good groups by making the legitimate conversations difficult to find among all the “MAKE MONEY FAST!” postings, and something similar could happen with a huge influx of clueless newbies. It’s already hard to follow some groups’ hundreds or thousands of new posts a day.

Then again this could all be the ramblings of an old geezer pining for the old “Golden Age” (if there ever was such a thing). :-) Usenet’s ‘death’ has been predicted over and over to the point where it’s become a cliche, and certainly everyone has the right to access it if they want, whether they’re able to contribute anything meaningful or not. About all I can really do is furrow my brow and go “Hmmm…”

And hey, it could mean more kooks for our amusement.

Bailey Must Die

I’ve mentioned before about having troubles with a RAID array in one of my test systems, named ‘bailey.’ (The convention around the office is to name new systems after brands of alcohol.) Well, the fun never stops…

It continues to generate errors from the RAID controller, though there are no apparent failing drives. According to our infrastructure manager, the RAID controller in bailey is known not to work very well with dual CPU systems, and guess what bailey is… So, I’ve had to pull the second CPU out.

It’s also giving me random timeout errors on the external SCSI bus that’s connected to the tape library and drives. It wasn’t doing this up until yesterday, but now it’s decided to be cranky, so now I’m swapping around cables and terminators and such trying to get it to behave.

And the software I’m testing on it, an HSM package for automatic disk/tape data migration, keeps giving me “NetBIOS session number out of range” errors. What does that mean? Damned if I know. All these other errors are potentially corrupting all the data I’m generating, too.

If I ever get these tests successfully completed, I’m going to melt bailey down into scrap metal and use it for a doorstop…

It Lives!

Derzon is now up and running and my stuff should be accessible 24/7 now, rather than bouncing up and down as my gaming needs dictate. Passwords should be the same as before, and FTP is accessible now until I figure out how to get FTP-over-SSH working.

The universe seems to have been conspiring against me to try and keep me from getting it back up. My hub appears to be dead, which forced me to trek halfway across the city just to get a crossover cable; one of my KVM cables was missing; the older CD-ROM drive I have didn’t want to read CD-RW discs…

But those were nothing compared to just trying to copy the data across.
Continue reading “It Lives!”

Can Anyone Spare Some Vacuum Tubes?

I whipped out my calculator recently for something or other, and it only just hit me how old this thing is. I bought it for use in Grade 10 math class, and even then it was at the lower end of the HP line, with the fancy-shmancy calculators with *two* lines of text just coming out. And it would be another few years before graphing calculators would become all the rage among university students.

I’ve only ever had to replace the batteries in it once, too. I wish more things lasted that long…

RAID, Kills Drives Dead

I’m now sitting here waiting on a horrendously slow rebuild of a replacement disk in the RAID array of my test system. And this is after a RAID failure on our secondary DNS server two days ago. And a RAID failure on our primary domain controller last week. And a total disk loss due to two RAID failures on our software library server last month.

I keep meaning to set up a RAID array at home, but with my luck so far it’ll just make the drives blow up faster… :-P

Copy This

I picked up Radiohead’s “Hail To The Thief” on Friday, and when I first flipped it over and looked at the case, I got a bit concerned. Plastered in the upper-left corner is a warning label about it being “copy controlled” and a hardware compatibility chart and probably subliminal messages about how if you pirate it rabid weasels will eat your eyes out or something. Well nuts, I didn’t want to buy an album I couldn’t rip, since I just toss the CDs into a big box in the closet now.

This was the first time I’d encountered a ‘copy protected’ CD though, so I was curious and took it home anyway. A half-hour later I had 14 error-free MP3s on my drive. However, other people who bought it legitimately haven’t had as much luck even with regular CD players.

What was the point of all this again?

gcc -c red_pill.c

I don’t do any 3D work or gaming under Linux so I’d never bothered to install the full OpenGL drivers for my Radeon card (the default XFree86 drivers only do 2D), but I stayed up late last night finally getting them working *just* so I could run the GLMatrix module of xscreensaver.

I am beyond help. :-)