System time:  Mon/12/17 : 09:11:34

Sofi Needs A Ladder

No posts for a while. Just felt like doing this one out of no-where.

My new years resolution is 1440 x 900!
*ba-dum, psssssh*

It had to be done. Now I can never do it again. Hoorah!

In other news, got to waste a half-hour on Dwarf Fortress today.
I simply cannot believe how much money the developers get from the community of players and such to work on it full time. Not that is by any means a bad thing, just leaves my jaw agape.
Happy new year Tarn & Zach!

That said, I am often tempted to dust off my long-lost programming skills and make something cool.
I even had an ideas scratchpad somewhere. It was close to 8 pages long with close to two-dozen projects some of which were even started - the code for which, long since formatted away or lost.
Much like the scratchpad actually... I wonder where on earth that wound up.
But then, this is a subtle reminder of why I probably stopped.
Mind you, I'm constantly muttering about how irritating it is that snmpd(8) won't take something from stdin or some such and bind it to an oid... hmm... maybe... just maybe...


Threw together a diagram to illustrate the experiment I got to put together a while back.
Though, I'm not sure it really helps, but it may make it easier for some to visualize what's going on, especially those whom I've tried to explain it in person to previously.
Though, I doubt any of the afore-mentioned visit my blog, so in that case, OOO!!!! PRETTY COLOURS!

I'm pretty sure I'm missing something in the MSS, and MTU calculations, but meh... close enough for the sake of the point I was trying to make.

Ran into a really interesting problem with qmail today. Really interesting in that it's absolutely random, and I've not seen it happen with either of my previous builds.
Even more interesting in that it's still outstanding, and doesn't make a lot of sense currently.

root@sandbox:/var/qmail/control # telnet 25
Connected to
Escape character is '^]'.
HELO test.localhost
MAIL FROM: <test@localhost>
250 ok
RCPT TO: <test@>
250 ok
354 go ahead
Subject: Test from CLI
451 qq trouble creating files in queue (#4.3.0)
Connection closed by foreign host.
root@sandbox:/var/qmail/control #

Checking to see if qmail-queue is just on drugs, or if it is indeed having permission problems...

root@sandbox:/var/qmail/control # chmod -R 777 /var/qmail/queue
root@sandbox:/var/qmail/control # telnet 25
Connected to
Escape character is '^]'.
HELO test.localhost
MAIL FROM: <test@localhost>
250 ok
RCPT TO: <test@>
250 ok
354 go ahead
Subject: Test from CLI
Are you receiving?
250 ok 1292918168 qp 22368
root@sandbox:/var/qmail/control # cd /var/qmail/queue
root@sandbox:/var/qmail/queue # find * | grep /../ | xargs -J % ls -l %
-rw-------  1 qmails  qmail   19 Dec 20 23:56 info/18/1559280
-rw-r--r--  1 qmaild  qmail  211 Dec 20 23:56 mess/18/1559280
-rw-------  1 qmails  qmail   20 Dec 20 23:56 remote/18/1559280
root@sandbox:/var/qmail/queue # ls -ld info mess remote         
drwxrwxrwx  25 qmails  qmail  512 Dec 20 23:39 info
drwxrwxrwx  25 qmailq  qmail  512 Dec 20 23:39 mess
drwxrwxrwx  25 qmails  qmail  512 Dec 20 23:39 remote
root@sandbox:/var/qmail/queue # head -5 /var/log/qmail/current | tai64nlocal
2010-12-20 23:56:08.197118500 new msg 1559280
2010-12-20 23:56:08.209005500 info msg 1559280: bytes 211 from <test@localhost> qp 22368 uid 1101
2010-12-20 23:56:08.221277500 starting delivery 1: msg 1559280 to remote test@
2010-12-20 23:56:08.221445500 status: local 0/10 remote 1/20
2010-12-20 23:56:08.221820500 delivery 1: deferral: Sorry,_message_has_wrong_owner._(#4.3.5)/

My head implodes about 5 lines after the output of /var/log/qmail/current. Wonder what on earth is going on there...
rebuilding the queue, q-mail binaries, qmail users/groups and or configs from scratch doesn't seem to help either. *boggle*

HA! found my qmail problem.

root@sandbox:/var/qmail/queue # mount | grep var
/dev/wd0e on /var type ffs (local, nodev, nosuid)

nosuid, you silly, silly thing you. Who put you there? I can only wonder...

Oh, and awesome song is awesome.

Falling High

You know, I was just thinking 'It's about time Bethesda did something about The Elder Scrolls V', and then found this was announced yesterday.

<edit>Deleted busted external video link for Skyrim.</edit>

I'm almost as excited as I was when I realized Fallout wouldn't disappear in a puff of logic when Interplay announced they were going under.
11/11/11 is an awesome release date, except that's as near as makes no difference another year away. Curse you Bethesda! Curse you!

That's all I have to say currently... bigger / more interesting post in the works.

Actually, one more quick thing... Safri Duo has a new album out. About frigging time.
Their tradition of weird videos seems to continue though.

Gold Dust

Enthusiasm for work is at an all time low... Just in time for the holiday season!

Had some time to experiment with Drupal6. I suppose I shouldn't be surprised to see that it's infinitely better than 5, and the code's even easier to follow than before (not that 5 was all that tricky to begin with).
I may get around to doing that upgrade.


So, google offered me a job a couple of weeks back. I was kinda surprised to see them come out of no-where with a 'Hey, wanna work for us?'.
Nice folks, their recruiter seemed like a particularly nice lady.
Not too sure what to make of it at this stage... but I don't really feel like moving to Europe or America, so I declined politely for the time being.

Other than that, there's very little to report on since my last post.

Oh, I suppose there is one thing;
I've watched this, like, three times start to finish. I think it re-defines 'on the fly'. And for some reason I don't quite understand, I find it funnier than I probably should.


It's been one of those weeks.

I was completely and utterly floored by a problem at work today.
To summarize very quickly, the northbound of two routers was proxying it's MAC for that of our dhcp server, killing the effective relay of packets.
This wouldn't seem so weird, except the north & south-bound interfaces on said border routers weren't in the subnet of the dhcp server. But there it was, clear as day, an incorrect arp entry where they should have been none in the first place.
Come to think of it, it's quite difficult to explain without talking in circles. Ahwell, I may give it another try later when it's not half-past midnight.
New 4.8 flashboot in the works. A few minor compiling issues encountered so far... this will probably wind up being the funnest build yet.
Thinking of re-installing the comment module with some captcha goodness. Having used drupal 6 on another project, I've pretty much convinced myself to upgrade to that as well.
Ho-hum. Another page of content in the works. Probably have it linked up in the next few days - depending on how creative I'm feeling between now and then. Another one of those 'of little, to no sense' to most, but oh-well. We'll just have to see I suppose.


Disclaimer: May be the most irritating thing you hear this year.
Fortunately, it's almost over. :P

This, however, may be the least irritating thing you hear this year.

Spreadin' Rhythm Around

Got back into town from Tabor yesterday by 5:15pm.
We blew an hour and a half chaining the van, and then shovelling 25 yards of snow with 2-gallon tupper-ware containers. I was genuinely thankful to have had access said containers - the last time I was stuck in the middle of no-where with no shovel, my best candidate for improvisation was a 1" pipe bender. Fun!

Spent some time today cleaning up the rules and stuff on my server's firewall. Not sure why, I would have been better spent building a 4.8 flashboot image. Oh-well...
This may be of interest to someone I know, as I was feeling particularly lazy after editing a few files.
Clearly, I'm abusing the fact that I know my template's fstab mounts /flash automagically. Remember I said I was feeling lazy?

[-----e@zozu ~]# rw
[-----e@zozu ~]# cd /flash/conf/
[-----e@zozu conf]# mkdir -p usr/local/sbin
[-----e@zozu conf]# vi usr/local/sbin/safecp
# 20101121 *EB* - Copy files safely to compact flash.
/sbin/mount -uw /flash
/bin/cp $1 $2 $3
/sbin/mount -ur /flash
[-----e@zozu conf]# chmod 740 usr/local/sbin/safecp
[-----e@zozu conf]# cp -R usr/local/ /usr
[-----e@zozu conf]# ro

In other news, you're now seeing things served up from memnarch rather than scrollrack.
The htdocs and such have been shuffled over to manacrypt, the nfs store now that I'm done benching and testing it.
That said, new images in the gallery. A whopping four for now, but they were closest to the open path I had in my shell.

An upgrade for scrollrack from 4.7 to 4.8's on the horizon, shutdown httpd, et al and then we'll see what kind of state things are in.
Probably setup some sql database replication next, as well as move the database process to manacrypt also.

It's a shame that you can't get omnigraffle for windows machines. If I could use it at work instead of Visio, I would otherwise be elated.
That said, I love, and hate Omnigraffle. Simply because it's giving me a bad case of mac-itis, where none of the visio shortcuts hard-wired into my mind work. That aside, it's infinitely better.

Not Exactly

Coming at you loud and clear from atop Tabor Mountain.
Not exactly how I planned spending my day off, but meh... This should come as no surprise to those that know me.
For 4/5th's of the drive up, the problem I was sent off to fix persisted. 30 minutes from the top of the mountain however, It's fixed.
The difference? -16°c (less wind-chill), instead of -23°c. Great.
So, staring at the base station humming away. Threw some better strain-relief on the IF cables for kicks.
Oh-well, I'm not the one that has to climb the tower (this time anyway...), so swap hardware we must.
Cheaper in the long run to assume tower hardware failure than come back assuming 'It'll probably be okay...' only to drive up a second time.
Also considering it's a miracle we were able to drive up in the first place. Bad winter mountain roads are bad.

Hmm. I was secretly hoping that the problem would come back for me to diagnose while I was writing up to this point. No such luck.

While I'm thinking about it, sitrep for fluctuator after blowing that 5v rail.

DVD-Drive, works.
USB Ports, though devices look to be powered somewhat, are toast.

I do believe I hear mine co-worker returning with the tower gear.
That's my queue to depart for now.



My cat's sleeping on my desk next to me right now, using my spindle of driver CD's as a pillow.
It looks to be one of the most un-comfortable positions he could have possibly adopted given the number of nearby, infinitely-more-squishy-than-CD-like objects he could otherwise have used.
Not surprisingly, he doesn't seem to mind at all.

Thursday... Yeah. Not really sure what to make of this week.

Was doing some work in the town where all our Carrier-WAN services terminate, and then hop onto the internet at large.
Figured seeing as I was there, I'd swap the NPE in one of our 7200 routers which was over-due for an upgrade, save our other sysadmin some time.
Wasn't nearly as bad as I was expecting it to be. Since migrating all the OSPF areas into one gigantic area 0 backbone (for various amusing reasons, chief among which were non-contiguous areas), the resulting outage of 15 seconds was hardly painful. Was kinda neat to see paths re-converge on the already balancing alternate router.
Naturally, the day following, my 'What did I miss?'-o-meter was nagging me. Waiting... patiently... to strike at the opportune moment. Fortunately, it's moment never came.

However, there was a minor power failure in the co-lo from where fluctuator spends it's days serving up it's vast bounty of useless information to literally tens of users.
Amidst the chaos, what I initially assumed to a PSU failure alarm in the chassis, is actually an alarm for the 5v on the system board.
Well, balls... Guess I'm calling Dell tomorrow... What was briefly 'Redundant PSU's, no problem!' is suddenly a little more irritating.
Oh-well, that's just how it goes I guess. Maybe they can tell me where those rack rails I asked for got to while I'm at it.

Hmm. I forgot how much I enjoy driving at night during the winter.
Clear sky, almost completely full moon, fresh snowfall, music just loud enough to drown out the sound of the studded tyre-roar.
The cataclysmic state of the roads also ensured a quiet drive - only a half-dozen or so vehicles the whole way.

Tired sarlok, is tired. In many more ways than one.
Not sure why, but think I finally came to this realization sometime tonight.


We No Speak Americano

Fast nfs is fast.

-----e@memnarch:/home $ sudo dd if=/dev/zero of=/home/test.dat bs=16k count=32000
32000+0 records in
32000+0 records out
524288000 bytes transferred in 15.163 secs (34576797 bytes/sec)
-----e@memnarch:/home $ sudo dd of=/dev/null if=/home/test.dat bs=16k count=32000
32000+0 records in
32000+0 records out
524288000 bytes transferred in 13.937 secs (37617959 bytes/sec)
-----e@memnarch:/home $ mount | grep exports on /home type nfs (v3, udp, timeo=100, retrans=101)

~270mbit/sec should do just nicely.

VMware ESXi continues to amaze me. Nevermind I've probably thrown a lot of my security boons out the window by using it as a base for my OpenBSD guest machines, but I suppose it is just a sandbox.

Anyhoo... OpenBSD 4.8's full of good stuff. NFS is miles better (though a pain in the arse to setup if you're last attempt was at around 4.4).
Reminder: setup: mountd, portmap, and then nfsd.
I shoulda just read the frigging FAQ sooner... heh. That'll teach me.

So, need to re-build memnarch, setup php-gd and all that other goodness to get my image import working again.
Maybe upgrade to Drupal 6 from 5, though I doubt it.
Play with ubercart once that's done.

dspam is officially trained enough to be working. Small problem when you're testing it on an account that typically only gets 2-3 spam's /week, tends to take a while to get it happy.

It's too bad I didn't get some time to do a halloween costume.
I so would have gone as Hello Kitty in an Elmo suit, because it's so deliciously random.

Talkin' In My Sleep

Fiddled with the tracker view. Split it up into 'recent' and 'unpublished'.
Whoop-dee-doo you say? Well, now I can start a blog post, hit 'save', leave it unpublished, and finish it off later.
Take this post for example, been sitting around for a day or so now half-done.

And now, for something completely different.

Life. Is. Complicated.

If you just sit back and think about how complicated it really, really is. I'm genuinely surprised it doesn't just collapse into a frothing pile of goop. Reading for example... That's not complicated. Not at all!

You're reading this text (or not, as I'm a firm believer of one particular demotivational poster, but that's irrelevant).
Synapses linked to neurons in my head fired electrical impulses where letters and words are stored.
Further impulses were fired, traveled across a network of nerves causing countless millions of cells contract and expand to manipulate calcified structures bound in yet more cells of various size, shape and nature.
Said structures apply force to a collection of specifically arranged polymers which apply pressure to a contact, which sends yet more electrical impulses into the mind-bogglingly complex collection of parts which make up the home computer.
It stores the collected impulses in countless thousands of transistor gates.
Then it all gets turned into a series of electrical impulses, and then light, back into electrical, into another computer, where a series of magnets dutifully manipulates polarity of tiny, tiny, tiny portions of a magnetic material sparingly coated overtop a ceramic platter, which spins at speed.
Only for the whole process to be reversed just for it to be read by no-one.

That said, I suffered a massive case of writers block in the midst of the afore-mentioned's transposition from mine neurons to the spindle of ceramic platters from whence this very text now comes, thus is the cause for it's un-avoidable detention in the realm of the unpublished blog posts.


Oh, I can relate. Oh, so very much indeed.

Elite Fleet Ep. 2 - The Broken Code

Stand Tall

Two posts in one day. Wow... making up for lost time I guess.
Now that the spontaneous-ness of my last post has been dealt with, today was a Monday as per usual.
Though for whatever reason my mentalstate was slightly less befuddled than normal.

Lots of stuff broke, but it seemed to be a consistent pace, at least, rather than all at once.

Last weekend was a bit of a write-off, no further comments in that regard. Though, I do believe something's up with my phone - randomly deciding if it's going to buzz, ring, or otherwise - neither of the afore-mentioned.
Though, it'll decide to ring and buzz at around 1:00am, though being a Telus phone, only getting half a ring to react when you're asleep doesn't really work all that well.

OpenBSD 4.8's released. Lots, and lots of cool things to behold this go around.
The Book of PF, second edition is almost ready to roll too. I found the first edition to be particularly pleasing, though truth be told, there's nothing wrong with the pf faq, or man-pages.

And, php5-gd, no_x11 flavor is back in the i386 package tree!
Not sure why that's so pleasing, just means more work... heh.

Ho-hum... was feeling particularly creative today for some reason.
I hope this will end the argument once and for all.

Oh, one more quick thing. I found a dozen or so more amusing award winners for the legacy site. There may even be an epic action-horse-chase gif in there. Muahah!

Needz moar muzik!

Cup Of Coffee

"zomg! getting ssh bruteforced! halp!"
"Here! Just add theses IP Tables rules..."

iptables -N blacklist 2>/dev/null
iptables -F blacklist
iptables -A blacklist -m recent --name blacklist --set
iptables -A blacklist -j DROP
iptables -N ssh 2>/dev/null
iptables -F ssh

iptables -A ssh -m recent --update --name blacklist --seconds 320 --hitcount 1 -j DROP

iptables -A ssh -m recent --set --name count1

iptables -A ssh -m recent --update --name count1 --seconds 10 --hitcount 3 -j blacklist

iptables -A ssh -j ACCEPT

"Finally, drop it into your INPUT table somewhere:"

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh


That sort of stuff makes me cry.
It also makes me happy that I was introduced to pf a few years back.

block drop in quick from <abusers> to any

pass in quick on $wan proto tcp to ($wan) port ssh flags S/SA keep state \
        (max-src-conn 2, max-src-conn-rate 3/10, overload <abusers> flush global)

Koo koo ka choo!