?

Log in

kale's Journal

> recent entries
> calendar
> friends
> My Website
> profile
> previous 20 entries

Monday, April 27th, 2009
10:35 am
 I'm using Twitter mostly to communicate thoughts -- set up a Twitter->LJ gateway so inc 140-char spam.

(6 comments | comment on this)

Tuesday, March 17th, 2009
6:28 am - Music-crush: Tim Minchin
I've been watching this fellow's videos on YouTube, and yeah, music-crush.

He's like a vaudevillian pianist performing incredibly intelligent songs showcasing dark humor and morbidity.  I've found it rather enjoyable to play a YouTube Playlist of his music in the background while internetting or fucking around the house.  Some key songs that I enjoy:

If You Really Loved Me -- one of my faves, it's quite sweet and.. terribly twisted
Storm -- a nine-minute beat poem that debunks all new age BS
If I Didn't Have You (I'd Have Someone Else) -- a statistical analysis of love
Taboo -- probably my fave song, it's about a taboo word in modern society
Donnie Darko -- I'll ashamedly admit that I didn't fully understand the movie until I heard Tim's explanation

Tim's got a great stage-presence and in all his videos, he appears to really enjoy performing in front of a live audience, feeding from their laughs.  He's also a brilliant pianist whose instrumentals could stand up on their own, though coupled with his lyrics and voice, it's totally awesome.  If he ever tours the US, I'll be there in a heartbeat.

(2 comments | comment on this)

Friday, February 20th, 2009
10:08 am - The 10 Golden Rules for Troubleshooting Linux
I'm doing a brain vomit, and you're the lucky recipient of my geek bile!

1. Man pages exist and should be used.  Seriously, everything's there, from application docs to syscall docs to syntax and formatting of log files.

2. Don't reinvent the wheel.  99% of problems you're experiencing or ever will experience, somebody's already gone through it and figured it out.  Google is your friend.

3. If you don't know what something's doing, or why it's not working, strace it!  Nobody ever uses strace, yet I find it invaluable.  Especially for Apache issues.  Is your site or PHP code or whatever not working?  
  3a. Make sure your timeout is set to something long enough for manual human interaction, and fire up two terminal windows.  
  3b. SSH to server on one and gain root access.
  3c. In the other window, telnet to your server on port 80.  Make a GET request for the page causing you issues, such as GET /page.php HTTP/1.1
  3d. Switch to SSH session.  Do `netstat -plant |grep your.ip.add.ress' and find the ESTABLISHED one with an apache process attached to it.
  3e. Run `strace -p (pid of apache process from above) -vvv -Ff -s 256'
  3f. Back in telnet session, type "Host: domain.com" and hit enter twice.
  3g. Switch back to SSH session and watch the syscalls go!  The answer is held within.  Always.
  (note -- you can also launch Apache in debug mode (`httpd -X'), but this requires taking down the service.  Debug mode sets MaxClients to 1 and it doesn't fork child processes, making it easier to strace (you don't have to switch back and forth to find the pid of the child you're connected to), but it's not feasible on a live server.)

4. Logs exist for a reason.  Read them.

5. Applications crash, servers don't.  If your server crashes, it's either bad hardware or a kernel bug (fairly rare on popular distros).

6. Always make backups.  Always.

7. Always mount NFS mounts with the 'intr' option.  Having to reboot because of a network blip is uncool.  (Humorous aside: Macs mount bonjour-introduced mounts via AFP, which appears to have all the awesome negatives of NFS.  If the mount goes away (other server going down or whatever), Finder will freak the fuck out and your programs will start having bizarre issues.  My Finder was hung, and attempting to restart it failed.  Then iTunes got stuck in a loop.  Then Quicksilver crashed.  The only thing I could do, literally, was run `shutdown -r now' in the Terminal window I had open.  Lesson learned -- unmount share when doing software updates on the other server.)

8. Learn to use `grep', `sed' and `awk'.  Learning to manipulate text is surprisingly important for a text-based interface.

9. Load average does not mean CPU usage.  100% memory usage does not mean you don't have any more available for new applications.  You can run out of inodes before you run out of disk space.

10. TCP wrappers suck.  If you've been hacking at an issue for over 3 hours, look to your TCP wrappers.  /etc/hosts, /etc/hosts.allow and /etc/hosts.deny will hold the answer.

(1 comment | comment on this)

Tuesday, February 17th, 2009
3:46 pm - Shoutcast
I set up a Shoutcast server on my racker box so I can listen to my music from home when I'm at work, so I don't need to waste gibbies and gibbies on mp3s on my laptop.  An interesting exercise in RPM building (and rebuilding) and hacking makefiles.  You can enjoy the stream at http://www.superhappykittymeow.com/stream.m3u .  Note: this is music that *I* like, so suck it up if it doesn't tickle your fancy.

While setting this up, I figured the easiest way to stream the music would be to use the source on my fileserver, so I wouldn't have to shuffle files around.  I got it working, but my overall connection was suffering from it -- my poor Time Warner connection was being anally raped and I couldn't do anything else while streaming.  I used Time Warner's online chat to upgrade to their 15mbps package (special online upgrade price of only $5 more than what I'm paying now!), and one modem reset later, nice and zippy.  I hate Time Warner with a burning passion, but I gotta say, this upgrade was pretty painless and I'm pleased with the results.

I have exquisite taste in music, FYI. 

(1 comment | comment on this)

Sunday, February 15th, 2009
7:36 am - Linux tip-of-the-day
For some reason, I always thought that `perror' was solely for MySQL errors, since it comes with MySQL. 

I AM A FOOL.

From the man page:

DESCRIPTION
       For most system errors, MySQL displays, in addition to an internal text message, the system error code in one of the following styles:
 
          message ... (errno: #)
          message ... (Errcode: #)
 
       You can find out what the error code means by examining the documentation for your system or by using the perror utility.
 
       perror prints a description for a system error code or for a storage engine (table handler) error code.


Very handy for interpretting strace output.  Also of note -- you can man syscalls like getsockopt and whatnot -- also useful for strace.  In fact, here's a handy chart about the man page sections, which always made me wonder what they are, so I looked them up and found a pretty chart:


Section #Topic
1Commands available to users
2Unix and C system calls
3C library routines for C programs
4Special file names
5File formats and conventions for files used by Unix
6Games
7Word processing packages
8System administration commands and procedures

 

(comment on this)

Wednesday, February 4th, 2009
6:18 pm
 I've decided to try to record my dreams.  I've found that I have a hard time being creative when I want to be -- ie, no "drawing time.. now!".  When I wake up, however, I tend to have fading memories of crazy dreams, and I reckon that my brain's a lot more creative when I'm not forcing it to be.

I put a notepad and a pen by my bed this morning before I fell asleep.  I have a habit of tossing and turning about twice a night, and tend to wake up very slightly during this period -- I'll still be immersed in whatever dream it may be, but I'll gain a bit of consciousness, such as noting the time on my alarm clock, or realizing a cat had been sleeping on my face and wiping the cathair off my nose.  I'd use these moments of consciousness to record my dreams.

I had mixed results when I woke up this afternoon.  First off, my notepad only had two phrases scrawled on it:

"It is a tale of Intergalactic Rejection"

"so it was."

And so, apparently, it was.  These have no relation to the dream that I woke up remembering, though, which involved myself and my family flying from Russia to the US in a Concorde jet.  It was a rather luxurious jet, and a smooth and quick flight.  Arriving in the US, it seems my passport had disappeared, and I was detained by Customs and held in a small room with a 2-way mirror.  I was interrogated by a lovely young woman who kept showing her cleavage.  She was joined later by another young woman and they got into a fight over my situation.  I woke up before I was released.  The holding room was cold.

I'll keep the notepad by my bed for future sleeps.  Perhaps I'll get enough random strings that I can create a Hockney-esque song of surreality.

(comment on this)

Thursday, January 29th, 2009
6:44 am
 I just did some work on some guy's servers who were named after Warcraft bosses.  That was pretty cool.  He also had a server named "uranus", which I made certain to use wherever I could ("I'm still investigating the issues with uranus." "I've just updated the packages on uranus.").  hahaha

(1 comment | comment on this)

Sunday, January 25th, 2009
10:22 am - Geek rant
 I deal with a lot of the compromises that we see on the linux side.  These are always simple web app exploits (Joomla, phpBB, random PHP script) that are easily tracked down and cleaned up, though of course, the problem isn't solved until the hole is fixed.  The security hole that was exploited is always the hardest part of the job, but I can almost always find it -- down to the specific line of code -- and make suggestions to the developers to fix it.  

I can't fix it, of course, because I'm terrible at coding.  I'm good at pointing out terrible code, though ;)

However, over the past few months, I've seen a HUGE rise in iframe exploits.  Johnny Q's customer's start complaining to him that their Norton popped up when they visited the site, or they get the Google "This page may harm your computer" page that requires two extra confirmation clicks to visit the site (this is a feature in the latest version of Safari and Firefox, and a number of AV programs use Google's database to prevent site accesses).  

Digging into Johnny Q's site, there's no script exploit, there's no weirdness on the server itself.  It's all in the HTML, and it's all a single added iframe line that redirects to a page off-server that downloads 2304890234 trojans, viruses, malware, etc.

I started researching this when I first saw it.  I couldn't figure out how these iframe lines were added to the code.  Everything checked out, the code just mysteriously changed.  Then I looked at the FTP logs.. oh my.

A user from China, Russia, Romania, or any gaggle of countries had logged in and downloaded every HTML and PHP page that matched index*, default*, home* or main*, one at a time, appended about 100 bytes of code, then re-uploaded the file.  Checking the secure log, there were no password failures.  They knew the password.  

Johnny Q had visited a page that had one of these iframe exploits, and, without his knowledge (or his antivirus's knowledge), downloaded malware.  This malware sniffed his FTP account info and phoned it home to some hacker, who then ran a script to login and append the iframe exploit.  Some other Johnny will visit this site (or 50,000 Johnnys), get infected, and in turn, get their own sites infected.  

The hackers are always one step ahead of the AV companies, and will modify their code (and auto-push updates to all the workstations they've infected) to sidestep attempts to kill the malware.  They keep spreading infectiously, and at an alarming pace -- a few months ago, I would see one server a week with these iframe exploits.  Now I'm seeing about 3 servers a night.

Google's Security Lab is constantly studying this, and wrote up an excellent whitepaper on the subject, All Your iFRAMEs Point to Us.  It's a bit dated, but the methods remain the same.

Every time this happens and I clean it up off a server, I change the passwords and tell the Johnny that he needs to clean his client computer -- and no, antivirus won't fix it.  It will try, but it's never enough.  Reformat and reinstall your Windows OS, run Firefox with the NoScript extension... that will keep you a bit safer.  However, you really won't be fully safe unless you run a non-Windows OS.  The malware attacks you and installs itself without user notification, using privilege escalation exploits in a bevy of applications -- Flash, MSIE, random application A, other application B.  New vulnerabilities in any Windows app are found and exploited daily.  Hint: this doesn't occur on Linux or OSX.

I'd rather deal with web app exploits  and c99 shells, Apache-user ownage, than these iframe exploits any day.  The iframe exploits are easy to find and clean up -- a simple `sed' will do the trick -- the hard part is explaining it to Johnny.  And then explaining it again when his sites are exploited next week.  And again the week after.  

Conclusion: Stop using Windows.  That'll make my job a lot easier :P

(comment on this)

Wednesday, January 21st, 2009
4:00 pm
 I bought "Space Invaders Extreme" on a whim for $10 for my PSP that I never play.  Ho-lee crap, that's an ADD-ridden arcade masher.  Talk about feverish gameplay.  Highly recommended for quick fun.

I also recently purchased "Chrono Trigger" for my (also) neglected DS.  I'd never finished the game all the way through as a child, as I never had a SNES, so I figured, hey, I've got nothing better to do right now.  I'm currently killing robots in the future trying to find some food for the dirty people that live in the domes.

(1 comment | comment on this)

9:06 am - Yesterday was cooking day.
 I slow-cooked a pig butt in my crock pot; 12 hours later, it falls apart at the touch of a fork and is perfect for kailua pork.

While that was cooking (and making my house smell like pig), I poached a salmon fillet and steamed some asparagus.  Both of these actions can be done easily in the microwave without adversely affecting the flavor.  Unfortunately, I haven't yet figured out how to make hollandaise sauce in the microwave, so I had to dirty a pot for that.  



I'm very happy I discovered the Horizon Organic milkboxes -- there's a little over 1 cup of milk per juicebox, and because they're individually packaged, they have an extremely long shelf life.  I've got a 6-pack in the fridge for whenever I want a bowl of cereal or need a cup of milk in a recipe.  Saves a trip to the grocer's!

Kikkoman makes a tofu miso soup packet that is absolutely delicious.  Miso is an acquired taste, I reckon, but if you've discovered that you like it, I highly recommend picking up some of this powdered soup.  Surprisingly filling for powdered fish paste, soy, dehydrated seaweed and tofu.  Beats the hell out of ramen, IMO (which feels blasphemous to say).

(6 comments | comment on this)

Sunday, January 18th, 2009
9:54 am
I think I'm going to start using my LiveJournal again. Why? Why not?

This go round, though, will be less emo and more technical.

To start, some useful awk recipes for Apache log parsing:

find out who is hotlinking images:
awk -F\" '($2 ~ /\.(jpg|gif)/ && $4 !~ /^http:\/\/www\.domain\.com/){print $4}' access_log | sort | uniq -c | sort

blank referrers (direct hits):
awk -F\" '($6 ~ /^-?$/)' access_log | awk '{print $1}' | sort | uniq
(does it bother anybody else but me that in PHP the referrer server variable is $_SERVER['REFERER']? they freeking misspelled it... and it's too late now to change it.)

how many times each ip hit a uri:
grep '12/Dec/2008' access_log | awk '{cnt[$1]++;} END{for (ip in cnt){printf("%-15s visited: %04d time(s).\n", ip, cnt[ip])}}'

amount of data xferred:
cat access_log | awk '{ SUM += $10} END { print SUM/1024/1024 }'


man i just bored myself :/

(4 comments | comment on this)

Tuesday, August 12th, 2008
8:18 pm - New plate!

(6 comments | comment on this)

Sunday, July 20th, 2008
11:54 pm
Best iPhone apps:

1. Twitteriffic. I didn't start using Twitter until Jim hounded Chris and I to do so on our iPhones, and this is a really well-done mobile implementation of the application. Great, intuitive UI.

2. Twinkle. Another Twitter client, though this one focuses more on location-based relations -- I can see all twitter posts (I refuse to call them "tweets") within, say, 5 miles, based on the phone's current GPS location. Makes it really easy to discover people, and at least locally, we're using it as another chat view to get to know each other. Location-aware social applications are great on the iPhone, and I'm glad they're being pushed in AppStore.

3. Tap Tap Revenge. It's like a mix of DDR and Guitar Hero for the iPhone. Very well designed, very fun, and they have tournaments all the time -- I won a $30 iTunes gift certificate from their first contest, woohoo!

4. Graffitio. This is one of the most novel apps to come out for the iPhone (so far), and it's rather hard to explain. It allows you to create and add to anonymous forums that are tied to locations -- virtual "graffiti". There's one for an apartment complex near work where people are having a flame war over whether or not it's a good place to live. At work there's one about Ace's mom. I'd really like to see this app grow -- finer accuracy would be nice (right now it's set to 1000m, which is a bit too wide, IMO), as well as the ability to attach pictures. When push service opens up for AppStore apps, I'd like to see it "ding" when I come across a location with a wall. It'd be great for geocaching (literal "virtual caches"), for example.

5. Shazam. Run the app, play a part of song, wait 10 seconds, and it tells you what the song is. Amazingly accurate.

6. Aurora Feint. Currently, it's only a Bejewelled-esque blocks and columns game, but it's really fun as is. It's being built as a puzzle-based MMO, and there are budding community features that support that. You can level up and learn new tools and spells that help you mine more resources faster, so you can spend them on more items, etc. Hopefully the project won't falter.

7. Terminal. First app I've installed after jailbreaking my iPhone, and this is what makes it totally worth it. It's a terminal. What more can I say?

iPhone's still not a Sidekick replacement yet... but after jailbreaking, and as more apps enter the AppStore, it's getting closer. When I can get full push services -- instant messaging, Twitter, etc, then I'll cancel the Sidekick. But not yet.

(6 comments | comment on this)

Sunday, July 13th, 2008
11:48 am
iPhone 3G: First Impressions

So I stood in line at the Apple store and picked one up the other day. 16GB black. I don't know why I got 16GB -- I don't really plan to use it for music. Future expansion, "just in case", I guess. I'm slowly migrating to this new number -- get in contact with me if you need my new phone number.

First, the bad. Not so much "bad", but annoyances/disappointments. The AIM client is shitty and sometimes serves up random mysterious blank IMs. It's also "push", which is good, but it only pushes for about a minute, then times out. I'd really like a Cognet client for the iPhone that I can hook into my Cognet server, which basically proxies the communication. I've been using Cognet on my Sidekick for years for IRC (the Sidekick's AIM app has built-in client side queuing and server-side proxying). This is pretty much the only thing keeping me on the Sidekick anymore.

No SSH/terminal app is disappointing as well. C'mon, Apple! The Loupe is a clever way around the lack of arrow keys for text manipulation, but it only works in certain text fields. The battery indicator is small and doesn't really give me any idea how much capacity I have left. GPS only works outdoors, for the most part, and it doesn't fall back on cell tower triangulation (the older iPhones use this solely). I hate hate hate hate the in-line text autocorrection and there's no way to disable it. There's also some funkiness sometimes with syncing apps, and I still can't figure out how to make a ringtone.

Now, the good!

ITS AN IPHONE.

It's also sleek and smooth and the 3G is actually really really fast. The app store has a ton of apps of varying quality -- I actually like that, it means that you don't have to be a top-notch dev shop to get your app in. Tons of free apps, and free apps with paid counterparts. There are some incredibly clever apps out there (I'm particularly fond of Graffitio and Tap Tap Revenge). Safari is very fast and smooth and easy to use on all web pages I throw at it, Mail is pretty complete, Google Maps is great (though it seems to forget my user-defined pins all the time), the camera is pretty nice, YouTube app is excellent, and the sync with my .mac account and my computer is very nice. Built-in VPN client with support for enterprise RSA authentication is an unexpected (and awesome) surprise.

Things that I wish were better that probably will be in a future update:

I wish it could sync to my computer over bluetooth or wifi. I wish that it could connect to other iTunes shares over Bonjour over the wireless. I wish I had finer control over settings (like, say, turning autocorrect off), and I wish there was an app that showed standard statistics, such as current bitrate, CPU usage, memory consumption, etc. I wish more apps supported screen tilting, like Safari, so I could use the bigger keyboard (faster to type on with thumbs). I wish it supported newer versions of Flash in the browser. I wish there was a way to enable error messages, so if an app crashes I could see why. I wish GPS fell back to cell triangulation if it can't get a lock.

I wish the GPS crosshair, when it zoomed in, said "Enhance". Or maybe not -- I already say it.

All in all, worth it with the assumption more apps will come out and Apple will update the OS and built-ins.

(2 comments | comment on this)

Saturday, July 5th, 2008
7:14 pm
Eagerly waiting my new Texas license plate!

(1 comment | comment on this)

6:35 am - Saturday
Is kolache day!




KOLACHE DAY




David and Josh came back successful, and enfattening thusforth ensues.

(comment on this)

Monday, May 26th, 2008
11:10 pm
Tonight I made Kailua pork and cabbage for dinner. It is a Hawaiian staple, and when I lived o'er yonder as a child, I ate it every other day as it was a part of the school lunch menu ($.35).

It took 6 hours for the pork to get just right, but it's well worth it. I have enough shredded pork left over in the fridge to last me a few days. Traditionally, it's made by digging a hole in the ground, wrapping the pork in taro leaves and sticking it down there with coals, covered with tea leaves, but I don't think my apartment complex would like that much.



It's stupid easy to make, by the way:

5lb pork butt
1tbsp liquid smoke
1tbsp sea salt
1 cabbage, shredded
1cup water

Rub salt into pork. Drizzle with liquid smoke. Wrap loosely in the outside leaves of the cabbage and place in crock pot. Add 1 cup of water along the bottom. Cover and cook on low for 6 hours -- the longer the better, but the minimum is 6 for safe pork.

When it's done, it'll be falling apart. Shred with a fork. Shred your cabbage now, and place in a wok with a bit of oil and lightly stirfry. When the cabbage is warmed up and less crispy, put a few cups of pork in it, juices and all. Cover and cook on medium heat for about 4 minutes. Serve on top of rice!

5lbs of pork makes about 2348092 servings.

(7 comments | comment on this)

Tuesday, May 6th, 2008
4:47 pm
I ordered a pair of shoes off Zappos.com last night at 10pm -- they shipped at 5am and arrived at my door at 11am. 6 hour shipping? Are you serious? That's *insane*. The shoes are pretty comfy, btw.. might be time to retire my old and worn Pumas... finally. They will be missed.

(3 comments | comment on this)

Friday, April 18th, 2008
6:43 pm
Or not...

Scott jinxed me, and I received an email canceling my T1 order. Apparently the local Covad POP is at max capacity and they do not plan on provisioning more space... so no T1 for me. I'm also 18k feet from the CO, so no DSL for me. Leaves me with two choices for internet access at my location -- cable, which I have and with which I'm quite displeased, and dialup (I don't even have a phone line).

I'm just extraordinarily unhappy with my Time Warner/RoadRunner connection, and pissed I can't find any viable alternatives. 15-20% packetloss sucks, and Time Warner won't do anything about it. I've spent so much time with them on the phone only to be finally told that "there have been a number of outages in your area" -- no word on resolution, no assurance that they're even doing anything about it. Shit sucks.

(3 comments | comment on this)

Tuesday, April 15th, 2008
2:29 pm
I hate Time Warner/Roadrunner Cable. Over the past week I've had multiple service outages, across-the-board 20% packet loss, and when I called them to see what's up, I logged about 5 hours of time on hold with them.

It seems things have cleared up for now (as I'm sure I just jinxed myself), but I'm fed up with it -- this isn't the first time I've had a "bad internet week" with Time Warner, and I know it won't be the last. Of course, I live too far out for DSL, and my connection options are limited... luckily, while DSL degrades after 16,000ft, T1s are good til 20,000!

So I'm ordering T1 service from Speakeasy, who I honestly can't stop gushing about. I had the joy of having DSL through them when I lived in Dallas, and it was a *pleasure* to call them -- even when something went wrong, they were professional and knowledgeable, and always worked towards a resolution

So I'm getting my T1 installed in about 2 weeks, and they'll be happy to do a reinstall if I decide to move to the other side of town to get closer to the Castle. I'll probably move all of my shit hosted elsewhere to my local servers -- harden my G5 and turn it into a web and mail server, for example. I'm excited... finally, fast, unrestricted, reliable bandwidth :D

...just don't ask me what I'm paying for it!

(comment on this)

> previous 20 entries
> top of page
LiveJournal.com