Posted on 2008-10-03 15:00:00
Tags: Rant, Computers
The only thing missing which would explain everything is the date of when this all happened: It wasn't Friday the 13th...
Yesterday at noon I asked OfficeWorks to scan in and copy my employee contract with the new company I am going to work for (you don't know yet? You will soon). Nothing too fancy I thought. But when I picked up the paperwork, I was missing the original of my employee contract... Yes, that is the most important part of it I thought. Twenty minutes later they found it, it was still laying in one of the drawers of one of the copiers. On my way home, I found out in the chaos that they hadn't returned my USB stick with the scanned in documents neither...
When I was home, I got an urgent phonecall to not leave the house because the love-of-my-life had forgotten her keys. Assuming that she was on her way back, I stayed in the garden... a little bit longer than normal on the toilet... I watched a TV show... Cleaned up the garage a little bit... And two hours later she finally came home.
In the evening, Dirkie insisted in not eating anything from his plate. But he was very keen on having pasta, noodles, sprinkles, vegimite, sausage etc. So one and an hour later he ate the tiniest piece of bread of his plate, nearly choked on it so bad did it taste and finally was allowed to leave the table.
Normally when the two children are in bed, I have time to do things. Not today, not today. I made myself a nice cup of tea and Naomi came into the room with Hanorah on her arm saying that the little one had thrown up. I've been babies bringing up a lot of different kind of foods and in a vast varity of amounts, but this was really a new record... So I had to change the bed sheet, the sheet under it, the donah cover and turn the mattrass around...
Half an hour later, Hanorah back to bed and I try to stay awake to figure out what has happened in the virtual world of the FreeBSD community. Except that the last line of the screen of my computer said "INSERT BOOT DISK OR PRESS ENTER TO REBOOT". Rebooting resulted in a dreaded tick-tick-tick of the harddisk and the same message. We'll find out tomorrow what has happened here, it has RAID1 somewhere in the BIOS and I never got an alert from that that it didn't work.
Luckely I was too tired to worry about it, otherwise I would not have slept and would have been even more tired than I am now.
In the morning, I disconnect the two disks from the RAID1 array and hooked them up one by one to find out which one was the broken one. Finding the broken one is simple, just listen to the tick-tick-tick. Booting the correct one, that hasn't been accomplished yet...
Off to the shop and buy a bunch of new disks, and this time we'll use the FreeBSD Geom Mirror software! A bargain, 500Gb disks for AU$ 99.- and 1Tb disks for AU$ 199.-. And at home, I found out that one of them didn't work, it showed up as 32Gb in the BIOS, and that the other one worked fine. Back to the shop only to find out that they don't have other 1Tb disks...
So worst case I lost all my unread mail (YAY!), all my BarNet related software (which could be a good thing considering I don't do software development for them anymore) [this sounds like my computer wanted to make a clean start too!], all my RSS feeds and all my Seamonkey bookmarks and saved passwords (AAAAAAAAAAAAAAAAAAAAAAAI). Plus my FreeBSD checked-out Subversion trees with all the patches I have submitted in the last year but have not been commited yet.
For the good thing: I finally will move to a different window manager, because fvwm95 is getting a little bit old (hey, it's 2008 :-) For now I will use vtwm and I hope I can get the control-left-right-up-and-down to work to change virtual desktops.
In the mean time, if you have a hardware RAID solution: MAKE SURE IT WORKS!
Posted on 2008-09-06 11:00:00
Tags: Networking, Rant, Cisco
When Cisco Systems started, the world of networking was simple, there were routers and there were hubs. Routers connected to other routers and hubs, hubs connected to one router and computers. Each interface on the router was its own LAN, its own IP subnet (Unless you used the interface for SNA, DECNet, IPX, AppleTalk or briding only). And the configuration on the routers made sense:
interface serial0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet0 ip address 192.168.2.1 255.255.255.0
Over time, hubs got replaced by switches. Coax cables got replaced by cat5 cables. Seperate routers and switches got integrated and people started to think in VLANs instead of router interfaces. And this is where the Cisco IOS syntax went wrong: They kept talking about router interfaces instead of LANs.
For example, to create a new VLAN an Extreme Networks switch/router or a Riverstone / Cabletron switch/router (does anybody remember them?), you create the VLAN (you give it a name, not just an index number) add the IP subnet to the VLAN, add a tag to the VLAN and add (finally!) the ports, tagged or untagged, to the VLAN. So you have a VLAN, and it has the VLAN tag and IP address properties, and it has one or more ports in it. Port specific properties (speed, duplex, label) are configured in the ports section.
As you can see, this is readable and this is logical.create vlan "backbone" configure vlan backbone tag 2 configure vlan backbone add ports 4 tagged configure vlan backbone add ports 5 untagged configure vlan backbone ipaddress 10.128.7.1/28 [...] configure ports 4 display-string fibre-to-dc1 configure ports 4 auto off speed 100 duplex full configure ports 5 display-string natgw
Now let's see how it goes on the Cisco switch/router. It calls both the physical and logical ports and the VLAN definitions "interfaces", so there is no hierarchical approach of obvious difference between them:
Let's see, vlan 2 is euhm... on ethernet0/2 and on ethernet0/1 (maybe on others too, I couldn't find it so fast in the configuration), ethernet0/2 is the access network so it is untagged but it sits in vlan 2 and ethernet0/1 is full-duplex and has vlan 2 on the trunk so it must be tagged.interface ethernet0/1 description fibre-to-dc1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2 switchport mode trunk duplex full spanning-tree portfast ! interface ethernet0/2 description natgw switchport mode access switchport access vlan 2 spanning-tree portfast ! interface vlan 2 description backbone ip address 10.128.7.1 255.255.255.240
So the definition of VLANs in the IOS Syntax has become more of a hack without hierarchical approach to the issue than a proper style of hierarchical definition of the VLANs, its properties and the ports in it. Instead of the above, it could have gotten its own section:
interface ethernet0/1 description fibre-to-dc1 duplex full spanning-tree portfast ! interface ethernet0/2 description natgw spanning-tree portfast ! vlan 2 description backbone ip address 10.128.7.1 255.255.255.240 untagged ethernet0/2 tagged ethernet0/1
Can this issue be resolved and the IOS Syntax replaced by a proper syntax in which you can define a VLAN and its properties readable and logically? Asking the question is answering it: Of course. But will it ever happen? I hope it, because the current syntax is very error-prone. But I doubt it, since it is there already for years and hundreds of thousands of devices do use this syntax. Having people to change all of these configurations isn't something Cisco would want to do.
Posted on 2008-05-01 09:00:00, modified on 2008-06-01 09:00:00
Tags: IPv6, Trains, Rant, Memories
The coming two days I'll be at the IPv6 Workshop of APNIC. Of course this workshop is in the middle of nowhere, which is impossible for a Sydney based event so let me rephrase it: It is held in a non-central location unreachable by train. The options? Take the train to the city (one hour) and then the bus (one hour) or take the train to Parramatta (1.5 hours) and take a taxi from there.
But the good news is: thanks to the speed of the Cronulla / Bondi train this morning I was able to catch one train earlier at Redfern, and that one only stops at Strathfield, Lidcombe, Granville and Parramatta, which will save me some hassles... I hope :-)
On the sideline, I checked out when my first IPv6 capable program was created: It was the Fatal Dimensions Mud server and the commit date was 29 April 2000, eight years ago. The IPv6 connection came via FreeNet6 in Canada and that was a IPv6-over-IPv4 tunnel. Thanks to my FreeBSD port of their tunnel software I got a tshirt from them!
Update: That taxi took half an hour to get there....
Posted on 2007-10-05 09:00:00
Tags: Rant, Sports
Playing poker on top of a mountain? Playing poker under water? Playing poker in the freezing cold of Finland? Give me a break.
Poker games broadcasted on television is the most boring and useless filling of time. Nothing happens, nothing at all. Compare broadcasts of lawn bownling with broadcasts of poker and you would think that lawn bowling has the same excitement and entertainment value as soccer games have.
Extreme Lawn Bowling... Now that's something worth investigating (NOT)
Posted on 2007-06-21 09:00:00, modified on 2007-06-21 14:00:00
Tags: Networking, Rant, TCP-IP stack, Windows
Recently I had to redo the design of the machine with our public websites, and after an earlier successful implementation of virtualisation with FreeBSD jails, I decided to put them all in their own private jail, with their own public IP address, too.
Since I'm a firm believer in "eat your own stuff" and my website was on the list of sites to be moved, I decided to do that one first. The IP range we have for it was 202.83.176.0/24, and since the first half of it was already in use by other services, I started to go down from 255.
To make life easier for us, we use a lot of dynamic routing in our network. Also with jails: They're defined on the loopback interfaces and the subnet masks are all /32's. The combination of these two should make it easy to move them around if necessary without having to worry about physical machines and subnets and DNS.
So, we have this new webserver (my webserver, so somehow important to me) on 202.83.176.255 and it seems to work fine. I can access it from inside the network, I can access it from outside the network, I see webbrowsers and spiders connecting to it. Life is good!
Except... I get reports from people saying that they can't get to my website, that there is some kind of DNS error: Cannot find server or DNS error is what Internet Explorer tells them. I ask them: "Can you ping the machine? "No that's not workin." "Can you telnet to it?" "No, it says Connect failed.". I don't see anything in the logs, I don't see anything on the network. No idea what goes wrong here...
Finally I get the same message from friends who have elite skillz in the ancient arts of ping, traceroute, telnet and tcpdump (Hi dvl, koitsu!). And we start trying: Yes, we can ping 202.83.176.255, so there is nothing wrong on the end-to-end network layer. No, we can't ping 202.83.176.255, but I saw their ICMP packets on the webserver. From inside the jail, I can connect to their hosts, so there is nothing wrong with TCP sessions. We advertise a /21 to the world, so it won't be a network boundary problem. One of them can connect to the webserver (He's running FreeBSD), and one of them cannot (He's running Windows), I see the packets of the first, but not the packets of the second (whose ICMP packets I saw). Then the one with FreeBSD tries it with his Windows machine and he can't suddenly anymore. I think we narrowed the problem down to one thing: Microsoft Windows (Ouch, it did it again).
We do more tests: On the Windows machine, we cannot ping 202.83.176.255 (but I see the ICMP packets. We cannot setup a TCP session to it (and I don't seen any TCP packets). We can ping 202.83.176.254, and we can setup a TCP session to it. Now put one and one together....
Historically, 202.83.176.255 is in a class C subnet, going from 202.83.176.0 to 202.83.176.255. These days, with Classless Inter-Domain Routing, that subnet can be split in many little subnets, or be part of a supernet. Somehow, Windows still thinks in classfull subnets (You can see it with the default subnetmask it suggests when you configure an IP address on a network interface). And it prohibits TCP traffic halfway in the IP stack traffic to that IP address. To test this, we tried the following on the Window machines:
But still:
Anyway, the webserver now runs on 202.83.176.248 and Windows machines are happy again.
See also the thread at DSL Reports.com.
Update: The problem is confirmed in Windows2000, Windows2003 and Windows XP. Vista handles the ICMP and TCP packets as expected.
Posted on 2007-06-13 17:00:00
Tags: Rant, DNS
Over the past years, I've created a nice hierarchy in DNS to keep my insanity under control. For example, for the POP server we have (pop.barnet) which points with a CNAME to pop2.barnet which point with a CNAME to the dbmail2.barnet jail which point with an A record to the IP addresses of the machine:
So if the machine fails, or the dbmail jail doesn't work anymore, or the dbmail-pop3 program is broken, all we have to do is one little changes in the hierarchy and it is all working again, without disrupting the real operation of the machine.pop 60 IN CNAME pop2 pop2 IN CNAME dbmail2 dbmail2 IN A 202.83.178.99
Since earlier this month we don't have one, but two POP servers! And of course the easiest solution would be: Let pop.barnet be a CNAME to both pop1.barnet and pop2.barnet.
And there starts the trouble:pop 60 IN CNAME pop1 pop 60 IN CNAME pop2 pop1 IN CNAME dbmail1 pop2 IN CNAME dbmail2 dbmail1 IN A 202.83.178.88 dbmail2 IN A 202.83.178.99
Well, I'm (!)@*#()!@*#'d. This is not allowed... Now I have, because it can't be done any different, reintroduced A records for the services....Jun 13 16:17:24 ns0 named[3106]: dns_master_load: .db/barnet.com.au:203: pop.barnet.com.au: multiple RRs of singleton type
pop 60 IN A 202.83.178.88 ; pop1 pop 60 IN A 202.83.178.99 ; pop2 pop1 IN CNAME dbmail1 pop2 IN CNAME dbmail2 dbmail1 IN A 202.83.178.88 dbmail2 IN A 202.83.178.99
Posted on 2007-01-12 20:05:54, modified on 2007-01-12 20:32:25
Tags: Rant
We are planning a new radio link between the StJames Hall Building and the MLC centre. The MLC centre is high, very high.
With the distance between the buildings (150 meters), and the height of the SJH building (50 meters), and the height of the MLC centre (unknown at this moment), I know the angle the radio link has to make.
So I went to the reception of the MLC centre, who told me that building management would know the answer. So I went to level 9 where building management is, and I spoke to Jones Lang LaSalle. Nice guy, but totally obsessed about security. He didn't want to tell me the information without knowing what we were going to do. So I told him. Then he wanted to have a letter from the floor we were trying to hook up, because the data required was sensitive information. And of course the standard line "as you can understand, we can't give that sensitive information" came up. What!??!?!? Luckely I could find the required information on the internet...
So, for people who want to know how high the MLC centre is: 228 meters high.
Sources are:228 meters! 228 meters! 228 meters! I hope they don't link this entry to my Dutch Terrorism activities. 228 meters is the height of the MLC centre!
Posted on 2006-10-29 15:01:46, modified on 2006-10-29 15:05:16
Tags: Rant, Politics
Labour: We will employ 600 extra police men and women.
Liberals: We will employ 700 extra police men and women.
Labour: We will employ 750 extra police men and women.
Liberals: We will employ 800 extra police men and women.
Labour: We will employ 850 extra police men and women and we will give them a water cannon!
Liberals: We will employ 850 extra police men and women and we will give them two water cannons!
Going once... going twice...
Posted on 2006-06-16 11:01:52, modified on 2006-06-16 11:12:42
Tags: Networking, Rant, DNS
One of our users complained that the LawLink website (http://www.lawlink.nsw.gov.au) was very slow. I checked our traffic report webpage, and it looked fine. But why didn't it work for him? The problem lies in DNS:
[~] edwin@k7>dig lawlink.nsw.gov.au ns ;; ANSWER SECTION: lawlink.nsw.gov.au. 80018 IN NS ns.magna.com.au. lawlink.nsw.gov.au. 80018 IN NS kettle.magna.com.au. ;; ADDITIONAL SECTION: ns.magna.com.au. 79883 IN A 203.111.0.10 kettle.magna.com.au. 79887 IN A 203.111.0.13
Looks fine... FIrst nameserver
[~] edwin@k7>dig @ns1.lawlink.nsw.gov.au www.lawlink.nsw.gov.au a ;; ANSWER SECTION: www.lawlink.nsw.gov.au. 0 IN A 203.3.176.80
Besides a TTL of 0 which is very strange, this one works fine. Next one!
[~] edwin@k7>dig @ns2.lawlink.nsw.gov.au www.lawlink.nsw.gov.au a ;; connection timed out; no servers could be reached
Unreachable! Now it starts to make sense.
Due to the TTL of 0, which means that the answer never gets cached, and half of the advertised DNS servers unreachable, it will take some time to get an answer for the hostname www.lawlink.nsw.gov.au.
Typical case of having your domains hosted by somebody who has zero clue about how DNS works. Way to go Magna Data!
Posted on 2006-02-17 14:34:25, modified on 2006-02-17 15:32:01
Tags: Rant, Mobile phones
The D600 is a nice looking phone, but it's user interface has some bad design issues.
Posted on 2006-01-17 08:54:40, modified on 2006-01-17 10:40:33
Tags: Rant, Mass Media
As the saying goes, the content on commercial television station is to fill up the time between commercials. And I've seen some sad examples of this here in Australia.
On free-to-air television in Australia you have seven channels:
With the rise of digital television, the ABC and SBS have taken the opportunity to improve the variaty of their content by taken a second, digital only, channel. The other channels are just re-broadcasting their normal channel.
The source for my decision, and this rant, lies in a single movie I tried to watch: The Battle of Britain. It's a historical movie, an old movie, slow in acting and in progress of the storyline, But it's a movie I wanted to watch because of the change in my cultural environment. Like I said, it's a slow movie, taking 45 minutes what these days gets pushed in 10 minutes of lousy acting and bad camera work. But these 45 minutes get interrupted by at least four commercials, taking you out of the careful orchestrated mood of looming battles and the upcoming darkness to a happy world of home loans, end-of-year sales and dieting products. At that moment the mood is totally scattered. After the first commercial you try to get into the magic of the movie again, but something is missing. The darkness doesn't come back so black, the upcoming battles don't seem to be so serious. Next commercial, and you wonder how many of them will be there before the end of the movie, and more importantly, how much more damage they will do to the movie. Next commercial, and the TV was turned off...
How can the commercial television stations ruin movies like this without getting serious problems with their conscience?
Posted on 2006-01-09 16:36:04, modified on 2006-01-09 16:37:05
Tags: Rant, Spam
A new year, a new attempt for feedback!
To see how spammy the weblogging world is these days, I've enabled comments again.
Posted on 2005-04-19 22:34:41, modified on 2006-01-09 16:29:23
Tags: Networking, Rant, Spam
I was doing some network traces yesterday, and found these in my logs. Destination host is a Cisco 2821.
After spam via email, spam via instant messaging and spam via voice-over-ip, the next big thing is.... spam via the MS-RPC protocol! Check the following network traces:
U 61.235.154.101:57710 -> 202.83.178.14:1027
..(.......................{Z........O...,....."'..m...-.....................................SECURITY....................ALERT.......................Microsoft Windows has encounted an Internal Error
Your windows registry is corrupted.
Microsoft recommends an immediate system scan.
visit
http://e-regfix.com
to repair.
.
#
U 61.152.158.123:32780 -> 202.83.178.14:1026
..(.......................{Z........O.....P.|../.E..n..,..................i.................SECURITY....................ALERT...........%.......%...SECURITY ALERT : Windows has detected 10 Spyware programs installed on your computer!
Spyware causes pop up messages , tracks your online activities and displays advertisements.
Your Anti-Virus and Firewall will not remove Spyware.
Visit: www.antieye.com for free removal information!
.
Bunch of sad-sad-sad persons....
Posted on 2004-10-25 16:39:16, modified on 2006-01-09 16:29:22
Tags: Computers, Networking, Email, Rant, SMTP
Recently we implemented so called greylisting on our mail servers. This means that all incoming SMTP sessions with the following new combinations of sending mail server IP address, sender email address and recipient email address gets temporary rejected (SMTP error code 450, meaning: try again later).
From RFC2821: 4yz: Transient Negative Completion reply
The command was not accepted, and the requested action did not occur. However, the error condition is temporary and the action may be requested again. The sender should return to the beginning of the command sequence (if any). It is difficult to assign a meaning to "transient" when two different sites (receiver- and sender-SMTP agents) must agree on the interpretation. Each reply in this category might have a different time value, but the SMTP client is encouraged to try again. A rule of thumb to determine whether a reply fits into the 4yz or the 5yz category (see below) is that replies are 4yz if they can be successful if repeated without any change in command form or in properties of the sender or receiver (that is, the command is repeated identically and the receiver does not put up a new implementation.)
This saves us about 99% of the incoming spam and viruses and is a relief for our mailboxes and the email virusscanners.
Now the bad news, there are some very brain-dead SMTP servers on the internet...
And guess what? They all run on MS Windows. Who had expected that?
Here is the list of them:
MailMax from SmartMax Software Inc.. When receiving an 450, they bounce the mail back to the sender. And this is the error message they are getting:
The 'To' address xxx@barnet.com.au was rejected by the remote server.Which mailserver was it talking to? What was the full error message? What was the error code? And why do you say it's a permanent error while it was a transient error? BRAIN DEAD!This is permanent error, and the message will not be retried any further.
And they claim on their website:
IMPORTANT: Codes that start with 4 and 5 are the ones that tell you that your message won't be sent until you find and fix the problem.You! Yes you! You should fix the problem, and not the other side, or the MailMax mail server.
Update: With their latest version *version 5.5), at least the error messages are better:
Sorry, your message from <xxx@smartmax.com> to <xxx@barnet.com.au> could not be delivered. The specific error is: 450 <xxx@barnet.com.au>: Recipient address rejected: BarNet Engineered Transit Delay -- 39 seconds This is permanent error, and the message will not be retried any further.
Still it's a 'permanent' error, but at least it's visible for the person the email was returned to that they interpreted it wrongly.
Another Update
Sorry, your message from <xxx@smartmax.com> to <xxx@barnet.com.au> could not be delivered. The specific error is: 450 <xx@barnet.com.au>: Recipient address rejected: BarNet Engineered Transit Delay -- 45 seconds 2 attempts will be made to re-send your e-mail. Each attempt will be 3 hours apart.
That's much better! Everybody upgrade to the latest version!
CapeSoft Mailer by CapeSoft. It also immediately bounces the email without retrying. BRAINDEAD!
Bigpond.com by Telstra
This is all the attempt of Telstra (Australian ISP) to handle SMTP sessions with a 450 status:
Oct 29 16:17:56 mag postfix/smtpd[10870]: NOQUEUE: reject: RCPT from gizmo06ps.bigpond.com[144.140.71.41]: 450 <xxx@barnet.com.au>: Recipient address rejected: BarNet Engineered Transit Delay -- 45 seconds; from=<xxx@bigpond.com>, to=<xxx@barnet.com.au> proto=SMTP helo=<gizmo06ps.bigpond.com>
That's all: one attempt. And the sender doesn't get an "Your email has failed" message. BRAINDEAD!
InterMail from Openwave Systems Inc..
It doesn't retry at all. (experienced with ozemail.com.au)
Posted on 2004-08-14 16:44:13, modified on 2006-01-09 16:29:21
Tags: Rant
How many IP address do I have to ban from posting comments on my weblog before these spammers have been stopped? In the last week, I have banned 47 different IP addresses from making comments. And all the links they are posting are pointing to the same website. It's a sad sad sad world.
Posted on 2004-08-07 12:42:55, modified on 2006-01-09 16:29:22
Tags: Telemarketing, Rant
A telemarketer called, wanted to know if I would be interested in answering some questions with regarding to a new TV program. Being a vivid fan of the Australian ABC and SBS, I wouldn't let this opportunity pass.
The first question was easy: Are you the main buyer of grocery in this household? I am not, but didn't want to waste this chance, so I answered with a "yes". Now came the annoying part, where he explains to me that his supervisor can listen to the telephone conversation etc etc etc. We all know this by now, this disclaimer is getting old and annoying.
And then the question which started all the confusion: Are you living on the address I'm calling? I asked him to tell me the address, but he didn't get it. I told him to tell what the address was he was calling, and I would tell him if it was the right one. Again silence. After some seconds and a polite "Thank you for your time" I heard nothing from him anymore.
Did I blow an opportunity to help the ABC and SBS? Of course not, they just broadcast the programs without doing a lot of pre-marketing-research. Not bothered by commercial interests, they show the facts as they are. And if a show doesn't get a good rating, they don't pull it halfway the series. Long live public broadcasting!
Posted on 2004-06-07 11:12:52, modified on 2006-01-09 16:29:22
Tags: Rant, Politics
Prime Minister John Howard has accused the ABC of running a "politically correct agenda" ...
Getting to hear that kind of accusation from our PM really makes me wonder in what dreamworld he's living in.
Posted on 2004-05-22 11:53:25, modified on 2006-01-09 16:29:21
Tags: Rant
Today somebody tried to convince me that the Imperial system for measuring sizes was much better "because you could easily divide distances by 3". His example was cutting a wooden plank in three equal size pieces. Read on to see where his ideas are flawed.
Dividing objects in equal parts only works if the objects are properly pre-measured. For example I can split 100 marbles into 10 groups, because 100 divided by 10 doesn't have any leftovers.
For the same reason I can split 2 wooden planks into 2 groups, each of one plank.
But then... splitting one object is more difficult. For example, cutting an apple (pretty solid material) in half leaves you with two more-or-less half-apple pieces. And some leftover apple-juice on your knife. So you actually splitted it in three pieces: two nearly-half-apple-pieces and an some-juice-piece.
Now back to the plank. You measure it up, it's one yard. Since one yard is 36 inches, dividing it into three pieces would make every piece 12 inches. Take a measure tape, mark the plank at 12 inch and at 24 inch. And start sawing, trying to stick to the marks you've set as good as possible.
At the end, you end up with: one piece a little bit smaller than 12 inch, one piece two little bits smaller than 12 inch, another piece a little bit smaller than 12 inch and some saw dust.
In the metric system, it's the same idea. You get a plank of one meter, mark it somewhere between 32.25 and 33.5 centimeters and somewhere between 66.5 and 66.75 centimeters and start sawing, also here trying to stick to the marks you've set as good as possible.
At the end, you end up with: one piece about 33.3 centimeters, one piece just not yet 33.3 centimeters, another piece about 33.3 centimeters and some saw dust.
Moral of the story: either with the Imperial or the Metric system, you don't end up with three equal pieces because a. the mark you've set is always too wide to be exactly on 1/3rd of the size and b. you're losing material due to the sawing.
In areas where you do need to be as precise as you can be, people don't use normal rulers anymore but use the more precise caliper (dutch: schuifmaat) and they don't use a plank of one meter or yard to start with but one which is just a little bit bigger so they take the loss of sawing into account.
And remember, if a plank is sawn and is just a little bit too big, you can easily shave it a little bit off with a plane (dutch: houtschaaf).
Posted on 2003-11-25 14:18:03, modified on 2006-01-09 16:29:21
Tags: Networking, Rant
There is an old joke: The great thing about standards is there are so many to choose from.. This log is not about that but more about the point that if you stick to a standard you should implement it properly.
Comindico is one of the australian providers for dialin services. If you are an ISP the workflow goes like this: An user dials in to a Comindico terminal server, that terminal server asks the Comindico radius server for authentication, that radius server asks your radius server for authentication and the yes or no goes back the whole way to the terminal server which either lets you in or disconnects you. Works fine in theory, and mostly in real life too.
Your radius server can give more information to the Comindico radius server, for example an IP address and subnet mask. An maximum session time limit and your DNS servers. It all works fine, as long as you keep in mind that you take the right attributes and dictionary.
Comindico says "Please use Ascend-Client-Primary-DNS and Ascend-Client-Secondary-DNS for this". They are defined in the Ascend dictionary (number 529) as attributes number 135 and 136.
Except in the radius server from Comindico, there they are in the default dictionary.
With the result that their broken radius doesn't understand my perfectly legal answer with all the information in it. And I have to put these attributes in my default dictionary, where they will be overwritten the moment I update my software and the whole system will come apart if the IANA ever approves attributes 135 and 136 in the default dictionary.
Moral of the story: If you use an open standard, use it the way it was intended to be and don't invite your own wrapper around it.
This whole story wouldn't have been here if I wasn't reminded about this whole drama by the move to a new ADSL provider which is nothing more or less than a reseller of the Comindico ADSL services. Once we finally had the authentication of our users working, we couldn't get the DNS servers configured correctly because they haven't figured out the story above yet. If ever.
Standard compliant radius packet:
13:30:56.513559 172.16.1.10.1812 > 192.168.1.14.4738: rad-access-accept 62 [id 68]
Attr[ Framed_ipaddr{203.111.122.2} Framed_ipnet{255.255.255.255}
Vendor_specific{........X.} Vendor_specific{........X.}
Session_timeout{168:00:00 hours} ]
0x0000 4500 005a bba3 0000 3f11 b8ae dab9 580a E..Z....?.....X.
0x0010 cb6f 090e 0714 1282 0046 0eb6 0244 003e .o.......F...D.>
0x0020 6224 b0bb d92e 341e 14dd e2c2 b0ce abde b$....4.........
0x0030 0806 cb6f 7a02 0906 ffff ffff 1a0c 0000 ...oz...........
0x0040 0211 8806 dab9 5801 1a0c 0000 0211 8706 ......X.........
0x0050 dab9 580e 1b06 0009 3a80 ..X.....:.Comindico compliant radius packet:
13:28:51.958102 172.16.1.10.1812 > 192.168.1.14.4738: rad-access-accept 50 [id 67]
Attr[ Framed_ipaddr{203.111.122.2} Framed_ipnet{255.255.255.255}#136#135
Session_timeout{168:00:00 hours} ]
0x0000 4500 004e f27a 0000 3f11 81e3 dab9 580a E..N.z..?.....X.
0x0010 cb6f 090e 0714 1282 003a a842 0243 0032 .o.......:.B.C.2
0x0020 c1a0 ac29 4931 4fbf 3440 7714 9d52 c3ea ...)I1O.4@w..R..
0x0030 0806 cb6f 7a02 0906 ffff ffff 8806 dab9 ...oz...........
0x0040 5801 8706 dab9 580e 1b06 0009 3a80 X.....X.....:.Spot the difference. And be afraid.
Posted on 2003-11-23 22:36:36, modified on 2006-01-09 16:29:21
Tags: Rant, Spam
Since the last two weeks I have been receiving email bounces with somerandomstring@mavetju.org as source address.
Posted on 2003-11-18 19:00:00, modified on 2006-01-09 16:29:21
Tags: Radio, Rant
What is news, what is entertainment?
Emmanuel Goldstein in Off The Wall on 18 November 2003: You know what this means? It doesn't matter what happens in the rest of the world for the next six months at least. It's gonna be Michael Jackson this that everywhere. Aliens landing from Mars? You can do that in the entertainment section, you have to deal with Michael Jackson in the second and third news story.
Posted on 2002-04-02 08:26:40, modified on 2006-01-09 16:29:21
Tags: Rant
After 11/09/2001, the security at airports has increased a lot. Instead of just X-raying your luggage at the moment you pass a security line (often customs and at the gates just before you enter the plane), everybody now get a full search of your bag and are swiped with a wand.
Well, the above story goes for airports outside the USA (remember where the planes took off?). Everybody I've been talking to was fully checked and wanded on Schiphol Airport (the Netherlands), Charles de Gaul (France) and Sydney Airport (Australia).
Where our hand luggage wasn't fully checked and we weren't wanded was... in the USA! At the San Francisco (SFO) and New York JFK Airport (JFK), only a handfull of people were fully checked (lots of Middle-Eastern faces in that row). For the rest, nobody cared.
To make the story even worse for the airport security: My wife (an australian citizen) and I (a dutch citizen) bought our airplane tickets "cash" (Cash as in: not per credit card, but with a direct-debit card). That was bad thing number 1. I, with my dutch passport, bought a plane ticket in Australia to go to the USA. Bad thing number 2. Enough reasons to put a big S on my tickets. I could be a terrorist...
At the check-in at the airport in Sydney, the woman told me that I had a S on my ticket and that I would get checked before going into the plane. But since everybody got wanded and checked, it wasn't anything unusual. At the check-in in SFO and JFK I asked them about the S also and they said "no, no, all the additional checks are random". It would turn out to be very random: I got checked three out of three times, because I had a S on my ticket. My wife, who didn't have an S on her ticket, didn't get checked once in the USA.
After the first inter-USA trip we decided to speed up the process a little and that at the entrance of the gate she would carry the hand-luggage. Great idea, although it gave a couple of weird faces to the guards. But then, they didn't have to worry about it, they only had to check me, not my wife. One time even, while standing in the line to be checked, I realized I had a handfull of dollar-cent coins in my pocket and that the wand probabaly wouldn't like them. So I handed them over to my wife. Yes, while standing in the line to be checked for weapons.
So yeah... outside the USA all pigs are equal. But inside the USA? (Anybody remember where to WTC-planes have taken off?)