Saturday, February 28, 2009

I Hate February


And I'm glad as Hell it's almost over.

I believe I have Seasonal Affective Disorder, a.k.a. "S.A.D." In fact, I'm pretty damned sure I've got it, although I've never been formally diagnosed (I stay away from the medical profession in general and avoid shrinks like the plague).

It takes a while to "get it". That is, to understand that you have it. You reach a certain age, let's say ten years out from High School, and you look back and you discover all your worst "life decisions" were made in February or January. Wrecked cars, lost jobs, broken relationships, chronic health issues are all clustered around those damned Winter months. Once you realize the risks, you're prepared, even if there's not a Hell of a lot you can do about it.

I've been taking St. John's Wort for the last couple of years. It seems to help. I used to take it starting in October - it takes a month to go systemic ("kick in") - and ending in May, but the zombie-like withdrawal would generally last through June, making June every bit as painful as February.

So I take it year 'round now.

And, I drag a full spectrum light to work. I shine it on my mouse hand for a couple of hours a day in the morning (twenty minutes a day on the back of the knees - I kid you not - has shown to be effective). I also try to get as much natural sunlight as possible, even though sunny days are relatively rare in February.

One of the things that helps a lot is realizing life can be a lot worse than just being down in the dumps and irritable. Compiling the Murder/Suicide Blog for the last three months has had a sobering effect. You see these news stories, with photographs of yellow police tape around snow-covered houses, and you can't help but wonder if S.A.D. didn't have an effect on those people (the economy notwithstanding).

Especially considering February has been a killer month for murder-suicides (there were three double-murder suicides in Ohio in the span of a little more than a week this month), although it has been absolutely in line with the statistics (you can expect at least two a day regardless of how happy or sad people are - it simply happens that often).

Anyway, March 1st is less than fifteen minutes away. Pinky Dink's garden is already starting to sprout, the days are getting longer, and this crappy month is over.

It gives me a warm fuzzy just thinking about it.

Sunday, February 22, 2009

DAMN NICE BOX!


Although not exactly bug-free, EXP4 went online yesterday as (sorta) planned.

It plays exceptionally well. The only problems I've noticed are at the beginning when you first log on. Play is a little choppy, but it smooths out fast and remains smooth game after game.

That was the best $139.95 (+S&H) I've spent in a long time. I"m slightly pissed Debian 5.0 ("Lenny") sucked as badly as it did, but I have a Deb 5 VM and I'm going to keep it updated to see if they ever get around to fixing that two year old Gnome vs. VNC4 problem. Since that is a fight between two third parties, they (Debian? VNC? Gnome?) may never get around to fixing it. That was a major disappointment.

As (almost) expected, kernel.org put out Yet Another Revision (2.6.28.7) on Friday. I would have let it slide but there were enough major issues to cause concern. I got that all compiled and ready to run just before putting EXP4 online. But I didn't have the time to upgrade the old server BOT House lives on. That will likely happen before next weekend.

Ban-O-Matic is broken at the moment so I've been banning our buddy MISERABLE_S.O.B. by hand whenever he changes his IP. I'd ban his entire ISP but they have a pretty large CIDR block (I'd call it a Class B+). I'm confident B-O-M's problems are trivial so I'll be taking a look at it while I'm at work tomorrow (I do some of my best work at work - don't tell my boss).

Today I've been hacking around with the old EXP III box. I upgraded it to 2.6.28.7 and I'm trying to get those awful Marvell wireless cards to run on it (no luck, although there is now a native loadable module for some Marvell NICs - ones I don't have, apparently).

I've also been hacking around with TrueCrypt, which is an awesome file & disk encryption package that was undoubtedly written by a team of paranoid schizophrenics. They have all the angles on encryption hammered down, with an emphasis on plausible deniability.

This is a program designed from the ground up for people who need to hide what they're doing.

Of course, I have a professional interest (that's my story and I'm sticking to it).

I've been spending long hours digging through my old hard drives, wiping then and encrypting them so I can throw them away without worrying about dumpster-diving tweakers stealing my personal information. Although, to be fair to the tweakers, the credit card processing industry itself is doing a great job losin my personal info in massive security breaches as it is.

Truecrypt takes about two hours to prepare a lousy 40G hard drive (at least it takes that long on he old EXP III box), so it's been quite a hassle. And I still have drives that spin but won't format and are therefore technically susceptible to advanced forensic techniques. Plus I seem to have more SCSI drives than I remember ever buying (vintage mid-90s drives in onsie, twosie, and foursie gigabyte capacities).

And - silly me - I built the EXP III box without SCSI support. Considering it takes three hours to build a kernel from scratch (a little less when you've pre-built it), that probably won't happen soon.

In the end I may just end up taking a hammer to them all, but for the ones that work this is my last chance to see if there's any long lost, forgotten data that I may still need on them.

TrueCrypt was made for Windows. It's different on Linux and there are a few ducks to put in a row before you start using it. The information is out there on the Web but I haven't seen a single respectable "HOWTO" on the subject yet. I will probably end up writing one for my own benefit since that's the only way I can remember all this crap.

If I do you'll find it here, so stay tuned.

But no promises!

Thursday, February 19, 2009

Final Touches On EXP4


Damn I'm good.

My problems with the Map code were all of my own making. I had originally used the sample API code to pull the latitude and longitude out of the GeoIP database. That turned out to be a really bad thing to do.

I used that code because you could give it a text file of IP addresses and it would spit out all the data. The tool they give you, geoiplookup, only does a single IP at a time. But I took a look at the geoiplookup code and realized I could hack it to do the same thing as the sample code.

It was slick and quick.

I hacked it to check to see if the "IP address" on the command line was actually a file. No file, assume it's an address. If it is a file, loop through the lines inside it. Maybe ten lines of code max.

Since I started doing this Chat-O-Matic crud I've always had a heck of a time keeping the code consistent between multiple machines. I either had to copy everything over or edit everything twice. I usually ended up editing everything twice because the original EXP #1 was on Slackware, which has the irritating habit of putting everything that should be in /[s]bin into /usr/local/[s]bin.

Or maybe I did that when I upgraded bash. Could be. It was two years ago. I don't really remember.

All that is fixed and the code now lives on a NFS share on the BOT House server, so all machines run the same exact code, which has been cleaned up considerably.

The ipset code is all finalized as well. I'm still using my hacked version of Debian's ancient (kernel 2.4.x "sarge") iptables init.d script. Why they dropped that script I'll never know. They give you nothing in 2.6.x kernels. I imagine they expect you to use one of firewall packages they ship with the distro (I never liked any of them).

The ipset code is running on BOT House as we speak. That's 132 lines of firewall crud (banned IP addresses) wrapped into one line. There may or may not be a noitceable performance increase, but it feels good just to get that mess cleaned up.

The last piece was the UPS (Uniterruptible Power Supply) configuration, which I simply copied from the EXP/// NetVista box and edited.

This turns out to be the major flaw in my plan. The NetVista's UPS is way underpowered for the new system. It will survive brownouts (the biggest problem around here), but I doubt if there is ten minutes of standby time.

Anyway, it's all there. I will need to do a few edits on the UT game files but that's all minor stuff. Now it's a matter of putting the box in its final resting place.

That will happen Saturday.

Be there.

Monday, February 16, 2009

Almost There


I hit something of a snag on the Map updates, but otherwise everything is working very very well. With three gigs of RAM, the box runs BITCH House, Classic3, and EXP 4 smoothly.

I have noticed a few oddities, like a stuck suit of armor with no bot inside of it and what seems like too many relics in the same area. Both anomalies were in Peak Monastery in EXP 4. I haven't seen that in either of the other servers.

The Map issue is strange. It was a cobbled-together hack in the first place and I'll be damned if I can figure out what I did with it to make it work. although I have a clearer idea now than when I started. The mistake I made was in hacking the GeoIP test routines around and not documenting anything I did. A real mess. Once I fix that and get the ipset code in place we're ready to rock.

There were a few successes in a couple of side projects: the kernel upgrade for BOT House and installing PowerDNS.

Back in January, RoadRunner decided to "enhance my user experience" by fucking around with their Domain Name Services (DNS). When a domain name can't be mapped to an IP address, a DNS server should return a "SERVFAIL" result code. That's the way it's designed.

RoadRunner decided to change that and send you to a search page (their search page) to be "helpful".

Well, I don't need that crap. I need a "SERVFAIL" response, so my only option was to ditch their DNS servers and use my own, internal caching server.

The problem was I only had one, an ancient PIII running Windows 2003. That works fine, but it's offline (patches!) there is no DNS. Plus, when the power goes out, that box is the first to go down. I needed a backup.

I have run bind before, but I never liked it much. Plus it's much more than I need. So I looked into what else was available for Debian.

First, there's MaraDNS, a very small and simple package. A little too simple for my tastes. Very limited in its abilities.

The other option was PowerDNS. It was very easy to set up in a cache-only mode. All you do is edit a few files and you're there. You don't even have to dig a root zone file, it just gets the latest every time it starts. No muss, no fuss, well-documented, and very fast.

Now I can bounce that old piece of crap Windows 2003 server with impunity without interrupting all the rest of the mission criticl crap going on around here.

Screw Lenny


Now I remember.

I installed Lenny (Debian 5.0) before it was stable. I was looking for a Linux version that didn't have problems with VNC4. They all had problems. It was a nightmare.

A lot of people gave up in favor of the VNC 3.x clones (TightVNC, UltraVNC), which are junk (they are CPU and bandwidth hogs and have a serious built-in Denial of Service vulnerability that has been around for years).

I read somewhere that Lenny didn't have the VNC4 problem, so I did some reality testing. VNC4 actually worked, but it was broken in a different way. It's hard to describe, really. The X windows decorations would pulse in size and cycle through different styles. It was totally unusable.

Now, a year after that, they still haven't fixed it, although it's not as bad. It's worse on Gnome than it is on Xfce but I don't consider it usable.

And I hate KDE so I didn't even test that. I will not use KDE.

Lenny runs fine otherwise, but EXP4 will be a headless system (no keyboard, monitor, or mouse), so a decent, stable remote session tool is absolutely required.

That settles that.

The new kernel on BOT House is running well. For some reason I lost some of my hardware sensors (I have CPU and HD temp, but the fans and mobo temp are gone) but I'm getting file transfer throughput of 11MBps instead of the usual 1-3MBps (maximum on a 100 megabits/sec - mBps - link is 12.5 megabytes/sec - MBps).

And that alone is enough to toss Lenny, since Lenny uses the same kernel version (within a few minor revs) BOT House used to run until yesterday.

Everything's back on track but it looks like EXP4 won't be online until this coming weekend.

Sunday, February 15, 2009

REALLY Bad Timing


Fucking Debian.

Last week, there was no official release date for Debian 5.0 ("Lenny"). I checked. I downloaded 4.0r6 for this project, and I've been banging on it for the last two and a half days.

Now, I find out Lenny was released yesterday, while I was chasing the latest kernel revision.

Happy Fucking Valentine's Day.

I'm going to take the same approach. I'm building it this minute as a VM to see if it has everything I need (mostly a functional VNC4 - that was broken for over a year on 4.0r>0). If it works out, 4.0r6 is history.

Back to square numero uno.

The VM build is going slow, probably because Debian's servers are getting hammered. That is likely the reason there was no announced official release date. Why set yourself up for a DDoS?

So right now the project's on hold.

As a side project I took the BOT House server up to the latest kernel. I'd been moving files between the two AMD64 boxes and noticed a tremendous performance hit when I moved the same files to BOT House. Huge. The AMDs were moving the files five times faster, hitting at 90% of my 100 megabit network. I shut off the Bitch House and Classic3 servers for about two hours while the kernel package compiled and did a quick reboot when no one was playing.

And that in itself was another episode of bad timing.

Linux decided it was time to check the disks (which is why I try to avoid EXT3 at all costs these days - I'm favoring JFS on all new installs), so that alone killed the "quick reboot" theory. Then, when it finally came back up, I got a new IP address.

I may just give it a rest for a week.

Hinky Is A Twit


Not sure why, but I decided to get a Twitter account. I will be documenting (they call it "tweeting" - how cute!) what's left over of this monster called the EXP4 Migration.

I got on Twitter before they got hacked. The plan was to integrate UT with Twitter - somehow, some way. It's very simple to use with curl and bash scripts (which is probably how they got hacked in the first place - I'm not sure where that stands now).

I have absolutely ZERO FOLLOWERS.

You could be the first!

Check it out.

Saturday, February 14, 2009

Life On The Bleeding Edge


After yesterday's Happy Horseshit with the random MAC address, I installed the updated kernel package I made last week.

And, naturally, it turns out I should have done that first because the random MAC problem suddenly vanished into thin air. I am the best waster of my own time. I'm glad I picked a three-day weekend to do this because I'm going to need it.

I built that kernel to save time, but today I meandered over to kernel.org and discovered the fucker went up a revision.

Why do I bother?

Also ipset, an add-on to iptables, went up two revisions over the last week.

Two.

At least I saw that coming, since I subscribe to the netfilter mailing list.

I had a very nice iptables+ipset configuration going back in 2007 before the Hard Drive Disaster that year, and I was hoping to resurrect it during this project.

The reason is, Ban-O-Matic adds another line to the firewall table every time someone gets banned. Over time, it makes the list unwieldy since every packet has to be checked against every line. With ipset, that all goes into a single line and only the set is updated. Makes things more efficient, if only a little faster.

The challenge back then was to code loading the sets during a reboot and I had it all hacked out, running perfectly (as perfect as things get around here) when the drive crashed. I eventually recovered it all thanks to my Magic IDE Card but I haven't done anything with it since.

And, speaking of the Magic IDE Card, I was going to give it a permanent home in the new box, but it conflicts with the built-in (single) IDE controller. That was never an issue in the NetVista box. So, that is probably where it will live the rest of its days.

And as far as that box goes (I'm on a stream-of-consciousness roll now), back when I was having ATI "issues", I played with the idea of getting an old box for my original Voodoo 3000 video card to play UT on. Now, that dream is within reach. I never had a single issue with that card on Windows 2000 and performance was always just fine on a PIII 450mHz junker.

I can dream, can't I?

Friday, February 13, 2009

Happy Horseshit


Well, you eventually discover exactly why these things go on "Price Blow-Out" sale.

Caveat Emptor and all that crap.

But this was a new one for me. Never seen anything quite like it before.

I did install the Windows 7 beta. That went really well. It looks like Vista and runs like XP, just like everyone says it does. Setup is incredibly fast on a new system. Reboot, plug in your serialz and there you have it. Very nice.

Whoop-dee-freakin-doo.

So this morning I called in sick. Because I was sick (troof!). Had an emergency dentist appointment (I've been having a lot of those lately). Now I have the rest of the day to hack around with this box.

I put Debian 4.0r6 back on it. Runs great, as usual. I do a few updates, reboot, and... why is this thing taking so long to boot up?

I check my network config. It tells me my NIC is now /dev/eth8.

ETH-fucking-EIGHT? WTF is this? This is the kind of crap that happens when you go moving your NIC around to different slots, but I haven't done that. It's a built-in NIC, for fuck's sake!

I know enough to take a look at /etc/udev/rules.d/z25_persistent-net.rules, and there they are, all NINE (0-8) incarnations of my single NIC.

And each and every one had a different MAC address.

What the motherfucking FUCK is this crap?

I wipe the file out and reboot (I've learned this from moving VMs around - they always change MAC values when you go to another host). Sure enough another new MAC address.

Then I remembered a post I read in BugTraq or somewhere about NVidia motherboards shipping with identical MAC addresses. Could this be how they fixed that problem? Flash the BIOS to change the MAC on every reboot?

Who the fuck knows? Damned Chinese junk!

I fixed it by changing eth0's line in z25_persistent-net.rules to read:

ATTRS{address}=="00:00:6c:?*"


... since the first three bytes were always correct. It's a work-around and I'm screwed if I ever put another RTL NIC in that box (all I have are RTL NICs right now), but that's not in the cards at this point.

I shouldn't have to deal with this HORSESHIT, but I bought the box so I'm going to live with it. HOWEVER, the possibility exists that the MAC address could change at any time, which would be very, very bad (screwing up ARP tables and such), so I'm going to have to keep a close eye on this thing.

Thus begins the strange tale of EXP4 Revision 2.

UPDATE: turns out it was Linux all along. Check out this crap:

forcedeth.c: Reverse Engineered nForce ethernet driver. Version 0.56.
ACPI: PCI Interrupt Link [APCH] enabled at IRQ 22
GSI 16 sharing vector 0xC9 and IRQ 16
ACPI: PCI Interrupt 0000:00:07.0[A] -> Link [APCH] -> GSI 22 (level, low) -> IRQ 201
PCI: Setting latency timer of device 0000:00:07.0 to 64
forcedeth: using HIGHDMA
0000:00:07.0: Invalid Mac address detected: cd:8a:b3:4d:e0:00
Please complain to your hardware vendor. Switching to a random MAC.


Monday, February 09, 2009

EXP4 - First Incarnation


The boxes were sitting on the front porch when I got home from work today. I unpacked everything, slapped it together, found an old hard drive and a CD ROM, and did a quick default install of Debian 4.0r6/AMD64.

It feels very nice. Every bit as smooth and responsive as the MythTV box I built last year. In fact I'm using it right now to write this blog entry.

The hardware leaves a few things to be desired. The power supply has one fan and no airflow through the bottom. The power cables are almost too short. The main just reaches the power connection on the motherboard. It's very quiet as is, but it will definitely need another fan.

The case was too big, but I used the MiniATX case I had on deck. Just had to move the power supply from the new case into it. I still may use the new case for some old hardware, but that is going to be a big screwdriver project for some other day.

There are still some configuration decisions to be made, so I probably won't have this thing running until next weekemd. During the transition I may run EXP /// on the VM I built for the proof of concept. I may also get completely distracted and throw Windows 7 on this thing just for giggles.

You never know.

MISERABLE_S.O.B.


Some people!

If you've been following along you'll recall that I was having a LOT of problems playing UT last year. They didn't go away until I bought a new vidcard last month. Since then playing has been a lot more fun.

I have a good time. I always use an alias (in fact playing with just about any variation on "hinkydink" will get you on the Shit List) and I always use a PktLag delay, since an ultra fast ping time is a dead giveaway that somebody's playing locally against the server.

I roll like that. I'm a sneaky-ass bastard.

So I'm playing yesterday and this idiot calling himself "MISERABLE_S.O.B." (who may possibly be this guy) shows up and starts blowing people away.

He didn't seem to be a cheater. The scores were close and he got whacked once or twice. I let it slide and left. I'm not a big fan of getting beat up all the time.

I came back HOURS later and there he was, still tearing the place up. Except now he had turned into a loud mouth asshole. Here are some quotes:
time for daddy to bend you over
bend the fuck over for daddy!
bend over bitchez, daddy wants some
nice black salty cum for ya
suck my cock loudmouth faggot

Lovely. I knew I'd seen that dialog before. And the IP address was out of New York City. A lot of abuse comes out of that town.

I bailed from the game and added him to the Shit List (for those of you who don't know, this takes your IP address and drops 85% of the packets coming from your system, making it nearly impossible to play the game - sort of a "super lag" - with the idea that you'll get frustrated and go bother people on some other "lame ass server").

I went back to the game and still got my ass pounded, but it was better without all that trash talk.

But he came back! About 20 minutes later he came back on a new IP, but he kept the MISERABLE_S.O.B. moniker, which is what gets you on the Shit List in the first place!

What a genius. He tried to play for about 20 minutes and then he left, blaming it all on StinkFly:
stinkfly comes and brings the ddos attack with him

lol!

Saturday, February 07, 2009

Gearing Up For EXP4

According to UPS, the hardware should get here Monday. By Monday evening, the OS (Debian 4.0r6 - unless r7 comes out between now and then) should be installed & ready for the transfer.

Meanwhile, I have installed an x86_64 4.0r6 OS on a VM in my MythTV box in preparation and am hacking my own kernel in anticipation.

Debian supplies a set of nice kernel hacking utilities that allows you to roll your own and make a "genuine" Debian package from it. This is nice because by default they don't put the stuff I (think I?) need in it, mostly netfilter garbage. I have been hacking kernels for 15 years now (my first took 18 hours to compile on an old 386DX) and this is always a chore. Getting the bugs worked out and putting it into a package takes away a lot of pain.

As it turns out, the TigerDirect "deal" was, as usual, a little on the flaky side. I can only blame myself. I got the email early in the morning and didn't read the fine print.

First, they didn't include a CPU fan. I don't know why I didn't notice. It was printed in BOLD RED TYPE, but I missed it. When I found out (after everything was on the UPS truck) I expected to run out this weekend and drop twenty or thirty bucks on a fan.

Then it dawned on me. When I built the MythTV box out of pieces/parts last year I ordered an AMD64x2 that came with a fan, but the Asus box I built the system from had its own "slim-line" fan, leaving me with an extra!

YES! A small victory!

But knowing my inventory system ("throw shit in a box, put it in the basement, and forget about it") I knew finding it was going to be a major pain in the ass. Undaunted, I grabbed a box, cleared the cobwebs away, and looked inside. There it was on top of all the other junk staring at me.

Small Victory Number 2!

The other issue was the Systemax case. It looked like a mini-tower in the ad (beware "errors in photography") and since the motherboard was a MicroATX I assumed it was a mini-tower. Turns out it's a mid-tower with ten fucking drive bays!

Definitely overkill. Luckily I have a mini-tower from a project that never happened (long story) as well as another box in a ten year old full-tower that can use the extra space and a facelift.

So, Small Victory Number 3. YES!!!

As long as the motherboard doesn't turn out to be complete junk (and trust me, the "BIOStar" brand name doesn't instill a lot of confidence) it should be ready to rock and roll by next weekend which, for me, is a THREE DAY WEEKEND!!!

I haven't had a busman's holiday in a long time. It ought to be fun!

Friday, February 06, 2009

Experimental IV

It's been two years since the original EXPERIMENTAL I server went online. That project suffered from a very poor design from the beginning (a wireless UT server - what was I thinking?) but eventually smoothed itself out and now runs quite well.

All the more reason to start fucking things up!

EXP/// runs on the same old box I & II ran on, a turn-of-the-century vintage IBM NetVista desktop, with a tired old PIII running at 850mHz and a paltry 512MB of RAM. Not a bad deal for seventy bucks back in 2007 (although some would argue it was worth fifty at the time), but it's time to set that sucker out to pasture.

A few days ago, TigerDirect SPAMMED me with an offer for a "barebones" AMD64x2 w/3G of RAM, case and power supply for $139.95. They hit me right in my (cheap Son of a Bitch) price point. This was the perfect upgrade package for EXP///, so I bought it, even though I'm sure this thing will cost eighty-nine bucks by Easter.

Although this is all "house brand" (Systemax) stuff it's almost as capable as the MythTV ASUS box I built last Winter, with an extra Gig of RAM to sweeten the deal.

And, it should be at least as capable as the box I built for BOT House back in '06.

Or was it '05? Hmmm... not sure about that.

Anyway, with that kind of juice there are going to be some major changes to the structure of DinkNet. The BOT House box runs currently three UT99 servers (BOT, Bitch, and Classic3). All but BH will be moved to the new box. "Experimental IV" may actually be renamed to the original, "House of N00Bz" (but that would be false advertising... none of the current players are newbz by any stretch of the imagination), since the experiment has been over for quite some time.

This is all preliminary. I'll surely change my mind a few times before the configuration is final. The hardware gets here next week. It will likely take a week's worth of hacking around to get everything "just right" and you may see EXP3 move around during that time.

In the meantime, have fun killing people!