This is PLBURLF03

No, seriously.

It is.

http://mytarget.com:8080/

Really.

Keep searching.

Micro Center Monkey Business?

I've been going to Micro Center for a long time.  More years than you can imagine.  I've had some interesting experiences and been treated in some odd ways.

For instance, several years ago I went into the local retail MC looking for a video card or something.  I was in Full Beard Mode and it was summer so I was wearing sunglasses, shorts, a tee shirt, and my classic pork pie hemp hat.  Everywhere I went I was tailed by an MC associate.  When I looked in their direction, they looked away, but they followed me as I made my way around looking for whatever it was I was looking for.

Not one of them asked if they could help.  Not one of them said "Hello."

I couldn't find what I was looking for and left.  A few minutes out the door, I realized they weren't just being rude.  They thought I was a potential shoplifter, not a customer with cold, hard cash.

Well, fuck that.  That location closed a year or so later.

So anyway Time Marches On...  MC's only retail store is now across town.  iPads are hot.  I check their Web site to see if they have them in stock.  They did, so I chose the "order online, pick up in store" trick.  To do that I had to register with email address, et cetera.  You know the drill.

A couple years after that, I go to pull the same trick.  Their Web site has no record of my account.  The email address draws a blank.  OK, fine.  I'll just go to the store.  When I get there and buy what I wanted, they had me check my information at the register and  there was the email address I had given them for the iPad.

This kind of pissed me off, so when I went back Monday for the Presidents Day sale and they asked me if the information was correct I said no, the email address is wrong.  The guy pulls up the register menu and asks me for the correct address.

I tell him I don't have an email address.  He clears it out.  I went home with my merch: a wireless security cam, an off-brand 802.11N USB NIC (which turned out to have a RaLink chipset!), and a motherboard battery.

Within 24 hours, I get SPAM on the address I told them to delete.

The subject field of the email was "Wireless Security Cameras".  What a coincidence!  I just bought one! 

The body of the email was junk html and my name repeated over and over and interspersed with the following keywords:

airstrip
ajourise
amnesias
amygdalothripsis
andamentos
Andronicus
anthophyllite
antiegotism
antozonite
apologues
augite
Auroora
bacciform
belue
besets
brownroofed
BSPT
Burghley
cantatrici
catalogistic
chemise
Colin
collars
commissural
connectives
counteracquittance
Crassus
cratchins
crookesite
croyden
Culicinae
dichromasia
diester
disguised
emboldens
emotiometabolic
endoscopies
enriching
equimomental
fallacies
fatallooking
Felicle
fifes
firebolt
fossilizable
fourring
frizzily
geoisotherm
gib
glossologist
Gobian
Goering
goitrogen
goober
Greekdom
guilloche
gymnastic
halisteresis
hinddeck
histozyme
hygienist
intermountain
intersessions
intervocal
irrepair
iwis
Kerekes
kirmew
laertes
lakin
Lderitz
Lehigh
Letreece
lighterage
Loise
lookdowns
magnanime
makutas
marrock
medially
medicolegal
Metz
MOA
monochromic
Mordecai
Muzo
nebulosus
Neopythagorean
Nephila
nicotianin
nipas
nipcheese
nonavoidableness
nonlevulose
nonprobably
nonsufferable
norlandism
oenanthylate
olivebranch
organosiloxane
Osnabr
ossianic
ossifluence
outserving
oxalated
pacay
Pasch
pearceite
Periclymenus
perusable
Petalodontidae
philothaumaturgic
phytolacca
placet
Podostemon
porno
portmote
practically
presifts
pyrologist
queasiest
query
Rappite
reegg
refreeze
refuelling
regrafts
retainability
rigidifies
sanguicolous
saprophytic
schneider
semicomatose
Setifera
Smolan
Sokul
soleil
springheaded
stancher
stirrupless
stoichiometrically
subplat
sunspecs
superlaboriousness
synchroflash
thalassometer
trapezoidal
trumpery
tumblershaped
twelvefruited
twiceright
umist
unautoritied
undeclamatory
underfolded
undramatizable
unduncelike
unfumbling
uniformisation
unlegislated
unshrill
ur
vaginiferous
vicetreasurer
Vinson
wahabi
waitressless
warrenlike
waterproof
weariness
wellanointed
wholefooted
Yazdegerdian

Of course, this stuff was not visible.  Classic SPAM filter avoidance technique, which begs the question, "WHAT THE MOTHERFUCKING FUCK, MICRO CENTER?????"

MC sat on that email address for three or four years.  They never sent anything.

If you get the chance, I encourage you to do the same thing and let me know what happens.

BOT House|RELOADED - Part I

At long last, BOT House is finally reincarnated.  And on a much perkier Intel box with a newer, 64-bit version of Debian.  The new, official name is BOT House|RELOADED or BH|R for short.

So much hardware has crashed and burned this year it's hard to keep teack of it all.  First, it was the proxy project box.  It died of—what else—hard drive failure.  It was a strange setup in the first place: a (hardware) "RAID Nuthin" array spread across an IDE and a SATA drive.

And to complete the nightmare... on LVM.

But there were backups.  I re-installed everything on an external USB/IDE drive temporarily just to keep things running.  Later I bought a pair of 3.5T SATA drives & a new RAID card.  I mirrored the drives and plan to use it as the main backup for all this crap I shit out.

But before I finally got around to taking it off the USB, UPS's started to shit themselves.  Power failures have been brutal this year.  It used to be all I had to worry about were a few minor brown-outs during the beginning of "air conditioner season", but this year multi-day blackouts were far too common for my comfort level.  Two UPS's died.  I replaced the batteries in one and upgraded another from 350VA to 1000VA.

A few weeks after the derecho hit and knocked us out for four fucking days (two off, one on, two more off) it was getting a little windy outside, so I decided to check the Weather Channel for a forecast.  I turned on the TV, tuned in, and no sooner than they said "... high winds approaching our area..." the entire house went dark and stayed that way for another forty-eight hours.

A couple of weeks later, there I was, minding my own business and limping away on the USB drive in the proxy project box when one day, after mowing the lawn, I sat down and searched for images of Mossberg shotguns (for this story) on Google.

And... nothing happened.

Then I hear this "click click" sound coming from BOT House.  I switch to the console.  The last thing I saw was a message that said "Replace UPS battery" before I tried to reboot it.

It didn't reboot.  It just went click click click...

I spent the rest of that afternoon recreating the router & firewall on a bootable USB version of the Backtrack5 LiveCD and ran that for a couple of months before buying all the new hardware—computers, UPS's, hard drives—for everything and re-engineering the whole DinkNet NOC from the bottom up.

The things I do for you kids!

McAfee Relay Server 5.2.3 (Port 6515)

Earlier today I noticed I was getting a lot of TCP port 6515 proxies on The List.

Curious, I checked one and it gave me a VIA header of

1.1 Fran-PC (McAfee Relay Server 5.2.3)

Then I took a peek at the database.  Nearly 1900 of these things since December 1st, 2011.  Although the name of the PC above is a dead giveaway that this is some sort of consumer product ("[name-of-owner]-PC" is the default Windows machine name created during setup), a quick check of the DNS names of these boxes confirms they are all on residential IP addresses.

So what is "McAfee Relay Server"?  I'm guessing it's one of those snarky products they stick you with whenever you buy a new PC.  This makes sense, since December is a big month for new PCs.

But why install it as an open proxy?  

If it's a "security product" I hope it's a honeypot.

UPDATE: BIG LIST OF MCAFEE VIA HEADERS

This is what I have been able to salvage from the proxy run logs that I still have.  All of December is basically lost, unfortunately.

1.1 62G3CP1 (McAfee Relay Server 5.2.1)
1.1 acer-86e9bf2e61 (McAfee Relay Server 5.2.3)
1.1 Alan (McAfee Relay Server 5.2.3)
1.1 BERCOBACKUP (McAfee Relay Server 5.2.1)
1.1 bill-2eb924946b (McAfee Relay Server 5.2.3)
1.1 billkayredsa-PC (McAfee Relay Server 5.2.3)
1.1 blackkbarbie-PC (McAfee Relay Server 5.2.1)
1.1 bobot (McAfee Relay Server 5.2.3)
1.1 Breaker (McAfee Relay Server 5.2.3)
1.1 Brian-PC (McAfee Relay Server 5.2.0)
1.1 Buzz-PC (McAfee Relay Server 5.2.3)
1.1 CJ-PC (McAfee Relay Server 5.2.3)
1.1 ConwayVault (McAfee Relay Server 5.2.0)
1.1 Custom-PC (McAfee Relay Server 5.2.3)
1.1 D3Y34L91 (McAfee Relay Server 5.2.3)
1.1 D3ZQQW81 (McAfee Relay Server 5.2.3)
1.1 Daddy-PC (McAfee Relay Server 5.2.3)
1.1 Dan-PC (McAfee Relay Server 5.2.3)
1.1 Darla-PC (McAfee Relay Server 5.2.3)
1.1 david-PC (McAfee Relay Server 5.2.0)
1.1 DDS7CS81 (McAfee Relay Server 5.2.3)
1.1 Debby-PC (McAfee Relay Server 5.2.3)
1.1 dell (McAfee Relay Server 5.2.3)
1.1 denise-4f98da88 (McAfee Relay Server 5.2.3)
1.1 DG690771 (McAfee Relay Server 5.2.3)
1.1 DHWATSON (McAfee Relay Server 5.2.3)
1.1 dianadozard-PC (McAfee Relay Server 5.2.1)
1.1 DillonComput-PC (McAfee Relay Server 5.2.3)
1.1 donald-gpmxmpyb (McAfee Relay Server 5.2.3)
1.1 DSVR002557 (McAfee Relay Server 5.2.1)
1.1 DSVR006181 (McAfee Relay Server 5.2.3)
1.1 DSVR008084 (McAfee Relay Server 5.2.3)
1.1 eisberg (McAfee Relay Server 5.2.3)
1.1 eleni-PC (McAfee Relay Server 5.2.3)
1.1 emachine-98e05c (McAfee Relay Server 5.2.3)
1.1 Emachine (McAfee Relay Server 5.2.3)
1.1 FINISHIN-P6868U (McAfee Relay Server 5.2.3)
1.1 Fran-PC (McAfee Relay Server 5.2.3)
1.1 FTP-Server (McAfee Relay Server 5.2.3)
1.1 funk-sbs-2003 (McAfee Relay Server 5.2.3)
1.1 gary-393c91b143 (McAfee Relay Server 5.2.3)
1.1 general (McAfee Relay Server 5.2.3)
1.1 h1951093 (McAfee Relay Server 5.2.3)
1.1 hill-PC (McAfee Relay Server 5.2.3)
1.1 home (McAfee Relay Server 5.2.3)
1.1 Home-PC (McAfee Relay Server 5.2.3)
1.1 ILEXSA001 (McAfee Relay Server 5.2.3)
1.1 IQ-K12-Desktop (McAfee Relay Server 5.2.2)
1.1 IQ-K12-Desktop (McAfee Relay Server 5.2.3)
1.1 IQ-K12-Laptop (McAfee Relay Server 5.2.3)
1.1 Irvines-PC (McAfee Relay Server 5.2.3)
1.1 JackRogers-PC (McAfee Relay Server 5.2.3)
1.1 Jennifer-PC (McAfee Relay Server 5.2.3)
1.1 jennings-PC (McAfee Relay Server 5.2.3)
1.1 JERRY-PC (McAfee Relay Server 5.2.3)
1.1 Joanne (McAfee Relay Server 5.2.3)
1.1 Jody-PC (McAfee Relay Server 5.2.3)
1.1 JohnandCathy-PC (McAfee Relay Server 5.2.1)
1.1 john-HP (McAfee Relay Server 5.2.3)
1.1 JR-PC (McAfee Relay Server 5.2.3)
1.1 JTSICOE (McAfee Relay Server 5.2.3)
1.1 jupiter (McAfee Relay Server 5.2.3)
1.1 Kaminski-PC (McAfee Relay Server 5.2.1)
1.1 kedwards-PC (McAfee Relay Server 5.2.3)
1.1 keebaby5-PC (McAfee Relay Server 5.2.3)
1.1 Kit-PC (McAfee Relay Server 5.2.3)
1.1 LANG (McAfee Relay Server 5.2.3)
1.1 LarCar1969-PC (McAfee Relay Server 5.2.3)
1.1 manuel (McAfee Relay Server 5.2.3)
1.1 Mary-PC (McAfee Relay Server 5.2.3)
1.1 mdshor-PC (McAfee Relay Server 5.2.1)
1.1 millers-PC (McAfee Relay Server 5.2.1)
1.1 nanakatewest-PC (McAfee Relay Server 5.2.3)
1.1 nault-pc (McAfee Relay Server 5.2.3)
1.1 nichowa1-PC (McAfee Relay Server 5.2.3)
1.1 office (McAfee Relay Server 5.2.3)
1.1 owner-8477f6334 (McAfee Relay Server 5.2.3)
1.1 owner (McAfee Relay Server 5.2.3)
1.1 owner-PC (McAfee Relay Server 5.2.3)
1.1 Owner-PC (McAfee Relay Server 5.2.3)
1.1 pathenri-PC (McAfee Relay Server 5.2.3)
1.1 PCGARANT04 (McAfee Relay Server 5.2.2)
1.1 PRINCIPAL (McAfee Relay Server 5.2.3)
1.1 PServer (McAfee Relay Server 5.2.3)
1.1 PTBrunnock-PC (McAfee Relay Server 5.2.3)
1.1 Ratuld (McAfee Relay Server 5.2.3)
1.1 ricky-PC (McAfee Relay Server 5.2.3)
1.1 sarahcasey- (McAfee Relay Server 5.2.3)
1.1 server01 (McAfee Relay Server 5.2.3)
1.1 server_02 (McAfee Relay Server 5.2.3)
1.1 server152 (McAfee Relay Server 5.2.3)
1.1 Sharon-PC (McAfee Relay Server 5.2.3)
1.1 Shop-HP (McAfee Relay Server 5.2.3)
1.1 shulapc (McAfee Relay Server 5.2.3)
1.1 snowwhimpy-PC (McAfee Relay Server 5.2.3)
1.1 SRV-CAPYLR (McAfee Relay Server 5.2.3)
1.1 stanknight2-PC (McAfee Relay Server 5.2.3)
1.1 Sue (McAfee Relay Server 5.2.3)
1.1 Terry-PC (McAfee Relay Server 5.2.3)
1.1 Tommy-PC (McAfee Relay Server 5.2.3)
1.1 UBSPAULISTANO (McAfee Relay Server 5.2.1)
1.1 u-Net-NAS1 (McAfee Relay Server 5.2.1)
1.1 user-9y1zyxu5xh (McAfee Relay Server 5.2.3)
1.1 user (McAfee Relay Server 5.2.3)
1.1 User-PC (McAfee Relay Server 5.2.3)
1.1 virtualserver (McAfee Relay Server 5.2.3)
1.1 your-4dacd0ea75 (McAfee Relay Server 5.2.1)

There are some obvious corporate type names, but the -PC names are definitely consumer grade.  Again, the majority of all IPs reverse map back to residential address ranges.

PoTTY v.0.62 Testing Begins!

Last week, Simon Tatham announced the release of PuTTY v.0.62 which included a security fix that seemed serious enough to fire up the old compiler and shit out a new version of PoTTY.

I got to work on it last night and have the working binaries ready to rock and roll as soon as I can get them all tested.

This has gone much faster than the last time. I started hacking away at 1AM this morning and had a working PoTTY binary by 3AM. After a few hours of Sleepy Time I banged away at it and had the entire PoTTY "suite" done by noon.

Sometimes I amaze myself.

Not this time, though. I had a little help from our friends at AT&T. You see, we still have a land line here at Hinky House. For about a month the line started to degrade and it finally got so bad we had to call them out to the house to check the line.

Apparently the line had rotted out, so they replaced it. For a few days the new line laid on top of the lawn. Then on Thursday some time after 9AM they buried the line.

Cutting our CATV cable—and our Internet access—in the process.

So basically I had no distractions. I thought it would take a lot longer to "get 'er done" than it did, so in the process I decided to move the code over to VC++ 2010 Express, which I really haven't touched since I installed it. I thought that would add a half a day to the project but I was pleasantly surprised the transition went as smooth as it did.

Versions 0.60 and 0.61 were VC++ 2005 and 2008, respectively. 0.60 took forever to write. 0.61 took a whole weekend. I thought the cable would be fixed before I was finished, but it wasn't.

It still hasn't been fixed. And I have a funny feeling they're going to come here and say "we'll be back Monday" if they get here at all today.

Right now, I'm jacking in to the Web courtesy of one of my neighbors. The less said about that, the better, but in the process I learned an interesting lesson about using iwconfig (on BT5) to connect to open access points.

I couldn't stay connected for more than a dozen pings at a time. Then I noticed that whenever the link died the connection rate had been negotiated up to 30-54Mbps, which is not going to happen over your garden variety 802.11b link. You have to limit it yourself, since the default is "auto".

Check the man page. You'll figure it out.

UPDATE:

12/17/2011 — They fixed it. Now we have a coax cable running across the lawn. Maybe they'll cut AT&T's line when they bury it. This could go on forever!

UPDATE:

12/18/2011 — I missed a lot of cosmetic touches, mostly replacing almost every instance of "PuTTY" with "PoTTY". Then I checked to see what version OpenSSL was up to. Sure enough it had gone up a click since PoTTY 0.61 to version 1.0.0e. Building OpenSSL on a quad core machine is a lot more fun than on the old box 0.61 was built on.

After all that, I have what I believe to be the final build.

I checked to see if the old RDP back-tunneling issue had been fixed, but no luck there. Same old Black Screen of Death.

Another issue that might be Windows' problem concerns IPv6. I have had several PoTTY sessions connected over IPv6 that lasted for days and then all of them crash all at once. I have never seen this with IPv4. I'd like to get a Wireshark capture of this happening, but like I said it takes days of waiting.

BT5 on a Stick

A STICK!!!!

I've been running BT5[r1] as a "disposable OS" almost every day on a laptop for months now, booting up from a CD. Great stuff. Boot up, do your dirty work, shut down, and all the evidence is gone.

A few weeks back I installed the BT5 ISO to a USB stick with UNetbootin and tossed the CD forever. Excellent perfomance. Now it boots up fast and quiet. But there's one tiny issue: it still thinks it's a CD so I have to run my apt-get script every time to get the utilities I can't live without. I thought I could get the same performance by installing the OS itself onto stick, so I bought a cheap 16G thumb drive and tried it out.

Boy was I wrong!

I installed using the defaults and booted the stick up. It was dog shit slow—slower than using a CD at times—but it was still usable. Disappointing, but usable.

After a few days of this I did some research to see what I did wrong. And I found that it's not a good idea to install onto USB using the ext4 filesystem (the default). Either ext2 or UVFAT (formerly known as UMSDOS) is recommended, and UVFAT doesn't work on 2.6 kernels.

I reinstalled to ext2 and booted the stick up. It didn't boot because it switched from sdc during installation to sdb at boot time. Editing grub.cfg took care of that, but after rebooting it was still dog shit slow. Not sure why that wasn't a problem with ext4.

So I decided to simplify things. Instead of messing around with multiple partitions I made one big one and used a swap file instead of a swap partition. This offered a mild improvement but it's still a dog.

There must be a better way.

Oh and by the way... if you've ever installed BT5 to anything, you will find that the last 1% of "almost finished copying files" does indeed take for-fucking-ever. With the ext4 install, it took twenty minutes. With the ext2 install, it took from one hour to "screw it I'll check it in the morning". So be patient. And don't use a CD. Install it from USB.

The Amazing, Disappearing SSID, Part II

The replacement access point arrived yesterday. I set it up identically to the old AP. I rewrote my kidscript to work with the new AP's Web interface, rebooting it when iwlist can't find the SSID anymore.

It's been up for slightly more than 24 hours now.

In that time, the SSID has dropped seven times. We can now conclude that either a) there was nothing wrong with the original AP, or b) that both APs suffer from the same, mysterious denial of service (DoS) vulnerability.

Whatever that may be.

But it got me to thinking about the timing of this thing, which started some time in August. Then it finally dawned on me...

The HP Printer Driver From HELL!

You might recall, when trying to install this Pile Of Crap over the WiFi network, the driver setup program would say "Testing network connectivity..." and then kill the wireless connection every time.

I had the driver installed in two places: my laptop, and the XP desktop I recently retired. I never installed it on my new Windows 7 box, and I only use the laptop occasionally. Now, the driver is no longer on either side of the AP, but of course the printer still exists on the wireless side.

And up until about 6PM this evening it was on 24x7 during this entire fiasco. Not anymore.

I believe—but can't prove—the printer may run it's own code to "test network connectivity" in the same way the driver setup did. Why? I can only speculate, but HP does want to entice you to buy consumables—ink and paper—directly from them. Either the driver polls the printer or the printer notifies the driver or both. I'm inclined to believe "both". Ink alone is a cash cow and HP wouldn't want to miss the chance to make a sale, popping up a dialog box when you're trying to play UT (this has in fact happened to me at least once on the old XP box).

That would explain everything nicely.

And further confirm my personal opinion that "HP" stands for "Horse Poop".

SSID: "XDA-Wifi-Sharing"

So my analysis of my Wacky WiFi access point continues while I wait for the new one to arrive. I watched it drop about three times so far today, with the same results on the airodump-ng screen: my AP disappears and a dozen other SSIDs disappear as well. It comes back up and so do the missing APs. All the novelty is gone. It just happens now. It's almost predictable, but not quite.

But a new AP showed up out of the blue, with the SSID "XDA-Wifi-Sharing". Google took all the mystery out of that. It's some kind of WiFi router for your smart phone that sets up an Ad Hoc connection you can attach other devices to. Nice trick. I've done it myself, but don't see the point for dedicated software, although it does make a lot of sense as a phone app.

OK, fine. But according to airodump's analysis of the power this thing was putting out, it was in my freakin' house!

Then, as quick as it appeared, it disappeared. Then, my AP dropped out of site, too. Of course, my kidscript kicked in and brought it back, but still...

Coincidence? Maybe. This just keeps getting weirder.

GoDaddy DNS Issues Finally Explained?

It's all water under the bridge now, but I just ran across this link in the outages mailing list.

Most of my original complaints about GoDaddy DNS were on the old ProxyObsession blog, so you may have missed it. What it came down to was I couldn't resolve my own domain name from home, but I could resolve it from anywhere else. GoDaddy finally fixed it but then that whole DMCA nastiness hit the fan and I was outtathere for good. Never looked back.

So... check it out...

What seems more likely is that the new owners of GoDaddy are trying to improve on the "Premium DNS" service, which appears to have been a failure. The Premium DNS service started around January, 2011. However, it appears not to be meeting their sales goals (99% of domains using GoDaddy DNS hosting are still using the free service)... We now know that GoDaddy is willing to block DNS queries. Will it continue, or will others follow? What will happen to the Internet if all DNS hosting companies follow the same path? Only time will tell.

That explains a lot.

The Amazing, Disappearing SSID

Lately, after running dependably for several years, my wireless access point has started to disappear from the airwaves.

Firmware upgrade? Got it, no luck. I went from rev 1.0 (2006) to rev 2.12 (2009) with the same issue.

Here's an odd side effect: while troubleshooting this problem, I've been running airodump-ng on a wired PC. Normally I can "see" ~16 access points. When my access point dies, it takes about a dozen with it. When I bounce it, they all come back.

WTF is up with that? It's probably no big mystery. I'm assuming that the radio pulse from my access point coming back online somehow boosts the sensitivity of the NIC running airodump, but it's a strange process to watch.

I have responded to this by writing a kidscript that runs iwlist on another PC. If it finds that the SSID is not being broadcasted, it runs a quickie curl one-liner that presses the "Apply" button on the "Advanced Settings" page of the access point's Web config, which acts like a soft reboot. The process repeats every ten minutes with a cron job.

This is entirely unacceptable! In the past I've had laptops connected wirelessly for days without interruption. On version 1.0 of the firmware!

Since it's seen Better Days, I have to assume it may just be going bad, although in my testing I have made it fail reliably at definite intervals (long story). With that in mind, I've ordered a replacement. If that one works, great.

If not, then there must be a mystery somewhere.

I hate mysteries.

PowerDNS 3.0

PowerDNS 3.0 came out in May of this year and I've been fucking around with it ever since, in between other things like the PoTTY upgrade, those crazy Chinese proxies, and replacing hardware on DinkNet.

I started running pdns in February of 2009 after my jerkwater ISP started "improving my online experience" by hijacking DNS requests. Two years later I got on IPv6 through Hurricane Electric, but pdns 2.x couldn't handle it—or DNSSEC for that matter—so an upgrade was inevitable.

Unfortunately, building pdns and pdns-recursor from scratch is an incredible pain in the ass. Sure, there are packaged binaries available, but I'm dealing with an older platform (Debian 4) that can't meet the prereqs.

One of those prereqs is Boost version 1.35 or greater. Boost is a collection of fast-as-fuck C++ libraries. Or so they say. The PowerDNS people are Boost believers. Building it isn't too bad, but you have to forget everything you know about building from source.

But wait... according to the pdns-recursor docs...

You only need to download it, there is no need to compile.

This is absolutely, 100% TRUE. Well... 99% true. After you download it, you need to extract it (details!). After that all you need is a CXXFLAGS variable pointing to the source.

Quick and easy. For the recursor. Not so for the pdns authoritative server. You'll need to compile and install the libraries. Sucks to be you.

Once you realize and accept that Boost isn't "normal", compiling and installing it is easy. You run "./bootstrap.sh" and then "./b2 install" (or "./bjam install", depending on the version).

Aside from being Boost evangelists, the PowerDNS people also adore Lua. There's a lot of that going around lately. You'll need version 5.1 and the development libraries. Lucky for me, 5.1 was current way back when Debian 4 came out, so I only had to install the packages.

After that, building pdns is relatively simple. For me, pdns has a lot more functionality than I actually want. And what I want is a caching-only slave server. I don't have any domains to be authoritative for. Everything on the inside is in the .local multicastdns domain, which is served up by Bonjour and avahi.

PowerDNS supports a number of database backends for holding authoritative data. Or, you can just use bind-like data files (pdns was originally designed as a drop-in replacement for bind).

So when you run ./configure, use --with-modules="" not --with-modules="bind", because it won't know what the fuck you're talking about.

After finally getting pdns to compile—I already had the v3 recursor installed—I decided to do some testing. This turned out to be difficult with version 2 running at the same time. At this point I realized I probably needed two DNS servers anyway, so I took my "lessons learned" and built another pdns server and recursor on Experimental V. Plus Boost. Plus Lua.

Testing was silly. One of the variables in the config file—which can only be named "pdns.conf" no matter how badly you want to change it—is called "config-dir" and it specifies the path to pdns.conf.

Think about that for two seconds and you'll realize the profound silliness of putting the path to the config file inside the config file itself. What is the point? How does it use a path in a file it can't find?

Here's a clue... check the manual page! DAMN! It's dated December 2002!

It's shit like this...

Once you get around obvious crap like that (use the --config-dir command line option) testing should go fine, and it did. After pdns was running on EXP V, I took my second round of lessons learned back to BOT House, where pdns 2.9 was running, and finally upgraded it to 3.0.

The final touch on the upgrade was to take Hurricane Electric's IPv6 DNS sever out of radvd.conf and put my own in.

When both servers were up and running, I had a sublime issue with DNSSEC. One server could retrieve dnssec records, but the other couldn't. After staring at both configs for an hour it came down to a setting in the recursor config called "query-local-address", which is the IPv4 address the recursor uses for sending recursive queries out to the Internet. It was set to "0.0.0.0" by default. After changing that to the server's "real" (RFC1918) IPv4 address, there were no more issues with DNSSEC.

One minor issue remains: I can't get pdns to listen on the link local fe80::/10 address of either server. I works fine on the yes-I-know-it's-deprecated site local fec0::/10 addresses, as it does on the global IPv6 addresses (yes, since they only service the inside network they're firewalled).

In the end, it was way too much work.

PoTTY version 0.61

heh... "clean potty"

That always cracks me up.

The first time at least. After a few hours, not so much.

So anyway Simon Tatham released version 0.61 of PuTTY a few months ago and I knew that sooner or later I'd have to dig up the PoTTY code, do some cutting and pasting, and pull a new version out of my ass. I really wasn't looking forward to it, since as far as I know nobody uses it. In fact when I moved the PoTTY page from GoDaddy to CheapBastard it was so broken no one could even download the damned thing.

I happened to mention PoTTY on reddit, exposing my ineptitude globally, and after I fixed the page some guy downloaded it... and liked it. And then he immediately found a bug in it. It didn't restore the ObfuscatedKeyword—which I had in error called the "ObfuscatedPassword"—when it loaded a previously saved profile.

I downloaded the PoTTY 0.60 code, checked it out, and quickly found that problem. I mulled over releasing a 0.60a or a 0.60.01 version for a few minutes, but I thought if I was going to go through that kind of hassle (new MD5 sums, rewriting the page, etc) I might as well download the 0.61 code from Simon just to see what I was up against.

I liked the changelog, especially these bullets:

• Bug fix: corruption of port forwarding is fixed (we think).
• Bug fix: various crashes and hangs when exiting on failure,
• Bug fix: Windows clipboard is now read asynchronously, in case of deadlock

I am very familiar with the first and last bullets, so this sealed the deal. That stupid clipboard trick has nailed my ass to the wall numerous times in the past.

Hours later, after cutting and pasting the old code to the new code (that's how I roll), I managed to get a clean compile—linking was the hardest part—and got it to run.

But there is much more to be done before it's released. For one thing, I need to update the OpenSSL libraries.

Most importantly, I need to fix that damned DLL injection problem. The good news is Simon fixed it in PuTTY 0.61, but it's still broken in PoTTY 0.61 (I just now tested both with Luigi's proxocket 0.1.6a DLLs and somehow Simon nailed it). I looked into that last Fall but never found a solution. If you have a clue I could use one.

Then there's little shit, like fixing the ProxyObsession link in the "About" dialog box.

And then it all has to be tested.

So don't hold your breath.

UPDATE 08/20/2011 9:00PM

Bet you didn't know private key authentication was broken, too. PoTTY used to bomb out ungracefully whenever you used a *.ppk file for authentication. Not anymore... but I have no clue how I fixed it. Well, I do have a small clue. It stopped crashing after I included pageant in the build.

This also mysteriously cured the DLL injection issue.

On to OpenSSL...

UPDATE 08/21/2011 7:30AM

The fix to the DLL injection issue was here (click for full size)...


... in winmisc.c, which is not in PuTTY's project files. It is in pageant's project. Another mystery solved.

This function doesn't exist at all in PuTTY 0.60, and dll injection isn't mentioned as being fixed in the 0.61 changelog.

I also upgraded my OpenSSL static libraries to OpenSSL 1.0.0d, which means 1.0.0e should be out any day now. I doubt if that was absolutely necessary, since PoTTY uses a very small chunk of functions in libssl, but I like to stay current.

Skipped a beat... or two

Make that three.

I woke up this morning at about 6:15AM—which is late for me, but it's a weekend—and checked the proxy list to find there had been no updates since 4AM.

I did a hard Ctrl-F5 and came up with a "Host not found".

This is not the first time this has happened, and I've been waiting for it to happen again.

The first thing I did was do an nslookup on www.mrhinkydink.com.

SERVFAIL

So I tried www.Mrhinkydink.com (with a capitol "M")...

SUCCESS

Not this shit again.

I really didn't want to deal with it so I grudgingly added the addresses back into good old faithful /etc/hosts. WTF, it worked last time.

The 7AM and 8AM updates ran fine. Then, working on something else entirely, I borked the box—sucked up all the RAM & CPU cycles—during the 9AM run. By 10AM the list was back on schedule. Now, it's 11AM and it's back to normal, which is entirely different from "on schedule".

While messing around with all that crap, I popped in to the hosting provider to poke around. While there, I grabbed my stats, below. The bar graph is slightly truncated on the right.


These stats only go back to May, when I moved the list off GoDaddy. The Cameroonians lost their top spot to the USA, unless you consider "Hits" more important than "Pages". Then they're Numero Uno again. But Germany beats them all in bandwidth.

This is completely different from the Extreme-DM stats page, which only counts "unique visitors".

Russia didn't even make it to the top ten. No love for хинки? Probably not, considering I scraped all their proxies.

Insecure Storage Of Liquid Confections

Recently it was disclosed that a giant, well-known, multinational confection supplier was hacked. Their proprietary recipes were altered—for reasons unknown—by malicious actors.

Seasoned security professionals can only shake their heads and sigh. To them the security flaws of this company are legendary, although in the past the company has managed to escape publicity and accountability for their haphazard security practices.

The most notorious incident happened over fifty years ago to a Mr. Y. Y. Mann (not his real name). In those days it was common practice in the industry to store liquid confectionery ingredients in large, unguarded, 30 foot deep vats in publicly accessible areas, protected only by a cheap metal railing.

Mr. Mann—who was walking down the street minding his own business—happened upon one of these vats in his neighborhood. A skilled and talented acrobat, he balanced himself on the railing as he had done many times before.

Little did he know that someone had greased the railing earlier that day. Due to a documented history of filial rivalry, police immediately suspected a conspiracy between his brother and his mother, but nothing was ever proven beyond a shadow of a doubt and to this day the miscreant has yet to be identified.

Inevitably, Mr. Mann slipped and fell into the vat, but his quick thinking enabled him to summon help and he was extricated from his predicament.

However, the incident left him horribly scarred for life (WARNING: graphic image). The company attempted to settle out of court but Mann, shaken by the incident, refused. Thereafter the company staged an effective public relations campaign to keep the story out of the public eye.

Angered by this, Mann became a tireless protester during the tumultuous 1960s, fighting for new public safety laws to prevent this kind of atrocity from ever happening again and documenting his ordeal in popular folk music of the day.

His struggle ended with the passage of the Secure Confectionery Storage Act of 1967, which effectively outlawed the practice of storing dangerous ingredients in public areas. Despite these reforms accidents of this nature continue to this day, although less frequently.

Windows Horrors: HP Photoshit Software

I don't see how your average Windows user survives day-to-day life.  The malware is bad enough, with millions of infected PCs across the globe, but it gets worse when so-called "trusted" hardware manufacturers pass out buggy software with their devices.

Of course, I'm talking about HP.  I swore off HP printer hardware for many years because of their crappy software and their snooty corporate policies.

As an example of their corporate snobbery, back in the pre-Internet, Windows 3.1 days I had a DeskJet 500 printer, a very popular model at the time, widely described in the PC press as a "workhorse".  Their driver was damned near perfect.  I especially liked it for printing envelopes, which it spit out flawlessly.  Then along came 1995.  Shortly before the arrival of Windows 95, HP announced they wouldn't be making printer drivers for 95 until they were convinced that people would actually buy it.  In reality this was an upgrade scheme for a "New Generation of HP Printers" (they were doing the same thing with iPads last year).  Because of this, when 95 came out in August, every HP driver distributed with 95 was written by Microsoft.

I never printed another envelope again on my DeskJet.  I think the issue was deep inside the Windows GDI (Graphic Device Interface).  No matter what you did, Windows decided a letter was "landscape" format, so it dutifully printed the address sideways.  There were work-arounds, but it was an incredible pain.

Once 95 took off, to the surprise of HP, and people started using the Internet for downloading drivers, HP forced its "HP Webprint" software on anyone looking for the "latest driver" for any printer, regardless of the model.  It never worked well.  And it still doesn't.

Forward to 1996 and the introduction of the fundamentally flawed OS we knew as "NT4".  Once again, all the HP drivers were written by Microsoft (shudder).  By the time Service Pack 3 came out this was a common scenario:

• Customer buys HP printer, finds there's no NT4 driver
• Customer installs HP driver from original NT4 CD
• NT4 print server explodes the first time it prints to the new printer

Yeah, there was a little trick to that: you had to re-install SP3 after installing the driver or suffer the consequences.  In fact any time you pulled anything off the original NT4 CD you had to re-install the service pack (3,4,5, or 6—whatever version you were on).  Even though you could point to Microsoft technical articles explicitly stating this, most people refused to believe it.  I think they were just lazy.

Witnessing all this Happy Horseshit as a "professional services"... umm... professional, tainted my view of HP for at least five years and I avoided HP like... herpes ("the Plague" is so Old School).

But that's all Ancient History.  The years rolled by and the pain receded.  Perhaps my memory grew dim.  Multi-function printers became ubiquitous and I decided it was time to throw out the old printer and the old scanner.  I bought an HP Photosmart C4580.  Although the software interface was butt-ugly it worked fine for my needs... for about two years.

Honestly, I think there are hidden "features" in HP software that determine when you need to buy a new printer.  There's code in there, waiting... watching... ready to make your life miserable when HP's stock starts to drop...

Among the new features in the HP printer driver suite are automatic updates.  I always chose to update whenever I got a notification.  Then, things started to get flaky.  The "update" would ask for the original CD and no matter how many times you clicked "Cancel" it would refuse to stop asking for it until you killed the process in Task Manager.  This got so bad I disabled it on most of my Windows boxes.  I printed through Linux (CUPS, a surprisingly competent HP sponsored project for Linux) anyway, so life went on.

Until yesterday, when I wanted to scan two lousy items for my RFID post.  It just wouldn't work, so I determined it was finally time to upgrade the software.  I decided to give my aging XP box a break and install it on my Windows 7 laptop.  After downloading and running the 150MB package at 12:30PM, the horrors began.  I wouldn't be scanning until 8PM that evening.  I was multitasking all day, so it wasn't quite as bad as it sounds.

The first thing the new software (lucky version 13) tried—and failed—to do was remove the old software (version 12).  Somewhere around "step 4 of 38" in this uninstall process, it hung.  I killed it with Task Manager and it restarted, completing—or appearing to complete—the remaining 34 steps.  In hindsight this was a mistake.  I should have manually uninstalled the old stuff and started fresh, but what the heck.  The software thought it could pull it off.

So this things chugs along and finally comes to the "printer detection" part.  It finds the C4580 on the wireless network and then decides—after the printer has been found—to "test" the wireless adapter.

And by "test" it meant "break".

I didn't notice this at first and the software offered to put an icon on the desktop so it could "try later".  OK, I'll go for that.  Click "OK" and reboot.

Once it's back up, I click the icon and it goes through the same process.  Still can't find the printer.  Click "OK" and the damned thing reboots again.  After a few more of these I finally notice the WiFi indicator has the yellow piss stain of FAIL on it after the "testing your connection" phase, so I reconnect to the access point before the printer identification part.  It works.  It churns.

It FAILS.  And reboots again.

So I disable the wireless NIC and jack into the wired network.  The laptop can still get to the printer through the access point, verified by pinging it.  I run the detect printer program again and it tells me my wireless connection doesn't work.  Fucking DUH.  This time there's an edit box where you can put in an IP address, so I try that.  No go.  Reboot again.

There's an option to connect directly to the printer via USB, so I try that.  It finds the printer and dies again.  Click "Finnish" to reboot.

At this point I decide to rip everything out and re-install from scratch.  After removing everything HP, I reboot, log in, and Windows tells me it's no longer genuine.  WHAT THE MOTHERFUCKING FUCK.  Yes, those were my exact words.  So I did the Windows Genuine Advantage song and dance thing and Microsoft forgave me, saying there, there everything's OK now.

Well, that was a relief, but I was in no mood for drama at this point.

And re-installing did the trick, seven and a half hours after starting.  I scanned my shit and posted the article.

HP... never again.

Again.

UPDATE 08/16/2011

The last time I rebooted my laptop, the HP Photoshit software popped up and asked me if I wanted to participate in their customer survey program.

I declined.

Then it asked again.

What part of "I Decline" is so hard to understand, HP?

I'm Not As Stupid As I Look

I'm not saying I'm not stupid.  I'm simply not as stupid as I look.

Many years ago, I was in the First Grade.  They taught us how to read.  The teacher (Mrs. Rodriguez, if memory serves me right) divided us into three groups:

• The Blue Stars
• The Red Balls
• The Green Leaves

The Blues were the stars, of course (duh!).  The Reds were the average kids.  The Greens were the idiots.  Mrs. R took one look at me and threw me in with the Greenies.  So anyway time goes on and we do our lessons and eventually it's my turn to read out loud to the Greens.  Suddenly it dawns on Mrs R that I only look stupid, so she bumps me into the Blue Stars, who were none too happy to have a Greentard in their shining cluster.  The Greens weren't happy either.  I was a traitor.  And the Reds, seeing I was disliked by both the Blues and the Greens, decided I was somehow untrustworthy.

And that's how my public education went for the next 11 years.  The smart kids thought I was stupid, the dumb kids thought I was a snob, and everyone else thought I was just weird.

So anyway, flash forward to State U.  They only required 10 hours of English to graduate.  I got that out of the way the first year.  Due to a variety of issues (drugs) I never went back to SU.  I worked for a couple of years and then decided to get a tech degree at the local community college.  I transferred my SU credits, but they wouldn't take the goddamned 10 hours of English.  I had to take three, three-hour English classes to make that up.

I guess I just looked stupid.

So I plop myself down in my chair on the first day of English 101 and this Drunken English Prof  ("DEP") announces to the class that we are to write three paragraphs on the last book, movie, or television show we experienced.  

"Not for credit", he says.  "Just so I can know where you're at."

I couldn't think of anything, and since we were supposed to use the entire class to do this I decided the best course of action was to get up and leave.  The DEP was furious.

"Where are you going?" he demanded.

"I can't think of anything," I said, "so I'm leaving."

"How will I know where you're at?"

"Look", I said, "no credit, right?  What's the point?  No credit, no paper."

And I left.  He was really pissed.

I come back the next day--silly me--and we do English 101 stuff, which was warmed-over High School English: antagonist, protagonist, plot, etc.  The BASICS.  The reading material was, believe it or not, Oedipus Rex.  Again?  Motherfucker!

Days go by and we have our first test.  I come back the next Monday and when the DEP passes the tests out, he hands me mine with a look of complete, utter disdain on his face.  He had finally learned "where I was at".  I took a look at my test.

I got a 96 out of 100.  What's the problem?

I glance around the classroom and people don't look happy.  The DEP makes his announcement:

"The class average on this test was 46.  Everyone failed.  So, we're going to break off into groups to discuss the test and then we'll take it over."

And that's when it dawned on me (I'm a little slow) it was the Green Leaves all over again.  I was in the retard class and I had no clue.  No Blue Stars here.  No Red Balls.  Nothing but drooling, mouth-breathing Green Leaves everywhere and no way out.  This time I was pissed.  There was no way in Hell I was going to re-take a test I had already passed.  I stormed out of the classroom (no protest from the DEP this time), dropped it, and forced them to transfer my SU English credits.

Later I did the math and concluded that the class average would have been 39 without me.

And so life goes on and reality sets in.  I don't think I've met a Blue Star in the last fifteen years and I've come to the conclusion that the Red Balls are kidding themselves.  Life is 90% Green Leaves.  Might as well enjoy it like a walk in the park.

What's the deal with AMD & UT99?

I just finished playing a few games on the temporary laptop server & was disappointed with the results.  It was herky-jerky in a lot of places, especially near walls and doors.

It was never like that even way back in the day when BOT House was running on a K6 (basically a hot shit 80486 processor—AMD's answer to the Pentium line), except when EXP IV was running on a dual core AMD64 and the OS itself was 64bit.  Setting the processor affinity for the different UT99 instances seemed to fix that problem.

Well, the laptop is a dual core AMD64, and the processor affinities are still there (I tried shutting them off with no improvement in play), but the OS is 32bit.  So... WTF'ingF?

Luckily the laptop is a short term band-aid.  Yesterday I ordered an El-Cheapo refurbed IBM P4 desktop to replace it.  No more or less powerful than the one BOT House was running on, or the box that replaced it.  If play goes back to normal, it will make me think twice about buying another AMD box in the future.

The box that was EXP V seems to be happy being BOT House and it plays very well.  I still have no clue what the issue was with the old BH.  There was no problem with the CPU's or the power supply's cooling fans (well, they were spinning), so that seems to rule out Heat Death, but at this point I don't feel compelled to do a complete autopsy on the damned thing.  Just let it rest in peace next to its fallen comrades in the basement boneyard.

So anyway EXP V et. al. will be back on Intel hardware by this weekend.

Brain Transplant

Friday I closed The House temporarily while I pondered my options after the meltdown.  It survived the day in its minimal role as firewall and proxy, but when I came home to check it after a hard day at the Salt Mines it hung tight the first time I touched the keyboard.  After bouncing the box, it did the same thing.  Then after a few more bounces and hangs it refused to boot.

Time for Plan B.

Since I was cut off from the Interwebs the first order of business was getting back on, so I dusted off an old (vintage 2005) D-Link DI-524 wireless router, reset it to factory freshness and realized I had no idea what the default admin password was.  I booted a Backtrack 5 DVD in my laptop and plugged into the Net directly to Google it.  Turns out it was blank.  DOH!

I configured it to be a complete plug&play replacement for the BOT House firewall (sans proxy and IPv6) and got the List back online.  I pulled the hard drive out of BH, plugged it into Experimental and it booted fine.

Try that with Windows.  Unless your new hardware is identical you generally get an "UNACCESSIBLE BOOT DEVICE" Blue Screen 'O Death every time.  In fact I attached Experimental's drive via USB to my laptop just for funsies and it booted right up after messing around with the GRUB options (it had switched from /dev/sda to /dev/sdb).

I will probably look for a cheap replacement for Experimental, but until then BITCH House, EXPV, and Classic ]i[ are all off-line for now.

This makes four dead machines for 2011.

BOT House Meltdown 07/14/2011

I've been waiting for this day.  It's been a bad year for hardware.  Boxes have been dropping like flies.  The 'House itself is over six years old, and it's the oldest running box on DinkNet at this point (the oldest runnable box was shut down on Windependence Day).

I've always had a Bad Feeling about this box.  It has a non-standard power supply with a teensy-weensy fan in it.  Not an easy thing to swap out on a moment's notice.  The CPU has a funky cooling system.  The possibility of a meltdown has always been there.

And tonight it happened.

What the heck, six years is a good run around here.

Apologies to everyone who was playing around 10PM EDT.  It's up and running with the case open now, but I may be doing some maintenance this weekend, which will take everything, including the Proxy List, down.

So go outside and play.

Has Google Been Shitting Itself Lately?

I just used that search box over on the right to look for references to RaLink wireless adapters here. Nothing came up. Then I did your standard Google-Fu against the site and got 13 hits, going back to 2007.

WTF?

I have also been having issues with Google Maps since early April, the latest being the inability to save street intersections to the M/S 2011 Map. Any plain old street number will work, but it hangs on intersections. I've tested it with every browser I run (and I run a lot of different browsers) with the same result. I can work around that, so it's not a big deal.

But it is annoying.

Another annoying Maps issue is the display during editing. If you move a marker from page 2 to page 1, the markers are all over the place. Luckily it only happens during editing.

And then there's Google Update. I kept getting an "Update server not available" error, so I finally re-installed it.

The last time I bitched about Google, my machine died a horrible death (long story, lots of blog fodder there), so I'm somewhat hestitant to put the blame elsewhere.

If you've had any issues, drop me a line.