Random Thoughts
Random Thoughts inside Alan's head
Dr. Dolittle
0Saturday was just packed with activities, but Sydney and I managed to sneak away for an hour to see a performance of Dr. Dolittle at Bond Park in Cary.
This is what their promotional teaser had to say.
Dr. Dolittle is being presented by Sign Stage on Tour, a specialist in Sign Language Theatre in which deaf and hearing actors perform together on stage. Whenever a character speaks, the character speaking uses Sign Language and the audience also hears the voice. The voice comes from a different actor speaking through a microphone, sometimes on-stage and sometimes off-stage. Visually, the stage is filled with the movement of hands and bodies yet every word is spoken to make sure all audience members, both deaf and hearing, don’t miss a thing. It’s a magical blend of language created when performing a play simultaneously in spoken English and in the spatial beauty of American Sign Language.
Dr. Dolittle features the good doctor who gives up treating people, after Polynesia, his parrot, teaches him animal languages. He already knew sign language. His fame in the animal kingdom quickly spreads throughout the world. Using all of his language skills, he sets off to cure a monkey epidemic in Africa, finding all sorts of adventures on the way.
The best part of the performance, by far, was the way that the lines were delivered in sign language by the actor in focus, while being spoken by another actor. It took me a while to realize that the audio was live, and not a recording. At times, you could see one actor delivering his own lines in sign language, and then his partner’s lines by voice.
All of this was accomplished by a team of four very talented individuals, who endured the 90° NC heat to entertain and educate us for an hour.
23 cubes in a bottle
1
17 years
Normally, I do not allow my children to have soft drinks. Occasionally, I will let them have a diet soft drink, just so it won’t be considered a forbidden fruit. But most of the time, they drink milk and water. Sometimes they have diluted fruit juice.
Today, they asked if they could use their own money to buy a soft drink from a vending machine. So that’s what we did. I was shocked to see how much sugar was in there.
The label says that there is 34 grams of sugar per cup of Sunkist. And then it goes on to say that there are 2.5 cups in the bottle. Apparently, you are supposed to share this drink with 1.5 friends.
So that means that one 20-ounce bottle contains 84 grams of sugar. That does not sound like much… after all, a gram is pretty small. You know, they measure stuff like medicine using grams, right?
So we got out the postage scale and started stacking up sugar cubes until we had 84 grams. How many cubes would you guess? I would not have guessed it… 23 sugar cubes!
Now imagine fixing yourself a cup of coffee and dropping 23 sugar cubes into the cup. Yuck!
TransUnion — free credit reports, or not?
0
17 years
by alan
in thumbs down on 2009-03-18
This evening, something (I don’t know what) inspired me to check my credit report. I know that you are supposed to be able to get a free credit report from each of the “big three” (Equifax, Experian, and TransUnion) every year. So I started by going to the Federal Trade Commission’s web site. I know it’s easy to be scammed, so I wanted to start with the source.
They direct you to a site that sounds like a scam (AnnualCreditReport.com), but is not. You can go through the government-designed (usability-be-damned) web interface that simply redirects you to the web sites of the big three. At some points in the process, my Firefox NoScript plug-in started complaining about potential cross-site scripting problems, and some scripts on a site called “ezapp.cc”. But a few minutes later, I got reports from Experian and Equifax.
Transunion, however, gave me this lame excuse.
Unable to Confirm Identity
As a security precaution, we cannot provide online deliveryWhat’s happening…
We apologize for the inconvenience, but based on the
information provided, we have been unable to confirm
your identity.Because the protection of your security and privacy
are of the utmost importance to us, we cannot provide
your Personal Credit Report online.What you should do…
* Please return to www.annualcreditreport.com to
order your Personal Credit Report by phone or mail.
This was after I entered a username and a password (generated and stored in 2007 using PasswordSafe).
In 2007, I did send a written request to TransUnion for the credit report by mail… I don’t recall ever receiving one from them.
Pwn3d
0I just spent the entire weekend re-building a server for the Triangle Linux Users Group.
We first noticed that something was wrong when the machine stopped responding over the network. A couple of our admins took a trip to the data center and noticed that we had a firehose of data on port 6667 (an IRC port), originating from a process owned by the “apache” user.
So we’d been pwned. Now what?
We figured the best way to proceed would be a complete re-install of the operating system. I happened to be free the next day, so I was volunteered to lead in the clean-up duty.
So I drove out to the data center to camp out in the cold air conditioning for a while. I saved away the old infected partitions (we use LVM) and I allocated new space for the fresh install. After I had the OS installed and responding over the network, I went home to finish. I worked frantically over the weekend to restore many of the services that we enjoyed. My priorities were clearly restoring our 250 user accounts and then getting email working (securely). In the process, I gave myself a crash course in LDAP, since that is what we use for user authentication.
Within about 48 hours, we had everything restored except our web pages. After all, we knew the break-in had allowed someone to create a rogue process owned by apache. So we must have had some problem with one of our web-based applications. We did not know whether it was our Drupal-based web page, our web mail client, our wiki, a user application, or something else.
I dug through the log files on the infected partitions, and soon it became apparent that there was a cron job set to run every minute, owned by the ‘apache’ user. The script simply looked to see if its IRC program was running, and if any part of it was damaged or deleted, it would reinstall a new copy of itself somewhere else on the disk… somewhere no one would look, like /var/tmp/.s/something.
Finally, the apache error logs showed what the problem was. It seems that we were running an unpatched version of “RoundCube“, a web-based IMAP e-mail client with a nice AJAX interface. There is a vulnerability in this package that allows a visitor to upload a package to your web server and then run their programs on your server.
Fortunately, the process runs as the “apache” user, and not as “root”. Otherwise, the rogue software would have had permission to do a lot more damage than it actually did. As it stands, the bot simply chatted with a lot of other infected machines. Thankfully, it did not seem interested in the files on our machine.
I learned a lot from this experience. As one admin said, the forced cleanup was a “much-needed enema”, something we had avoided for a long time. As a shared system, system administration was something that was handled by a loose group, and was handed off to new members every year. This break-in was enough to attract our attention, but it was not destructive. And it inspired us to simplify our existing system. And it inspired me to set up nightly backups.
ssh + netcat
1
17 years
At work, I need to access some blade servers that are on a private network. The only way to get into these machines is to shell into a lab box first, and then shell into a blade.
alan@desktop:~$ ssh root@labaccess Last login: Tue Feb 17 10:13:52 2009 from desktop [root@labaccess ~]# ssh root@blade3 root@blade3's password:-****** Last login: Tue Feb 17 10:14:03 2009 from labaccess [root@blade3 ~]#
A while back, I picked up this little nugget from the TriLUG mailing list (thanks to Magnus Hedemark). There is a way to make this intermediate hop automatically. Simply add the following to $HOME/.ssh/config:
Host blade3 blade5 blade10
ProxyCommand ssh root@labaccess "nc %h %p" 2>/dev/null
Now, when I try to ssh directly from my desktop to one of the blades, it first establishes an SSH session to the labaccess machine, and then netcat’s all of my original SSH traffic directly to the target blade.
This process will ask you for 0, 1 or 2 passwords, depending on whether your public key (from desktop) is in the $HOME/.ssh/authorized_keys files on the labaccess and bladeX machines. Since I have my public key on all of the machines, this is what I see now:
alan@desktop:~$ ssh root@blade3 Last login: Tue Feb 17 10:17:21 2009 from labaccess [root@blade3 ~]#
This also means that I can scp files directly from my desktop to the blades, without having to dump them on the labaccess machine.
By the way, this trick provides an EXCELLENT reason to consider re-flashing your home router with Tomato firmware, which has ssh and netcat built-in.
Host homepc1 homepc2
ProxyCommand ssh root@router "nc %h %p" 2>/dev/null
Thumbs Up : Red Box
0Our family does not watch a lot of TV, so when we gather around the tube for a movie, it’s a real treat.
This week, we rented two movies from the “Red Box” video rental service at our local grocery store. I am really pleased with their service.
- The price is very reasonable: $1.07 for one night.
- The selection is good.
- I can check movie availability and make reservations from the web.
- No membership necessary… just swipe a credit card when you rent.
- There are plenty of locations to choose from.
- I can return the movies as late as 9pm the next day.
- I can return the movies to any Red Box location.
- Checkout and return confirmation can be emailed to you.
These guys have really done it right. I hope they stick around.
Thumbs Down : Nature’s Path organic cereal
0
17 years
by alan
in thumbs down on 2009-02-15
The stuff in the box looks nothing like the stuff in the picture!
That spoon shows a syrupy mix of varied flakes, with several juicy cherry bits. The bag contains something that looks more like dog food than cereal, with one lone cherry nugget thrown in by itself.
Happy @1234567890
0
17 years
Computers usually tell time by counting the number of seconds since a certain “epoch” time. Then, before displaying the time to you, they do all of the crazy math that defines days of the year and leap years, and even time zones daylight savings time. On Linux systems, the “epoch” is midnight on January 1st, 1970.
At any time, you can tell how many seconds have passed since the epoch by typing:
date +%s
Tonight, at 6:31:30 pm local time, we reached a magic moment when the date was exactly 1234567890 seconds since epoch.
I took this opportunity to show the kids how computers keep track of the time, and to explain time zones (even though they are comfortable with the fact that is it morning in Malaysia when it’s evening here, they did not know about time zones). At the magic moment, we took time out from our pizza supper to watch the time change on my laptop.
WFH: Working From Home
2Tekelec has had an official “work from home” policy for a while now, but I have never taken advantage of it until now. I had dialed in to kick off builds or to check email, but I never tried working an entire day at home.
I decided that I should try it out, just to see if it would work for me. Depending on what you’re working on, and on the infrastructure at your office, working at home can either be a wonderful productivity tool, or it can be an exercise in frustration.
At my previous job, I could carry my entire development and test environment around on a laptop. I could do my work in isolation, even without a network connection. The only time I needed to connect to our office VPN was when I needed to check my source code into our code library.
The same is not true at Tekelec. We have a carefully set-up development environment in a lab — with source code living on one machine, builds taking place an other machines, and testing taking place on even more machines. In fact, the PC on my desk is only used to access these servers. Similarly, when working from home, my PC does not need any special software installed, since it is only used as a screen. I use a software package called “NX” to remotely log in to the PC in my office.
I think the day worked out OK. Here’s some lessons that I learned:
- A few days beforehand, I need to block off the day in my calendar (to prevent people from trying to schedule meetings while I planning to be out).
- The desk in my home office is OK, but I could use a better chair.
- In the mid-morning, I get a glare from the bedroom window. In the late afternoon, I get a bright sun spot across my monitor from the office window. I might want to turn my desk.
- My monitor at home is finer pitch than the one at work, so fonts look small.
- NX is a great tool for remotely logging in to my desktop PC… much better than VNC.
- At first, I ran into some glitches with NX mapping my keyboard keys incorrectly.
- My normal lunchtime came and went without me even noticing.
- The cafeteria at work has a lot more choices than my fridge.
- The bathrooms are cleaner at work than they are at home. (!!)
- When I return to the office the next day, I need to remember to bring my books back with me.
All in all, I think it went OK. I think I’ll try to incorporate regular WFH days into my work schedule.
Over the Top
0This week, the Ringling Brothers and Barnum & Bailey Circus is in Raleigh, and we took the girls to go see it on opening night.
The show was, as they claimed in one of their songs, “Over the Top”… wild animals, motorcycles, jugglers and acrobats, and plenty of people with no fear of heights.
The Greatest Show on Earth? Possibly. It was certainly worth the (discounted opening night) ticket price.