Category Archives: roflcakes

A Lament

This post will not mention anything new. It will not say anything someone else hasn’t before. It serves only as a landmark, a waypoint, a memory.

This post is about weev. In recent months he’s been found guilty on a bunch of bullshit charges, and today he’s been sentenced. I won’t go into the details. Other people already have (here’s the transcript, here’s the Wired search results for his name. Check around on twitter for #freeweev. Here’s another site about it. Have fun.)

I came to know him online/on IRC very briefly, but from the first supported his side of things. weev has often been described as unpleasant (to put it very mildly). I don’t much care for that. weev’s cool, and anyone who’s spent even a bit of time talking to him will tell you that. He’s also effectively the fallguy in this whole story. He went ahead and pissed on the shoes of AT&T, and now he’s being put away for 41 months (along with restitution). For making it known that people’s information (to whatever extent) was available on a public webserver, and all you needed to do was be able to look at/modify a URL, and do math (add 1 to the identifier at the end of it). There’s a number of things that work this way. Hell, twitter status updates are posted in numerical order. A few years ago they used to have the global firehose of all content available. Viewing that without permission could’ve been equated to breaking the law (under this ruling).

This probably sets quite a fucked precedent. There’s a lot to be said about it. But I say only this: it fucking sucks. Tons. And I hope that this situation can change. :(

P.S. for anyone who wants an idea of weev’s character, this is it: “No matter what the outcome, I will not be broken. I am antifragile.” — @rabite

Cellular data extortion(?)

With my DSL and everything (switch, RB750, DSL modem, HP Microserver) being struck by lightning this week, I’m presently using my 3G for a bit of access. Just to ensure I don’t trigger any massive out-of-bundle charges, I checked my remaining cap quickly so that I can then run a rough mental allocation of it all for the next while. Then I saw this:

“Hang on a minute,” I thought as I read the first block’s data values, “that should be closer to 1.7GB remaining.”

Then I scrolled down, saw the ‘forfeited’ counter, and began wondering whether these companies could be forced to stop making forfeiting part of their contracts. It’s truly not like this is a technical problem. This is a business decision they’ve made to let bandwidth you’ve bought artificially expire.

A quick bit of math: assuming I use ~300MB a month (this appears to be the general level of data I use, based on a quick checking of my phone’s stats), and that I’ve had this contract for 22 months now, and at the R268.99 I’ve been paying for the bundle each month:

  • (268.99/800)*500*22 = 3698.61

So that’s R3700 of “forfeit”, for no reason other than someone decided it’d be a good way to make money. And, as far as I know, all the operators in this country do this. For the less technical readers: as I mentioned before, there’s no technical reason this happens. It’s just an entry in some database, and can be updated. If anything, maintaining an expiry time on data probably leads to more technical issues than they’d otherwise have.

To compare, this would be like anyone buying up a bunch of things (toilet paper, toothpaste, whatever), and the storekeeper then removing it from your home if you haven’t used in soon enough.

Retardville

Update: I’ve contacted Github support about this, and given them a suggestion about a default-on preference/setting to filter those for everyone but the repo owner, perhaps with a visual cue about it

Update 2: as of this update, the search for these sorts of files no longer appears to be working; I also got a mail back from github support about this earlier, but didn’t really read it yet

Or to give people the benefit of the doubt, perhaps they just didn’t know better. I don’t even understand how this comes to pass, it’s so different from what I’m typically used to.

github ssh keys

github bash history

github zsh history

 

The URLs for these are as follows:

  • https://github.com/search?q=path%3A.bash_history
  • https://github.com/search?q=path%3A.zsh_history
  • https://github.com/search?q=path%3A.ssh/id_rsa
There are some more, obviously. Use your imagination to find them. You can also filter for passwords and such:

  • https://github.com/search?q=path%3A.bash_history+password
  • https://github.com/search?q=path%3A.my.cnf

So, to all the people who have done this: don’t upload any of your history files, private ssh keys, etc, to something on the public internet.

 

Wasted Effort

So in South Africa, we have this weird microcosm effect where people feel it’s useful to redo things locally. It came about due to various factors, and there are sometimes some useful advantages (job creation when you’re dealing with products people could make by hand, for instance). The rest of the time, I just don’t see the point.

Case in point, MyBroadband recently started pushing some initiative called Gr8Signal. It’s purpose? To map out cellphone network signal info. “This sounds eerily like OpenSignalMaps“, some might say, so let’s compare their features quickly.

OpenSignalMaps

  • Signal heatmaps
  • Coverage info for multiple operators
  • Speed data
  • Comparison possible
  • “Average” rating

Gr8Signal

  • Signal blocks

Seriously, that’s it. You can’t compare different operators, or even use more than one at a time. Okay, so it’s a new project. Maybe it still needs to get some basic features. Let’s compare their interfaces.

OpenSignalMaps first:

I searched for “Johannesburg, South Africa”, and the first maps I get are an aggregate coverage heatmap for all available operators across all signal bands, the capability to filter based on a variety of options, and – if I click on the “Advanced view” (not shown here, but it’s that bar left left of the “NetworkRank™” section) – I get speed, latency, and reliability information.

Now let’s look at Gr8Signal.

And then another one, because I can’t select more than one operator at a time:

Yup, seriously. No ability to compare operators. The views are in blocks (…you guys do know how cellphone signal works, right? Fluid display is *far* better). The default map choice makes it ridiculously hard to see detail clearly. The overall feeling of the website is about as awesome as the SAWS page was. You know, that one where you could flatline your CPU by racing your mouse over the zooming menu icons.

Overall, I just don’t understand the point of this project. The data already exists in a much more useful form elsewhere, alongside wider coverage. So that’s about it. Let’s see what the MyBB guys have to say.

Update: I feel I should add that the reason I seem annoyed about this is the perpetual case of people just doing something “local” for, seemingly, no more reason than doing it “local”. If they brought something competitive to the table, or offered a better product, I’d totally support that. This very seldom seems to be the case. Why should we keep dishing out subpar products in the .za market? It just gives us a name as bad imitators. China 2.0.

.co.za domains considered harmful

If anyone ever wants to register a .co.za domain, it looks like you’ll have three options going forward (from the near future):

  1. run away screaming
  2. commit suicide
  3. pay someone else to do it
That’s if we skip over the other practices they have, like refusing to allow you to register a domain if the NS records don’t exist on some servers yet (think about the workflow some DNS hosters take, this might at times be a perfectly normal scenario), or the weird whois setup that still seems to be the default server for most whois clients in the world.

Alongside my froztbyte.net domain, I also have a froztbyte.co.za from before I had a credit card. It’s useful for some stuff. But wow, dealing with coza is a trip. First, they only recently made an EPP interface available, and a quick scan-over of it looks like you need to be a registered/accredited registrar to use it, weighing in at R5000 (presently that’s just below 500eur). No matter, it’s not like I’m going to go find an EPP implementation now to do this. So the antiquated *email* interface it is.

Wander over to their website, grab the update form for my domain, edit it with the new NS info, submit. Wait.

mail:/var/log# tail -n 500 exim4/mainlog | grep 1TEc0u-0003kD-QC
2012-09-20 10:21:36 1TEc0u-0003kD-QC <= jp@domainiwanttoupdate.co.za H=(vandali.neology.co.za) [2001:43e8:8:1::x:x:x:x] P=esmtp S=8582 T="test Thu, 20 Sep 2012 10:21:16 +0200" from <jp@domainiwanttoupdate.co.za> for coza-admin@co.za
2012-09-20 10:21:38 1TEc0u-0003kD-QC == coza-admin@co.za R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<coza-admin@co.za>: host mx2.coza.net.za [82.103.142.199]: 450 4.2.0 <mail.neology.co.za[41.73.33.140]>: Client host rejected: Greylisted, see http://postgrey.schweikert.ch/help/co.za.html
2012-09-20 10:22:25 1TEc0u-0003kD-QC == coza-admin@co.za routing defer (-51): retry time not reached
2012-09-20 10:29:29 1TEc0u-0003kD-QC == coza-admin@co.za R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<coza-admin@co.za>: host mx2.coza.net.za [82.103.142.199]: 450 4.2.0 <mail.neology.co.za[41.73.33.140]>: Client host rejected: Greylisted, see http://postgrey.schweikert.ch/help/co.za.html
2012-09-20 10:32:05 1TEc0u-0003kD-QC == coza-admin@co.za R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<coza-admin@co.za>: host mx2.coza.net.za [82.103.142.199]: 450 4.2.0 <mail.neology.co.za[41.73.33.140]>: Client host rejected: Greylisted, see http://postgrey.schweikert.ch/help/co.za.html
2012-09-20 10:32:25 1TEc0u-0003kD-QC == coza-admin@co.za routing defer (-51): retry time not reached
2012-09-20 10:34:01 1TEc0u-0003kD-QC == coza-admin@co.za R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<coza-admin@co.za>: host mx2.coza.net.za [82.103.142.199]: 450 4.2.0 <mail.neology.co.za[41.73.33.140]>: Client host rejected: Greylisted, see http://postgrey.schweikert.ch/help/co.za.html
So I end up actually phoning my domain registrar, in 2012, to find out how long I need to wait. “Up to 45 minutes”. A few exim queue flushes later, the mail went through. Now I should receive the mail that allows me to respond with the the auth cookie. Oh, wait, no:
COZA: ERROR: Invalid phone number format supplied for the registrant phone or fax numbers “froztbyte.co.za”.

I first have to have a validation failure, because the data THEY SUPPLIED doesn’t confirm to their validation schema. This is also not a new thing. They’ve had various schema updates over various points of the ccTLD lifetime, and it’s often just a case of “struggle with it until you get it working”.

Now, given, they seem to have acknowledged that they fail at life as a registrar, thus the new EPP setup and accredited registrars. But for crying out loud, make some reasonable interface for people who aren’t on that system yet. Maybe I’ll do the effort of finding a good registrar….or but I’ll just stop caring about .co.za domains forever and move my stuff elsewhere.

Queueing

A lot of people use queueing for handling data streams and managing how it gets worked on. Whether that’s in routing (here, here, and here for some examples), messaging, traffic etc, it’s a fairly ubiquitous concept. What I haven’t seen elsewhere before, though, is our local ticketing company’s approach to the problem:

Linkin Park – JHB ONLY
You are now in the pre-queue area for Linkin Park – JHB ONLY tickets. When the official queue opens – all customers in the pre-queue area will be given a random place in the queue. Thereafter all queuing becomes sequential.

Citation: here.

To map real-world queues down to making people wait for the chance to buy their (because the system can’t cope with the load) ticket is, well, hilarious. You’re taking the problem from a physical space, to an online one: after the move, you still have the same problem. The reality is that people just can’t wait around in queues all day. But that said, the move is not really unsurprising, especially if we look at this company’s history/skillset/view on fixing this. A quote from one of the concert organizers’, citing what Computicket (our local ticket crowd) said, from the time when the U2 concert ragekilled the ticketing platform

We were very comfortable with what Computicket advised us but there were about 30 000 people on the website at the same time buying the same class of ticket. No system in the world can cope with that. We anticipated huge demand, but it’s about 10% higher than we estimated.

Citation: here.

And yet other people in the world seem perfectly capable of doing this (some are even good at fixing it when they were victim to the issues of not having it right). It’s been happening so often that, many years ago, it was even given a name: The Slashdot Effect. Hell, there’s a bunch of advice collected by people who have fallen victim to this, offered for free. All you have to do is search for it. Not that I’m surprised or anything (at people getting it right). Merely surprised that some people in South Africa still (seem to) stubbornly refuse to believe that anything better than Their Glorious Thing might be possible.

The thought of whether I should launch a ticketing startup has crossed my mind a few times. Perhaps it’s time someone actually did that.

Update: the funny part I only just realized is that they seem to have half learned about the fact that their own stuff sucks, and they outsourced to these people. Who appear to fail just as hard.
Update on the update: it appears these people might not fail hard, but just handle the “making you wait” portion of the problem. It’s still up to Computicket to give you a valid basket interface, tickets, checkout, etc.

This Year In Injuries

So, given the relative quiet nature of the past 3 years or so, I think the world is trying to balance things out again this year.

  • We start off with food poisoning or something around middle February. Leaves me nearly incapable of even just sitting up by myself for nearly half a day.
  • Soon thereafter, flu. In March. March is still summer in South Africa. This sucked.

Now earlier this year I’d started with a good gym routine, and was actually making progress. Although I didn’t quite have the right shoes for running and that ended up causing some blisters on my heels. Which was fine, those just take a while to heal up and weren’t too bad, so I just switched over to a heavier focus on cycling for a while. Then:

  • Walking down the stairs in the office one day (while wearing sandals), I slip on the steps (tile), manage to shift my weight quickly and prevent landing on my ass. But at the cost of having a short period of high-speed collision between my heel and the edge of the steps. Cue the entire section of post-blisters calloused skin being shifted loose, bleeding, emergency self-applied patchwork from the office medkit, and a trip to the clinic across the road.
  • Some weeks pass. Reasonably uneventful, short of spilling some hot water on my hand at one point. Ride in to work one morning, throttle cable gets stuck while I’m approaching a slipway with moving traffic. I’m going 40km/h, I basically have two options, and 5m within which to take action. So I brake hard and go down. Didn’t hit traffic, but my left knee got most of the force, and against some broken tar to boot. Ride in to the same clinic (oh and by the way, fresh air on a new wound stings like a bitch), have the nurses laugh at me.
  • On my (more or less) last week of wearing the bandages for the knee, I’m busy packing stuff and moving stuff outside. Carry my server rack outside, start removing panels and doors so that it’s ready to be carried down the stairs. Wiggle the stuck door, tip the rack over. Flail fast out of the way of the rack that’s now following me down the steps, managed to avoid getting crushed, but have my whole toenail ripped out on my left toe. Go to the same clinic (again, since by now I also know they do a good job ;)), have the nurses just burst out laughing. Get that patched up, and over the next few weeks learn just how annoying it is to ever loose a nail. I also now understand how it was used as a method of torture. I could scarcely feel the pain in the first 10~15min after it happened, but the adrenaline burn was so hot that I needed 2 cans of coke and a full mix sundae from an icecream shop near the clinic before I could stand without hugging walls.
  • Tonight, on the way out to see the new Spiderman movie, go around a circle (this one, west to east on Senior) and sideswipe out over a torrent of water. Literally. Half the road was covered with a stream coming downhill. Thankfully just a bit of swelling on my knee, and that should go away in about 3 days.

It pretty much feels like the year is trying to kill me. ‘cept it’s July and I’m still here, so let’s see what can happen further.

If a few people are feeling up to it, I’ll even start a betting pool ;)

In-flight wireless-less

Ah, fantastic news strikes again. From this article:

“The system has been configured to allocate 128 IPs, with 124 IPs for passenger use. However, due to the number of passengers (115) utilising multiple devices (some as high as 2-3 devices) on the plane, more than 3 times the allowed connections were constantly requesting access to the internet,” explained WirelessG CEO Carel van der Merwe.

Now, some quick searching indicates that they’re using tech from Row 44 to do this thing. If it’s just satellite downlink, then I quite don’t get the R3.5 million (~$436k USD given a quick check of the current ZAR/USD) pricetag. If it’s the whole shebang, then I guess Row 44 is making some damn nice licensing fees out of airlines on DHCP leases.

Either way, I find it pretty damn hilarious that they didn’t plan for something like this on a flight for tech journos.

Screw you, Mikrotik

Particularly, your shitty scripting interface.

Using a lot of Mikrotik routers in various places, I’ve grown accustomed to the platform, and it really is quite flexible. However, it has its idiosyncracies. Among them are bugs and regressions between versions (c’mon guys, can you at least get some functional testing in place?), inconsistencies/inabilities in how some things are done at protocol level (unable to forward a default route in BGP), those sort of things. Now before I continue, let me say that I understand how such things can happen, but I do feel annoyed that they can take that long to get resolved. The lack of automated functional testing is also a major bugbear.

So, you have a router, and you probably care about its config. Most people who do this are familiar with the tool rancid (for better or worse – maybe at some point ranrod will be usable), and there are a set of patches to support mikrotik devices over here. As a side effect of this toolchain, I have a set of method that I can use to log in on many devices with a relatively low-effort command method. Consider the following scenario: someone leaves a company, and you wish to update passwords (in the case where you don’t have don’t have tacacs or radius backing auth). On a unix-like system, you have a few options, but in router-/switch-land you’re limited to some other things. Not to worry, we have shell loops, clogin/mtlogin, and a bit of ingenuity! Leading us to make this:

for location in list some locations here; do
  grep 'mikrotik.*up$' "$location/router.db"; done | cut -d':' -f 1 | while read line; do
  mtlogin -c ':global users;
              :foreach i in=[/user find where name="userinquestion"] do={:set users ($users . "," $i);};
              /user set numbers=$users password=shinymoonbicycles; quit' $line;
done

Seems sane enough. Start a for loop, parse our router.db files for a list of routers we care about, loop through those and run the following automated command sequence. Low-effort, quick, gets it all done. Except it runs into this issue:

[automation@Brain] > can't read "users": no such variable

Argh. Apparently we can’t declare or use variables in this fashion. Even though I can do that perfectly okay when I’m logged into an interactive session (…how is this determined?). “But hold on,” I think, “rancid uses +ct in the username to skip colour and terminal detection; maybe I can disable that to get it done”. And no, you can’t. QQ

In my mind, this sort of thing, on top of the earlier listed problems, the utter silliness of the scripting language (really, go look at the way I have to construct a list of users, or, well, anything), and other things such as no clear equivalent of the cisco-alike “no” command that can be used to negate/remove any statement in the config, are among the things that stand in the way of Mikrotik being taken more seriously.

Mikrotik, you have a product with pretty good potential. It wouldn’t hurt to improve these things a bit. You can sell craploads of non-wifi CPE equipment if you could win over the Cisco-hearts. Please, fix this crap.

*publishes post and mails the link to Mikrotik support*

“Maybe your problem is lint?”

And indeed it was!

One of the products we sell at work is a caching platform, something that sells quite well into many of our African clients’ networks because transit is often ridiculously expensive and every Mbps saved is USD500~2000 you can use on something else. Traditionally we’ve been deploying on HP hardware, and as of earlier this week we have some SuperMicro equipment to try out for the platform. One 1U unit, and one 3U 8-blade unit. This post is about the latter of these two.

After racking the thing, and re-installing the blades (took them out to move the chassis. Side note: the clasp which holds the blades in is kinda crappy for self-locking. You need to wiggle it a bit to ensure the blade is properly in place). I started poking around on the systems. First issue I found is that the ethernet controllers are Intel 82580’s, which is not supported in the squeeze kernel we had on our PXEBoot server at the time (updated kernel which does have support is included in 6.0.4, or any version greater than 2.6.32-33). Now we were informed by our supplier ahead of time that there was one blade which was DOA and that they had a replacement on the way, so I got started on preparing the other systems in the meantime (as they would form a cache cluster). Doing this, I experienced some strange weirdness with the power sequence. Sometimes all the blades would power on, sometimes only the first 4 bays, sometimes only 3. Sometimes I could power 5 on, one off, another one, then attempt to reverse the power sequence of the last two but not succeed. A few more combinations like this were tried, including removing a unit far enough to disconnect it from its connector and then reseat it, but suffice it to say that it didn’t make sense.

At this point in time I’m left with the options of removing units from the bays (to eliminate PSU overload), and of changing the order of the units in the bays to see if that makes a difference (which one would not expect, but if all the possible options have been eliminated then whatever’s left is probably the answer). As I start removing the units one by one, I notice that there’s lint on the one blade’s connector. This hadn’t been there when I installed them, so I asked one of my coworkers to bring my torch over so that I could inspect the inside of the chassis. Turns out there’s a bit of lint hanging loose (about 6cm worth, presumably from the sleeving of one of the fans’ power connectors?) inside the chassis, and that it had somehow managed to get caught up in/on the connector. I remove the lint, and suddenly everything is working as expected.

Lessons learned:

  • SuperMicro BMC units probably have a shared power control bus
  • If you’re seeing weird things happening, maybe it’s lint!