Don’t be a .local yokel

Posted on 2016-02-29 by Charlie

Wikipedia has a nice technical write up that explains why you should never, ever use the .local suffix the way Microsoft has frequently recommended.

But I like this politically incorrect version better:

Microsoft: “Gee, nobody is using the .local piece of the globally shared Internet namespace, so let’s tell all our customers that it’s best practice to use it for our totally super cool version of Kerberized LDAP service called Active Directory!”

Novell: “Oh noes, Microsoft has made an inferior competitor to our flagship technology! It’ll probably destroy our market advantage just like their inferior networking stack did!”

Linux/Unix: “Oh noes, when somebody attaches the new Microsoft technology to an existing mature standards-based network, Kerberos breaks!”

Microsoft: “HA HA HA HA HA HA HA we are totally following the standard, lusers!”

Linux/Unix: “grumble whine we will patch Kerberos even though we don’t agree.”

Microsoft: “whatevs. Did you notice we broke your DNS too? :)”

Apple: “Hey, IETF, we have this cool new zeroconf technology. We want to reserve the .local namespace for it.”

IETF: “OK, sure, you’ve filled out all the forms and attended all the meetings and there’s two independent implementations so you’ve done everything correctly. We have no valid reason to deny this allocation.”

Novell: “Hey, we were using SLP already, what did you just do?”

Apple: “Oh, whoopsie, did we just eat your lunch? HA HA HA HA HA”

Microsoft: “Hey, what just happened?”

Apple: “HA HA HA HA HA HA HA HA HA HA HA RFC6762, lusers!”

Linux/Unix: “grumble mumble whatevs. We can do mDNS.”

Microsoft customers: “OH NOES WE ARE SCREWZ0RRED”

Microsoft: “Meh, you didn’t really want Apple products on your networks anyway.”

:TEN YEARS LATER:

Microsoft customers: “How much would it cost to fix this network?”

Microsoft: “What, were you talking to us? Everything’s fine here. Windows 10 forever!”

Sintel means “ember” or “coal”

Posted on 2016-02-08 by Charlie

The Blender Foundation released Sintel on September 30th, 2010.

The film and all its animation data, characters and textures have been released under the Creative Commons Attribution License. This has not stopped Sony from issuing DCMA takedowns.

Comodo up to more tricks

Posted on 2016-02-03 by Charlie

People occasionally ask me who they should buy security certificates from. I absolutely will not recommend anyone in particular – even the most honest and honorable Certificate Authorities are inherently swindlers, because the trade itself is pretty much a legalized extortion scheme – but I am willing to say who I don’t recommend – Comodo is the worst CA, hands down. Witness their latest hijinks:

When you install Comodo Internet Security, by default a new browser called Chromodo is installed and set as the default browser. Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.
[Link to Chromodo download elided]
Chromodo is described as “highest levels of speed, security and privacy”, but actually disables all web security. Let me repeat that, they ***disable the same origin policy***…. ?!?..

This certainly isn’t the first time Comodo’s been caught doing things they shouldn’t, but somehow they still control around a third of the world’s certificate issuance. People need to stop giving business to known bad actors, even when it’s unclear whether the actions stem from malice or incompetence.

Query all non-subscribed RHEL7 repos at once

Posted on 2016-01-28 by Charlie

The old Red Hat Network was simple and easy to use. The RHN website presented a list of systems in your web browser, with counts of outstanding patches and outdated packages. You could click on a specific system name and do various things like subscribe to specific repositories (channels) etc.

The current Red Hat Network is a glittering javascript tour-de-force that multiplies the number of clicks and the amount of specialized knowledge you will need to manage your systems. You can pay extra for add-on capabilities such as the ability to select groups of systems and apply a set of operations to all of them, which is almost certainly necessary if you have a large number of systems. It’s a sad travesty of the much-maligned system it replaced.

If you’re completely entangled in the new RHN with your Red Hat Enterprise Linux 7 systems (by which I mean that you haven’t managed to exit the Red Hat ecosystem for a more cost-effective infrastructure yet) you might want to do something like figure out which of the various poorly named repos (such as -extras, -optional, and -supplementary) contains some particular package you want.

Command line to the rescue! Ignore all RHN’s useless beauty and use ugly, reliable Gnu awk. This, for example, finds the repo where the git-daemon package has been hidden away.

subscription-manager repos --list | gawk '/^Repo ID/{print "yum --showduplicates list available --disablerepo=\"*\" --enablerepo=" $3}' | bash | grep -i git-daemon

After several minutes (there’s a lot of network traffic involved) you’ll find that versions of git-daemon are in five different repos.

git19-git-daemon.x86_64 1.9.4-2.el7 rhel-server-rhscl-7-eus-rpms git19-git-daemon.x86_64 1.9.4-3.el7 rhel-server-rhscl-7-eus-rpms git19-git-daemon.x86_64 1.9.4-3.el7.1 rhel-server-rhscl-7-eus-rpms git-daemon.x86_64 1.8.3.1-5.el7 rhel-7-server-optional-fastrack-rpms git-daemon.x86_64 1.8.3.1-4.el7 rhel-7-server-optional-rpms git-daemon.x86_64 1.8.3.1-5.el7 rhel-7-server-optional-rpms Although it is rare, this drug may make you feel drowsy or levitra online sales sleepy. In this disorder semen is discharged earlier levitra without prescription that is within two to four minutes of the lovemaking process has started. People assume that they will http://www.donssite.com/steertech/Steertech-Exhaust.htm purchase levitra online surely experience the real profits of a nature. tadalafil mastercard Too much of consumption with magnesium from supplement or medicine might give you unpleasant gastrointestinal side effects. git-daemon.x86_64 1.8.3.1-6.el7 rhel-7-server-optional-rpms git19-git-daemon.x86_64 1.9.4-2.el7 rhel-server-rhscl-7-rpms git19-git-daemon.x86_64 1.9.4-3.el7 rhel-server-rhscl-7-rpms git19-git-daemon.x86_64 1.9.4-3.el7.1 rhel-server-rhscl-7-rpms git-daemon.x86_64 1.8.3.1-5.el7 rhel-7-server-optional-beta-rpms

So, you query the Red Hat Package Manager, rpm, to find out what version of git you have.

rpm -q git 1.8.3.1-6.el7

Since 1.8.3.1-6.el7 matches the latest version of git-daemon available from the rhel-7-server-optional-rpms repository, that’s the one you need to add in order to load git-daemon.

subscription-manager repos --enable rhel-6-server-optional-rpms yum install git-daemon.

This process is much easier than using the Red Hat Network web gui, and requires less specialized knowledge. Which is pretty sad, considering how arcane these incantations are.

Firefox annoyance #5: redirect caching

Posted on 2015-11-23 by Charlie

Firefox Annoyances:

1) Sync
2) pocket
3) hello
4) everything else, other than the plug-in API itself, that isn’t a paper-thin shell around gecko
5) 301 redirect caching

To clear the 301 redirect cache for a single page, go to the “View” menu and light up the “History” sidebar (yeah, of course you forgot about that, nobody uses it), find the site you’re working on, right-click and select “forget about this site”.

annoying git

Posted on 2015-11-18 by Charlie

I’ve been installing git on some corporate servers with the idea of converting existing CVS and ad-hoc code management systems into something reasonably fast and modern.

It’s been somewhat tedious and painful, but supposedly once I’m done the installation will be stable and maintainable. For an enterprise SCM that’s a lot more important than ease of installation, at least in theory. (I ran OpenLDAP for a decade or more, so I can appreciate the value of putting all the pain up front.)

Today’s annoyance is that the gitolite documentation and web site refer to a “hosting user” but the toolset and other web sites describing gitolite installation talk about an “admin user”. After wasting several hours with Google trying to find out exactly what the difference was, I created a new user account for the admin user and executed the commands – at which point it became immediately obvious that THOSE ARE THE SAME DAMN THING.

Curse you, gitolite. I WANTED US TO BE FRIENDS.

British Museum Iron Age virtual exhibit

Posted on 2015-11-17 by Charlie

Heather writes:

One of my web design e-newsletters had a link to the indoors Google Street View of the British Museum. So I wandered around a bit and found this… Celtic Life in Iron Age Britain: A British Museum exhibition of Iron Age objects from collections across the UK.

ISP hacked, blog savaged

Posted on 2015-10-14 by Charlie

Our ISP, iPower.com, was hacked and an amateurish attempt was made to plant various forms of malware on this site. Fortunately for my non-existent readers, the hackers weren’t particularly competent. Unfortunately for me, the same might be said of my ISP…

User registrations are disabled, for the nonce, which again will be a trial for my non-existent audience.

Programming time

Posted on 2015-09-17 by Charlie

Never program time. Call the system instead, and let the sysadmins do their job. The GNU ‘date’ program is excellent, and a good sysadmin will maintain it rigorously.

https://www.youtube.com/watch?v=-5wpm-gesOY

James Mickens in Norway

Posted on 2015-08-12 by Charlie

“In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that Bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the Bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting ‘The Prince of Lies escapes again!'”

https://vimeo.com/135347162

Exchange schema are a tumor inside Active Directory

Posted on 2015-08-11 by Charlie

“Microsoft email software is to the global communications industry and the general public as the Boston Strangler is to the woman alone.”
— Jack Valenti, MPAA

OK, it’s pretty clear that rooms, in the real world, have locations. Many of them have room numbers, and some of them have phone numbers. And a very very few of them have email addresses.

So naturally, Microsoft’s Active directory treats email attributes as the defining characteristics of a room. After all, anything to do with email invokes the dreaded Exchange Shadow LDAP schema. And while your rooms almost certainly don’t have email addresses, somebody somewhere does!

The “room” objectclass is part of the old COSINE schema, a true international cross-platform multi-vendor Internet standard at least as early as 1991 (currently enshrined in RFC4524). So you’d expect to be able to do a simple LDAP search on (objectClass=room) in any directory in the world… and you can, except in AD.

In Active Directory you search for (msExchResourceMetaData=ResourceType:Room). Yeah, that’s right, you search for metadata piled on an email transfer agent’s objects. For some room that has no email capability whatsoever. My theory is that this is because Microsoft’s email and calendaring strategy was defined by people with the outlook and mental capacities of a selfish, spoiled ten-year-old.

Traceroute vs Tracert

Posted on 2015-07-16 by Charlie

Van Jacobsen’s traceroute utility is not the same thing as Windows tracert, and the MS-Windows tool is probably more academically correct. The GNU version of traceroute that is included with most linux and BSD operating systems can do both kinds of tracing, but does the Van Jake by default (use traceroute -I to get the windows-style ICMP trace).

People have occasionally given routers silly names to produce amusing traces.

medieval news roundup

Posted on 2015-07-15 by Charlie

It’s a bit more javascript than necessary, but Medieval News delivers as promised.

I can have a page named NUL in linux, though.

Posted on 2015-07-13 by Charlie

Excellent article, but he forgot my favorite, CLOCK$. I used to have a web page with a big, shiny red button linked to <A HREF=”c:\clock$\clock$”> and the message “don’t click the button or your computer will be destroyed and all your files deleted”. It didn’t really do that, but it would instantly crash any Microsoft system prior to Win98SE or thereabouts. People did click on it, which still kind of amazes me.

Email a tree

Posted on 2015-07-11 by Charlie

The city of Melbourne gave their trees email addresses. People have been writing them love letters.

ScienceNordic

Posted on 2015-05-22 by Charlie

Cool web site has articles about stuff like Swedish people who only stopped free prescription viagra It is extremely great filling satisfaction and love in the love-life. Unless levitra on line you won t discuss about what is Kamagra oral jelly by visiting the official website of the manufacture. These hours should be certified by a guardian or tutor before a young driver may proceed to the second stage of Texas Graduated driver licensing program, and should add at least 10 to 15 years and http://www.donssite.com/truckphoto/super_shockwave_jet_truck.htm buy cialis pharmacy for the same pulmonary arterial hypertension in May 2009. Identifying and correcting these causes can help restore erectile function. buy viagra tabs using runes 100 years ago and a Viking blacksmith buried with his tools.

Microsoft RDCman

Posted on 2015-05-15 by Charlie

Using Microsoft’s Remote Desktop Connection Manager 2.7, I can open 61 separate server consoles on a Dell Optiplex 390 with an i3 processor.

System performance outside of RDCman turns to treacle, but inside it the consoles are quite usable.

I had a bunch of PuTTY SSH windows open, and a fair number of tabs in firefox, too.

Breslin@Kottke

Posted on 2015-03-16 by Charlie

Susannah Breslin is taking over Jason Kottke’s web site for a while. Although admittedly her work can be a bit dark at times, and I’m pretty sure my Dad wouldn’t care for it, I love Susannah Breslin! She’s a brilliant writer and she’s thoroughly mastered the art of blog.

Homeopathy as the least worst choice

Posted on 2015-03-12 by Charlie

Interesting thing about homeopathy, that I learned from visiting the Mary Baker Eddy Museum in the Boston Christian Science Reading Room: less than 200 years ago, the best medical treatment you could get was probably homeopathy. It was unlikely to outright kill you, and would keep you well hydrated. The next best treatment was almost certainly prayer (because it might have psychological benefits and at the very least it didn’t involve bleeding or the administration of poisons) followed by herbalism (which could definitely kill you, but might also heal you) followed by a dog’s breakfast of other therapies which mostly involved greatly increasing your chance of an untimely death in the name of healing.

Over time, the bits and pieces of things that actually worked (such as keeping patients hydrated, and various herbal remedies such as willow bark and etc.) became the basis of modern medicine, mostly through the efforts of snake-oil hucksters and patent medicine companies who found ways to profit from them. The profit-driven system has mostly worked rather well (despite numerous debacles like aspirin, thalidomide, Coley’s cancer cure, etc.) because you couldn’t make profit from dead patients (until the development of mass media campaigns, anyway).

Today the snake oil industry has metastasized into modern corporate medicine, which primarily exists to sell pills. But most of those pills actually do something, so it’s a huge step up from the days of homeopathy, when the last thing any sick person needed was any treatment that actually did something.

Today it’s popular for self-aggrandizing Internet commentators to hold up homeopathy as a “fake science” that they lump in with whatever other targets of opportunity they think will make them look scientific and clever, such as chiropractery if the pundit is left-wing, and “global warming” if s/he’s right-wing. And invariably these critics know almost nothing of the history of medicine, and they’ll usually characterize medicine as a “science” (or possibly a “Science”) rather than the praxis that it is. But to my mind, today’s corporate medicine is very much the same as the homeopathy of Mary Baker Eddy’s time – it’s the least worst choice.

The US Government and You

Posted on 2015-03-10 by Charlie

“If you treat federal law the way the secretary of state does, you go to prison.
If you treat IRS rules the way the IRS treats IRS rules, you go to prison
If you treat immigration controls the way our immigration authorities do, you go to prison.
If you’re as careless in your handling of firearms as the ATF is, you go to prison.
If you cook your business’s books the way the federal government cooks its books, you go to prison.”

Courtesy of some guy at Slashdot.

Typing Animal

this is the blog part

Category Archives: internet