Monday, June 30. 2008
Posted by the_angry_angel
in Geek, LUGRadio, Personal, Unix-like at
23:18
Comments (2)
Trackbacks (0)
Comments (2)
Trackbacks (0)
Farewell LUGRadio?
Given it's all over the forums and it's now the end of day after the release of the episode: "LUGRadio will be finishing after LUGRadio Live UK 2008" (so that's basically 2 remaining episodes, including LRL)!
There are various reasons for this, and if you're not already aware of them I'd suggest listening to S5E21 yourself. To have a hovis moment, I discovered LUGRadio at the start of season 2, which culminated in LRL 2005. I never made that LRL, nor the following 2 UK events due to various reasons, despite my best intentions and plans of going. So here I am, stuck with a dilemma - do I follow my own little personal tradition or should I say "sod it all" and head up to Wolverhampton for the last big bash from the 4 large gents? As the gents would say; answers on a postcard!
If, like me, you're looking to fill the void soon to be left by LUGradio do not despair, for there alternatives (but never replacements) which I shall try over the coming weeks;If I don't make it to LRL 2008 let me take this opportunity to thank the presenters (Jono Bacon, Stuart Langridge, Stephen Parkes, Matthew Revell, Ade Bradshaw, Adam Sweet and Chris Procter) who over the years have given me many laughs and much enjoyment.
There are various reasons for this, and if you're not already aware of them I'd suggest listening to S5E21 yourself. To have a hovis moment, I discovered LUGRadio at the start of season 2, which culminated in LRL 2005. I never made that LRL, nor the following 2 UK events due to various reasons, despite my best intentions and plans of going. So here I am, stuck with a dilemma - do I follow my own little personal tradition or should I say "sod it all" and head up to Wolverhampton for the last big bash from the 4 large gents? As the gents would say; answers on a postcard!
If, like me, you're looking to fill the void soon to be left by LUGradio do not despair, for there alternatives (but never replacements) which I shall try over the coming weeks;If I don't make it to LRL 2008 let me take this opportunity to thank the presenters (Jono Bacon, Stuart Langridge, Stephen Parkes, Matthew Revell, Ade Bradshaw, Adam Sweet and Chris Procter) who over the years have given me many laughs and much enjoyment.
Sunday, June 29. 2008
Linux on Hyper-V
Unless you've been living in a hole for the past few days, or you're seriously anti-Windows or simply not into your virtualisation at all, you're probably aware that Hyper-V, the replacement for Virtual Server 2005, has gone "gold" (RTM).
There's all sorts of news on this, but little in the way of unix and unix-like related info on the web. Despite having 2 customers with it at work, I've not had the opportunity to try any of the unix-like systems on it either.
Sean on the other hand has had the time and opportunity, and has posted a nice round up of Linux distros which work and a few work arounds for known issues, all in his entry entitled "Linux on Hyper-V".
There's all sorts of news on this, but little in the way of unix and unix-like related info on the web. Despite having 2 customers with it at work, I've not had the opportunity to try any of the unix-like systems on it either.
Sean on the other hand has had the time and opportunity, and has posted a nice round up of Linux distros which work and a few work arounds for known issues, all in his entry entitled "Linux on Hyper-V".
Friday, June 27. 2008
Black Windows logon screen?
We had a good one at work the other day. One of our customer's terminal servers, from their load balanced cluster, had run out of diskspace on C:\, due to a rogue update of some bespoke software and a lack of quotas. This is something which was missed from the config, but we or the customer never noticed, as we're pretty good at monitoring this stuff and resolving the issue before it causes trouble. Sadly this happened so quickly that it avoided the monitoring in this instance.
To cut a long story short the disk space was regained, but any logon attempts to the terminal server yielded a completely black screen, with exception to the Microsoft logo. We figured it was a client side caching problem, but it was not so.
Turns out that when the disk space on the primary partition (C:\) fills up the default colours can be overwritten, which results in the black logon screen.
KB906510 details the fix, but not so much that it's caused by the disk space issue. If you're looking for a quick fix to the default colours, then just save the following as a reg file and import it.
To cut a long story short the disk space was regained, but any logon attempts to the terminal server yielded a completely black screen, with exception to the Microsoft logo. We figured it was a client side caching problem, but it was not so.
Turns out that when the disk space on the primary partition (C:\) fills up the default colours can be overwritten, which results in the black logon screen.
KB906510 details the fix, but not so much that it's caused by the disk space issue. If you're looking for a quick fix to the default colours, then just save the following as a reg file and import it.
Windows Registry Editor Version 5.00
[HKEY_USERS\.DEFAULT\Control Panel\Colors]
"ActiveBorder"="212 208 200"
"ActiveTitle"="10 36 106"
"AppWorkSpace"="128 128 128"
"Background"="102 111 116"
"ButtonAlternateFace"="181 181 181"
"ButtonDkShadow"="64 64 64"
"ButtonFace"="212 208 200"
"ButtonHilight"="255 255 255"
"ButtonLight"="212 208 200"
"ButtonShadow"="128 128 128"
"ButtonText"="0 0 0"
"GradientActiveTitle"="166 202 240"
"GradientInactiveTitle"="192 192 192"
"GrayText"="128 128 128"
"Hilight"="10 36 106"
"HilightText"="255 255 255"
"HotTrackingColor"="0 0 128"
"InactiveBorder"="212 208 200"
"InactiveTitle"="128 128 128"
"InactiveTitleText"="212 208 200"
"InfoText"="0 0 0"
"InfoWindow"="255 255 225"
"Menu"="212 208 200"
"MenuText"="0 0 0"
"Scrollbar"="212 208 200"
"TitleText"="255 255 255"
"Window"="255 255 255"
"WindowFrame"="0 0 0"
"WindowText"="0 0 0"Or if you don't trust me just export HKU\.DEFAULT\Control Panel\Colors from a "working" Windows server. The effects are instant.
Friday, June 27. 2008
Here be dragons
The "SBS Diva" very recently posted about unfettered access to port 3389. Incase you need the blanks filled in this would be the default Remote Desktop Protocol (RDP) port, which is used to manage any relatively recent Windows box, 99% of the time.
The general take in the Windows admin world is that open RDP is basically a very bad idea and that you should protect it in some way. I'm not against this as a concept at all, and I want to make this very clear. I do have a problem with most common implementation behind "securing" it.
Despite this in some circumstances it's not necessarily an option to lock something down down, so the service remains publically open. This doesn't necessarily mean you're going to "OMGWTFZ h@x0r3d" within 10 seconds. You are likely to see brute force attempts every now and then, in the instance of RDP, much like you can see people trying to brute force FTP or SSH servers. If you factor this into the equation from the beginning then an open service isn't necessarily as large a problem as you might imagine.
At the end of the you can make the life for any attacker harder;
However, I do have issues with the remaining options and in particular the VPN solution, which a lot of Windows admins rant about and yet use PPTP without any form of quarantine/NAC behind it (i.e. once you're connected, you're in). And here's why; Anything that requires some form of authentication, on a service that is even partially open by default, can be attacked, be it brute force, dictionary, and so on. The tools may not be available but if the protocol, or method of obsfuscation, is documented the tools can be written. Even then the tools can be written with enough time, patience and determination - which has been proven many times over. In the immortal words of a 70s SciFi: "Gentlemen, we have the technology";
The general take in the Windows admin world is that open RDP is basically a very bad idea and that you should protect it in some way. I'm not against this as a concept at all, and I want to make this very clear. I do have a problem with most common implementation behind "securing" it.
Despite this in some circumstances it's not necessarily an option to lock something down down, so the service remains publically open. This doesn't necessarily mean you're going to "OMGWTFZ h@x0r3d" within 10 seconds. You are likely to see brute force attempts every now and then, in the instance of RDP, much like you can see people trying to brute force FTP or SSH servers. If you factor this into the equation from the beginning then an open service isn't necessarily as large a problem as you might imagine.
At the end of the you can make the life for any attacker harder;
- Rename any default accounts - Most of the brute force attacks you see use default usernames, be it 'administrator', 'root' or your name (if the attacker is targetting you specifically).
- Employ additional authentication, such as two factor auth.
- Use your logs wisely - Setup the server/domain to log any failed logons and then some software to monitor that. Get it to notify you of a significant number of logon failures (lets say 3 consecutive) and then take action. Depending on what firewall, etc. you have available and what you use to monitor the system will vary on what you can do. Simply getting a notification is better than nothing. Tools like fail2ban or denyhosts can be very handy in the Unix-like world, and there's no reason why similiar things cannot be implemented for other platforms. I can think of various tools that can monitor logs and preform actions on Windows, off the top of my head (although several are commercial).
- Change the service away from the default port number - this is security through obscurity though, and eventually someone will probably find it.
- Lock it down at the firewall so only specific IPs can talk to the service
- Hide it behind a port knocking, or port rotation mechanism
- Hide it behind a VPN
- Use an IPSec policy to secure any incoming traffic to the RDP port (negotiate and require security)
However, I do have issues with the remaining options and in particular the VPN solution, which a lot of Windows admins rant about and yet use PPTP without any form of quarantine/NAC behind it (i.e. once you're connected, you're in). And here's why; Anything that requires some form of authentication, on a service that is even partially open by default, can be attacked, be it brute force, dictionary, and so on. The tools may not be available but if the protocol, or method of obsfuscation, is documented the tools can be written. Even then the tools can be written with enough time, patience and determination - which has been proven many times over. In the immortal words of a 70s SciFi: "Gentlemen, we have the technology";
- IKECrack or psk-crack for IPsec PSKs
- ASLEAP for Cisco LEAP and PPTP
- THC PPTP for PPTP
- TSGrinder, or TSCrack for Terminal Services
- and so on and on and on...
Tuesday, June 17. 2008
Parsing XML from the command line
This evening I had the fun of finally getting around to repairing a number of bash scripts which I use to automate a number of tasks on my personal servers. One of these parses a RSS feed and then downloads content, much like bashpodder, although unfortunately the data isn't encapsulated as nicely as you would expect in a regular podcast feed.
In the past I've solved this by using sed, and as quick and as easy as this is, it mings massively when you need to update it for whatever reason.
Rather than rewrite the entire script in another language I hit google. My first result was a fantastic tool, called XMLStarlet, that I'd not heard anything about. The blurb describes it as "a command line toolkit to query/edit/check/transform XML documents", and quite frankly it does exactly that. Nothing more, nothing less. What it fails to make a big deal about is that it's simple, and cross platform.
A quick example of using it to echo out the value of each title tag, from the RSS feed generated by example.com, would be as follows;
In the past I've solved this by using sed, and as quick and as easy as this is, it mings massively when you need to update it for whatever reason.
Rather than rewrite the entire script in another language I hit google. My first result was a fantastic tool, called XMLStarlet, that I'd not heard anything about. The blurb describes it as "a command line toolkit to query/edit/check/transform XML documents", and quite frankly it does exactly that. Nothing more, nothing less. What it fails to make a big deal about is that it's simple, and cross platform.
A quick example of using it to echo out the value of each title tag, from the RSS feed generated by example.com, would be as follows;
wget -q 'http://example.com/rss2.xml' -O - 2>/dev/null | xmlstarlet sel -t -m '/rss/channel/item' -n -v 'title'mgrouch and arcanum - my hat goes off to you in thanks!
Friday, June 13. 2008
Exchange 2007 transport rules
Transport rules are a new thing for Exchange, in it's latest incarnation (Exchange 2007), and it allows for some pretty interesting configuration and behaviour when a mail is in transit. If you're familiar with earlier versions of Exchange it's probably best to compare them to Event Sinks, only that they're much more friendly.
If you don't know what that means then a more apt description would be simple to create rules, that allow you to do anything from append text to the bottom of an email, to apply filters on messages between both internal and external users. If you use the GUI think of an Outlook rules style interface that generates rules which are actioned at the server.
This allows you to do all sorts of cool things. For example even if you don't have an Edge Transport server you can block incoming emails from certain recipients. You can prevent two internal users from mailing each other if a message contains certain strings. You can append a disclaimer to all outgoing emails.
If this has tickled your fancy there are 2 ways you can check it out;
If you don't know what that means then a more apt description would be simple to create rules, that allow you to do anything from append text to the bottom of an email, to apply filters on messages between both internal and external users. If you use the GUI think of an Outlook rules style interface that generates rules which are actioned at the server.
This allows you to do all sorts of cool things. For example even if you don't have an Edge Transport server you can block incoming emails from certain recipients. You can prevent two internal users from mailing each other if a message contains certain strings. You can append a disclaimer to all outgoing emails.
If this has tickled your fancy there are 2 ways you can check it out;
- Via the GUI:
- Under the Organization Configuration node select Hub Transport.
- Go to the Transport Rules Tab.
- Right click and select New Transport Rule.
- Follow the wizard - it's as simple as creating a rule in Outlook!
- Via the Powershell:
- Open Powershell, ensuring you're using the Exchange context (Exchange Powershell).
- The command you're after is New-TransportRule. Check out the linked MSDN docs for a total overview of each argument and a few examples.
#5.7.1 smtp;550 5.7.1: Computer says no...
Wednesday, June 11. 2008
Much ado about nothing
A lot has been said about the new iPhone, so I'd like to pick up on something that I'd not seen anyone make any significant note, or fuss, about.
It would appear that OSX Server gets ZFS support in Snow Leopard (10.6). Many, many moons ago I used OSX server briefly and wasn't that enthralled, but maybe I'll take another poke with this addition. If you're not aware of ZFS, it's basically the dogs bollocks in file systems, at present.
It would appear that OSX Server gets ZFS support in Snow Leopard (10.6). Many, many moons ago I used OSX server briefly and wasn't that enthralled, but maybe I'll take another poke with this addition. If you're not aware of ZFS, it's basically the dogs bollocks in file systems, at present.
Wednesday, June 11. 2008
EVE: Where's the love?
It's no secret I'm a bit of a SciFi nut, thanks to my mother. For this reason I'd enjoyed playing EVE: Online, in the past. For reasons of health, and sanity, I've limited my play time over recent years. Over a month ago my 2 months worth of game time ran out and I didn't renew. Whilst EVE had been updated visually I felt that very little had really changed in the universe. Ok, so things like Can art were banned and scheduled for automated clean up (the poor EVE gate) and several new ship types for corp players, but very little for the privateer. Many gank points remained, Jove was inaccessible, the economy was rather high, and the lag points still existed (although I very much understand the technical challenges behind this, based on their infrastructure).
I had thought that maybe I was being unreasonable, but despite this I felt that something needed to change in the universe. To me it seemed stagnant. Maybe some sort of huge cataclysmic event to help shake things up.
It seems that CCP were aware that many people felt the same, so imagine my joy at coming across the feature site for the latest update; EVE: the Empyrean Age.
Before seeing this I wasn't planning on touching EVE for some time, but maybe I will again, once the Empyrean Age has been going for a few weeks. Funnily enough I do actually already have the accompanying novel on pre-order, although I wasn't aware that it was linked to a story line in-game as well.
I had thought that maybe I was being unreasonable, but despite this I felt that something needed to change in the universe. To me it seemed stagnant. Maybe some sort of huge cataclysmic event to help shake things up.
It seems that CCP were aware that many people felt the same, so imagine my joy at coming across the feature site for the latest update; EVE: the Empyrean Age.
Before seeing this I wasn't planning on touching EVE for some time, but maybe I will again, once the Empyrean Age has been going for a few weeks. Funnily enough I do actually already have the accompanying novel on pre-order, although I wasn't aware that it was linked to a story line in-game as well.
Saturday, June 7. 2008
Posted by the_angry_angel
in Geek, LUsers, Mindless Hatred, Personal, Work at
18:55
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Importance of a good pass phrase policy, and a lesson in humility
This early evening I made a mistake. It was a user mistake. I'm ashamed to admit it, but in my defence it's been a long day and I've been driving and doing stuff for my older relatives, so I'm feeling a bit beat.
Basically what I did was type in a passphrase, into what I thought was a particular application, but actually I had a different one selected. This selected application was adium, and the window selected was to one of my mates. This sort of mistake can happen to anyone; not just users, but admins as well. As much as I trust the mate in question, I can't take the risk, especially since it was over a public network.
This actively demonstrates the importance of having distinct passwords for each application and service, and just why each service should have a set of distinct rules for the complexity of a password. I follow this rule ridiculously - many of my passwords are randomly generated, whereas the one in question was not (and I'd been meaning to change it for quite some time - so this had done me a favour). Immediately it was changed and I was safe, although feeling very, very, very, very, very stupid.
So, whilst it maybe convenient to use the same account details, it's not a very wise idea at all. This will be one story I'll use in the future to explain why a good password policy is important to our customers and clients, at work. After all, users will love an idiot moment from one of their [mostly] infallable admins, and it's unlikely that they'll forget it (however, at the end of the day, we're all human).
However, this kind of leads me on to a little rant. Why on earth, in this day and age, do some services still email your password, if you use the "I've forgottten it" facility? This means one of two things;
So here I am, publically admitting that I'm a dick, but proving the point and success behind a good passphrase policy (you don't have to be a company to have a policy). Now, if you'll excuse me but this paranoid, obsessive, control freak is going to obsess and tripe check each account! Again. And again. And again. Argh.
Basically what I did was type in a passphrase, into what I thought was a particular application, but actually I had a different one selected. This selected application was adium, and the window selected was to one of my mates. This sort of mistake can happen to anyone; not just users, but admins as well. As much as I trust the mate in question, I can't take the risk, especially since it was over a public network.
This actively demonstrates the importance of having distinct passwords for each application and service, and just why each service should have a set of distinct rules for the complexity of a password. I follow this rule ridiculously - many of my passwords are randomly generated, whereas the one in question was not (and I'd been meaning to change it for quite some time - so this had done me a favour). Immediately it was changed and I was safe, although feeling very, very, very, very, very stupid.
So, whilst it maybe convenient to use the same account details, it's not a very wise idea at all. This will be one story I'll use in the future to explain why a good password policy is important to our customers and clients, at work. After all, users will love an idiot moment from one of their [mostly] infallable admins, and it's unlikely that they'll forget it (however, at the end of the day, we're all human).
However, this kind of leads me on to a little rant. Why on earth, in this day and age, do some services still email your password, if you use the "I've forgottten it" facility? This means one of two things;
- They store it in plain text
- They store it in reversable encryption (i.e. not a hash)
So here I am, publically admitting that I'm a dick, but proving the point and success behind a good passphrase policy (you don't have to be a company to have a policy). Now, if you'll excuse me but this paranoid, obsessive, control freak is going to obsess and tripe check each account! Again. And again. And again. Argh.
Thursday, June 5. 2008
Removing permanent marker from a whiteboard
Some of you may know this one, but it's something I wasn't aware of. Works well.
- Get the board you want the stuff off.
- Get a dry erase marker (yes, we will make marks to take marks) and a dry eraser.
- Draw over what you want to erase (make sure you draw slowly to fill it in better).
- Erase.
- Done!
Wednesday, June 4. 2008
Posted by the_angry_angel
in Geek, LUGRadio, Mindless Hatred, Personal, Work at
00:35
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Email is dead?! Long live email!
On recent episodes of LUGradio the Proctologist (Chris) has been saying that email as a whole, sucks. Granted as a whole email is fairly "broken", but it and spam is not a new problem by any stretch of the imagination, so I can't really see it going away any time soon.
During the most recent episode (Finding Emo, S05E19) both he and Adam were discussing SPF. This is basically a way of publishing a list valid email origins for a given domain name, via a TXT record for that domain. There are a few issues that they've brought up, and I'll quickly outline the more memorable ones;
However, if you take the approach of using SPF with a team of other methods to track and capture spam, then it can help a quite lot. The downside is (very obviously) that the more methods of detection you employ, the more likely it is that the time taken for processing mail will increase, along with processing, possible bandwidth requirements, etc.
I've been toying with enhancing my personal junk scanning techniques (for fun) to take more spam detection and rejection concepts into consideration. One solution that does seem to work well is a scoring system, very much like many of the commercial, enterprise, solutions trying to achieve. My current thought is along the lines of something like this;
Over time I can see this being an impressive setup, and exceptionally similiar to one vender we use at work. However, the one major drawback is that on small scales I doubt the benefits would outweigh cost of additional scanning. As awesome as it would be to setup (more so that it could be acheived with a server that runs entirely on open source and free software and services), I can't see it producing any obvious, tangible benefits for myself at all, given how well SpamAssassin is trained on my personal systems. Just how far I'll do with this, I don't know yet.
So did LUGradio solely trigger this? Nope, surprisingly not. I was going to let this roll, but then I came across Karmasphere this evening, which appears to be at minimum partially, if not completely, the work of a gent (Shevek) from BBLUG.
Check it out if you're not familiar with it, you might be interested if you run a number of mail servers, and you still use DNSBLs. Admittedly it's not solely usable for mail related purposes, but it's likely to be one of the larger uses (until comment spam kills akismet-like services).
During the most recent episode (Finding Emo, S05E19) both he and Adam were discussing SPF. This is basically a way of publishing a list valid email origins for a given domain name, via a TXT record for that domain. There are a few issues that they've brought up, and I'll quickly outline the more memorable ones;
- Not everyone uses SPF, so you can't realistically enforce it, unless you don't care about receiving email from certain providers
- Some providers have very wide SPF rules
- If you forward mail from your work account to a home account, forwarded mail will fail the SPF check at the home server
However, if you take the approach of using SPF with a team of other methods to track and capture spam, then it can help a quite lot. The downside is (very obviously) that the more methods of detection you employ, the more likely it is that the time taken for processing mail will increase, along with processing, possible bandwidth requirements, etc.
I've been toying with enhancing my personal junk scanning techniques (for fun) to take more spam detection and rejection concepts into consideration. One solution that does seem to work well is a scoring system, very much like many of the commercial, enterprise, solutions trying to achieve. My current thought is along the lines of something like this;
- Optional rDNS score, decreases weighting of other scoring methods if correct
- Optional SPF support; if you have a SPF record, it gets checked and scored, else score would be irrelevant
- Use of Karmasphere, or multiple DNSBLs to generate a sending server reputation score, with heavier weighting to non-SPF'ed domains
- SpamAssassin score
- ClamAV score
Over time I can see this being an impressive setup, and exceptionally similiar to one vender we use at work. However, the one major drawback is that on small scales I doubt the benefits would outweigh cost of additional scanning. As awesome as it would be to setup (more so that it could be acheived with a server that runs entirely on open source and free software and services), I can't see it producing any obvious, tangible benefits for myself at all, given how well SpamAssassin is trained on my personal systems. Just how far I'll do with this, I don't know yet.
So did LUGradio solely trigger this? Nope, surprisingly not. I was going to let this roll, but then I came across Karmasphere this evening, which appears to be at minimum partially, if not completely, the work of a gent (Shevek) from BBLUG.
Check it out if you're not familiar with it, you might be interested if you run a number of mail servers, and you still use DNSBLs. Admittedly it's not solely usable for mail related purposes, but it's likely to be one of the larger uses (until comment spam kills akismet-like services).
Thursday, May 22. 2008
Matter by Iain M. Banks
Last week I finished my freshly Amazon delivered hardback copy of Matter, by Iain M. Banks. I'm a long time lover of Mr Bank's Culture novels, since I first read Excession in my early teenage years, so I had high hopes for the latest. I have to say that I was not disappointed. Either I'm just very used to his writing style these days (I recently re-read all the Culture novels), or this latest outing is much more accessible for people not familiar with his style. I'll leave it up to you to decide whether or not I'm right, and whether or not it's a good thing.
It was another of those books I found myself unable to put down; It's a fantastically written novel, and very much like Player of Games, in the way in which Iain zooms in from a galactic to a personal scale. Iain also introduces some newer concepts in his universe, such as Shellworlds which you can consider a very large faux-planet with multiple civilisations leaving in distinct sections (or levels). It seems to have worked nicely. One thing you won't get much of is the Culture itself, despite one of the characters being from Special Circumstances.
If you're at all into your SciFi, I highly recommend this book. Although I would wait until it comes out in paperback. This was my first hardback for quite some time, and I'd simply forgotten just how much of a pain they were to store or hold, when sat in certain locations.
I'd also suggest keeping an eye out for the epilogue, which is hidden away, behind the appendix in my copy. Whilst it seems almost as an after thought, although most likely isn't, it makes a vast improvement on what I felt was a little bit of a clichéd end to the story.
It was another of those books I found myself unable to put down; It's a fantastically written novel, and very much like Player of Games, in the way in which Iain zooms in from a galactic to a personal scale. Iain also introduces some newer concepts in his universe, such as Shellworlds which you can consider a very large faux-planet with multiple civilisations leaving in distinct sections (or levels). It seems to have worked nicely. One thing you won't get much of is the Culture itself, despite one of the characters being from Special Circumstances.
If you're at all into your SciFi, I highly recommend this book. Although I would wait until it comes out in paperback. This was my first hardback for quite some time, and I'd simply forgotten just how much of a pain they were to store or hold, when sat in certain locations.
I'd also suggest keeping an eye out for the epilogue, which is hidden away, behind the appendix in my copy. Whilst it seems almost as an after thought, although most likely isn't, it makes a vast improvement on what I felt was a little bit of a clichéd end to the story.
Thursday, May 15. 2008
Times are a-changin'
It seems times are changing. About 15 years ago Shannon Larratt started something called BME, which some of you may know. This eventually flourished into the current and ever popular modblog, over the last few years. Today Shannon announced that he will be relinquishing his part ownership and handing it over to his ex-wife, Rachel, in it's entirety.
I wish Shannon all the luck in the world in whatever he decides to do, and to thank him for what he's done for the modification culture. His work has certainly helped to shape a significant part of my beliefs over my recent years. The people I have met have been amongst the kindest, the politest and the most social people I've had the good fortune to deal with, and I only hope that with his absence that things continue.
I wish Shannon all the luck in the world in whatever he decides to do, and to thank him for what he's done for the modification culture. His work has certainly helped to shape a significant part of my beliefs over my recent years. The people I have met have been amongst the kindest, the politest and the most social people I've had the good fortune to deal with, and I only hope that with his absence that things continue.
Tuesday, May 13. 2008
Posted by the_angry_angel
in Geek, Personal, Projects, Unix-like at
00:49
Comments (4)
Trackback (1)
Comments (4)
Trackback (1)
ZFS - Making file systems sexy again?
Ok, so maybe not again. After all there's not much you can get that happy about when it comes to filesystems these days - a lot of the really exciting stuff has been done so far.
Like Resier[3|4], ZFS is one I'd heard about, did some research on but never considered using at all. The fact that it currently only runs on Solaris or via FUSE under Linux (which in itself can be considered to be a benefit, as the filesystem is recoverable and separate from the kernel - performance supposedly sucks though), had kind of put me off a bit.
If you're unfamiliar with ZFS and it's feature, then may I suggest taking a quick look-see at the ZFS wikipedia article. There are many pretty cool features in ZFS, such as the concept of pools (and everything that comes with them, such as growing pools with the file systems mounted - very slick), the sheer capacity, RAID-Z, etc. all which helps it to to sustain multiple disk failures in a RAID-Z2 array, much like you'd see in RAID-6, except this is acheived within the filesystem itself. Granted you might not see someone attacking your drives with a sledge, but you never know what might happen some days...
The video is certainly it's aimed at managers or some sort of technical head, but you cannot deny it. That. Is. awesome. I've been considering creating a small box, with multiple SATA hard disks in a separate enclosure (possibly attaching the enclosure to a mini, pico or nano ITX box) to create a home-grown NAS box and ZFS certainly seems interesting enough to consider as an option, considering that iSCSI, NFS and CIFS (aka SMB or Windows sharing) support is now built into the kernel (interesting decision perhaps?), plus Samba is running on Nexenta as well. My only hesitation is the work done on Nexenta - GNU tools sat on top of the OpenSolaris kernel. I'm familiar with the various tools used by this distro and it would speed up my understanding of what I'd be using, however the rate of packaging and development seems to flucutate. Playing with it in a virtual environment is going to be limiting at the end of the day, and my spares box won't cover something of this scale, so maybe I'll have to jump in with both feet Real Soon(TM)...
Does anyone have any practical experience with ZFS? Is it mature enough to trust my files and believe that I won't have to go through the pain of restorations?
Like Resier[3|4], ZFS is one I'd heard about, did some research on but never considered using at all. The fact that it currently only runs on Solaris or via FUSE under Linux (which in itself can be considered to be a benefit, as the filesystem is recoverable and separate from the kernel - performance supposedly sucks though), had kind of put me off a bit.
If you're unfamiliar with ZFS and it's feature, then may I suggest taking a quick look-see at the ZFS wikipedia article. There are many pretty cool features in ZFS, such as the concept of pools (and everything that comes with them, such as growing pools with the file systems mounted - very slick), the sheer capacity, RAID-Z, etc. all which helps it to to sustain multiple disk failures in a RAID-Z2 array, much like you'd see in RAID-6, except this is acheived within the filesystem itself. Granted you might not see someone attacking your drives with a sledge, but you never know what might happen some days...
The video is certainly it's aimed at managers or some sort of technical head, but you cannot deny it. That. Is. awesome. I've been considering creating a small box, with multiple SATA hard disks in a separate enclosure (possibly attaching the enclosure to a mini, pico or nano ITX box) to create a home-grown NAS box and ZFS certainly seems interesting enough to consider as an option, considering that iSCSI, NFS and CIFS (aka SMB or Windows sharing) support is now built into the kernel (interesting decision perhaps?), plus Samba is running on Nexenta as well. My only hesitation is the work done on Nexenta - GNU tools sat on top of the OpenSolaris kernel. I'm familiar with the various tools used by this distro and it would speed up my understanding of what I'd be using, however the rate of packaging and development seems to flucutate. Playing with it in a virtual environment is going to be limiting at the end of the day, and my spares box won't cover something of this scale, so maybe I'll have to jump in with both feet Real Soon(TM)...
Does anyone have any practical experience with ZFS? Is it mature enough to trust my files and believe that I won't have to go through the pain of restorations?
Saturday, May 10. 2008
Posted by the_angry_angel
in Geek, Mindless Hatred, Multimedia, Personal at
17:31
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Iron Man and why cinemas suck
First off let me say that I've tried not to give too much away, but I fear that I may've. If you're still to see Iron Man, then I'd recommend not reading this post after the 3rd paragraph.
So, I finally got the opportunity to see Iron Man last night. Myself and Tom headed to see it at the 20:30 showing in Longwell Green Bristol. The Vue cinema there tends to be a little less crowded, easier to park at and nice seats than the Odeon in Bath. We got there, a little later than I had hoped (which was entirely my fault), and ended up at seats near the front. This wasn't too bad though as my neck wasn't completely knackered by the end of the showing.
So the movie started, eventually, and a few minutes in it stopped. Lights up, adverts on. Now I appreciate that everyone can have technical problems, but over the last few times I've been to the cinema something like this has happened. In my opinion this is exactly why digital distribution is going to have to lead the way. The other issue is of course the age old desire of wanting to pause the film to drain the python. About half way through I really, really needed the loo and didn't want to leave. At the end of the film there was a horrendous queue and I just didn't want to wait, so we went home. The Vue employee was giving out tickets to see Iron Man again for free, but I decided not to take one and barged my way through. The thing that most annoyed me was the simple fact that I had to barge my way through. There was no provision for those of us who wanted to bypass this ridiculous offer of appeasement. Even funnier was the fact that the british public clearly didn't know what they were queuing for.
This kind of ruined the cinema experience for me, and thus I felt it had slightly diminished the film. Now don't get me wrong, Iron Man is an awesome film. It is undoubtedly the best comic conversion I've seen to date, which clearly demonstrates that having Marvel directly behind it is a good thing. The film is funny, entertaining and I wasn't wishing that it would hurry up at any point. I've only read a few of the Iron Man comics in the past, but I do remember the cartoon from my youth which I felt was good fun, although a little wet. In comparison to this I found that the Stark from the film was much more real and his change of character portrayed perfectly by Robert Downey Jr. I think Gwyneth made a perfect (not to mention "hwat") Ms Potts. My only concern with the film was that I felt parts of it were cut a little short and maybe could've been expanded on a little. The film is clearly setting the scene for a sequel (if this wasn't the case then possibly they've made a cock up there).
I'd really, really recommend seeing this film when you can. It's certainly one I'll be buying on DVD, and maybe the film that finally motivates me to buy a HD-DVD or BluRay device. Seriously go and see it. Even if you're not aware of the Iron Man story, or if you're not a hardcore comic fan you'll love it and won't really be missing out on much, except maybe the S.H.I.E.L.D. references.
So, I finally got the opportunity to see Iron Man last night. Myself and Tom headed to see it at the 20:30 showing in Longwell Green Bristol. The Vue cinema there tends to be a little less crowded, easier to park at and nice seats than the Odeon in Bath. We got there, a little later than I had hoped (which was entirely my fault), and ended up at seats near the front. This wasn't too bad though as my neck wasn't completely knackered by the end of the showing.
So the movie started, eventually, and a few minutes in it stopped. Lights up, adverts on. Now I appreciate that everyone can have technical problems, but over the last few times I've been to the cinema something like this has happened. In my opinion this is exactly why digital distribution is going to have to lead the way. The other issue is of course the age old desire of wanting to pause the film to drain the python. About half way through I really, really needed the loo and didn't want to leave. At the end of the film there was a horrendous queue and I just didn't want to wait, so we went home. The Vue employee was giving out tickets to see Iron Man again for free, but I decided not to take one and barged my way through. The thing that most annoyed me was the simple fact that I had to barge my way through. There was no provision for those of us who wanted to bypass this ridiculous offer of appeasement. Even funnier was the fact that the british public clearly didn't know what they were queuing for.
This kind of ruined the cinema experience for me, and thus I felt it had slightly diminished the film. Now don't get me wrong, Iron Man is an awesome film. It is undoubtedly the best comic conversion I've seen to date, which clearly demonstrates that having Marvel directly behind it is a good thing. The film is funny, entertaining and I wasn't wishing that it would hurry up at any point. I've only read a few of the Iron Man comics in the past, but I do remember the cartoon from my youth which I felt was good fun, although a little wet. In comparison to this I found that the Stark from the film was much more real and his change of character portrayed perfectly by Robert Downey Jr. I think Gwyneth made a perfect (not to mention "hwat") Ms Potts. My only concern with the film was that I felt parts of it were cut a little short and maybe could've been expanded on a little. The film is clearly setting the scene for a sequel (if this wasn't the case then possibly they've made a cock up there).
I'd really, really recommend seeing this film when you can. It's certainly one I'll be buying on DVD, and maybe the film that finally motivates me to buy a HD-DVD or BluRay device. Seriously go and see it. Even if you're not aware of the Iron Man story, or if you're not a hardcore comic fan you'll love it and won't really be missing out on much, except maybe the S.H.I.E.L.D. references.