Pages

Wednesday 31 August 2016

Not my fingerprint

I spoke too soon. It turned out that I'd installed Fedora 23 on that box that was taking a long time to log in to, and then upgraded to 24. But sshd hadn't upgraded, and the fix turned out to be "yum upgrade sshd".

I'm getting close to completion on the big upgrade. Today I diagnosed and sorted out a horrendous problem whereby my DNS to the new line wasn't working. It turned out that I'd left out a minor, but crucial, line in the DNS configuration file. When I'd sorted that out, everyhting worked.

My list of "things to do" is quite short now.

One of the problems of dealing with DNS problems, is that you don't get immediate feedback - it takes a while for your changes to propagate around the internet. I was using this tool. It's nicely made, and tells you how your DNS is doing around the world. I donated $10 to him as a thank-you.

Speaking of which ... an American friend of mine was badly injured. Facebook showed a stream of people sending their "thoughts and prayers", some suggested treatments, such as listening to a 528 hz tone "it worked for me". Not wishing to post a trumpet-blast against the uselessness of these well-intentioned people, I did something a bit more practical; I paypalled $10 to her with the instruction to spend it on her favourite chocolate. That's a problem with being an atheist; religionists can just pray and tell themselves that they've done something to help, we have to do something actually useful.

Anyway, back to the upgrade. I called Daisy to cancel my old line. That shouldn't come as a surprise to them, because I've been making claim after claim against their "Service Level Agreement" on the basis of 24 hour outages. And I called my Cheltenham host; they were also a bit surprised - I've been happy with their service, but not so much with their pricing, and the chap I spoke to was surprised that I was paying so much. Too late now, I've already moved. I've always said this - look after your customers, or someone else will.

I might have one computer there as a kind of insurance, but only if the price is right.

We're going on a well-earned  holiday soon. Have you noticed that holidays are always "well-earned"? Anyway, I'll be taking a laptop with me, so that I can occasionally log in to my servers and be reassured that everything is working well. But I started up the laptop that I use for this, and it wouldn't start. It's behaving like the battery is all but exhausted and the mains power doesn't get through. Fortunately, I have another one just like it sitting at the home of daughter.1, used for a similar purpose, so I'll get that back and use that instead. And now I'm buying a replacement laptop for the one that died. Maybe. Because there's an alternative. Daughter.2 gave me her old laptop. It's got two keys missing on the keyboard, plus she wanted an Apple. The missing keys are no problem, I'll just plug in a little USB keyboard. I've installed Fedora 20 on it, so that might give me what I need.



Tuesday 30 August 2016

Let down by my fingerprint

Logging in to one of my servers was irritatingly slow, so I decided to fix it. Instead of logging in with ssh, I used ssh -vvv which gives lots of information about what's going on. None of it helped.

Then I noticed that it wasn't only slow when I logged in with ssh, it was also slow when I was already logged in, and wanted to change the user with "su". Which means that it isn't an ssh issue, it's an authentication issue.

So I logged in using su, and had a good look at the syslog (/var/log/messages).

Aug 30 01:37:02 volds dbus[20339]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Aug 30 01:37:02 volds systemd: Starting Fingerprint Authentication Daemon...
Aug 30 01:37:02 volds dbus[20339]: [system] Successfully activated service 'net.reactivated.Fprint'
Aug 30 01:37:02 volds systemd: Started Fingerprint Authentication Daemon.


It's trying to check my fingerprint! And I don't even have a fingerprint reader. Where did that come from?

So I stopped it with "systemctl stop fprintd.service", and now logging in is instant.
But I don't want it to happen each time I start up the computer, so I disabled it with
 "systemctl disable fprintd.service"

Fixed!

Monday 29 August 2016

Catch 22

I got this email.

Date: Mon, 29 Aug 2016 14:04:56
From: Numerology <contact@batterysimulator.website>

Subject: The Meaning of 04.
Parts/Attachments:
   1 Shown      2 lines  Text
   2   OK     164 lines  Text
----------------------------------------

Your email client does not support HTML, this email must be viewed in HTML mode.
Ah, but I did maths at uni, so I know the meaning of 04. It's the number after 03.

But there's no clue in the email about *how* I might view it in HTML mode, and there's no link to go to.

Not that I would go to your web site. Because I already know the meaning of 04.


And ...

I got a bounce from Google, telling me that it blocked something because it was harmful. Well, thanks for that, Google, but I just counted the number of trojans in my mailbox sent over the last six hours, and there's 103 of them. Blocking one hasn't really done much.

Sunday 28 August 2016

I'm Spartacus

Since I started making all these changes, several of my servers have been intermittently cut off, and I was wondering why. But I think I've worked it out.

These were all servers that were behind a second pix. Because instead of using a pix which has three ethernet connections (inside, outside and dmz), I was using two pixes that each had two ethernet connections. So packets that arrived in my dmz had to go through another pix before they were allowed to the innermost area. Why? Because A) it's easier to configure a two-headed firewall than a three, and B) two two-headed firewalls are  somewhat cheaper than a three-header, and C) I already had the two-headers.

So as part of the changes, I moved several servers (raspberry pis, actually, because I use them for light duties instead of a big heavy normal server, because they're really cheap and very economical on power - a proper server might pull 250 watts, whereas a pi takes about 10) from behind that second firewall, to connect directly to my big shiny pix525. But I didn't bother to switch off that second firewall.

So as a result, the second firewall was still announcing the IP addresses of the servers that it didn't actually control, while the servers themselves were also announcing themselves.

I'm Spartacus.



Saturday 27 August 2016

From the Windows Technical Service

David called. There's a problem with my Windows computer.
"Oh no!" I said, doing a pretty good impression of a scared and stupid muggins.

He spent five minutes talking me doing things with the computer before I revealed that the computer was in the other room, and it was taking so long because I had to go back and forth between that and the phone.

He told me to move the computer next to the phone and he'd call me back.

Actually, Richard called me back. Richard was a lot easier for me to understand, David's accent was tough for my ears. So Richard talked me through starting up the computer, and running "Event Viewer" and he told me that each line of that represented an error in my computer, but not to worry, he'd walk me through fixing it. I was *so* grateful!

So then Richard and I started up Firefox, and downloaded an application from supremocontrol.com that would let him control my computer. The file downloaded, and then he got me to click on it to install it. And it was at that moment that the screen went blank! "What do I do now?" I asked. he tried talking me though clicking on things, but I kept saying that the screen is blank, there's nothing to click on until eventually he twigged and got me to power cycle the computer. "Ooh, you've fixed it," I said, "I'm so happy! Thank you so much." "No wait, " he said,"there's more to do."

So we went round that loop again, download, click, blank screen, and then he passed me over to Roger. Roger had a really clear voice, I could see that I was at the top of the tech support tree now. The only higher power would be Bill Gates (who I met once, by the way, but that's another story) and he talked me through starting up Internet Exporer and accessing the "Support Me" web site. He gave me a six digit number, which was his account number, and that was great, because there was a place on the site to report abose, which I did, and I would hope that by now they've cancelled the account.

And it was shortly after that, that Roger just hung up on me without even a "Have a nice day".

Audit tip

There's a thing that runs on your Fedora server that's auditing everything that happens; this can be great for security. But because of the way it works, it not only logs to the audit file, it also logs to the system log. That's the thing in /var/log/messages that is so useful for working out what's gone wrong when you tried to start up the name server.

The problem is, by the time you look at /var/log/messages to diagnose your nameserver problem, it's full of audit messages, and the ones you want to see have god scrolled up.

So here's what you do.

Edit /etc/rsyslog.conf and add

if $msg contains 'audit' or  $programname contains 'audit' then /var/log/myauditlog
if $msg contains 'audit' or $programname contains 'audit' then stop


Then restart the system log with

systemctl restart rsyslog

Hey presto! All the audit logs still go to the myauditlog file, but they don't clutter up the main system log!

Wrestling with DNS

Once you've got DNS set up, it kind of lasts forever. Kind of. Except when ...

As part of my comprehensive upgrade, I've moved a lot of the servers to Fedora 24, the latest version. And some of them go *way* back - version 9 was quite common in my farm, and that's about ten years old. I even have some servers running a Fedora from before it was called Fedora! So anyway, on to version 24. And, of course, between the versions ancient and modern, there's been big changes.

One change is DNS Sec, the "secure" version of DNS. I decided to skip that for now, it's a whole other can of worms, I'll do that later.

Another change is that the order in which you have sentences in the DNS data file is now a lot stricter. I had to go through all my data files, a couple of dozen of them, and move a line from line 2 to line 4.

Another change is that when a master sends data to slaves (I'm suprised that the SJWs haven't picked up on this terminology yet), the data that arrives is in compressed format, to save space and for faster loading. But since I only have a couple of dozen, space isn't as important to me as legibility, so I had to change that.

So I edited all my DNS data files, and created four new nameservers (called, imaginatively, ns3, ns4, ns5 and ns6, because I already have ns1 and ns2 running) which will sit on the new fast line (although at the moment, they're on the old slow line), and
then it was time to tell Network Solutions and Godaddy about the changes.

DNS is important. When you access a computer over the internet, the computer has a four-part number, that looks like this: 12.34.121.65. So, for example, Google is 8.8.8.8.
But you dn't want to try to remember the numbers, you want to remember names, like bbc.co.uk. Your computer will translate the name to the number, and here's how.

First, it goes to one of the root nameservers. There's 12 companies run these, and I expect each company is using a whole bunch of computers to provide the service. When you want to go to blog.drsolly.com, the root tells your computer "I don't know the answer, but if you ask Network Solutions, they'll know". So your computer asks Netsol. Netsol says "I don't know, but if you ask ns1.drsolly.com, you'll get the answer there". And ns1.drsolly.com will tell you 66.102.1.214, which is run by Google, who kindly host this blog at no cost. So now you can read my blog!

Network Solutions is a company that (among other things) acts as a registrar for domain names. So, for example, when I first registered drsolly.com (drsolomon.com was already taken by an antivirus company) I went to Netsol and did it there, paying a ridiculously large amount of dollars for a very tiny and totally automated service. Then I tell Netsol the IP addresses of my name servers, and my name servers redirect requests to, for example, blog.drsolly.com, to the appropriate IP address. I'm mostly not with Netsol now, they're very expensive and not as user-friendly as GoDaddy. Although you really can't imagine how totally user-hostile it all was 20 years ago - you had to send a carefully crafted and formatted email to make any change, and I was always nervous about whther I'd got it right, and how to fix any errors. But it's all web-based now.

So I logged on to http://www.networksolutions.com, clicked on "manage account", and instead of doing what I'd come for, I diverted to update my credit card details. Then "My Domain Names" ... "Manage name servers" and I created the new nameservers, giving the IP address that they'll have with the fast line. So now I have two nameservers using the old IPs, and four with the new. I've done that so that the information can spread through the internet over the next few days. Then I updated the list of nameservers for each of the domains I have with Netsol, so now it knows about six nameservers for each of my domains. Job done, logged off.

Then I logged on to Godaddy, who, by the way, are advertising that you can set up your own web site for £0.99 for the first year (if you sign up for two years), which might be interesting to someone who just wants a little web site for fun, although most likely your ISP already gives you web space for free. I went to "Domains" ... "Manage" which took me to a list of the couple of dozen domains I run. I clicked on the tick that checked the check boxes for all of them, so that I could update them all in one swoop, clicked on "nameservers" and "set nameservers", chose "custom" and added the two new nameservers ns5 and ns6 to the list. I clicked on "Save" and that should mean that all the domains now have the same six nameservers.

The nameservers run on my computers, and they're currently directing people to the old IP addresses, but once the news of these nameservers propagates around the internet, I'll be able to switch to the new IP addresses very easily, just editing stuff on my computers.




Into the fast lane

I spent today reconfiguring my network. There's a lot to do!

First, though, a speed test. This is a 100 megabit line. the tests that I've done indicate that I'm getting 92 megabits out of it, which I think is pretty good. That's also told me that the Pix 525 isn't acting as a bottleneck.

Reconfiguring isn't easy. Maybe if I did these every day, I'd be better at it, but this is a once-in-a-decade job.

Fortunately, a few years ago Daisy decided to change all my IP addresses. I begged and pleaded, but they insisted. So I had to learn how to change all my IP addresses, and it turned out to be not quite as horrible as I'd expected. And what I learned from that, has been useful in the current changes.

One of the first, and most difficult, jobs, was to get my email working on the new line. New IP addresses, new DNS servers, new nameserver addresses, and testing is really difficult because of the long lag between I make a change, and I see if it's working. But eventually I overcame all the (mostly self-made) obstacles, and I'm getting email from Facebook, from my gmail account, and (of course) spam. Who said spam isn't useful?

I've moved the Nightmail, the Robot Arm, and some other puzzles. But there's still masses to do. Oh well - tomorrow is another day!

Thursday 25 August 2016

The ethernet has landed!

Today I got an email telling me that it was all connected up. So I connected the Pix to the outside line, and set about configuring it.

There's a bit of a trick to it, of course.  TalkTalk gave me a WAN IP (A), a Wan subnet mask (B) and a default gateway (C), and I had to work out where these went on the Pix. I tried a few different things, then gave up and called TalkTalk tech support. They didn't know anything about Pixes, but I got them to tell me how to set this up if I had a Windows box connected to their ethernet service, and I just translated Windows-speak to pix-lingo. Here's how.

The Wan IP and subnet mask goes to the Ethernet0 interface, which I call "outside".
The Default Gateway is set up under "Routing" and "Static Routes"

So you log in to the pix, using:

ssh pix525 -c des -1 -lpix  and give the login password (I call my pix "pix525").
enable                              and give the enable password
conf term                   to tell it you're about to change the configuration via the terminal

First the interface to the outside world, which I call "outside":

 interface Ethernet0
 description Gateway
 nameif outside
 security-level 0
 ip address A B

Then set the routing with:

route outside 0.0.0.0 0.0.0.0 C 1   where C is the address I got from TalkTalk




And then I can ping 8.8.8.8, which is Google. And I set up a DNS, so I can also ping google.com

When I look at the Pix logs, I see tons and tons of attempts to connect, all denied by the rules I've set up on the Pix. So the Pix is connected to the outside world, and is doing its job of blocking incoming connections that I don't allow.

By the way, if you're setting up a Pix, use the ASDM gui configuration tool, it's a *lot* easier than writing the command line stuff. I have a Pix with this, and one without, so I do the setup on the one with, output the configufation using "show conf", and use that to set up the one without ASDM.

Now I have to start connecting computers to the pix, and check that access works when it should, and is blocked when it shouldn't.

Wednesday 24 August 2016

Nearly there!

I now have two boxes mounted on a wall; one has an ethernet port, and will give me the feed to my network, the other is just to hold the fibre in place, or something like that. The fibre now extends all the way to a BT exchange several miles away.

Tomorrow, TalkTalk have to send an engineer to the BT exchange to install their box, then they can turn the feed on.

This is starting to feel real.

So I got out the Pix 525 that I bought 18 months ago. I configured it then, but my network has evolved a lot since then - for example, I'm mostly on gigabit speeds, I have the big Dell Poweredge servers, and several other servers have changed. So I need to configure the Pix again, and I think I'll do it from scratch, the changes are so great.

I started it up ... and it hung. Rats. I was relying on this, because it's got a lovely web-based user interface, making it much easier to configure than my pix 515, which is all command line. I tried it a few more times, but it hung soon after starting each time. Curious, because it worked fine 18 months ago, and it's been powered off since then.

So I opened it up. There's a little battery, and I thought, maybe that's died. So I got the battery out of the clip ... and the whole clip came off the motherboard. Oh bugger. Is that a couple of hundred pounds worth of pix I just broke?

So I took a breath, thought a bit, and got out my soldering iron. I soldered a couple of wires to the place on the motherboard where the battery holder had been, and then connected those to the battery holder. I put the battery in, and started the pix up again. Again, it hung just as it started to boot.

But I'd also noticed three pins sticking up off the motherboard near the battery, and I made a guess. I took out the little plastic and copper thing that shorted two of the pins together, and put it on the other two, counted to five, then put it back. I powered up the Pix, and it worked!!!

So now I'm in the middle of reconfiguring the pix firewall, and it'll be easier than it was a couple of years ago, because I spent many hours then learning how to do it and what it all meant.

Monday 22 August 2016

Spare parts

I'm a great believer in spare parts. I have an entire bicycle whose purpose in life is to be a donor of spare parts; it's actually a lot cheaper to buy an entire, secondhand, bicycle than to have spares for all the mechanical bits that might need replacing.

Likewise computers; my box of bits ... well, it isn't actually a box, it's several shelves each containing a bunch of well-labelled boxes.

So when the NHS asked me if I'd be willing to be used as spare parts, I enthusiastically agreed. You can recycle my heart, liver, kidneys, brain, anything else that might be useful. After I've done with them, of course. And I have a donor card in my wallet, and ladysolly knows my intentions (and she's signed up too).

So if you ever see someone whose nose looks strangely familiar ...

BTOR triumphant

I spotted a van from BTOR outside this morning, so I rushed out to see what ho. And it's great news - they've dealt with the blockage, and they now have fibre running to the new manhole outside my house. The man from BTOR was testing it, and it works.

I'd like to think that it was me telling them that Bucks CC was about to do major road works that got things moving. But who knows what made the difference.

The manhole giving access to the BT ducting, is a couple of yards away from the manhole that gives access to the ducting into my house, and I have no idea why they didn't dig the two at the same time; it was always clear that they would both be needed. Oh well, BT moves in mysterious ways its wonders to perform.

So while he was there, I suggested that he could also run his tubing through my duct into the house, and he agreed, might as well.

First, he ran a rod through; that's about a centimeter diameter, flexible and very strong. That showed that there wasn't a blockage in the duct. Then he tied a strong polypropylene cord to that rod, and pulled the rod back. and finally, he tied the fibre duct (that's about a centimeter diameter, and contains two smaller tubes) to the cord, and pulled the cord. So now the fibre duct runs from the BT manhole, into my house.

Tomorrow, they're coming to do more. They need to blow the actual glass fibre down the inside of the fibre duct. Here's a video of that.

Another BTOR guy attending had been involved in this case since it started in October 2014. He didn't have a good explanation about why this has all taken so long, except that the underground ducting was installed 58 years ago, and used pottery pipes (they use plastic now) which are more likely to break than plastic. Also, they just slotted the pipes into each other, so it was possible for muck to get in and clog the pipe. I think a lot of people are quite embarrased by the length of time this has taken.

I also asked him about the possiblity of fibre broadband comeing soon, now that the ducting is done and dusted, and he seemed to think that this was a possibility.

New caches

I've just placed two new caches. I had intended to have these at the Geolympix, but because of a hardware failure (the voltage step down card that should have supplied the Raspberry Pi failed), that didn't happen.

So I've placed them now; two big tubs, formerly containing garden fertilizer, now filled with hard drives, books and other assorted computer hardware. The hard drives might work, but don't bet on it; they're drives that have at least to some extent, failed in the past. At worst, you can get a really strong magnet out of the inside.

It's actually a series of three puzzles; you solve the first two to find the first cache, and that leads you to the puzzle to solve the third one. The caches are called:

Dog and Bone
Blower

Which might give you some idea of what it's all about. They're in the reviewers hands right no; if there's no problem, they should be out in a day or so.

Voter registration security

If you don't register, you can't vote. So when the voter registration form arrived today, I took action.

You go to their web site, and log in. It wanted my postcode, and two security numbers that it supplied in the letter.

Wait, what?

Why two numbers? One is 6 digits, one is 8 digits. How is this better than a single 14 digit number? Why have they made it more complicated than it needed to be?

So I filled it all in, did the Captcha, and answered the questions in the form. All done and dusted, but then it asked for feedback. So I asked the obvious question. Why two numbers?

Sunday 21 August 2016

The cost of gold

Team GB won a lot of gold medals at the recent Olympics. But the cost?

According to UK Sport, we spent £543 million. And what was this spent on? ENTIRELY on getting medals at the Olympics. "Success is measured by the medals won, the number of medallists developed, and the quality of the systems and processes in place to find and support the nation’s most promising future champions."

 We're spending this money on the top athletes in the UK. None of this is spent on community sport. None of this is spent in schools. "UK Sport has a very clear remit at the ‘top end’ of Britain’s sporting pathway, with no direct involvement in community or school sport." They are "tasked with distributing Government and National Lottery funding to Olympic and Paralympic National Governing Bodies at the GB level"

It's all spent in an effort to win more Olympic medals, and this helps to explain why the UK did so well (in terms of medals) at Rio. Cheating? Not really. But not exactly in the spirit of Olympic sport.

And we've done so badly, in terms of where this money could have gone.

I have no problem with cyclists or runners racing each other (but please not on public roads closed for their benefit). But I do have a problem with a few of our top athletes getting lavish funding out of the taxation that HMRC extracts from me.

Because although much shouting is given to the fact that lottery money is wasted on this; there's less shouting about the fact that money from HMRC gets poured into this hole.

So where could it be spent instead?

How about schools? How about the wider community? The health benefits of sport are heavily touted, but if those health benefits are poured into about a thousand elite athletes, they probably won't gain much, they being pretty healthy already. Instead, what about ploughing it into facilities for the wider (and fatter) population? And for our obese children?

Circuses. It's just circuses, and no bread, either,


Friday 19 August 2016

DRAC is lovely

Some of the Dell Poweredge servers I've been getting, have DRAC, the Dell Remote Access Console. And it's lovely.

You set it up using Ctrl-E at the appropriate stage of booting, and tell it what IP address to use. Then, I can use Internet Explorer under Windows 7 to access that IP address, and it's almost as it I were sitting in front of the computer as it starts up - all the Bios messages scroll past in a window, and I can see if there's a startup problem. So if, for example, it wants me to press a key to continue, I can do that. Even over the internet.

It's a pity I can't get it to work with Firefox on a linux box, or on Windows XT, but even though it's only usable with Windows 7 Internet Explorer, it's still very nice.


Hole in the ground

A hole has appeared near the telephone pole outside my home. I had a word with the diggers, and they said that it's to connect the underground BT duct to the manhole that BT put in a few months ago.

The hole is square.


As far as I know, they haven't unblocked the duct. But maybe they have unblocked it and I didn't notice. You can see the pipe at the bottom, down which the cables run.

Still, it shows they're still trying.

Wednesday 17 August 2016

Satire or serious?

There's a web site called Trump Youth. I don't know if there's any link to the US presidential hopeful.

It talks about "secure a future free from the usurious banking system" and "The evil forces of Globalism have waged a war on Nature".

It's a bit vague about who this nefarious enemy is. So I looked into it.

There's a video "A Message From The Leader", and  The Leader is Jayme Louis Liardi. So I went to his web site.   On his "writings" page, I find "If you have no identity, one will be installed into you by the kosher forces of The State".

OK, now I know who the evil forces are. It's us jews again.

Sigh.


Tuesday 16 August 2016

An opportunity

Two Billion, Eighty Five Million U.S Dollars

My dearest,

May the peace of the Lord be with you as you read this letter. My name is Christy Walton and I am an American Citizen, I am widow and a business woman.. I have recently been diagnosed with esophageal cancer and a rare heart disease which has defiled all medical treatment. Expert diagnosis has shown that I have few months to live. I am worth $41.7 Billion US Dollars which I inherited from my late husband Mr. John T. Walton which rates me as the second richest woman in the world.

The intention of this email is to employ the expertise of a Charity minded individual, who can identify a viable and guarantee reasonable distribution of my wealth to the needy. I cannot rely on family and closest relatives anymore, as they did not show responsible behavior when I entrusted part of my wealth to them to distribute to charitable organizations but instead they used the money for their personal needs.

To prevent any more mishaps, my attorney will act as a check, monitoring every aspect of the Charity. My will is with my Lawyer which my family is fully aware about, but there is 5% of my Bank worth which is $2,085000000.00 (Two Billion, Eighty Five Million U.S Dollars) which nobody is aware of except my attorney.

Please reply me back by filling your personal details below:

Full Name:
Age:
Contact Address:
Country:
Telephone:


Disappointed

I bid on Ebay for a job lot of 40 computers and 25 ethernet switches; this was three pallet loads. My plan was to pick them up in the car (maybe three trips), store them in the cupboard under the stairs and look at them one at a time, install Linux on each one, document the memory, disk and ram, and sell them on Ebay as individual computers.

I have no idea if there's a market for fairly serious servers sold secondhand. But it would have been interesting to find out.

Unfortunately, the bidding went up to £300, which was about twice as much as I was willing to pay for such a punt.

It would have been fun though. Computers are the best toy ever invented. I'll look out for any similar sales; it looks like job lots of servers are a regular feature on Ebay.

Friday 12 August 2016

The 360 swing

I first encountered ex-plumber Colin Furze when he made a pulse-jet powered bicycle. He's made some pretty amazing things since then; the 360 swing is his latest and greatest.

He's 9.5 meters from the ground as he swings round and round on the ... contraption.

He's a hero.

Thursday 11 August 2016

A splendid little server

A great big cardboard box arrived today.

A few days ago, I noticed a Dell Poweredge 1950 for sale on Ebay. This is a 1U server, packed solid with wonderful stuff. It was going for a song, so I tuned up my spoons and put in a bid. I got it for £22, including delivery, which must have accounted for half that amount, and it came with a VAT invoice, so that's 20% I can claim back!

The Dell Poweredge is a server I really like. I suppose there are lots of other great servers, but I started off with Dells a month or so ago.

The 1950 is vintage 2007, so it's about 10 years old, and that's a long time for a computer. But it's got two quad-core Xeons running at 2.83 GHz, and that's a high head of steam. Even the very latest Dell R730 has two six-core processors running at 1.6 GHz, so this 10-year old is pretty much the same spec as a computer just out of the door.

It came with 8gb of memory, but this is a "Generation III", so it can take 64gb. I've ordered 64gb off Ebay, £60. It came without any hard drives; the simplest way to make sure that you don't accidentally give away your data when you sell your old computers, is to take out the hard drives. Not a problem, though, one of the hard drives I got with an earlier purchase fitted fine.

One problem, though - there was a plate covering the front with a lock. That stops people removing the hard drives, or powering it off. And there was no key. But a bit of leverage with a stout screwdriver and that was off; it isn't something I'd use anyway. With that off, I was able to insert a 147 gb hard drive, and I then booted Fedora 24 from the DVD. It installed no trouble. I've added a card that lets me attach four sata drives (and I've ordered a couple more cards like that).

Inside the box, there's an Sata port (used for the DVD, but once I've installed Linux, I'm unlikely to use that DVD again), three USB ports and 8 memory slots, each able to take 8gb. There's a huge row of fans, 14 of them, all blowing over the CPUs to take away the heat. I've always had trouble with CPU fans, because when you have one CPU being cooled by one fan, if that fan goes mechanically bad, you have no cooling and a crashed computer. With the way this Dell works, if even two fans go bad, there's still 12 blowing air over the CPUs.

It came with two power supplies; the idea is that you attach each one to a different power source, so if the power goes down, the computer keeps running. Since I only have one power sourse, that doesn't help me, so I took one of the power supplies out and it's a spare on the shelf.

There really are some great bargains to be had on Ebay, especially if you're buying corporate-type equipment, because home users don't want that stuff, and corporates don't buy second hand kit with no support.

Who's the customer?

My line is down. This is the line I get from Daisy. As I write this, it's been down for 21 hours, and that's bad.

It isn't dead as a parrot; it's flapping. That means it's up for a while, then down for a while, and so on. It's very annoying.

Daisy can see the problem, and they pushed it up to their supplier, Vodafone. Vodafone provide the line; Daisy is Vodafone's customer and I'm Daisy's customer. Obviously, I pay Daisy for the service and Daisy pay Vodafone. When something goes wrong, it's Daisy's support line that I call, and Daisy talks to Vodafone.

This is all standard stuff. But then ...

I got a call from Daisy, Vodafone want to send out an engineer; a site visit to see what's going wrong. Good idea. But, Daisy says, if the problem isn't with Vodafone's line, they want me to pay for the callout, which they said could be up to £500.

Wait, what? Suddenly I'm Vodafone's customer? No, I'm not. I'm Daisy's customer. If Daisy think that a Vodafone engineer should come out to look at the problem, then it should be a cost on Daisy, if there's a cost on anyone.

Arguing, of course, is fruitless. So I agreed to the callout, and to pay £500 if the engineer finds nothing wrong, which is entirely possible because the line is flapping. It can be OK for several minutes at a time, and then it's down for more than several minutes.

Meanwhile, I've been talking to Daisy about possibly upgrading this leased line to EFM. With TalkTalk, EFM costs about half of what it costs with Daisy, and I told the saleslady that, and told her where on the TalkTalk web site to find their pricing. I do have an account manager at Daisy, and I had been talking to him, but his email address doesn't work (email I send him bounces, and I'm sending it to the email address he emailed me from) and his phone is on voicemail, and if you leave a message no-one calls you back. I thini he's on holiday, and there's no system whereby his accounts are looked after while he's away.

<rant on>
With some companies, including Daisy and TalkTalk, no-one ever calls back. My theory is that this is a company rule, and if anyone were to call you back, it would be more than their job's worth.  I have located a very few exceptionally brave individuals who do call back when left a message, and I'm keeping their identities a closely guarded secret, so as not to get them into trouble.
<rant off>

So I'm not inclined to go with Daisy for their EFM based on price. The failure of my current service with Daisy, reinforces that, and the fact that it's been out for 21 hours (and did the same, twice, in May) doesn't exactly help Daisy's case. My feeling is that it's probably an issue at the exchange, because that's been the cause nearly every time in the past, and they should have got someone out there a *lot* sooner.

With TalkTalk, of course, the problem is the fact that as soon as someone is assigned to my case, either they leave the company, or they're reassigned, or they're off sick, or whatever, and although I completely understand that TalkTalk can't do anything about people leaving or getting flu, in any serious company as soon as someone leaves, their case load should be assigned to other people. Which doesn't seem to happen at TalkTalk until I kick up a fuss.

I suppose there's no perfect service in this world. But if only it wasn't all quite so imperfect.

 ...

And now my line is down, so I'm waiting until it flaps back up so that I can post this ...

Tuesday 9 August 2016

Trundling around Tytherly

I did two circuits today. The first was 19 caches around Tytherley, plus a few extras nearby, and I found them all. The second was the 25 caches of the Farley Foxtrot. I DNFed one of those, but while I was looking for that one, I found this.


It was at the foot of an oak tree; the sort of tree where a cache might nestle

And while looking for a different cache, I found this:





It's a Munzee, which is a game like geocaching, except you find Munzees instead of tupperware.

So I had a good day out, and netted 48 caches.

Monday 8 August 2016

Talking to an antivirus company

And the company in question was mine.

Our sales department decided that selling individual boxes was too much trouble, they wanted to sell only big site licences. Individual boxes would be sold by distributors; I think Misco was one of them. Well, I'm no sales expeert, so I let them have their way. And once it was all set up, I phoned Misco.

"Hello?" I said, tentatively.
"Yes?"
"I'd like to purchase,er, a copy of, um, Dr Solomon's Antivirus, er, Toolkit for Windows 95", I said.
And what happened next will shock you, as they say, and you don't even have to click on anything to find out.

What I got was a hard sell for Norton's Antivirus. They were switch-selling me from the product I asked for, to the product they wanted to push. I said I'd think about it, and grabbed our Head of Sales by the scruff of the neck, metaphorically speaking. And explained to him that yes, I do understand that the margin on selling one box is a lot smaller than the site licences he was going for, but before you sell a site licence, people are going to buy one or two to try it out, and I was extremely dischuffed at the situation.

You see, you don't find out what's happening from the customer poiunt of view, until you pretend to be a customer.

Another story. This was at an antivirus conference. It was late evening, we were at the bar, and I was there with a guy from Mcafee and a guy from Norton. The Big Three. And they were boasting about their exemplary technical support. And after listening to this for a while, it became clear to me that they were blowing smoke. You only make a lot of noise about how great something is, when it isn't. So I proposed a test. We each of us call our tech support people, and the winner was whoever was first to talk to an actual techie.

And remember, it was gone midnight. In the UK. Which meant late afternoon in California, where they were based, and all their staff would be in the office.

So we made the calls. David was picking up for Dr Solomon's, I got to talk to him within three rings of the phone (which, by the way, was our objective).

Half an hour, and a couple of rounds of beer later, the other two were still trying.

How did I know it would work? Because I would occasionally phone our tech support line, and if I got through within three rings of the phone, gold stars were handed out. And everyone knew I did that.

Talking to Daisy

And I got a call from Daisy Communications. I already have service from them, in the form of a 2 mbit line, and they were a contender for the ethernet connection when I looked into it two years ago.

The call was from Anthony. He was taking on my case from way back then. I told him I didn't actully have my ethernet connection yet, so there was some hope, but not to get too excited just yet.

When the thought of EFM (ethernet on the first mile) struck me, I thought, I know, I'll ask Anthony for a quote. Because the Daisy web site tells you "up to 35 mbit" and doesn't give pricing. I wanted to know what "up to 35 mbit" means, because 1 mbit falls into that category. And I wanted pricing. So I emailed him, back at the email address he emailed me from.

The email bounced. "Deferred: Connection timed out with eu-smtp-inbound-1.mimecast.com"

So I phoned him on the number that he gave me. I got a recorded message, so I left my name and number and asked for a call back.

Nothing happened. I tried phoning again in the afternoon. Still nothing.

It looks like they've learned their customer communications from TalkTalk, but added a couple of twists of their own.

You have to wonder why they bother.

By the way, before you get too snotty about this, how do you know that the company you work for isn't exactly the same, or worse? In my experience, the only way you can find out what it's like for customers who contact your company, is to pretend to be a potential customer and see what happens.


Talking to Talk Talk, part 2

Remember, this started in October 2014. Yes. nearly two years ago.

Jodie, who I mentioned on 21 July, has vanished. Jodie is with the Office of the CEO, which sounds awesome, until you find out that it's just another complaints department.

In October of 2014, I signed the contract "should take 70 working days, can take longer". My contact then was Phil. Phil was good, we got on well, he got me the information I needed, and a good price, and I signed on the dotted line.

Talktalk don't do the actual connection, that's done by BTOR (British Telecom Openreach). BTOR decided to run the line south from here to a point about a mile away. There's a conduit along my road, so it sounded hopeful. But then they checked to see if the conduit was unblocked. Bad news - a blockage. So they applied for an RTO (Road Traffic Order) and two months later, then rodded the blockage. Then they tested it  and found another blockage. Two months for another RTO, and another rodding, another blockage. This looped until December of 2105, so 14 months after the original order, they decided that the southerly route was impassable, and they'd go for a northerly route that would be about 500 meters to the access point.

They checked the conduit - a blockage. They rodded, and found another blockage. This went on until May 2016.

By then, my case had been escalated to TalkTalk Escalations, and was being run by Matt. Matt did his best (and he's still one of the very few people at TalkTalk who ever call back when you leave a message) and then again to TalkTalk Escalations Escalations (that isn't their real name, I forget what the department is called) and was being handled by Kyle.

It was Kyle who broke the bad news. The blockage was really bad, and BTOR said that they couldn't even make a plan until September. Why the four month delay? I don't know, but I expressed my displeasure. Kyle suggested I contact my local council to see what could be done to speed things up.

So I did that; I spoke to my local councillor Martin, and he suggested I speak to the Road Traffic Authority (that might not be their real title), and the RTA man was very disgruntled at the suggestion (from TalkTalk) that they had been the source of the delays, so they involved BTOR, who told me in no uncertain terms that I shouldn't have gone over their heads, that it was TalkTalk's job to press the case.

I think there was a bit of a kerfuffle. I consider myslef blameless, I phoned the Council because TalkTalk suggested I do that. Anyway, at that point, my case was taken on by the Office of the CEO, and Graeme was now my contact.

I was much encouraged. The Office of the CEO sounded like Baroness Harding was taking a personal interest in my case. Except it isn't like that, the OCEO is just a (fairly large) complaints department. And no-one there ever calls you back if you call them and they aren't there (true about 98% of the time). So Graeme pushed my case, and things seemed to be happening. Sort of. BTOR decided that the northern route wasn't going to work, so they'd run via the southern route. That's the one they first thought of, that had been tried and found wanting a couple of years ago, and blockages don't unblock themselves, so it'll still be blocked,but who am I to criticise BTOR planners?

But then after a few weeks, when I hadn't heard from Graeme for rather a while, I phoned him, and got a recorded message saying that he's no longer with the company.

Well, that happens, but what annoyed me was that with Graeme's departure, my case was back in limbo; no-one had been assigned to it.

So I phoned all the  people I could think of, until eventually, I got to talk to a person (Matt, actually) and explained that I was in OCEO limbo, and something happened, because I was assigned to someone else at the OCEO.

A week went by, and I couldn't contact that person, and she didn't contact me, and I felt sadly neglected, and kicked up another fuss. And I got assigned to Jodie, and that's where I'd got to in my previous blog on July 21.

So what follows is new.

On August 2, I got a letter from Bucks County Council. They were going to dig up and resurface the whole my my road! This, of course would be a great opportunilty for BTOR to lay conduits; they could run either north, or south, or both if they wanted. And because BCC already had the necessary permits, they could piggyback on that.

So, all excited, I phoned Jodie. No answer. I emailed Jodie. No answer. I phoned all the numbers I could think of, and After a couple of days got an answer from Jodie's manager - Jodie was absent. I don't know if she was off sick, or on holiday, or left the company, no-one bothered to tell me. If Jodie reads this, I hope it was something minor and you're fine now. But it left me with a problem. here's this great opportunity for BTOR, and I'm pretty sure that BCC wouldn't have told them (because why would they?). And I can't tell them because I'm only supposed to talk to TalkTalk, and I can't talk to TalkTalk because Jodie has vanished.

So I went down my usual list; Matt, Kyle, and anyone else who A) works for TalkTalk and B) is actually contactable, or who calls you back when you call them. And I'm not going to tell you Matt or Kyle's full name and phone number, because helpful people at TalkTalk are rare and precious and I don't want lots of other people talking to them, distracting them from my case. Find your own contacts.

And that's how come my case was taken out of the Office of the CEO and escalated.

What, I hear you asking, would be an escalation from the OCEO. Was I about to get Baroness Harding herself on my case, in her ermine robes and tiara? Because she was one of the people I had emailed.

No, sadly. Not a Baroness, not a Princess, not even a Queen. What I got was Paul. Paul was previously in the Royal Signals, so at least he has some understanding of telecomms. Paul's job, he told me, is to kick BTOR. I hope he has steel-toed boots, he's going to need them.

So Paul is asking BTOR whether they have actually considered the overhead route (they haven't) and why not (we're waiting for the answer) because *surely* stringing the cable on the existing telephone poles has to be vastly easier than digging a mile-long trench along a road that's only just been resurfaced and BCC aren't going to let anyone dig it up for two years unless it's a dire emergency. Because there's an impending problem; after BCC have resurfaced the entire road, they are going to be *very* reluctant to let anyone dig up their nice new road, it's called "section 56". I might have that number wrong, I'm not an expert at their code words, but what it means is "No digging up the road for two years".

And while I was browsing around TalkTalk's web site looking for information, I found that they're offering the ethernet connection that I signed up for, at about half the price that I promised to pay (which, of course, I haven't paid because they haven't delivered yet). So I asked Paul about that, and he said that he can't talk about commercial matters, which I quite understand, because I took the same line when I ran Dr Solomon's Software, I'll answer any technical question, but if you want to talk prices, that's beyond my competence, I'll get a commercial guy to talk to you). "Who's my commercial contact?" I asked.

Phil.

Phil actually left TalkTalk about 18 months ago, but then rejoined a year later.

So I phoned Phil, and Phil, bless him, remembered me. In fact, he'd discussed my case recently with Matt (see above). And we talked. And he seems amenable to getting down to today's price. Which means that I might not have to explain that a contract signed two years ago for delivery in 70 working days (maybe a bit more) that was still undelivered two years later, is grounds for saying, well, you haven't delivered your end of the contract, so I'm not going to deliver mine.

Phil asked me about progress so far, and I explained to him that we were back in the situation as of October 2014, except that I at least (and possibly BTOR) know that there are severe blockages in the conduit, which we hadn't known two years ago. Is this progress? You tell me.

And then I asked him about EFM (ethernet in the first mile), which can be delivered over copper wires, and *surely* BTOR can do copper wires? I mean, I know they can, because we already have "megastream" which uses two wires of four available, and I also have three DSLs which uses a pair each, and a fax line, which *surely* we don't need any more.

So Phil is looking into getting that to me, which will give me "up to 20 megabits" which will, he thinks, give me 14 megabits, and I'm hoping that it might actually give me 10, which is not the 100 that I actually want, but it'll be good to have until the fibre happens.

I think I'll go out caching tomorrow.

Sunday 7 August 2016

Another Olympics, another doping scandal

Just google "Olympic 2016 drugs" and you'll see that, yet again, there's been umpteen disqualifications for "drugs cheating".

I'm just wondering why. Not "Why do they take drugs?", that's obvious. I'm wondering "Why do we ban drug taking?".

The argument for abandoning drugs testing is mostly that it doesn't seem to work. Think about Lance Armstrong, for example. He was doping for a number of years without being found out.

What's the advantage of banning drugs? I'm not sure that there is one. You might say that "drugs are against the spirit of sport", but you could also say that about professionalism in sport. Or even about practicing before the event. Or what about paying for a coach? Or what about streamlining bicycles?

The strongest argument about using drugs that I've heard, is that they carry health risks. But so does tobacco, and we haven't banned that. And what about the problems that football causes to knees? Or boxing to heads? Or American fottball with its repeated concussions? Or climbing Everest? Surely we can leave it to adults to decide for themselves whether to take the risk or not?

Here's an interesting list of pros and cons.


Friday 5 August 2016

Hackers? Not really.

You hear stories about "We get millions of attempted hacks each day". Not true, of course. The "attempted hacks" are "accesses for no particular reason".

I was looking at the logs for a couple of my servers, and I noticed that I was getting a lot of accesses from 192.243.55.129 to 192.243.55.138, and a lot of those accesses were attempts to access non-existent files, or password-protected files.

Here's the thing. On many pages, I put links to files that don't exist. If you read the source HTML of the page, you can see these links, but if you use a browser, there's nothing to see, you can't see those links. And all those links have a certain pattern to the file name. So if I search my logs for that pattern, I can see who is trying to access non-existent files.
And no normal user would even know about those links; only a web spider would see them. And web spiders should only access text files.

You can also see what IP addresses have tried without success, to access password protected files.

I did a traceroute to those addresses, and it went via the USA. So I used http://en.utrace.de (one of many such web sites) to see where that IP address was located. Dominica. Oh, really? Well.

So I went to my firewall, and with a quick

conduit deny tcp any 192.243.55.128 255.255.255.240

I told the firewall to block everything from there.

Then I got interested - are there any others like that? And yes, there were. So I firewalled off half a dozen more - the others weren't as prolific, but they were trying to access the servers without success, and by blocking them off at the firewall, I 1) reduce the load on my servers and 2) tell whoever is controlling these accesses that they're wasting their time and should go bother someone else.


Thursday 4 August 2016

You want a folding electric bike?

There's two very suitable bikes available on Ebay, the seller wants £50 for the pair on "Buy it now", you might get it cheaper if you bid in the auction. If you're thinking of making a folding electric bike, they would be very suitable, and at that price, I'd buy the pair, because then one is the bike you convert, and the other one will be a very cheap source of spare parts.

This is a very sturdy folding mountain bike, very suitable for rough terrain, and suitable for conversion.

Add the Xiongda double speed motor from Panda, three batteries from Hobbyking (and a charger) and you'll be on the road in no time.

Whoosh!

A drive failed, so I replaced it and I'm reloading. There's 4tb of data to copy, so this could take a while.

But I'm using the gigabit network! And out of a possible 1000mpbs, it's running at 600mbps

That's 75 megabytes/sec, 270 gigabytes per hour. This should be done in about 15 hours.

Monday 1 August 2016

No more student grants

About 50 years ago, the government paid for my university tuition, and also gave me £370 per year to pay for my digs, food, books and beer. My mother was widowed 12 years previously, and our family was very short of money (what is today called "in poverty"), so I got the maximum grant. That let me spend three years playing bridge, reading books and generally enjoying myself. Plus I managed to get a degree in maths.

With that degree, I was able to get a nice job working for Marconi. The department I worked for, had an Elliott 503 computer, I fell in love with it, and the rest was inevitable.

If I hadn't had that grant, what would have happened?

I would have still passed the Cambridge Common Entrance and been offered a place. But I would have had to borrow deeply to finance those three years. Today, August 1 2016, the government withdrew a grant to poorer students that had been £3,387 per year. Fees are about £9000, living costs - I don't know, but maybe £3000? So at the end of three years, I'd be looking at a debt of £36,000.

I would have done that calculation, and thought about it. Would I have taken on the debt? There would have been two forces at work. On the one hand, our family had a huge respect for education; I would have wanted to go to Cambridge, and my mother would have encouraged me.

On the other hand, we had a strong aversion to debt, especially debt where you don't know when or if you can repay it.

I don't know what my decision would have been. I'm immensely grateful that I didn't have to take it.

As a result of my education, I've made a contribution to this country, via my tax payments, that I have no idea how big it is, but sure as sugar it's hugely greater than if I'd gone to work as a bank clerk or suchlike.

I cannot believe that it was a Labour government that sawed through the ladder that let me become a well-paid professional. I can well believe that a Tory government would treble these fees, and are now hammering impoverished students yet again.

Our children are the future of our country.

We should go back to the system whereby tuition and living expenses are paid for out of taxation, even if that means that some of the less well-regarded courses are abolished.