To Whom It May Concern:

I would like to clear up a few frequently-confused terms:

• Confusing Ludacris and ludicrous provokes laughter because of absurdity.
• The only people who confuse “looser” and “loser” are losers with a loose grasp of the language.
• CPU refers to the processor on your motherboard. It is not a technical term for your whole computer, nor its chassis/case/enclosure.
• Unless you actually understand the difference between a backslash () and a slash (/), you should probably just say “slash,” because it’s almost certainly what you mean, unless you’re dictating regular expressions or connecting to Windows network shares.
• Communism, Socialism, Leninism, Marxism, and Fascism are not all synonyms.

I’m not sure what to make of the fact that the Secretary of the Commonwealth’s Welcome to Massachusetts page is almost entirely about the many different types of taxes that the state has. It doesn’t seem terribly welcoming, really.

Update: Looking for the Westell 9100 default password? It’s admin / password1.

Verizon finally came and hooked us up today. Here are a few things I’ve noticed so far:

• The tech thought it strange that we have a huge LCD TV but no TV service at all. He also thought it strange that we had no phone line.
• The technician came with a USB drive and a SecurID-type dongle. He requested to use a Windows machine so he could run it. Since my computer took a while (it hasn’t been used in a while, and I also have it locked down a bit so that it won’t, for example, autorun USB drives), he was talking a bit. Apparently the USB drive contains a set of applications that log into the router to perform initial configuration. (He connected via WEP key first, so it’s possible it works over wireless, too.) He also mentioned that it fixes WinSock, which made me a bit nervous since I’m pretty sure WinSock doesn’t need any fixing. It sounds more like it fixes common network issues. He also mentioned that one day the server it connects to went down, and that the techs were told to “do it by hand,” but no one even knew what steps were involved anymore.
• He had a Toughbook with a cellular modem. He mentioned that if the laptop didn’t work, he could use that to configure the router, but that they weren’t supposed to, and had to write up a report explaining why they didn’t use the customer’s computer.
• The router connects to the ONT (Optical Network Terminal) over coax, using MoCA. The fiber ends at the coax; there’s no fiber run inside your home. It’s also possible to plug into the Ethernet port on the ONT, though what I’ve read suggests that you can only use MoCA or Ethernet, but both cannot be enabled simultaneously.
• My router is a Westell 9100. The default password is admin / password1 — this isn’t provided, and it took a little bit of Googling to find.
• The Westell appears to run embedded Linux, based on the fact that the system log feature is obvious dmesg/syslog stuff, including “kern.info NET4: Linux TCP/IP for NET4.0” A few other notable lines:
  • kern.info IP: routing cache hash table of 512 buckets, 4Kbytes
  • kern.info TCP: Hash tables configured (established 4096 bind 8192)
  • kern.alert 802.1Q VLAN Support 1.8 Ben Greear [email]
  • kern.alert All bugs added by David S. Miller [email at redhat.com]
  • kern.warn Watchdog started Kick jiffies = 10
  • kern.warn Danube Port Initializaion
  • Various references to IPSec and ipsec_null_init, an Infineon DEU for MD5/SHA1/AES/DES
  • Several entries about MAC addresses being changed, and to atypical formats at that
• The Westell uses pool.ntp.org to synchronize its clock. This is improper and expressly prohibited for a preset value: end users are invited to use pool.ntp.org (a ‘cluster’ of thousands of NTP servers), but you’re supposed to get a vendor CNAME before shipping devices using the pool.
• The Westell has a webserver running on port 4567. I can see a handful of connections from 166.68.134.174, which resolves to sw01.verizon.com. They’re hitting a URL that are long strings of numbers. The majority of the requests came back with a 401 Unauthorized, but a few were authenticated. If I open a remote connection on this port, I can speak to the webserver, though it rejects all my connections. (Incidentally, if you nmap it from outside to make sure it’s locked down, and pass the right flags, nmap generates a lot of strange HTTP requests, including 401, 501 Not Implemented, and a lot of 400 Bad Requests. With a URL containing a space (%20) and some weird characters, a 404 came back, which seems improper: a 401 should really take precedence, no? Googling seems to suggest that this port is open so Verizon can remotely upgrade it, but it seems troubling that it’s not locked down other than with BasicAuth. If a vulnerability were found in this webserver implementation — which is apparently meant to allow low-level management — it could allow someone to mess with a lot of peoples’ routers. At least one forum suggests it’s a TR-069 implementation, using SOAP to manage CPE.
• It’s fast, though I’m yet to hit the promised speed. We pay for 25/15 Mbps; tests get me about 19 Mbps down, and very close to 15 Mbps up. Part of it may be that 25 Mbps is a ridiculous amount of bandwidth for a server to be pushing; I’ve worked with plenty of servers on 100 Mbps drops (into much bigger backbones), and 25 Mbps would be a big spike in any of them, albeit doable. So a busy server might struggle.
• Even though the Westell is improperly using the NTP pool, it doesn’t seem to have an option to run an NTP server on the LAN. As best as I can tell, it’s strictly used to keep the logfile timestamps accurate. Perhaps it’s necessary as part of a security mechanism (e.g., a time-based key system) for remote access over 4567. I kind of hope it is.
• The Westell keeps lots of counters on packets and bytes, but doesn’t seem to want to speak SNMP.
• Despite being a Linux device that doesn’t let me ssh to it, use NTP, or query it over SNMP, it has a good feature set for home users. A dumb-user-friendly interface allows me to see/manage all devices on the network, and you can set up rules: like “Johnny’s computer can’t go online after 10pm” or “Johnny’s computer can’t access playboy.com” There’s also QoS support and Dynamic DNS support for several major clients.
• It’s possible to download a configuration file. It includes references to passwords, though I’m not sure how they’re used.
• It comes with an out-of-the-box WEP key, which is good. It’s possible to use WPA, though I haven’t set it up. You can disable SSID broadcast (default is to broadcast), and do MAC restrictions.

I don’t buy much music. I usually listen to the radio in the car, and use Pandora at my computer. And a bit of Youtube if I’m craving a particular song. Plus I have something like 1,500 good songs on my iPod. So for me to buy a song, it has to be amazing. I just bought three.

I’ve posted about my newfound obsession with David Guetta before. A few weeks ago, I bought Love Is Gone, Sexy Chick (if you’re going to listen to one Guetta song, make this it!), and Memories (with Kid Cudi).

Today, I think my choices were a little more mainstream, and I’m convinced enough of their innate awesomeness that I’m wasting space on the blogs to talk about good songs:

• Guetta’s Love Don’t Let Me Go, which, like Love Is Gone, starts off as a normal, dull song and then gives way to an awesome techno-y beat.
• Daft Punk’s One More Time
• Owl City’s Fireflies, even if I am twice as old as the average fan (and of the opposite gender)

Wikipedia calls Fireflies the fastest-selling “electronic” album ever. (The “electronic” music genre, not the distribution channel.)

I tend to not be a big audiophile, but a Youtube video can’t hold a candle to a purchased song’s fidelity. This is an incredibly obvious observation, but it’s something you start to notice a bit more when you purchase a song and play it through good speakers after having heard it through a laptop’s built-in speakers and streamed over Youtube in the past.

In other news, Guetta’s Sexy Chick is apparently #12 on the Billboard Top 100, and has been in the Top 100 for 15 weeks. Don’t say I didn’t forewarn everyone that it was hot. I take full credit for the song’s rapid spread into the United States.

To Whom It May Concern:

You are free to disagree with the President. You are free to criticize him. You are free to call for his removal from office, though it might be nice if you cited something marginally linked to reality.

But if you’re a proud American and someone who claims to follow God’s wishes, there are some things you probably shouldn’t do, even if you think we could be better represented. For example, you might not call Obama a jihadist and blame him for Fort Hood.

Another thing you shouldn’t do? Forward around out-of-context Bible verses calling for the death of the President. Perhaps they should read 1 Timothy 2:1-2.

Granted, both are protected by the First Amendment. It’s not illegal. Legally, it’s not hate speech. It’s just really, really bad taste.

A lot has been said about how our culture is based on instant gratification. I tend to ignore them, because there’s too much text to read before I get to the conclusion.

I just got back from Ikea, and bought a little $3 basil plant. It has one of those creepy “compressed dirt” tablets that you pour water in and it expands, and a packet of basil seeds. Per the directions, I watered the soil so it expanded, and poured the seeds on top.

The thing that concerns me is that, 15 minutes after pouring the seeds on top, I went to check and see if they had sprouted yet. And rather than thinking I was an idiot, I was kind of just annoyed that Ikea couldn’t make the plant grow faster.

I also watered some plants I bought that were a bit brown on the edges. I assume that they’re healthy and just needed water, but wanted to make sure. Guess what? They’re still brown at the edges 15 minutes after being watered.

What is taking the plants so long?

I recently discovered the wonderful concept of grilled muffins. You take a muffin, cut it and half, and put it on the grill with some butter. Amazing!

I think this is on the docket for this weekend: Jalapeno-Bacon Cornbread Muffins.

Today I entered a ramp onto the Pike, and totally lost control of my car. Frankly, I have no idea what happened. It felt like I hit ice, except it was nearly 50 out, so I doubt there was ice. It was raining, but I didn’t hit a puddle, nor was I going fast enough to have hydroplaned. It really freaks me out that I don’t know what happened, but my car began skidding and I lost control. Through dumb luck, I was able to steer out of it and my tires caught just before I would have crashed into the guardrail. In maybe two seconds’ time, I’d regained control of my car and had — quite miraculously — managed to avoid crashing into anything or anyone.

What fascinates me, though, is how many different things I thought in those two seconds. It went from, “They must have changed the steering when I had my car serviced, it feels a bit different” to “Holy crap it’s because I’m skidding across the ramp!” Panic set in, and I went to jerk the wheel, before thinking that jerking the wheel hard was a really bad idea. I went to slam on the brakes, before realizing that slamming on the brakes would make things worse, too. I tried to strike a balance between, “The guardrail is coming up on me fast” and “I can’t slam on the brakes while I’m skidding sideways or I’ll start doing donuts,” and I — miraculously — found just the right balance. I tried to strike a balance between, “I’m starting to go sideways and need to turn sharply to correct” and “Turning too sharply might roll the car,” and somehow — miraculously — got it right.

I’m one of the maybe 75% of drivers who think they’re better than average drivers*, but I’m not so cocky to believe that it was through my innate skill that I somehow managed to avoid crashing despite losing control of my car on a busy onramp. Part of it’s experience, and a huge part is just dumb luck. We can’t do much about the dumb luck aspect of it, but the experience part brings back an old idea of mine.

All throughout school, we learn all sorts of scientific approaches to things. There’s a formula for everything, and you can do some math and get the right answer. In real life, though, it seems like most of what we do is driven by gut. This is especially so in driving. I don’t pay a ton of attention to my speed, in terms of looking at my speedometer, looking at speed limit signs, and computing whether it’s an acceptable margin. I use my gut. It’s easy to say, “I’m going the same speed as everyone else” and know you’re at a good speed, or, “I’m blowing by people so I should slow down,” or even just, “I think I’m going the speed limit, but there’s a sharp turn coming up and it seems like this is too fast.” Likewise, no numbers are involved in computing a following distance. We learned in driver’s ed how many car lengths you should leave depending on speed, but I don’t know anyone who remembers those. We just use our gut. This isn’t to say that I’m haphazard or reckless. “My gut” has been driving for years and is quite cautious. It just means that, at 70 miles an hour, I don’t have time to pull out a pad of paper and compute metrics. I have a sense of what’s safe and what’s not, and I use that.

What’s interesting, though, is that it really seems that the accuracy of your gut is really based on experience, not formal education. Trying to avoid crashing into the guardrail, I wasn’t thinking back to driver’s ed books, I was thinking back to when it happened a few years ago when I hit a patch of ice on a curve (and lost control even worse, yet somehow, again, escaped an accident), along with dozens of minor, “Uh oh, my wheels are spinning!” moments. When you’re going with your gut, practice makes perfect. It’s why fire departments are constantly burning down empty buildings and having drills. It’s why a police officer might fire tens of thousands of rounds at the range, and yet never once have to fire his weapon in the line of duty. It’s why the military seems to train full-time during peacetime. Some day, they stand a chance of finding themselves in a life-or-death situation in which they won’t have time to think. You have to do without thinking, because if you stop to think, you’ll be killed.

So I want to start a driving school that’s kind of like a grad-level driver’s ed. We’d pander to people who’d been driving at least a couple years, if not decades. I don’t think a 16-year-old driver’s ed student will be ready. It’s like getting an MBA: they really want you to get your undergrad degree, work a few years, and then come back for an MBA with a bit of experience under your belt.

There’s all sorts of little things I think we should cover — like sitting in an 18-wheeler with a half-dozen cars parked along the side, and having people look in the mirror and realize how many of them are invisible. But mostly, it’s experience in tricky situations. There’d be a big track like you see new cars being tested on. Hundreds and hundreds of times, you’d be driving along on the track and suddenly encounter some obstacle, like a patch of ice. The first few times you might lose control and crash the (designed to be treated like a bumper car) car into the (heavily-padded) walls. But then the next time around you’d fishtail but not completely lose control. And after a few dozen attempts, you’d hit the icy patch and take precisely the right actions at just the right times, and come out just fine.

There’d be all sorts of conditions: ice, snow, pouring rain on oily roads, mud, gravel… There’d be tons of experience slamming on the brakes in all sorts of scenarios, too. Anti-lock brakes and no anti-lock brakes. Stopping on dry pavement. Stopping on mud. Stopping on ice. Stopping while cornering. (I had to stop sharply enough for my anti-lock brakes to kick in a while ago. If you’re not expecting it, it’s horrifying. You push harder and harder on the brakes and can feel the car stopping more and more aggressively, but then you reach the point where they kick in, and the pedal suddenly goes soft, followed by some god-awful noise and a pulsating brake pedal. It feels like your brakes have malfunctioned.) There’d be tons of practice dealing with obstacles and hazards — a fake deer leaping in front of you, the truck in front of you slamming on its brakes for no good reason, the crazy man in the car next to you reaching for his beer and coming right into your lane. We’d sometimes give the tell-tale warning signs that paranoid drivers look for: a guy weaving a bit in his lane, or looking over and seeing someone gazing intently at their cell phone.

There’d also be mechanical failures left and right. You’d have tires slowly lose air, tires that blew out, and tires that just came flying off. You’d lose your brakes. You’d lose power steering. Your car would overheat. Your engine would catch fire. Your car would stall. You’d run out of gas even though you thought you had a full tank. Pumps and belts would fail left and right. You wouldn’t learn to be a mechanic, but you’d know enough to keep control of the car while you pulled over, and enough to understand what had happened. For repairable things, you’d be able to handle them yourself. And you’d learn a bit of safety that apparently, a lot of drivers never did. The instructor would scream at you if you stopped in the high-speed lane on the mock highway. You’d suffer serious burns if you opened your hood while steam poured out of the engine from a cracked radiator. You’d die when you pulled over because smoke was coming out of the engine and you didn’t think to turn the engine off, allowing gas to keep flowing into the fire.

There are other things I think people should practice, too, but I’m not sure how to give an authentic experience. Accidents, for one. Several years ago I was in a fender-bender that didn’t even bend anyone’s fender. There was a small dent to my license plate. Nothing else. I shook for hours. It’s one thing to teach about how to exchange paperwork and make sure you stop in a safe location to do so. But what about nerves? That’s the real problem, and I don’t know how to simulate that. (And what do you do if the other driver pulls a tire iron on you?) It might be informative to be in the car and have the airbags deploy, to try to give you some idea what they’re like, but I’m not sure how you can do that — my understanding is that it’s fairly routine to break your nose or suffer minor burns, but that the risks are nothing to, say, having your head fall off, so it’s okay. But when you’re sitting in a stopped car and someone flips a switch to show you what happens, the risk is suddenly not okay. Plus, you can’t just reuse the airbags, so this would be really expensive on top of the risk. Traffic stops might be interesting, too, if you could get the right type of officer, someone who walked you through what he was actually doing and thinking. I think the atmosphere has to be right before they’ll open up about some of the not-entirely-secret secrets about the way they work. (If you’re stopped for going 40 in a 35, for example, odds are good that the officer is either really bored, or found you suspicious and is using your trivially-excessive speed as probable cause to poke around.) It might be informative to be asked to get out of the car and be subjected to a search or a sobriety test, too, so you’d know what it was like.

Maybe even some trivial stuff that I don’t think I’m as good at as I could be. I couldn’t parallel-park to save my life. I have a hard time backing out of spots when turning left for some reason. I’m bad at backing into parking spots. The problem is that, because I’m bad at these things, I avoid doing them. I think it’d be worthwhile to practice these things in a controlled environment — backing into spots with parking cones where cars should be, and parallel-parking in really tight spots. All the cars would be course-owned junkers, subjected to all sorts of parking dings and even big dents from crashing into walls because you did really bad cornering on ice, so when you hit a car parallel-parking, you wouldn’t worry that it was a loose cannon’s Porsche.

At the end of the program, you might have been in 250 minor crashes, skid on ice 185 times, had 90 deer or small children leap in front of you, had 40 flat tires, parallel parked in tiny spaces 18 times, been pulled over 9 times, and given two sobriety tests. That’s more than will happen to most people in a lifetime. You’ll “graduate” and get a break on your insurance because you have a certificate from an amazing program. And nothing much will come of it for a while. You’ll be a bit more comfortable parallel parking, and maybe you’ll be more relaxed and prepared if you’re pulled over or get a flat. You probably won’t even realize that you’ve avoided a few potential accidents. But then one day — years, maybe even decades later — you’re going to be driving along some winter day and a small child is going to run into the road in front of you right as you encounter a patch of black ice. It will all happen in a split-second, but it will feel like at least ten minutes as it’s happening. You’ll swerve and miss the child, and you’ll keep control of your car as you simultaneously brake and swerve on the ice. After you’ve passed the child, you’ll consciously process that a kid jumped in front of you, and a moment later, you’ll realize that you were on a sheet of ice at the time. And after you’ve finally processed everything that just happened, you’re going to realize that the few thousand dollars the course cost you all those years ago was worth it after all. It wasn’t that you had great instructors or that you were a good student. It’s that you’ve done it so many times that, when it really counted, a whole series of counter-intuitive actions came naturally to your subconscious mind.

* I’m reciting this statistic off the top of my head, so I don’t know the exact number, but it’s close, as mentioned in the book Traffic.

It drives me out of my mind I get e-mails that say things like “custsvc” or “orders” as the sender name.

A lot of studies have been done, and have shown that e-mail sent from a “trusted” name has greater deliverability and a higher open rate. If you’re e-mailing me about my Verizon FiOS order, you might e-mail me as “Verizon FiOS” or “FiOS Customer Service,” for example. “Customer Service” is lame because I have no idea whose Customer Service department is e-mailing me. It’s a moot point, though, because the name shown on the e-mail sent to me by Verizon FiOS is actually from “volconsumer”

I don’t even understand how this happens to anyone but people just learning how to hook a web application up to e-mail, though. If you just sent an e-mail, it will default to whatever Linux/UNIX user you’re logged in as, and I’m pretty sure that’s why I get e-mails from fantastically vague senders.

But the thing is, it’s not the least bit professional, and it’s really not even acceptable by any industry standards. Here are a few things ways you might get around it:

• Set up a real name for your Linux/UNIX account. I might log in as “mwagner” but my name is “Matthew Wagner.” Most any mailer will use the real name if it’s available. Piping something through the “mail” command will use your real name, so I’d imagine that anything from the past two decades will use that information if it’s there. Don’t be lazy when setting up users that are going to send mail.
• Better yet, specify who the mail is from, rather than letting your mailer default to the UNIX account it’s running at. Why would you ever send mail as webuser@www101.production anyway? You can run as webuser, but you set mail to come from “Acme Corp Support” with an e-mail of support@example.com. This isn’t a clever trick I have up my sleeve. It’s called SMTP.

The thing that bugs me is that this isn’t some profound insight I have. It’s common sense that anyone who has a basic understanding of, well, anything remotely relevant to what I’m talking about knows all about. Why Adidas, Verizon, Gamehouse, FDC Servers, Google Wave, Newegg, GoDaddy, and Kohl’s (from a random sampling of my Inbox) can’t figure it out boggles my mind. You hurt your deliverability and open rate, lose customer’s confidence, and confuse people… All because you couldn’t spent five minutes of an entry-level engineer’s time to actually set a “From” address on your outgoing mail?

Apache, probably just like every other webserver, defaults to keeping very detailed logs. Every single HTTP request, the IP, the exact time, the hostname they accessed, the exact path, the HTTP version, the returned status code, the returned file size, the referring page, the client’s browser….

grep makes it trivial to find all access_log entries. (And grep + ssh + NFS makes it easy to find all access_log entries across a load-balanced cluster without centralized logging set up.) But it’s kind of like asking someone, “What route did you take to get this party,” and getting an answer that involves every single turn taklen, the precise distances, and every landmark encountered. I don’t care about every HTTP request made. What I want is a flowchart. They first arrived on the site from such-and-such a referrer, accessing a certain URL on our site. They accessed a handful of files as a result — CSS, static images, and, ultimately, another page.

If you view the request and the referrer as a parent-child relationship, it seems like it should be pretty easy to graph. Something like graphviz is probably perfectly suited for that type of data. It shouldn’t be so hard. So why hasn’t someone much smarter than me written a slick little application that would do this ten times better? Is there not that much of a demand? I find that hard to believe.