Monthly Archives: January 2008

Fanboy

Posted on by
3

I’d gone  a while without ogling Apple products. So they came out today with some new products.

This is a neat idea. It’s their “Airport Extreme” wireless AP (with N-capability), but with a neat addition–a 500 or 1TB disk for wireless backups. Sure, the real geeks already have their Linux server in the basement with a RAID array of 500GB disks accessible over NFS and rsync, but Apple brings something cool into a nice little box, makes it work pretty seamlessly, and, get this–sells it at a fairly cheap price.  $500 for an 802.11N AP with an integrated 1TB backup fileserver?

Of course, I’d need a Mac machine to sync to it. But I’m already carrying so much stuff to class, I want something light! I guess I’d need the world’s thinnest laptop, the Apple MacBook Air.  Not only is it ridiculously small, but it takes the awesome MultiTouch technology from their iPod Touch / iPhone and applies it to the trackpad. 2GB standard, and if you don’t like the sound of your hard drive spinning, you could always opt for the 64GB solid state one. (Apparently at a cost of $1,000, though… But that’s what you pay for 64GB SSD drives right now.)

And they relaunched the AppleTV, without the suck this time. You can also do the much-rumoured movie rentals through iTunes.

Darn you, Apple! Today was supposed to be the day that I caught up on all the work I need to do!

Cool Stuff

Posted on by
Reply
  • FDC (FDCServers.net) has come a long way since I last dealt with them. (I remember back when they had a couple Cogent lines). They’ve now got 81 Gbps of connectivity.
  • Internap has long been the Internet provider when latency/speed matters. They basically buy lines from all the big providers, and peer with lots of the smaller ones, so that, unless your hosting company has their own private peering agreements, it’s basically impossible to find a shorter route. People hosting gameservers, or really just anything “high quality,” love Internap. I’ve seen prices in the $100-200 range for 1 Mbps. (This is purely for the transit: it’s all well and good to envision $100 for a 1 Mbps line to your house as good, but that’s not what it is. This is when you’re in a data center where they have a presence and run a line to them. The cost is just for them carrying your packets.)
  • FDC now has a 10 Gbps line to Internap. “Word on the street” is that Internap had some sort of odd promotion at $15/Mbps if you bought in bulk, and FDC wisely jumped, getting a 2 Gbps commit on a 10 Gbps line.
  • I’m working on getting Xen running on my laptop. It’s interested me for a long time–it’s a GPL’ed virtualization platform. You can use it on your desktop to experiment with various OSs inside VMs, but it’s also awesome on servers to run multiple virtual machines as virtual private servers.
  • Do you remember Cobalt RaQs? I distinctly remember ogling them and thinking they were the best things ever. (Of course, now we see them as 300 MHz machines…) It turns out that, when Cobalt went belly-up, they released a lot of the code under the GPL or similar. The BlueQuartz project is an active community-developed extension of that, and, combined with CentOS, it apparently runs well on “normal” computers now. (True, you don’t get the spiffy blue rackmount server or the spiffy LCD, but you do get to run it on something ten times as powerful.)
  • I’m still itching to host a TF2 server. I’ve found that they’re all either full or empty, with few in-betweens, and that a lot of them aren’t ‘adminned’ as tightly as I’d like: games like this seem to attract irritating people, and not enough servers kick/ban them.
  • cPanel seems to have come a distance since I last used that, too, and you can now license it for use just inside a VPS at $15/month.
  • Mailservers are hard to perfect. There are lots and lots of mediocre ones, but it’s rare to come across an excellent one, something that can deflect spam seamlessly, make it easy to add lots of addresses, and provide a nice web GUI. All of the technology’s out there, but for some reason, mailservers are among the hardest things in the world to configure. (Even my thermostat is easier to use!) Especially given my affinity for spamd, it’s no wonder that I’m so impressed with the Mailserver ‘appliance’ that Allard Consulting produces. It’s essentially all of the best things about mailservers (greylisting, whitelisting, SpamAssassin, Postfix with MySQL-based virtual domains, a spiffy web interface with graphs, Roundcube…), hosted on OpenBSD, coming as a pre-assembled ISO.
  • Computer hardware’s come a long way lately. I’d imagine it’d be fairly easy to assemble a machine with a good dual-core (or quad-core!) processor, 4 GB RAM, and a few 500 GB disks for around $1,000.
  • Colocation + 1,000 GB transfer on Internap at FDC is $169. (Or $199 for 5 Mbps unmetered, but that’s probably overkill.) Are you thinking what I’m thinking? (Hint: everything on this list indirectly leads to these last two point!)

Emulating spamd for HTTP

Posted on by
1

I won’t lie–I love OpenBSD’s spamd. In a nutshell, it’s a ‘fake’ mailserver. You set your firewall up to connect obvious spammers to talk to this instead of your real mailserver. It talks to them extremely slowly (1B/sec), which keeps them tied up for quite some time. (As an added bonus, it throws them an error at the end.)

One thing that really gets under my skin is bots (and malicious users) probing for URLs on the server that don’t exist. I get a lot of hits for /forum, /phpbb, /forums, /awstats… What they’re doing is probing for possible (very) outdated scripts that have holes allowing remote code execution.

It finally hit me: it’s really not that hard to build the same thing for HTTP. thttpd already supports throttling. (Note that its throttling had a more sane use in mind: limiting overall bandwidth to a specific URL, not messing with spammers and people pulling exploits, so it’s not exactly what we want, but it’ll do.)

Then you need a large file. I downloaded a lengthy novel from Project Gutenberg. It’s about 700 kB as uncompressed text. I could get much bigger files, yes. But 700 kB is plenty. More on this later.

It’s also helpful to use Apache and mod_rewrite on your ‘real’ server. You can work around it if you have to.

Set up your /etc/thttpd/throttle.conf:

**    16

Note that, for normal uses, this is terrible. This rule effectively says, “Limit the total server (**) to 16 (bytes per second).” By comparison, a 56K dialup line is about 7,000 bytes per second (or 56,000 bits per second).

Rudimentary tests show that having one client downloading a 700 kB file at 16B/sec places pretty much no load on the server (load average remained 0.00, and thttpd doesn’t even show up in the section of top that I can see), so I’m not concerned about overhead.

You can also set up your thttpd.conf as needed. No specific requirements there. Start it up with something like thttpd -C /etc/thttpd/thttpd.conf -d /var/www/maintenance/htdocs/slow -t /etc/thttpd/throttle.conf (obviously, substituting your own directories and file names! Note that the /slow is just the directory I have it serving out of, not any specific naming convention.)

Now what we need to do is start getting some of our mischievous URL-probers into this. I use some mod_rewrite rules on my ‘real’ Apache server:

# Weed out some more evil-doers
RewriteRule ^forum(.*)$ http://ttwagner.com:8080/20417.txt [NC,L]
RewriteRule ^phpbb(.*)$ http://ttwagner.com:8080/20417.txt [NC,L]
RewriteRule ^badbots(.*)$ http://ttwagner.com:8080/20417.txt [NC,L]
RewriteRule ^awstats(.*)$ http://ttwagner.com:8080/20417.txt [NC,L]

In a nutshell, I redirect any requests starting with “forum,” “phpbb,” “badbots,” or “awstats” to an enormous text file. I’m not sure if escaping the colon is strictly necessary, but it has the added benefit of ‘breaking’ the link when pasted, say, here: I don’t want anyone getting caught up in this unless they’re triggering it. I tend each with (.*), essentially matching everything. You may or may not see this as desirable. I like it, since /forum and /forums are both requested, and so forth. You could take that out if necessary. The [NC,L] is also useful in terms of, well, making anything work.

I want to watch and see whether anyone gets caught up in this. Since it’s technically passing the request to a different webserver (thttpd), it has to tell the client to connect to that, as opposed to seamlessly serving it up. I don’t know if the bots are smart (dumb?) enough to follow these redirects or not.

Note that /badbots doesn’t really exist. I inserted it into my robots.txt file, having heard that some ‘bad ‘bots (looking for spam, etc.) crawl any directory you tell them not to. I wondered if this was accurate.

The ending is quite anticlimactic: we wait not-so-patiently to see what ends up in the logfile.

Spam

Posted on by
Reply

So my new policy is to keep spam ‘on file’ for three days. It’s filed away as spam so no one sees it, but it’s good for analysis and such, to protect against future spam. Several times a day, I run a little script to delete spam older than three days and optimize the tables, to keep things running fast.

So this table is particularly telling of the spam problem. Akismet is catching just about all of it, so it’s not a big problem for me per se, but the fact remains that, with three days of spam and something like nine months of legitimate comments, spam accounts for right around two-thirds of all comments on my blog. Wow-a-wee-wow!

Geolocation

Posted on by
5

The concept of matching an IP to a country is known as IP geolocation, often just “IPGeo” or “GeoIP.” There are lots of reasons for using IP geolocation, ranging from the mundane (identifying countries in your webserver logfiles) to the questionable (banning countries from your server to cut down on spam) to the neat (doing it at firewall/router level and redirecting a user to the closest data center).

Most of the work is just done on a country level. You take an IP (72.36.178.234, my server) and look it up in a database, and get “UNITED STATES” as an answer. There do exist databases on finer levels, down to the city, but they’re expensive and often wrong. (I keep getting ads to find hot singles in Mashpee, more than 100 miles away and in a different state… Or maybe it’s Mattapan. Whatever the case, they’re not even close.)

It turns out that you can download a free database of IP-country mappings. It’s not infallible, but they say it’s 98% accurate. The database itself won’t do you any good. It’s a compressed CSV (comma-separated variable).

In the comments section here, there’s a snippet of PHP code to take the CSV and convert it to a huge series of SQL inserts, which you input into a database… (Hint: for whatever reason, his preg_match is imperfect and leaves a few instances of the word “error” in the middle of the file. It’s probably a bad idea, but I just commented out the “echo error” line. I end up with a 5.7MB SQL query. You can also just download the thing directly here (warning: 5.7 MB SQL file). Note that, per the license terms, I disclose in the comments that it’s a derivative work of their CSV file.

The other important catch is that IPs are stored as long integers, not ‘normal’ IPs. You’ll presumably want to use PHP + MySQL to get the country associate with PHP, so I’ll provide pseudocode in a minute. PHP provides an ip2long() function, but it only takes you halfway, but leaves you with sign problems. (Argh!) It’s an easy fix, though, and you want something like the following:

$long = sprintf("%u", ip2long($ip));
$query = "SELECT a2,a3,country FROM ip2c WHERE start <= $long AND end >= $long";

You then, of course, run $query and parse through it… You get 2- and 3-letter country codes, as well as the full country name. I use it, with good results, in seeing what country comment spam is coming from. (Most of it comes from the US.)

A MySQL query isn’t the proper way to do this: there exist binary files with the same data that result in faster lookups. But this is the simplest way to start doing IP geolocation in ten minutes time, and, with the query cache enabled, there’s not a ton of overhead.

I’m tempted to write some scripts to allow people to ‘browse’ the database, either looking up an IP, or to view it by country.

Update: Weird Silence has a binary implementation of this same database that’s supposedly much faster. The main page is here, the PHP one is here, and the C one is (t)here. (I’m wondering if it makes sense to write a PHP script to call the C version, and what the performance implications would be?)

Update 2: Get your country flags here.

Amazon S3

Posted on by
Reply

I really didn’t pay it that much attention, or think about its full potential, at the time it was released. But Amazon’s Simple Storage Servic (hence the “S3”) is really pretty neat. In a nutshell, it’s file hosting on Amazon’s proven network infrastructure. (When have you ever seen Amazon offline?) They provide HTTP and BitTorrent access to files.

Their charges do add up — it might cost a few hundred dollars a month to move a terabyte of data and store 80GB of content. But then again, the reliability (and scalability!) is probably much greater than what I can handle, and it’s apparently much cheaper than it would be to host it with a ‘real’ CDN service.

Sadly, I can’t think of a good use for this service. I suppose the average person really doesn’t need to hire a company to provide mirrors of their files for download. (It would make an awesome mirror for Linux/BSD distributions, but I think the typical mirror is someone with a lot of spare bandwidth and an extra server, not someone paying hundreds a month to mirror files for other people… I wonder if there’s a market for a ‘premium’ mirror service? I doubt it, since the existing ones seem to work fine?)

Islam

Posted on by
Reply

One thing I ran into in the Obama campaign was persistent rumors that he was a Muslim. I always thought it was pretty dumb that people were actually convinced of this, but it took me a while to realize that the real problem is what they don’t say, but surely think: they think that he’s Muslim and therefore a bad person.

I wish more people were at least marginally familiar with Islam. It’s a peaceful religion with a few fundamentalist nutjobs who interpret their scriptures in bizarre ways. Really not unlike Christianity.

There are two major sects, the Sunnis, with 85% of the Muslim population, and the Shi’a, accounting for around 15%.

Jihad itself is an interesting term. Thought to refer to “holy war,” it’s actually an ambiguous term referring to anything from holy war to a “struggle to improve one’s self and/or society” (per Wikipedia). And even when it does refer to holy war, there are lots of restrictions: it’s not supposed to include non-combatants, for example.

I don’t know half as much as I’d like to about Islam, giving its increasing importance in the world. But I do wish that more people would at least stop labeling all Muslims as terrorists.

Business Geek

Posted on by
Reply

Tonight I ate at a small restaurant in Amherst, and had the most delicious bottle of root beer ever. Called Virgil’s, it’s kind of hard to put my finger on what makes it so good. As I read the bottle for clues, I noticed that they were publicly traded. I thought this was strange, given that I’ve never even heard of them.

But indeed, they’re REED on the NASDAQ. And they closed out 2006 with a -21% profit margin and a -124% return on average equity. The “past” quarter (ended September ’07–newer results aren’t in) was exceptionally bad, with an almost -40% margin. But as I dug deeper, I realized that this wasn’t such a bad thing. They retired (paid) $1.6 million of debt, after a capital infusion of several millions (“paid-in capital”). They still had an outstanding $8.24 million deficit, but it’s maybe a good sign.

I’d still have reservations, though: the past quarter saw $3.88 million revenues, generated with $5.4 million of operating expense. They’ve got to find a way to either cut these costs, or grow revenues. (Or, preferably, do both!) Recent announcements suggest that Reed has found some new distributors and supermarkets to carry their chain, which may be what they need to come into the black.

And after all of this, I realized something: I set out to see if I could buy their soda online. And I ended up scrutinizing the company’s financials.

Retail Politics

Posted on by
2

One of the things that rocks about New Hampshire is the so-called “retail politics,” where politicians have to get out and work to convince us that we should vote for them. Running TV ads and blowing Iowa and New Hampshire off doesn’t work, as Giuliani proved.

Last weekend, we went to a house party in Merrimack (hosted by a fellow ham, actually), where a few dozen people came to hear Massachusetts Governor Deval Patrick speak about Obama. If you look at the US as a whole, this is a terrible proposition: the governor of Massachusetts takes an hour out of his day (well, probably more like three, if you account of travel time and all) to talk to thirty or so people? And yet this is what it takes.

Governor Patrick, by the way, is an awesome guy. He came around and talked to each person in the room. I told him I was going to school in Massachusetts, and he thanked my mom for “loaning” him to them. He seemed to genuinely care.

Governor Patrick in NH

He has this incredible way of, when talking to you, making it seem like you’re the only person in the room. Here’s the governor of Massachusetts, coming up to someone’s house in New Hampshire, and talking to my mom and I as if he’s an old friend.

He spent a good deal of time just mingling, before he finally addressed us as a crowd and talked about Obama. He kept that brief, and then asked us a lot of questions. At one point, he was talking, and happened to say something along the lines of, “And I’ll tell you why I–” right as the home phone rang. Being the awesome person he is, he added, “And I’ll tell whoever’s calling,” and then picked up their phone.

Answering the Phone

“Hello, this is Governor Patrick.” I don’t really know what the person on the other end said, but I can only imagine they were somewhat confused. “We’ve got quite an enthusiastic crowd here for Obama,” he said, before asking the caller if they supported Obama. “No? Well then I’m afraid whoever you’re calling for isn’t home,” he joked before handing the phone over to the home’s residents.

Whoa’8

Posted on by
Reply

One thing that I find oddly fun is thinking about possible Pres-VP combinations.

Some that come to mind are obvious: Clinton-Edwards, Obama-Edwards… Each has its own nuances that are neat to explore. But there’s another reason I think it’s interesting. In the business world, if you have a fragmented market–many sellers in a market all competing–it makes sense to try to merge some of the small guys to become a powerhouse. (Obviously, you can take this too far and become an anti-competitive monopoly.) Where this tactic is especially important is when the markets are bad. (We’ve discussed at length whether Ford and GM should merge.)

I think the Democratic race is fragmented. (Republicans, too, but in a different way right now.) We have three candidates all attracting substantial support. I have to wonder what would happen if, say, Obama somehow convinced, say, Edwards to be his running mate. Would they form a powerhouse?

There are a lot of combinations that are laughably improbable. I don’t think we’ll ever see {Clinton, Obama}-{Romney, Giuliani}. They’re at opposite ends of the spectrum, and I think {Clinton, Obama} fans would be turned off that they’d picked {Romney, Giuliani} as a running mate, and vice versa. But I do like the idea of bipartisan couplings. I also don’t think that an Obama-Clinton (or Clinton-Obama) ticket is likely. They’ve spent so much time at each others’ throats that I can’t see it working.

But here are two that I find, to quote Kucinich, viable:

Obama-Richardson: They complement each other well, and, in my opinion, are both awesome candidates. Richardson is far behind in the polls, and thus doesn’t really stand a chance of getting the nomination; I’m far from the first to talk about him being in it for VP. Obama has Senate experience; Richardson has gubernatorial experience. Obama doesn’t have much foreign policy experience; Richardson has heaps of it. Obama brings an exciting, fresh perspective; Richardson brings decades of solid experience. (I’m not implying that Obama has no experience, nor that Richardson is ‘stale’–neither is true.) And neither of them are white, which is neat in a way.

Obama-Huckabee: Hear me out! Of the Republicans, I think Huckabee is my favorite. I certainly don’t agree with every position of his, but there are two things I really like about him. One is that he’s a good, honest guy. I think anything he does will be because he thinks it’s truly the right thing to do, not because it’ll make him rich. I think Obama-Huckabee would be the “cleanest” Administration in history. (Not in borderline-racist “clean and articulate” terms, but in “actually fighting for the American people and not doing anything crooked” terms.) And the second thing is that I love the way he views his faith–a call for him to do good on Earth. A religious, conservative Republican against the death penalty and in favor of helping the poor? Wow-a-wee-wow! There are some big differences between them, and I don’t know how reconcilable they are. But there comes a third benefit, too: done right, I think a bipartisan running ‘couple’ attracts the most votes. A Republican who would never go for Obama-Clinton might be convinced to vote for Obama-Huckabee. Not to mention centrist independents.