I tend to use secure passwords most places. Like 0mG%R3LLy!53kUr3!!1 secure.

But several things drive me crazy:

• Maximum length restrictions. American Express—probably the place I need the most security at—limited my password to either 6 or 8 characters.
• Ludicrous minimum lengths. Eight is common, but I’ve seen even higher. “password” is eight characters and is secure, but when I’m trying to sign up for your silly forum to post one thing, and it’s telling me that IH8URS1t3 is too short, I want to scream.
• Character restrictions on password. This is what drives me crazies. What do you mean “*” isn’t a valid character? One place wouldn’t allow a period. (!) This annoys me partially because, unless you’re storing passwords in a plain text file and using a “*” as a field deliminator, there’s no technical reason I can’t use an asterisk in my password. Someone, somewhere, thought that passwords shouldn’t have asterisks and made it so on their site. This is absurd. But even more absurd is that it shouldn’t matter what you enter, because even if your database did treat any non-alphanumeric character as a field deliminator (which no database ever made does), you shouldn’t be putting my password in like that. You should be taking my password, containing anything if I want, and running it through a one-way encryption algorithm. Heck, even something insecure like MD5 would allow you to submit 32KB of Unicode as your “password,” and it would be normalized into a short hash that gets stuck in the database.

If you leave a comment, it must be no longer than seven words, and cannot contain commas, periods, uppercase T’s, or any even numbers. Otherwise my database might explode.

Even though I’m not in the market for a new car right now, I’ve come across two recently that have made me wish I was.

Uncrate has a recent post about the Volkswagen CC, which looks amazing and packs a bunch of features I always wanted, like a (panoramic) sunroof and headlights that turn with the car. It starts at $27,000, though I suspect it’d be closer to $35,000 with those options.

Probably about a decade ago, two of my uncles each bought a Lexus. At the time, I thought they were the most amazing cars ever made, if only because my point of comparison was to a Mercury Sable station wagon. The Lexus sedans were essentially just Camry sedans with much nicer fittings, which means that they inherited the incredible reliability you’d expect: one of the two was just recently traded in with well over 200,000 miles on it.

Of course, I drive an SUV, and have a 100-mile-a-day commute, so gas mileage is important to me. A few American hyribds have been made, though every single one has been an SUV. The new Escalade hybrid gets worse gas mileage than my non-hybrid gas-guzzling SUV.

It’s apparently only a concept car at this point, but Lexus has begun talking about the Lexus HS 250h, a car the LA Times says will be “between the IS and ES,” the two cheapest models the company makes. It’s expected to get something like 35/40+ MPG, and yet remain unmistakably a Lexus. LA Times says it well: “The luxury features are impressive. Ten-way power seats, moonroof, premium audio, lane departure alert, multifunctional navigation (you can send mapping information to the car from your computer) and Safety Connect (which is Toyota’s version of OnStar).”

Actually, another source suggests that the car will likely be based on the Camry Hybrid, while yet another suggests that it will just sample some elements of the Camry Hybrid, but put them into a smaller, lighter car. Popular Mechanics has perhaps the best article. The car won’t be out until 2010. Hopefully they can make it look a little better before then.

I keep noticing that there’s a big disconnect between how I treat things at work and how I treat things on my own server. I suppose part of it’s that I spend 8 hours a day working on the site at work, whereas I only have spare time here and there on the weekends to work on my own site’s infrastructure. As a more concrete example, we have lots and lots of monitoring of all our servers at work. (We’d be crazy not to?)

I haven’t done so much here, because everything works fine, and I’ve put my time into other things. But I just decided to work on getting some better graphs going with Cacti. And I noticed something quite telling when I started graphing Memcache usage.

I’m currently using 35kB of storage in Memcache. I use it quite lightly, just caching a few page elements. I’d be better off using APC to store these, I think, but built it to use Memcache a long time ago. So, with 35 kB of data being stored in Memcache, how much memory have I allocated to Memcache?

64MB.

I think I’m going to adjust things a little bit now that I’ve noticed this…

I haven’t fiddled much with anti-spam stuff on my ttwagner.com mailserver lately. In a way, it’s a good thing: the few messages I receive get through, and the myriad inbound spam doesn’t. I just checked the statistics, though, and noticed that the number of blacklisted hosts has been on the rise. It used to sit between 600 and 800, and eventually dwindled to about 300-400. (Hosts are added to a blacklist if they send spam to a spamtrap address, or if they try to identify themselves with a HELO of my own IP or hostname. They’re unlisted after 7 days.) Now I have 922 hosts. (This list is available if anyone wants it…? It’s just a database call. Though you’d probably do much better with Spamcop or something.)

Blog spam is also a problem, though. Things settled down a while ago, and I got complacent just relying on Akismet and manual blacklisting when someone got through. But I can see that spam is still coming through every now and then.

The problem is that WPMU gives each blog its own comments table, so I’ve previously had to do massive UNION queries, to the point that I have a script just to generate the query. Now that I do this professionally, I decided to do it right. I now have an all_comments view in the database, that refers to all the tables as though they were one, letting me do stuff like “SELECT DISTINCT comment_author_IP FROM all_comments.” The next phase is going to be a little script called from cron that gets all the recent spammers and bans them.

I doubt I’ll end up following through, but I’ve been kicking around the idea of getting a cheap used server and shipping it off for colo. eBay has some pretty good deals, below. Pay attention to shipping, though, as servers can be extremely heavy.

• A mere $299 buys this one, a 1U Proliant with dual 3.2 GHz Xeons, 4GB RAM, and dual 73 GB SCSI disks at 15K RPM. For my purposes I want something with gobs of disk space, but if you’re looking for something fast, this might be a good pick.
• A lot of 10 Dual Opteron Rackable 1Us, $1300. The Rackables are 1U boxes that are half-depth, so that you can load 42 in the front and 42 in the back of a standard 42U cabinet. (Might want to think about where all the heat goes before you do that…) Each of these has dual Opteron 246 processors (2 GHz), 4 GB RAM, and a 120 GB hard drive. Opterons don’t seem to be the most popular chips, but at $130 each (if you buy 10…), these are pretty affordable. And from my unusual perspective, it’s a bonus that it’s got a standard ATA disk: it’s easy to plop a 500GB one in. Not sure if there’s a lot of room for many drives, though.
• $375 with shipping buys this Proliant, which is 2U with dual 3 GHz Xeons, 6 GB RAM, and 6x 73 GB disks. Plus dual power supplies and onboard RAID. (Though the latter is almost standard on servers like this.)

If I knew people who wanted to take about eight servers off my hands (at cost, plus shipping), I’d be tempted to pick up the Rackables. The thing would be more than capable for a decent colo (unless you need RAID or a chip that supports hardware virtualization…), and would make an insanely awesome home server, whether it’s a network fileserver (again, unless you count on RAID, which you should for a home fileserver), or a ridiculously-overpowered firewall. (Maybe throw pfSense on it, in which case you can do fancy stuff and even allow VPN access to your home network?)

Here’s a quick code sample to loop over the dates in a range with Perl’s Date::Manip. The documentation is voluminous and yet I found it difficult to understand; for people who learn best by example, here goes:

use Date::Manip;

#                    Y M W DDD MS?    'base'       'start'      'end' 
#@dates = ParseRecur("0:0:0:1*1:0:0","12/1/08","12/1/08","1/7/09") ;
@dates = ParseRecur("0:0:0:1*1:0:0","1 month ago", "1 month ago", "today");

foreach my $date ( @dates )   {
        #printf qq|%sn|, &UnixDate($date, "%B %d, %Y");
        printf qq|%sn|, &UnixDate($date, "%D");
}

The date formats (%B, %d, %D, etc.) are consistent with those documented in the date manpage.

I got my first full month’s bill with AT&T. Something tells me I’m not a typical customer:

• Minutes used: 85 of 450*
• Text messages sent: 3
• Text messages received: 345
• KB data used: 126,043

• This seems extraordinarily high to me.

Oh, and random crap added onto my bill?

• Regulatory Cost Recovery Charge: $1.25
• Federal Universal Service Charge: $1.72
• 9-1-1 Service Fee: $0.64
• NH State Utility Users Tax: $6.15

An extra $9.76 each month on top of their advertised cost.

The good news is that I have 405 rollover minutes. At this rate, I’ll have 81 hours left at the end of the year.

Just a quick reminder: while the MBTA appears to have actually outlawed photography on their property, it is, in general, not illegal to photograph trains.

But try telling that to the Amtrak police, who arrested a contestant taking photos for an Amtrak photo contest. Incidentally, the photographer has published the photos he was taking at the time, photos of the injuries caused by the police, and photos of his subsequent trips to the train station.

It seems that this isn’t the first time that Amtrak has run into problems with one hand not knowing what the other was doing.

Of course, today Fark also links to a Globe & Mail story reminded that most police officers are compassionate people. Emphasis, apparently, on the “most.”

I’ve been toying around with potential desktop computer configurations again. I love my Thinkpad but the screen is way too small, and there’s not nearly enough hard drive space. It’s got decent-enough specs (2GB RAM and a dual-core 1.83 GHz processor), though an upgrade’s always nice. So I’ve been toying with various configurations online, trying to stay around the $1,000 mark, including monitors.

I’m looking almost exclusively at the quad-core processors Intel produces, and what I’m finding in the reviews of Newegg is that they’re all capable of being tremendously overclocked. I think the Q9300 is the best bet right now: quad cores at 2.5 GHz, 1333 MHz FSB, and a 6MB L2 cache. At $250, it’s only $60 more than the Q6600, probably the most popular of the quad-core chips, but with a slower 1066 MHz FSB. I think the key in assembling a new system is to go for “leading edge, but not bleeding edge.” I can easily sink $1,000 into the latest and greatest “Extreme” processor, but, especially for what I do, it would just barely exceed something like the Q9300.

The other thing to consider is that, even though the Q9300 “only” has four 2.5 GHz cores (for a net of 10 GHz, even though adding them like that is probably improper), it seems that it will very easily overclock; from what I’ve seen, 3.2 and 3.6 GHz are both easy to obtain with anything in this family. All of the reviews, though, recommend a better heatsink for the processors, whether or not you’re overclocking. So that much was a no-brainer.

But I just ran into a “positive review” of the Q9300, saying that, if you water-cool* it, it runs very cool. And I’m not sure how to take that. Isn’t it like saying that, if you attach a rocket booster to a Ford Escort, it’s a very fast car? The more I think about it, the more puzzled I am. Of course it runs cool water-cooled. About the only thing better would be if you were one of those people who use liquid nitrogen to cool your processor.

• For the unitiated, “water cooling” refers to pumping water through copper pipes to dissipate heat off a processor, instead of the normal crappy little heatsink with a 75-cent fan. It’s quite extreme, and generally only used by people pushing their computer to its limits. It has nothing to do with spraying water on your processor to cool it, which is a very bad idea.

Lifehacker has a helpful, Everything You Need to Know How to Do in Windows post. Maybe it doesn’t cover everything, but it still looks like a really helpful link for people still using Windows.