Skip to content

iPhone hardware versions’ feature support

23-Jun-09

So, I’d been wondering about this for a while, but I think I’d like it better if it were correct: I’ve an iPhone 3G and the 3.0 OS update certainly installed the voice recording application, and it does work just fine. Scratch that, I can’t read. No, my 3G does not now do video recording. So, useful list after all!

Btw, I wouldn’t mind doing a speed comparison if one of you out there picks up a 3G S. Given that the 3G is only barely noticeably faster than the original in most real world use cases, I’m rather dubious of this “faster than ever” claim they’re making. There’s a limited number of things one can do with the handset to change that: the network’s throughput is much more important.

Filed in Uncategorized | Tagged , | Comments (2) »

Dear Gallery2,

21-Jun-09

Please step around the corner—so that I don’t have to watch—and get fucked raw. Repeatedly. I’d had the impression that EMacs was a bloated piece of software until I encountered your mess. Several months ago, I managed to get you to actually spew forth legible HTML… but not actually display images, and I gave up in disgust.

Now I come back to the basic problem: “Present images in an easily viewable way with as little hassle as possible to the viewer”, and I find that, actually, JWZ’s gallery.pl is exactly the right thing, a fact I was pretty sure was true at the time but remained, then, obstinate about dicking around with PHP a bit. Jamie’s script is simple, clear, conscious of the fact that storing binary blobs in a database on top of a file system (that is, itself, a database) is stupid, and, for bonus points, it FUCKING WORKS.

It took me sixty minutes with gallery.pl to satisfy its shell-out requirements (hint: pnmscale lives in the netpbm package), customize it to my style preferences, run it across a few recent directories full of images, and make this post. I spent a plurality of the time folding laundry while FreeBSD ports took care of rebuilding and reinstalling ImageMagick, maybe 30% of it in Wordpress’s post editor (writing this), and maybe 15% of it in vi(1) making a few localization changes. That’s a testament to JWZ’s well-honed and beautiful coding style and to his creating a simple tool that just does one thing and does it well, a concept so grossly lacking in Gallery.

Yeah, sure, it’ll take a couple more steps to upload images directly from the iPhone, and I still need to hack in a two-stage resize (down from camera size to sensible web size), but the former was a hack on top of You anyway and you actually suck at the latter. It’d probably have taken me longer to get this working under Gallery than it’ll take me to write an iPhone-friendly photo uploading app in PHP that automatically reruns gallery.pl and add an extra stage of djpeg | pnmscale | cjpeg by an order of magnitude I’d prefer not to consider.

And, regardless of any of those real issues, who could possibly resist using a chunk of code that includes:

use bytes;    # Larry can take Unicode and stick it up his ass sideways

So long, don’t let the door hit your ass on the way out, and good riddance.

PS, an example of Shit Just Working.

Filed in Uncategorized | Tagged , , | Comments (0) »

iTunes, iPhones, and security

05-Jun-09

iTunes 8.2 has introduced a new feature: if you have a keypad lock on your phone (or iPod touch? I guess they can do that?) then you must authenticate to the device before iTunes will sync with it. I went through three emotions about this, roughly aligned to Id, Ego, and Superego (in that order):

  1. This is irritating, get out of my way.
  2. Actually, I like this because it was, previously, a glaring security hole.
  3. Oh, it’s still a glaring security hole exploitable by anybody clever enough to keep an old version of iTunes about and it gets in my way now.

That’s about as far as my thought process on this goes and I’ve concluded the whole thing is both silly and irritating. Maybe I’ve missed something?

Filed in Uncategorized | Tagged , , | Comments (0) »

Of COURSE it happened again.

04-Jun-09

(Some names changed to maintain a modicum of anonymity.)

<Dave> noc - rebooting [REDACTED]
<Phil_R_> ok thank you
<KBU> 10-4 good buddy
<Phil> Tac0Danz05
<jon> we got ourselves a convoy
<gr> Nice password, Phil.
<Phil> thanks…it used to be nice and secure.
<gr> At least yours are longer than jon’s.
<Dave> so… many… comments…
<gr> Down boy.

(Previously.)

Filed in Uncategorized | Tagged , | Comments (0) »

I’ll thank you not to call me messy, Windows.

15-May-09

Dear Microsoft Windows,

When there are fewer than 10 icons on my desktop, I probably do not want your “assistance” to tidy up, no matter how long it’s been since I saw fit to open (for example) that phonetic alphabet PDF. It really won’t be necessary for you to keep asking EVERY FUCKING ASS WEEK.

Thanks!

Filed in Uncategorized | Tagged | Comments (0) »

Hey Apple! Give me a weighted “random” in iTunes. Yesterday.

02-Apr-09

So, I get the “Genius” thing. Mimicking pandora.com is the hotshit thing to do, but it’s not the Right thing to do. I’ve given you my ratings: give me a “random” weighted towards those ratings. This is mathematically simple, especially since you only give me a one to five scale. (How to deal with zero-star songs is an open question, but I’ve got over a terabyte of music, and at least 250 GB of that has ratings, so shut the fuck up.)

Filed in Uncategorized | | Comments (5) »

Dear VAR/vendor saleslime: Belittling your customer will not generate sales.

01-Apr-09

I’ve let this one kick around in the back of my mind for a while, because I’m about to accuse someone, in public, of being grossly unprofessional which could, itself, be considered unprofessional. I confess that my first impulse was to simply post the whole email thread, edited only mildly to conceal identities, but that’s obviously petty and immature. With that caveat covered, I do have what I think is an important point to make here, so I’m going to attempt to walk this fine line.

Recently, my employer has gone forward with a hardware refresh of our backup infrastructure. The portions of this hardware refresh that were more or less up for grabs were the tape library that held LTO-4 drives and how we would do encryption key management for those drives. The tape library considerations were the HP MSL series (4048s already in the building, 8096s required for this usage), Sun StorageTek SL500s, or SpectraLogic T120s (or, at the outside T200s, but that’s overkill for this environment). I won’t go into which we selected or why here, because that’s not the point (feel free to drop me a line if you’re curious, but my take is: any of these options is acceptably serviceable, so it comes down to what fits best in your environment and cost from your relevant VAR). Each of these options locks one into that vendor’s key management (unless you choose to do it in your backup software, but I have a reason not to do so that is spelled VMS), which is an irritation that will be addressed at a later date.

My confessed discomfort should be painfully more clear by the dawdling length of the introduction. The point here is that one of those vendor’s sales representative (not the VAR, I take care to note) broached the borders of acceptable behavior on his part to an inexcusable extent: he got angry, at me, via email, for politely informing him that I planned to choose another vendor’s product. And he clicked “send” (or, probably, hit Alt-S; whatever). He should be ashamed, and I expect that he is, at this point, given that I intimated to the VAR salesperson that, regardless of whatever decision we’d already made, that would have sunk the sale.

I’d asked the VAR the same question that I asked the other two: is it feasible for us to buy your schlock and switch our backups to it, but stick an LTO-4 into our existing STK L180 library, duplicate from 9940 to LTO-4 media there, with encryption, and expect to be able to read those tapes for recovery. The answer, in all cases, was, “No, that shit don’t work because none of the vendors want to play nice with each other on key management.” This VAR slightly misunderstood the question (or was misinformed), so I wrote:

[REDACTED], your answer to number 1 is actually “No” [His answer had been a qualified "Yes", but the qualifications meant it wasn't useful for me]. That is, I can’t use [REDACTED]’s product in order to write an encrypted tape outside of a [REDACTED] library (which I could then read, later, inside a [REDACTED] library).

Thanks for the responses!

I wasn’t more irritated by this than by other VAR/vendor responses to the same question: you just can’t do that with the current state of affairs unless you do all of the key management yourself, and I’m uninterested in writing and supporting (potentially past my current employment) software to do that, so my thanks were genuine.

But he Cc’ed his sales rep from the vendor, and that’s where things got messy with just one email. He (the vendor now, not that VAR) wrote:

Please tell me a secure solution that can and we will point out more then one issue to dispute that claim. We have always talked about process not just glitzy marketing claims.

Now, that’s just unprofessional, without regard to context (of which a minute detail: he addressed me, outside of the quoted material, by my given name’s nickname without ever having been encouraged to do so; my co-workers call me that, but I never said he could and I sign emails with my full name… at least he spelled it correctly), but for bonus points it’s both technically and factually incorrect.

First, technically: I can write (it’s a three weekend hack; bet me three cases of Bols Genever and I’ll prove it, but check the price on that first, because it approaches half my hourly for the same work, and I’d be releasing it under either a CC or BSD license with my name on it) a secure solution to manage keys for LTO-4 tape drives across various disparate libraries and even backup products, restricting the latter to POSIX-(mostly-)compliant operating systems. (Making it also work for our VMS systems would require some consultation with the relevantly skilled parties at my employer and another weekend or two. And another case of Genever at the bare minimum, because I’ll be fucked if I’m writing code for OpenVMS for my goddamn health.)

Second, factually: this particular vendor’s presentation is nothing but “glitzy marketing”. I have, on my desk at work, no fewer than three spiral-bound, high-gloss, heavy-stock brochures about their products, in three different form factors, only two of which even pertain to tape libraries. This is, in fact, the second time (across disparate employers) I’ve been pitched by them, and they remain the most gut-wrenchingly, plasticly cheerful saleslime I’ve ever had the misfortune to encounter.

Curiously, that wasn’t the tape library I chose to buy. Twice now. They should consider just a dab of tact, I think.

Filed in Uncategorized | Tagged , , , , , , | Comments (2) »

If automobile design were left to open source developers…

30-Mar-09

… we’d be driving cars with 17 wheels, 8 transmissions, and 3 engines. This is especially true in the GNU crowd.

For reasons that will become apparent in a post I’ll make in a few days, I was simply trying to build ffmpeg out of the FreeBSD ports collection. Building individual ports immediately after updating one’s ports tree is always a pain in the ass, as they frequently (invariably, in the case of multimedia software) depend upon newer versions of various libraries and helper applications you already have installed, but FreeBSD’s ports handle this very gracefully with their deinstall and reinstall make(1) targets. That does mean that building something like this out of ports invariably involves five or six sessions under screen(1) for me as I descend those dependencies, but it does Just Work if you simply follow the recommendations.

After playing the usual game, however, for ffmpeg, I got this:

-(gr@stow:/usr/ports/multimedia/ffmpeg)---------------(Mon 2009-03-30 21:05.08)-
[0] % sudo make
[...]
Creating config.mak and config.h...
===>  Building for ffmpeg-2008.07.27_9
gmake: *** virtual memory exhausted.  Stop.
*** Error code 1

Stop in /usr/ports/multimedia/ffmpeg.

Well that’s a new one. And considering I’ve got 6 GB of addressable virtual memory on this system and top(1) indicates this didn’t even scratch at the 2 GB of that that’s physical upon a rerun, I’m highly dubious of the assertion.

Nope, apparently, “The FFmpeg build system *requires* GNU make 3.81, as you can read in the INSTALL file.” It’s obviously my fault for not kowtowing to your package’s documentation, rather presuming that you would have provided it in a reasonably usable state.

Why, pray tell, is GNU Make 3.81 required? It sure looks like it’s required because the targets include embedded and escaped regular expressions. Because, you know, that isn’t the sort of thing that we’ve all collectively decided (when we were adding maybe the seventh wheel to the car) to do with autoconf(1), so, sure, let’s push it further down the layers of abstraction in a way that’s completely backwards-incompatible. Sure, why not! I’ll just hang my ninth set of fuzzy dice (hey, D20s this time!) on my third rearview mirror and cruise right over that bridge to nowhere with you!

(Note that my ire here is finally triggered—I can take quite a lot, but this is just over the line—by Signor Sabatini’s attitude in response to a user query. I’m basically okay with the idea that he’s decided that his software needs a specific toolchain, even if I do think it’s a bullshit requirement, but the fact that he didn’t take the trouble at autoconf(1) time to warn the user of this requirement combined with the arrogance in responding publicly to a confused user is inexcusable. This is an error that is both easy to predict and easy to avert: all you have to do is check the installed version of GNU Make. Perhaps some blame also falls on the FreeBSD ports maintainer here, who could have made use of a standard hook to do that same job, but it’s extremely likely that he tested an upgrade to the package without reading INSTALL either after he’d happened to upgrade to GNU Make 3.81 for other reasons and never saw the failure. Also: I wasn’t graced with an archived email from him telling some other guy and, by logical extension, me that we were morons.)

If I’ve said it once (and I’ve lost count of how many times I’ve said this), I’ve said it a google (ha HA) times: what in the fucking hell is wrong with these people?

Filed in Uncategorized | Tagged , , | Comments (1) »

Hey Dreamhost, you’re okay by me!

07-Mar-09

Something verging on two months ago, I noticed that I wasn’t able to reach certain websites that I frequent (usually by way of RSS feeds) from my home Internet connection (a business DSL dry loop through Verizon). Some examples: Foobooz, riotclitshave (it’s a pun on right-click, save; shut up), Jeffrey Morgenthaler’s blog. What these sites have in common is that they are hosted by Dreamhost. The sites weren’t down (using my VPS as a proxy confirmed that without even needing to bother with things like Down for everyone or just me?), they were just failing to send packets back to me, semi-specifically.

I did a bit of research and found that not only did it appear that I was pretty obviously being explicitly blocked, other customers of my ISP were not. This irritated me more than a little bit, since I do like to believe that I have a reasonable idea of what I’m doing, I do take care of the security of my systems and networks at home (although I’ve been known to get a bit lax given that I do this shit all day at work), and I strive to be a very responsible network neighbor.

So I went looking for contact information for Dreamhost on their website… and found things sorely lacking. Web forms yes, one that applied to my situation, not so much. Phone numbers, no. Actual email addresses, no. This didn’t look good, but I went ahead and filled out a web form and emailed, by way of GMail (since any outgoing SMTP connection from my mail server would, of course, be ignored) what I expected to be the Usual Suspects:

Date: Sat, 21 Feb 2009 15:29:05 -0500
Subject: Could you explain why you’re blackholing my source IP address?
From: gabriel rosenkoetter
To: abuse@dreamhost.com, postmaster@dreamhost.com, webmaster@dreamhost.com

For the past several weeks, I have been unable to reach several of your
customer’s websites (for example, foobooz.com and jeffreymorgenthaler.com)
from a source IP address of 71.242.125.164. I also can not reach port 25 on
your MXes (which is why this email is being sent through GMail), and ICMP
traffic (traceroute or ping) to any netblock you own is dropped by your
pnap.net border router (usually newdream-8.border21.lax.pnap.net,
216.52.220.146) marked “administratively prohibited”.

So far as I know, I have done nothing to attack you. My network is not open,
my mail server is secure with valid reverse DNS entries, and I’m not running
any webscraping. Could you please explain why you have blocked my access to
your customers’ web sites and provided me with difficult at best recourse to
contact you?

Dubious that anyone would see either of those (identical) missives, I reached out to some of my contacts in the Industry. By which I mean I asked whether anybody in the IRC channel where some of us sysadmin types hang out (no, that’s no longer EFNet #root for me any more; long story, politics, drama, and baggage) knew anyone at Dreamhost. One responded promptly in the affirmative and was very helpful in passing my query along. Here’s the thing about the lazyweb: you get better results with a self-selectedly intelligent audience, which, curiously, you rarely find on the world wide web proper.

And then I went out for the evening and straight to bed afterwards, only to rise to actual Results the next day! (Well, okay, fine I saw the reply on my iPhone while I was out, but I was in neither mood nor position to deal with it properly then.)

It appears (but I’m not certain: I put the same text in the web form and the email) that it was actually the web form (which I guess involved Sales, since nothing else seemed appropriate and they seemed like the folks who might care that someone couldn’t get to their customers’ web sites)—but maybe it was imajes’s influence? The world may never know!—that yielded the only unautomated response:

From: DreamHost Sales Team
Subject: Re: [REDACTED@gmail.com [REDACTED]] Could you explain why you’re blackholing my source IP address?
Date: Sat, 21 Feb 2009 18:09:29 -0800 (PST)
To: gabriel rosenkoetter

Hello,

Sorry to hear that you’re having trouble accessing our network. Oddly
enough, I checked the server and don’t see that you’re being blocked.
Both in deny host and iptables.

Please run a traceroute and send us the results. It may help us in
identifying where exactly the connecting is being dropped. You can reach
me directly at [REDACTED]@dreamhost.com or [REDACTED]@gmail.com.

Thanks,
Phiya C

To which I, of course, promptly responded:

From: gabriel rosenkoetter < [REDACTED]@gmail.com>
Subject: Re: [[REDACTED]@gmail.com [REDACTED]] Could you explain why you’re blackholing my source IP address?
Date: Sun, 22 Feb 2009 12:39:01 -0500
To: [REDACTED]@dreamhost.com, [REDACTED]@gmail.com
Cc: DreamHost Sales Team

Thanks for the quick response!

Here’s a traceroute from 71.242.125.164 (which NATs for systems within my
house) to www.foobooz.com, one of your customers whose website I used to
visit regularly:

traceroute to www.foobooz.com (67.205.11.75), 64 hops max, 40 byte packets
1 L239.DSL-RTR1.PHIL.verizon-gni.net (71.242.125.1) 22.640 ms 22.283 ms 21.962 ms
2 at-1-0-0-1710.CORE-RTR1.PHIL.verizon-gni.net (130.81.7.58) 21.871 ms 22.833 ms 22.739 ms
3 so-7-1-0-0.BB-RTR1.PHIL.verizon-gni.net (130.81.20.136) 22.535 ms 22.244 ms 22.004 ms
4 0.so-6-0-0.XL1.PHL6.ALTER.NET (152.63.3.77) 22.556 ms 22.845 ms 22.642 ms
5 0.so-7-0-0.XL3.LAX15.ALTER.NET (152.63.112.53) 98.813 ms 99.694 ms 99.297 ms
6 POS6-0-0.GW3.LAX15.ALTER.NET (152.63.112.105) 99.064 ms 99.075 ms 99.264 ms
7 internapGIGE-gw.customer.alter.net (157.130.236.110) 211.681 ms 188.354 ms 200.618 ms
8 border21.po2-20g-bbnet2.lax.pnap.net (216.52.255.102) 100.799 ms 100.404 ms 101.081 ms
9 newdream-8.border21.lax.pnap.net (216.52.220.146) 98.858 ms !X * *
10 * * *

In many traceroute implementations, including FreeBSD’s (which this is), !X
means “communication administratively prohibited”, so I’m pretty sure that
there is an ACL on that pnap.net border gateway that’s dropping packets.
(The same thing happens with TCP packets.)

It took another 36 hours or so (which I am certainly in a position to understand; who knows, maybe an electrician decided to take one of their production DCs completely offline like one did to mine), but that then yielded this:

From: DreamHost Sales Team
Subject: Re: [[REDACTED]@gmail.com [REDACTED]] Could you explain why you’re blackholing my source IP addr
Date: Tue, 24 Feb 2009 16:28:52 -0800 (PST)
To: [REDACTED]@gmail.com

Hello,

It does appear that your IP is being blocked at the router level. We blocked several IPs when a DOS Attack was launched on our panel. Please understand in such case we cannot indiscriminately block IPs. We simply block IPs that are attempting to gain access during the attack. At any event, the block has been removed. We sincerely apologize for the inconvenience this has caused and appreciate your continued patience. If you have any additional questions, please let us know.

Thanks,
Brian S

I am just now, as in after this is posted, getting around to responding to ask whether they’ve got any change management documentation from when that block was put in place to document what I appeared to be doing because, as previously mentioned, I like to think I run an acceptably sound ship, and I’d like to know if I’m screwing up in some way so that I can fix it.

Overall, however, I am very, and unexpectedly, impressed with how well Dreamhost responded. Bravo!

Update: (2009-03-07 15:30 UTC-0500) Well, nothing’s perfect. They definitely didn’t understand what I meant when I asked for logs of any attack, mostly that I’m not one of their customers, but I do understand their privacy concerns:

From: DreamHost Sales Team
Subject: Re: [[REDACTED]@gmail.com [REDACTED]] Could you explain why you’re blackholing my source IP add
Date: Sat, 7 Mar 2009 06:10:12 -0800 (PST)

Hello Gabriel,
sorry again for blocking your IP, unfortunately there is no logging data that we can share with you on this matter due to security issues. Your IP could have been selected if you had multiple connection attempts to our panel which may have been a result of failed login attempts, unfortunately it seems to just have been a cyber case of being in the wrong place at the wrong time.

Thanks,
Javier R

Oh well.

Filed in Uncategorized | Tagged , , , | Comments (0) »

Dear recruiters: reading comprehension counts.

24-Feb-09

As my resume does exist in several places online, I am frequently contacted by recruiters. I’m generally unsurprised when they ignore my preference (noted rather explicitly on, for example, LinkedIn) that they contact me via email rather than the telephone, nor when they call both my home (which, until recently forwarded to…) and my mobile number, sometimes leaving a voicemail at both (despite a greeting that suggests that callers send me an email or text message rather than leaving a voicemail). Those are par for the course. In fact: I make a point of staying in touch with recruiters who actually do manage to follow these directions because they seem like the sort of person I would like to have representing me when I am looking for a job (no, I’m not right now).

But this guy (whose contact information I’m eliding) really kicked things up to the next level, and ensured that I will never, ever want to work with him (yes, I do keep track):

From: Kevin [REDACTED]
Subject: RE: Join my network on LinkedIn
Date: Tue, 24 Feb 2009 12:44:02 -0500
To: ‘gabriel rosenkoetter’

Gabriel, Thanks for accepting my invitation.

Kevin [REDACTED]
Sr Recruiter - EMC Technologies
[REDACTED]

—–Original Message—–
From: gabriel rosenkoetter
Sent: Tuesday, February 24, 2009 12:43 PM
To: Kevin [REDACTED]
Subject: Re: Join my network on LinkedIn

At 2009-02-24 07:22 -0800, Kevin [REDACTED] (LinkedIn Invitations) wrote:
> I am a Sr Recruiter who constantly works ONLY on EMC Technologies
> for my clients. I proactively recruit and market Top Talent in the
> EMC Technology area. I wanted to connect with you for mutual
> beneficial relationship

Kevin, thanks for getting in touch. Generally, I keep LinkedIn
contacts to people I’ve actually met personally, but do please feel
free to stay in touch via email.

Cheers…


gabriel rosenkoetter
[REDACTED]

Filed in Uncategorized | Tagged , | Comments (0) »