[music | New York Dollls - Vietnamese Baby]

Videos are up from the Boston Pops show we went to on the 19th. These look fantastic if you append &fmt=6 to the end of each video URL to get a decent res version.

Today I listened to the MP3s (THANK YOU table-mate!) of the set, and they came out great, even though I can be heard laughing at certain points. I swear though, the person coughing isn't me, I promise, really. As much as I generally cough, I held it, it was hard. Sounds like me though. Isn't.

[music | Chicane - Andromeda]

Saturday we did some strawberry picking, 9lbs for like $18 at Lull Farm's field in Milford.

Sunday, I headed up to Dunbarton to help out with this monster Sun e450. It was trapped in my friend's car because he didn't have anyone to help him move it into his house, haha. At my suggestion we pulled out everything that was modular before trying to get the stupid thing out of the car and up a flight of stairs to his room. From there it was a simple matter of giving it a serial console, with the null modem adaptor I didn't bring, so we had to drop the $9 at the Shack.

Then just feed it CD after CD. He only let me get 3/5 of the way through before giving up. I think it's going to be for sale, any takers? Sucker. My only comment was that it would probably cost him a fortune to make the Boy Scouts take it away from him next spring. In our town they only charged $20 "per computer", but I'm pretty sure they'd make an exception in his case and charge by the pound like with all other electronics.

The CSSManager is meant to allow access to certain functions of the Cisco CSS series load-balancers to less trusted (non network-engineer) staff without opening the CSS up to too much risk of misconfiguration. Currently it allows web users to suspend and activate Services in bulk quickly and safely. There are also value-added features such as "locking" servers so someone can't accidently activate a server that was suspended for a reason, comments are also useful, especially when used in conjunction with CSSPump to give context to a suspended or down server.

The first public release is right here. It should install and run fairly easily. If the Expect script gets something it doesn't like, it will simply freeze. This is again because of the target audience. If, after initial deployment, this tool doesn't complete its tasks properly, something is likely wrong with either the CSS or your route to it, and a network person should be looking at things, so I don't want it to gloss over failures.

It is very easy to make your CSS (inadvertently) write brand new config with this tool, as with anything that has the possibility of removing your entire load balanced server farm from the internet, it should be thoroughly tested before deployment.

This is the only conclusion I can come to. I don't know Andrew Kartashov, but he seems pretty intent on helping others fill their needs in these areas, I can only guess he's motivated by his overriding need to help people like himself.

Andrew Kartashov runs a site called adsoft-development.com, who has been performing link-spam operations for several years, yesterday and today, they hit here, and here's the Analrapy

UPDATE: I forgot I wanted to give props to the SpamHuntress for the cool Wiki-ized writeup. I don't think I could deal with this noise every day, since it seems so pointless and fruitless to fight it. Good work.

Since my exit, stage left from VistaPrint earlier this year, I've been running my site at 1and1, with no real complaints, except that their VMs only offer Fedora Core 4, which is ages and ages old. I've been running UW-IMAP since then, and I've had some complaints. I believe those complaints might be client relate, but they might not, so I decided to try out some different servers. My only real complaint is that when running multiple clients against the same message store, they get out of sync.

Here's an example. I have two "main machines", a Mac Pro and a MacBook both running Mail.app on Leopard. If I leave the Pro running with Mail open and sorting, and go away and run the MacBook, any folders that the Pro sorts first don't get updated unless I click on them. Basically, it seems as if either Mail.app doesn't check every folder every time it updates, or UW isn't updating clients correctly. I have "Use IDLE" checked on the Macs, and I do belive UW supports IDLE, so it should push.

I've tried Thunderbird, but it annoys me in other ways. It doesn't, as of 2.0.0.9, sort by received date. It will sort by date, but it's whatever date the sender sets, which can be way wrong. There is a setting for it, "mailnews_use_received_date" in the equivalent of about:config, but it doesn't seem to do anything. You can also sort by message received ID, but that doesn't work when you're sorting mail to different folders.

So I was helping a friend with his 1and1 VM install and decided to mix things up a little. He has the same FC4 install that I do, and he'd gotten rid of most of their (now unsupported) Plesk install. I killed the rest of the default stuff, installed and configured Postfix, and went to decide on a server for IMAPs. I tried 'em all. I ended up in a fight between Dovecot and UW. UW didn't seem to want to deal, but Dovecot in the RPM version they support for FC4 (0.99) has some real problems with Mail.app. I ended up in giving him the same situation as me, UW-IMAP and hope it works.

I tried Cyrus and Courier, but neither of them met my requirement for "easy to deal with" and I dumped them both. It was at this time that I started thinking "Gee, I should either get a new VM and put Exchange or Zimbra on it", I hear exchange is a fine IMAP implementation, and they probably have 10x the developers of any of the Big 5 IMAP servers. Of course Exchange must be a weird mix of SQL guys, IIS guys (SMTP transport), IMAP guys and MAPI guys. I don't care, it seems to work. I might do an MSDN install of Exchange on W2k3 to see how it works, and if it works, give it my $39/month from 1and1 so I never have to think about mail again.

I just can't believe people still have to think about this shit. It's been a clear decade since MS came out with a Brainless Mail Transfer Agent under the Exchange banner (and it was relatively stable) and end-users didn't have think about their MTA anymore. I chalk this up to petty bickering and bitching within the IMAP community. The UW guy hates the Courier guy, and thus embraces the Cyrus guy even though he has the same gaping holes as everyone else. It's a huge mess.

I'm back on UW, I compiled and installed UW on my friends machine after giving up on Dovecot because of the Mail.app issues and the fact that newer versions of Dovecot wouldn't complile.

I never want to have to think about my email, come on Open Source Community, help me out here.

For some time, I've been annoyed by Mail.app not checking all folders every time it checks mail. My situation is that I have an IMAP server at a colo, a Mac Pro at home usually with Mail.app running and more importantly, running its filters, and a MacBook running Mail.app that I take with me to work or wherever.

The problem is that as mail comes in and gets filtered by the Pro, the laptop continues to check mail every minute. However it does not "see" messages that get filtered off. So if Dave sends me mail and it goes to the Dave folder, the only way I notice it is if I manually click that folder, which isn't happening.

So how do you fix it? I know there is probably a way, but I've not found an official answer to this in the months I've been looking, so here's what I've got that actually works.

Hit the Mailbox menu and select New Smart Folder. Use "Message is not in mailbox" rules if you don't want to check things like your spam folder (I have my spam stored on the server so if something gets filtered, I see it. Also make a rule to specify "Message Type" as "Mail" so it excludes any RSS feeds you have.

This should hit every folder you have, and when it does, it will actually "touch" that folder, and make the unread message count for that folder update. So what I've done was just collapse the "Smart Mailboxes" in Mail, and I'll probably forget that thing exists, since the unread message counts are now correct.

Woo, yay Apple. My life clearly isn't complicated enough. I'll update this with screenshots later, this is kind of a draft so I remember what I did.

[music | The Coup - 5 Million Ways To Kill A CEO]

Tonight I received two calls within three minutes of each other, the first was an invitation to a Barack Obama rally in Nashua, which I've said I'll go to even though I'm not sold on him, and the second was an automated poll.

There were only three poll questions:

• Do I plan to vote in the upcoming NH primary (yes)
• Would I consider myself to be "Pro-Life" (no [totally Anti-Life, thanks])
• Would I characterize marriage to be a union between "A man and a woman" (no)

Take a look at those questions. They seem somewhat designed to be "yes" questions. Especially the marriage one, of course marriage is "a union between a man and a woman". I just happen to also think it's a "union between a man and a man" or "a union between a woman and a woman". Of course this practice of push-polling is designed to get people to answer a certain way according to a candidate's stance on whatever issue, and is a hugely scumbag move, though not as crappy as phone-jamming.

The poll organization was Common Sense Issues, Inc.(Hey look, racist videos) So I did some Googling. They're apparently a group working for Mike Huckabee. Mike Huckabee claims to denounce "push-polling". It's a bold assertion on my part, but my guess is if he wanted it stopped, it would stop.

Now it seems if I'd said "Yes" to the above questions, I'd have been asked via followup call a few more questions and eventually, if I answered everything right, asked to be a "Precinct Captain", at least, that's how things have gone down in Iowa. Precinct Captain? Sure, hell I'll be a fuckin' Precinct PREACHER, and spread the word of Huckabee & Jesus both to my local precinct. At this point, I'd kind of love to see Huckabee get the nomination because, much like Ron Paul, he gives Democrats a snowball's chance of somehow failing to lose in 2008.

I really wish I had that phone call back. Please, Common Sense, call me back, I've made a huge mistake.

Here's a quick tool to show up/down/suspended status for services on the Cisco CSS line of load balancers. It's intended to abstract the majority of people who will ask for this data from the device itself. Cisco's web gui is an abomination, and this is much more efficient to get the data you want.

The site this was written for had many webservers each with many localized sites, such that a list of services could be:

www1.company.com
www1.company.co.uk
www2.company.com
www2.company.co.uk
etc.

Here are demos of both pages:
pump.pl demo
wapump.pl demo

This script should work regardless of how you've named your services, but sorting might need to be adjusted based on different naming conventions. Requires a webserver capable of running perl scripts and Expect.

More big things to come in the CSS department, stay tuned.

CSS-pump.tar.gz

Don't hesitate to mail me

Config guide for FreeS/WAN and OpenSwan to Cisco PIX VPN

I've noticed some search engine activity hitting my resume looking for FreeS/WAN to PIX information, since I happen to mention both on there. I am currently running such a VPN, and decided I should tell people how I did it. It's easy.

First, let me say that I don't know how to make the PIX work with DHCP peers by default, I've seen it mentioned, I've never bothered to deal with it since my IP changes so rarely anyway. When my IP changes, I log in via the Nortel Contivity (with Win32 client from my wife's machine) to add my new IP to the PIX. Aside from that unpleasentness, it works great, is stable, and provides bi-directional access to my whole home network, which is a plus.

For the sake of argument, and since I'm sanitizing here, I've decided to make The Internet 192.168.1.0/24, my home internal LAN is going to be 10.1.0.0/24 and the office is going to be 10.2.0.0/24, just cause I can.

Here's the FreeS/WAN side:

Now the ipsec.secrets

192.168.1.1 @pixname.domainname : PSK "passwordhere" #again "@pixname.domainname" is defined in your pix config, it's whatever you tell it.

Now the PIX side, same rules apply. Note that it's very important to have the access-list in FIRST. When you add the Crypto Map, the first line is "match address aclname, if it does not find an ACL of that name, you might end up having to drive to where ever your PIX is and physically turn it off and back on. Not that I speak from experience or anything.

access-list ChrisHome permit ip 10.2.0.0 255.255.255.0 10.1.0.0 255.255.255.0

crypto ipsec transform-set FreeSwan esp-3des esp-md5-hmac

crypto map Company-VPN 50 match address ChrisHome
crypto map Company-VPN 50 set pfs group2
crypto map Company-VPN 50 set peer 192.168.1.1
crypto map Company-VPN 50 set transform-set FreeSwan

isakmp enable outside
isakmp key passwordhere address 192.168.1.1 netmask 255.255.255.255

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 28000

I'm not even going to pretend to make a decent page out of this yet. Here's a couple:

Last.fm: use it

Natalie's site: Shop for custom painted furniture

Flickr: Here are my photos