Server and Domain Names

dedicated-hosting-serverI’m in the process of setting up another server farm and I need a new domain to go with it. While server domains can be just about anything, a lot of them get assigned names with “host” or “server” in the domain name, like superhost.com or quickserver.com.

I thought megaserver.com would be a great domain name but of course its already taken. gigaserver.com is available for $6K and teraserver.com is in use. Going much higher with peta (10^15), exa (10^18), zetta (10^21) and yotta (10^24) doesn’t yield any available domains, but sometimes the .net and .org versions are still available.

So I decided to look the other way – milliserver.com, microserver.com, nanoserver.com (which I think sounds good!), picoserver.com and femtoserver.com are long gone … although, again, some combinations with .net and .org stil exist.

It isn’t until you reach 10^-18 or attoserver.com that you find one available. I’m surprised it hasn’t been picked up by some company with ATTO in its name, but there it is.

So this post is a bit of a test – Now that I’ve announced my intent to purchase attoserver.com, wonder how long it’ll be before a domain reseller tries to snap it up!

Dealership Fail

HDSACAfter purchasing a used, low-mileage VROD, I wanted a full mechanical evaluation. Even though Sacramento Harley-Davidson isn’t the closest dealer, I made an appointment with them because the bike was originally sold from there and the only service had been performed there. Sacramento Harley-Davidson would probably have the best (only?) records of this bike’s services.

Even though I made an appointment, there was no record of my service request so the tech asked me what I wanted. I repeated my request for a full mechanical evaluation.

“Oh, you want our 30-point inspection!”

That seemed appropriate and I told the tech I would wait in the room area until the bike was ready. An hour later (pleasant surprise!), he walks over and tells me the bike is done.

A second tech takes over and has the bike brought up and starts ringing up the bill. He asks if the service had been explained yet. I said no and he proceeded to explain.

He did a miserable job. He said there was a “possible clutch bleed” but couldn’t explain what it meant nor how serious it was. Similarly, there was a “minor weep from rockers” but again no explanation or degree of seriousness. Lastly he tells me the engine oil level is low. I asked if it was topped off?

“No!”

Then the litany of excuses started flowing – I had asked for an inspection, not a service … The tech didn’t know if I wanted the top off (Ask me. I was 20 feet away in the showroom.) … Sacramento Harley-Davidson doesn’t have enough people to …

I paid my bill and rode off … It’s unlikely my VROD will ever see Sacramento Harley-Davidson’s service department ever again.

My days as a spammer

SpammerIt was over a year ago that an acquaintance told me that after forwarding a joke email, this person suddenly started receiving thousand of “Undeliverable” emails. She interpreted the situation as the email recipient was infected, her email address became public, and now she was a victim of huge amounts of the “Undeliverable” spam.

My reaction was one of confusion – Spam exists to monetize something, and it wasn’t clear what monetization was taking place by flooding her email account. No additional information was offered so the topic was dropped.

But I was about to find out how wrong she had been!

Last month, I was asked to host this person’s email and I agreed. A week later I receive a late night call that another “attack” had commenced. Still believing the problem was an “attack,” I provided instructions to filter these “Undeliverable” emails. This fixed the symptoms but not the underlying problem.

The following morning my spam software started creating large numbers of false positives. Later that afternoon I started having my own email problems – Emails I was sending weren’t being delivered.

With two seemingly unrelated problems, troubleshooting was more of a trouble guessing process, but eventually the problem turned out that my server was sending emails (spam?) at the rate of 7,000 emails per hour! My server was being blacklisted at multiple RBLs and now all my customers were complaining about email problems.

Suddenly it all came together – My friend wasn’t being attacked – She was in fact the attacker! One of her mobile devices had been compromised and she was spewing spam out through *my* email server. Now knowing what to look for, a dig through the computer logs revealed multiple logins to her account from unknown IP addresses. The solution was obvious.

“Turn them off! Turn them all off!” was my order.

With the spam temporarily stopped, I set about restoring email to the affected customers and petitioning RBLs to delist me. It was a rough day. Then back to the spammer.

Given that my friend only owns/uses mobile devices, and that she historically used non-SSL, IMAP email, and now knowing the spammer had email address and password, it was pretty easy to see what happened. Somebody running a WiFi snooper (Wireshark?) at a public WiFi had intercepted her email address and password. Ridiculously simple.

The “attack” she refereed to wasn’t an attack, it was just normal recipient server traffic telling her she had emailed to an invalid address. Consider that she was emailing out at 7,000 emails per hour – If 10% of the email addresses were invalid, she was receiving 700 “Undeliverable” emails per hour.

Today she has a new email password and to prevent another interception, she’s now running SSL email (Ports SMTP 465 and IMAP 993), and my days as a spammer are over.

Follow up: A commenter suggested she may have fallen victim to the Apple bug that disabled SSL and TLS, but I’m pretty sure that’s not the case. I know for a fact she ran non-SSL email at the old host and was unknowingly transmitting her email address and password in the clear at every Starbucks, airport or wherever she went.

Follow up #2: Another commenter noted turning the devices off really didn’t matter because the bad guy had email credentials. That’s correct, but at that point in the trouble shooting process, I was trying to remove as many variables as I could.

Dallas 49’ers?

2014-02-23 12.51.48Had an occasion to return to a town that I lived in back in the 80’s, the town of Addison, Texas. So what’s it like to revisit a town for the first time in 30 years? Honestly, it was like visiting a new town, with new and wider roads, with more and taller buildings, with rows and rows of chain stores and chain restaurants.

One afternoon I was talking to a local and he remarked that yes, Addison had changed “but the original Addison Point Sports Bar” was still in its original location.

The Addison Point? That used to be my Thursday night hangout.

On the last day of this trip, my traveling partner and I had 6 hours to kill before our flights so I asked if we might visit an old haunt from 30 years ago. The place had changed dramatically – Huge garage doors opened to the outside, a island bar spilled into the room, the beer menu was new, but it was still the old Addison Point. Wow!

About our second beer, my friend pointed to a 49’er banner hanging over the rear bar door and inquired “Is that a 49’er banner? In Dallas?”

Then it clicked – I was looking at a 49’er banner in Cowboy country! Back in the 80’s these two teams were huge rivals. Remember “The Catch?”

The bartender was summoned to explain and he said the Addison Point is the Sunday gathering place for 300 of Dallas’ 49’er fans. Now aware of where I was, I started spotting 49’er memorabilia on the walls. The Addison Point wasn’t just one of my old hangouts, it was a little bit of home 1,600 miles from home.

I had a lot of fond memories of the place. Now that I know that it’s in good hands on Sundays, I’ll have even more fond memories of the Addison Point!

2014-02-23 13.36.27

Dangerous Coffee Filters

13189024If you work in aviation long enough, you’re going to come across a multitude of FAA (Federal Aviation Authority) rules and recommendations. The FAA rules and regulations apply to airports, airlines, pilots, flight attendants and even the lights lining runways. Within the FAA is a group called Flight Standards Service (FSS) which defines minimum requirements for safe airplanes, safe pilots and so on. They’re the group that says to become a pilot, you have to do A and B and C. Or to certify an airplane, you have to do D and E and F.

Every now and again, FSS identifies a safety issue and need to take action without running the issue up to headquarters and waiting for bureaucracy to respond. FSS can issue a SAFO, or a Safety Alert for Operators.

Usually these are things that will be implemented in time, but to get them implemented immediately, a SAFO does the trick. FSS has a SAFO page to keep the user community up-to-date. None have been issued in 2014 (yet) but the 2013 list is here.

Did you happen to notice SAFO 13001? “Safety Hazard Concerning Bursting Coffee Filter Packages?”

I don’t know whether to laugh or cry. It’s (apparently) a real problem but I’m a little surprised some common sense wasn’t applied. Wouldn’t a normal person think something’s amiss when seeing “water overflow from the brew drawer and a hissing noise?

And the recommendation? “After the coffee maker has been turned off, brief all crewmembers, and follow appropriate maintenance procedures.”

Yup, brief all crewmembers that a coffee pot is hissing!

Your tax dollars at work!

An “Aw Shucks” Christmas Tale

Stolen from reddit, but essentially …

  • Passengers travelling from Toronto and Hamilton to Calgary were invited to share their Christmas wish before boarding their planes.
  • Airline then sends its “elves” to various stores around Calgary to pick up the items the passengers asked for.
  • Upon arrival at the baggage carousel, passengers were greeted with individual gift boxes containing their personalized “Christmas miracle.”

WestJet, a Canadian low-fare airline, accomplished this heart-warming “Christmas Miracle” with two terrific messages. First, that in these days when we’re bombarded with weeks of guilt-inducing ads about the needy, there’s still something joyous about the season for the common man. Second, that an organization can pull off such a complex plan in such a short time frame shows structure, organization and teamwork. It says a lot about the airline and was pretty impressive!

Even brought a smile to this old Christmas Scrooge.

DIY Fusion Drive

FusionDriveSeveral days ago I was adding a second drive (a speedy SSD) to my Mac Mini. After it was reassembled, the OSX 10.9 Mavericks install drive inserted and restarted, I navigated to disk utility to format the old HDD and the new SSD prior to installing Mavericks. An error message appeared indicating the “Fusion Array is broken” and “Should I repair it?”

A “Fusion Drive” is two physical drives and software, a) a logical volume manager that spans multiple disks into a single volume, and b) the piece that Apple is really proud of, a tier manager that manages data transfer and storage between the speedy SSD and laggard HDD.

After responding “Yes,” Mavericks created its Fusion Drive and installed itself. Fusion Drive introduces a small speed degradation, but it’s minimal for the work I do and the single volume architecture is a nice feature.

While pleased about the Mac Mini, I had never seen this behavior on the older iMac. It has an SSD and HDD but they’re two stand-alone drives. Why didn’t it “fusion” itself like the Mini? A little Google-ing provided the answer.

Initially, one of the iMac’s existing drives refused to unmount preventing the fusion initialization from running. The solution was to boot the iMac using an Ubuntu Live CD and forcibly unmount and repartition both disks. That had the undesirable effect of erasing the Bluetooth pairing information Apple keeps in a hidden disk partition, but an USB keyboard and mouse remedied that. Old School!

Today both Macs are “fusioned.” Fusion isn’t a cache or hybrid disk with a tiny SSD. It’s more like Intel’s SRT except that Intel manages small blocks while Apple manages whole files. I could see a drawback if I ever work with 4G files (Apple’s protection area) but that’s unlikely to happen anytime soon.

DIY Fusion.

Just like Obamacare

Healthcare.orgEarlier this year, an aviation conference (NWOC) I’ve attended the last few years lost its organizer. Figuring I could get free admission and maybe make a few bucks on the side, I corralled a friend and together we offered to coordinate the conference – Advertising, website, registration, accommodations, catering and even welcome gifts. Everything!

Today, we’re two months into the activity, the convention is about three months off, and in spite of a number of start-up challenges, things are running relatively smoothly now. Except that …

… a phone call came in complaining about the miserable website and confusing registration system! Over two calls, the caller expressed three problems:

  • His phone cord wasn’t long enough to let him receive instructions over the phone while on his PC, and
  • The system asked him to create a password made up of letters, numbers and special characters. He had no idea what a special character was, and
  • The system wouldn’t take his payment because it kept asking for a CVV and he didn’t know what a CVV was.

Eventually he got it all figured out (like the 60 people before him who didn’t experience problems), but then he decided to post his experiences on a public forum:

http://eaaforums.org/showthread.php?4512-NWOC-schedule

My favorite part?

I think they got the same firm that designed the Obamacare website to design this one.

While the press loves to dumb the problem down to the website, most informed people know the problem isn’t the “website,” but the hundreds of different federal, state and local databases the website has to access to determine eligibility. All those databases are written in different languages for different computers and are a huge challenge to interface to. They’re the nightmare. The “website” itself is actually quite well structured and coded. It’s good work!

So I think I’ll take it as a complement that my website is as good as the Obamacare website!

50 Years Ago

50thPleasant Hill Elementary School
Pleasant Hill, CA
Mrs. Combs 4th Grade Class

It was late morning when an announcement came over the public address system, but instead of a gong indicating start or end of class, it was the principal telling us what had just happened in Dallas. Mrs. Combs, with very measured words and tones, tried to turn it into a learning experience.

There might have been a sense that something was wrong, but it was soon lost on these fourth graders who instead focused on being released from school early that day!

Just remembering.

My Drupal Love/Hate Relationship

DrupalLogoIn July of next year, PHP 5.3 will go End-of-Life. Before then, many security conscious hosts will upgrade to PHP 5.4, which, by itself, isn’t a big deal. Unfortunately, PHP 5.4 will break all Drupal 6 installations … and here’s the problem with that … I still have quite a few Drupal 6 installations.

Drupal 7 has been out since early 2011, is currently on version 7.23, and most of the external modules webmasters use have Drupal 7 versions. Matter of fact, even Drupal’s own site (drupal.org) was recently upgraded to Drupal 7. So, with the PHP 5.3 deadline a mere seven months away, it was time to start the upgrade process.

There are enough module differences between Drupal 6 and Drupal 7 that a site with any level of complexity will frustrate Drupal’s built-in “Upgrade” program. After several failed upgrades, it was time for a new plan.

The first upgrades, which were really complete rewrites, were the simple sites that just used the basic Token, Path, Analytics, jQuery, Webform, ckeditor and such. In the end, I also had to relearn Views and jCarousel, but most of these sites upgrades were just a lot of cutting, pasting and reformatting.

Another stumbling block were the website themes. While Artisteer, my theme engine of choice, offers to output both Drupal 6 and Drupal 7 code, nothing was drop-in – There were a large number of CSS edits – Another learning curve.

Next came sites with databases. While Drupal 7’s embedded CCK was similar to Drupal 6’s module CCK, virtually all the field types changed – More learning. But nothing was as challenging as sites with photo albums.

Drupal 6 offers a wonderful Image module that includes the necessary content type definition, a simple upload functionality, and predefined Views for the actual gallery. For Drupal 7, there are a host of modules with more functionality, Node Gallery and Brilliant Gallery come to mind, but both featured more features (and complexity) than I needed for simple, hierarchical photo albums. NG also required five other modules to get it to work (and five more modules to configure), while BG bypassed Views altogether and replaced it with inflexible and hard-to-theme outputs.

In the end, I ended up with Media Gallery which supports all kinds of things I don’t need (Picassa import, individual galleries), but does the rest pretty straight forward. I don’t like that it doesn’t support hierarchy, although I’ll bet when I have some time I’ll find a way using taxonomy, and that its preferred lightbox solution is the boxy colorbox. Neither of those are show-stoppers, and as least I have a solution going forward. And Media Gallery does have a nice upload function, something that Image didn’t have.

The last Drupal 7 function I’m going to have to relearn is transaction processing. Uberkart, the preferred Drupal solution, is hard enough to learn and configure, so having to go through the process a second time for those sites with transaction capability is not something I’m looking forward to.

Only eight sites remain to be upgraded to Drupal 7. And I still have seven months. Word is that Drupal 8 will be released within the next several months, but given how long it takes modules to be updated, I suspect these Drupal 7 sites should live for 3-4 years. I hope!