Archive for December, 2006

whaddaya know, I’ve got minions

Multiple volunteers. You all rock. Thank you.

the most dangerous game

 
I would have sworn this was a hoax if someone had just told me about it over coffee, but here it is on nationalgeographic.com:

Militia OK’d to Shoot Poachers in Africa

In an effort to save the last large piece of pristine savanna in Africa, a band of Wyoming conservationists have received permission from the president of the Central African Republic (CAR) to raise an anti-poaching militia to patrol the eastern fourth of the Texas-size country. Led by Bruce Hayse, a family practitioner from Jackson, the group intends to drive out marauding gangs of Sudanese poachers who are rapidly decimating the region’s wildlife and terrorizing villagers. The conservationists have been given shoot-on-sight authority. (—More—)
Uh, holy crap.

I gotta say… if I were ever diagnosed with something terminal, that sounds like an excellent way to spend my last few months.

the worst hotel room in north america

 
In March of 2006, my girlfriend and I went to Rochester, NY, to visit some friends who were throwing a party that weekend.

Normally when we visit these friends, we stay at the “Towpath Motel”, which is a perfectly functional and well-maintained road lodge that is conveniently only a few blocks from our friends’ house.

This time, however, the Towpath was sold out, as was the nearest name-brand hotel, so we booked a room at what appeared to be the second-nearest option, another motor lodge called the “Aloha Hotel.”

Ladies and gentlemen: you do not want to stay at the Aloha Hotel in Rochester. I am not exaggerating in the slightest when I say that I have stayed at backpacker hotels in third-world countries that were cleaner, friendlier and better-maintained, not to mention better-smelling.

What follows is a quick tour of the many amenities offered by this fine institution, in the hopes that they will instruct you on the wisdom of making a timely reservation at any other facility, or just bringing a tent and a sleeping bag to the nearest national park, state park, city park or convenient overpass.

Sadly, the photos cannot convey the odor of stale sweat, cigarette smoke and institutional cleaning products, but if you douse a used sweatsock in ammonia and leave it in the corner of the room while you browse, you’ll just about have it.

qmail considered harmful in default configuration

 
First, a slightly belated update: the spam flood to my server has been stopped in its tracks. Email and web services are back to normal, for localized values of ‘normal.’

Now, a small statistic, followed by a rant. This is high geekery; everyone not interested in hearing me gripe about mail servers should probably skip it.

Since this Thursday afternoon (when I finalized the new configuration), there have been 23,540 attempt to deliver mail to my mail server that were not pre-blocked by the spamhaus.org or sorbs.net antispam blacklists. Of those attempts, 19,166 of them were attempts to deliver mail to addresses which do not exist. Either they were “dictionary spam” (in which the spammer goes through a list of common first and last names, and attempts to deliver spam to every possible name@domain.com), or “bounceback spam”, in which the spammer invents a fake address at someone else’s domain and forges that as the sender of the spam, so that any complaints or bounces go to the forged address instead of the spammer.

For those of you without a pocket calculator in the audience, that means that 81% of the emails sent to my mail server were to addresses that never existed.

This would merely be cause for hilarity, except that a design flaw in qmail, for years my mail server of choice, turned it into a complete debacle.

You see, the stock distribution of qmail does not validate the user portion of an email address until after the mail is accepted. In plainer English, that means that if you send mail to bob@blank.org, and I’m running qmail on blank.org’s mail server, qmail will happily accept that mail even if there is no such user as “bob”. Even if that mail is spam. Even if that mail contains a 300k image file. Even if that mail is spam and contains a 300k image file. And then, once qmail finally realizes that there is no Bob, qmail generates a new piece of email, a bounce message destined for the original sender, letting them know that the message wasn’t delivered, so not only have we spent time, disk and network bandwidth accepting a message that we never wanted in the first place, but we’re then going to spend MORE resources sending out an alert, quite probably to a sender address that was forged by a spammer in the first place.

Multiply that by thousands to millions of bogus messages a day and you have a problem. Add on top the CPU and disk utilization required by any minimally-responsible set of spam- and virus-filtering tools (spamassassin, crm114, clamav, etc) and you have a disaster. I run a very small mail server — a handful of domains, less than 20 users, less than 10 mailing lists — and the increased system and network load caused by accepting all of that bogus mail essentially took me off the air for a week, and came perilously close to blowing my ISP’s network quota and thus costing me quite a bit of money.

This was a defensible design decision in 1996, when you couldn’t sneeze without uncovering a new buffer overrun in sendmail, and massive email spam was a distant thundercloud on the horizon. Today? Not so much.

Luckily, this is a problem that has been solved a few times now. The qmail-validrcptto patch is probably the simplest way for most qmail administrators; if you’ve got some horribly abstruse setup going, it might be easier to use the qmail-spp plugin patch and write your own validator for the RCPT stage. But whatever you do, you should fix the problem: if you’re running a stock qmail or netqmail right now, you are acting as a spam amplifier whether you realize it or not.

ladies and gentlemen, Ms. Mary Cyn

Better late than never.

 



Using flickr for this gallery, since I shudder to imagine what my bandwidth bill would look like if I started hosting these shots on my own site.









last one of the night, I promise

One night in early October, I got off the nerd bus at 24th & Mission to see that a bit of a crowd had formed. What they were watching was a dance recital…

…on the side of a building. A completely vertical building, on the wall over a suddenly-incongruous take-away Chinese restaurant.

It turned out to be The Live Billboard Project by Flyaway Productions, who apparently do this sort of thing on a regular basis. Have I mentioned that I like my new neighborhood?



Once again… low light and people in motion, so some of these turned out better than others.

the day of several days after the day of the dead

Fruitvale, CA, a town just south of Oakland in the east bay, held its Day of the Dead celebration, allegedly the largest outside of Mexico, on November 5th, 2006, which was technically several days after the actual Day of the Dead, but conveniently a Saturday so that we could actually attend. We were joined by and .















squirrel, grass, apples

This one goes behind a cut because it’s a little gross. If small dead animals (no gore, just a dead critter) wig you out, move along.


One afternoon quite recently, I was standing on a street corner in Mountain View, waiting for my bus, when I noticed something small and furry at the base of a nearby tree, not moving. Walking toward the tree to investigate, it became very obvious that it was a dead squirrel, who by the looks of him had fallen out of the tree. Lying about three feet from the ex-squirrel was a half-eaten apple, which was strange enough (understand that both squirrel and apple were lying on an otherwise spotlessly groomed lawn), but when I got close enough to the tree, I immediately spotted another dead squirrel, lying on the other side.

Needless to say, I gave the apple a wide berth. You don’t fuck with the queen of the squirrels.


the photoposting deathmarch begins

This one will pretty much only be of interest to friends & family, so it goes behind the cut…