My name is
David Robins:
Christian, lead developer (resume), writer, photographer, runner,
libertarian (voluntaryist),
and student.
This is also my son David Geoffrey Robins' site. He has been abducted for 2243 days.
Fail2ban succeeds
News, Technical ·Friday May 10, 2013 @ 18:40 EDT (link)
Fail2ban is a utility written in Python that scans log files and, if it finds authentication or other failures over a given number of attempts, it will ban the host for a specified time.
Fail2ban comes with a number of filters (files defining regular expressions to match in log files, and how to extract information such as the host name or IP address) and actions (such as sending an email notification or adding a ban via iptables). It works pretty well out of the box; I just had to point it at my log files, and configure it to ban attempts in the Postfix (mail) and SSH logs. It is set to email me when it adds bans (status can also be checked via the command-line fail2ban-status tool).
Fail2ban "just works", with minimal configuration; it does what I needed. We were getting a number of SSH attempts, and someone was relaying mail using an apparently-guessed password, even though it was of reasonable strength. This will make it difficult for (non-distributed) password guessing to guess many before being blocked (currently for an hour). I'm seeing a handful of bans a day at this point. Great utility; two thumbs up.
DEFCAD mega pack 4.2 download
News, Technical, Political, Guns ·Thursday May 9, 2013 @ 18:47 EDT (link)
Sometimes it becomes a moral duty to distribute information, in the name of freedom of speech and in the furtherance, one hopes, of other freedoms. This is such a case, and everyone should be mirroring this file or seeding it. Perhaps those that have no access to defense due to repressive states will gain some measure of freedom.
Defense Distributed's DEFCAD mega pack 4.2: [download no longer available, see below]. Torrents also available (don't kill my server).
Update: Downloads have, indeed, been slowing down our Internet connection quite seriously; so I'll let the ones running finish and then, sorry, you'll have to download via BitTorrent instead (the torrent is very well-seeded). I think I've distributed enough copies to help out with the effort.
Praise where due: Villas at Gateway, Pinellas Park, FL
News ·Wednesday May 8, 2013 @ 20:03 EDT (link)
Far be it from us to withhold praise where due; and perhaps it is rare enough that even though doing the right thing should be expected, it is still worthy of positive mention.
Honey wrote up our experiences with Avalon at Bear Creek apartments in Redmond, WA, which were not good at all: they stiffed us as much as they could when we left, and moving out of the area we were in no condition to fight (nor would it have been worth going to court, I'm sure, anyway, even if we had a hope, or even of getting our credit dinged). They had us over a barrel and took advantage, and I hope people will read about it.
On leaving our apartment at The Villas at Gateway in Pinellas Park, FL, we arranged for a move-out inspection right after the moving truck left. The regular maintenance guy, Tracy, was unwell (when we called later he was better), but they had someone up from one of their (Greystar's) other properties, Ron, who did the inspection. He didn't take long—there wasn't much to inspect—and said we were fine, and left.
We expected normal cleaning costs; due to good credit we hadn't paid a security deposit, but they did have rent to the end of the month which they could have kept, but in fact they charged nothing and refunded a portion from after we left around the 20th. Which makes sense: part of rent, after all, is the cost of normal wear and tear on the place rented, and we hadn't damaged anything.
So if you're in Pinellas Park, you can feel good about renting at The Villas at Gateway. We were there about a year and a half. (It shouldn't need to be said, but we have no financial interests or affiliation with Greystar.)
Samsung Galaxy S4
News, Technical ·Tuesday April 30, 2013 @ 22:15 EDT (link)
My Samsung Galaxy S4 phone arrived today; they really did send it overnight as promised, even though the estimated arrival date was the 6th. So far I am very happy with it, although there was a slight glitch with T-Mobile showing the phone with no data plan at all rather than the unlimited one I had selected; but that was fixed (while at the Wild Ginger on 116th restaurant tonight enjoying the first sushi I've had in a long time). At home I was on WiFi, and it didn't show that I didn't have a data plan until I checked at the restaurant (I wanted to search for Yelp reviews).
Given that the last time I had a cell phone was around 2003, in Memphis (it was stolen and Verizon wouldn't use its GPS to locate it and required me to pay out the contract, souring me on cell phones for a while), and that that one wasn't "smart" at all in comparison, this phone is a wonder… I'd like to experiment writing some apps for it, which apparently is fairly simple to do on Android (one reason I didn't get an iPhone, although I have to suffer with a Mac (Mini) at work for my sins).
When I called the T-Mobile local store yesterday, they didn't expect to have the phone until the 15th, which is another reason I was especially surprised to hear from Honey that it had arrived today. Fun toy, fun times. I need to get a case for it.
Books finished: A Prisoner of Birth.
Bounce, spammer, bounce
Technical ·Thursday April 25, 2013 @ 22:42 EDT (link)
When I was first in Florida—the weekend I interviewed at Freedom Scientific, in fact—I visited and spoke with realtor Charles McCann in downtown St. Petersburg (islandconsultinginc@gmail.com). He was friendly, although it turned out he didn't deal in the type of properties we wanted (acreage) nor location (would be across the "Sunshine Skyway" bridge); but he had signed me up for notification emails for a certain property search criteria, and we got occasional notifications*, which was fine. I even let them continue after we were fairly sure that if we were to buy a house out there, we may still be interested in something in the areas he dealt in. But after moving to Indiana, we were still getting automated mails (which was fine; how could he know), so I replied back to the (above) address, which I think was the same as on his business card, asking to be removed from the list because we had moved, and thought no more of it. But we're still getting what, now, I consider spam.
So I hit it with a big Postfix hammer: smtpd_recipient_restrictions, using check_recipient_access to reject his address via a table created by postmap. Quite convenient, even though it's not per-user. The email will be rejected by the SMTP server:
554 5.7.1 <islandconsultinginc@gmail.com>: Sender address rejected: Access denied
Usually I create a separate email address for everyone that gets my email address, unless I'm fairly confident they won't spam it (it's also good for determining who sells addresses to whom: if an email from spammer X comes from xyzcorp@domain.com, I can be pretty sure XYZCorp sold my address). But this time I didn't, probably because I didn't know if I could create the address before the first mail would arrive.
Hopefully Chuck, or his automated system, will get the message.
* The mails really were only occasional, most of the time, versus now where sometimes we get several updates a day for our Indiana search (from realtor F. C. Tucker), I suppose because prices etc. change a lot in the search we gave our realtor. This is fine: I asked for them, and I trust they will stop if requested.
Kitchen unpacked, laptop battery dead
News, Technical ·Wednesday April 24, 2013 @ 17:38 EDT (link)
It's been a difficult few days of maneuvering around boxes, since the big truck came Monday with the bulk of our things—the tall wardrobe boxes in particular—but it's great to have our bed rather than sleeping bags. We just finished unpacking most of the kitchen, and getting the boxes out of the way. Our kitchen passes through to the living room and hallway, which is convenient. There's plenty of storage here—we have a really long storage room next to the living room (first part is a coat closet, then it goes way back), and an outdoor storage room off the patio, and a pretty large garage.
Since we'd like to entertain visitors at various times, we're laying things out with more space than in Florida, where our living room was rather crammed up and looked it. We threw out a lot of unnecessary clutter in Florida, and some more here (I went through my collection of cables and computer cards—USB, power, Ethernet, etc., tossed out more than half, and organized the rest), and things we need to keep but that won't be useful here (e.g., the lawnmower, silver, garden tools, and even my desk) are packed away out of sight. The second bedroom is quite livable (in Washington I had a desk out in it and the bed was crammed in next to it), although it does have the piano in it, and the dining room, which connects to the living room, has a couple comfortable couches in it.
My laptop (HP Pavilion dm4) battery finally died. I knew it was failing, but wasn't sure if it would complain forever or give up the ghost. Fortunately, I had purchased another (HP MU06) in case of the latter, and was ready and it's ticking merrily along again.
Books finished: As the Crow Flies, The One Minute Manager, Fast Company's Greatest Hits.
Giving up on qmail, switching to Postfix
News, Technical ·Thursday April 18, 2013 @ 23:31 EDT (link)
The final tipping point switching me from the venerable qmail was the inability to (easily) relay through an SMTP server that required authentication (as our new ISP, Comcast, does). There is a qmail-remote-auth patch, but it doesn't apply cleanly to Gentoo's netqmail-1.06 (the latest), and I just don't need one more thing to manually update, even if I had wanted to manually apply the patch once, which I didn't. Qmail has just grown old and not been well maintained.
Postfix so far has been a delight; easy to set up by perusing main.cf, running newaliases, and ensuring the sasl_* commands are set for SMTP authentication. Sending works (via ISP relay); receiving seems fine after a local test, but Comcast won't unblock port 25 until tomorrow, so I can't be sure about actual remote mail until then.
Update, 20130420 midnight: Comcast finally unblocked port 25 after a second request; mail has been flooding in (we will still likely switch to AT&T U-Verse business, because it's close to the same price, no installation fee, no ports blocked, and Comcast said port 25 may be blocked again if the modem resets, even from powering off, or if they send an update signal). I also checked to make sure my configuration wasn't accidentally set up to relay anything it shouldn't using MailRadar's open relay test and it passed everything as expected. I also used to have a .qmail file that filtered messages through maildrop, which it seems needs to be setup via .forward for Postfix (or other methods); it was simpler than the example, which didn't work (didn't like ${user}); simply putting |/usr/bin/maildrop in .forward worked fine, since Postfix's delivery agent is already seteuid to the right user.
It still remains to get my spam classification working again, and a few automated mail programs.
Update, 20130420 afternoon: Re-added SpamAssassin using these directions; pretty simple; I already had spamd setup.
Arrival in Indiana
News ·Wednesday April 17, 2013 @ 16:35 EDT (link)
For the last week or so we had been packing up the apartment (fortunately we were month to month in anticipation so had no lease to (pay to) break); the big wardrobe boxes we got from the last move (also with Moovers, Inc.) were very helpful, and we were much better prepared and packed, which meant the movers, when they arrived at 0800 Tuesday, were able to finish much faster: they were easily done before noon (the driver, Frank, hired three others: Freddy, his brother Jason, and Paul). When they left, we got lunch and I finished a library book (Poul Anderson's Brainwave), and returned the rest of our books; we came back to do the apartment move-out inspection at 1500, then packed the last items in our cars and headed out, stopping to the cable modem to Bright House, and get Honey a new driver side brake light bulb at Jiffy Lube.
We made it past Atlanta, and at almost 0300 Wednesday stopped at a rest area near I-75 mile 308 to sleep until 0800. Then we pushed on to Fishers, IN, in dire need of shave, shower, and sleep. On arrival at around 1630 we signed the lease papers and unloaded various items from our cars, which had been packed with things deemed too important to leave to the movers: mostly computers and firearms, and sundry other valuables as well as items we wanted to have while waiting for the big truck: sleeping bags, pillows, blankets, a few plates and cooking utensils, camp chairs, etc.
After we had cleaned up a little, we went out to eat—Five Guys, for the first time ever, even though they did have them back in Florida. Carried more stuff in from the cars and moved it around. Crashed hard.
Thursday we ran a few errands: went to the library to stock up on books, stopped by the police station to find out about concealed handgun permits (expensive, especially for something that should never cost anything or even be necessary… but they have "lifetime" permits), got some groceries, and got back in time to get set up for the Comcast Xfinity Internet guy to arrive at around 1700. (All in all, the servers were down for only about two days, which is a record for a move; although email will be down until they unblock our SMTP (port 25) tomorrow. They also practice the evils of MAC-address affinity so I had to clone the address from my laptop.)
Everything looks good… little rainy, but with books and Internet we can handle it. Looking forward to starting work on the 29th.
Books finished: The New Manager's Starter Kit, Brainwave.
Last day at Freedom Scientific
News, Work ·Friday April 12, 2013 @ 17:47 EDT (link)
Today was my last day working at Freedom Scientific (interview post, a year and a half ago). A few weeks ago I accepted an offer for a new job as a lead engineer (more about which later) and resigned from my position as a Senior Software Engineer with the standard two weeks notice. My boss took the resignation well, and his boss, the VP, was only concerned that I was going to their competition, which I am not (whole new field, although the line of business was certainly interesting). Yesterday some co-workers took me out to the Brazilian Steakhouse for lunch, a true meat-lovers' paradise.
Coming from Microsoft, it was somewhat refreshing to be back in a small(er) company atmosphere, with the biggest difference that there are a lot more different things to learn and do. For example, I taught myself WiX (Windows Installer XML)—become rather expert, in fact; I worked on setup packages, wrote a (virtual) printer driver, worked on a camera driver, and designed and built features for a couple of (related) applications, WYNN and OpenBook.
I also attempted a few initiatives, with limited success: an object model for WYNN (both so it could be extended as a platform and for automated testing, which was sorely lacking); memory marking (based on ideas, but no code, from Word; using Visual Leak Detector, in fact); and developer talks, which, after about six months delay from inception, were about to start (and I hope still proceed). I wrote a lot of utilities in Python (and a few in C#) to generate code or automate tasks, including one that would have been able to replace a scary custom build system (and make it possible to complete entire build much faster and on developer machines). I am not going to hash negatives here; there was a lot of good from my experiences at Freedom Scientific; I worked with some excellent developers and testers, and clearly had, most of the time, a decent degree of autonomy to get work done, and even some extra items, while meeting my schedules. I hope, if it is applicable, I will have more ability to further such initiatives, such as automated testing, at my new position.
I will certainly miss the weather here; it's beautiful and I'll miss wearing shorts and T-shirt in February and the white sand beaches.
We have two weeks now for the move, and have been packing every night—all the books are done and most clothes and much of the bathrooms and between, with a few essential/valuable items to be transported in our cars. Old services are set to be canceled and new to begin (still concerned that I can get the Internet provider to unblock port 25 inbound, which they have the unsavory reputation of blocking, but most have had good experiences). We should be loaded up (Moovers are our brokers, using National Van Lines) on Tuesday, do a move-out inspection, then drive up to our new place in Indiana, which we picked out on a loooooong weekend drive last weekend.
Adios, Florida. We'll miss you, but not your insanely extortionate license fees.
Books finished: The First 90 Days, Elminster, Code Complete, The Art of Multiprocessor Programming, 365 Foolish Mistakes Smart Managers Make Every Day, How To Win Friends and Influence People.
Trip to the Florida Keys
News, Bad Drivers, Photography ·Sunday March 24, 2013 @ 13:35 EDT (link)
We took a trip to the Florida Keys this weekend, since we'd never been. It was a nice enough experience, but we probably wouldn't do it again. The beaches aren't as nice as the local ones, like Fort de Soto, and it's very touristy, crowded, with all the requisite bad drivers and flim-flam merchants ("SANDAL FACTORY OUTLET!", street vendors hawking crap—I have nothing against street art, just crap), all overpriced and rather tawdry. It's not my kind of vacation and you're not missing much to skip it (and the whole Miami mess, for that matter).
We left Friday evening after I got home from work, and stayed at the Homestead/Miami South Hampton Inn, getting up around 0800 and leaving after the complimentary breakfast. We decided to drive straight through first to spy out the land, all the way to the end of US-1 in Key West. Traffic wasn't too bad, although at points it's down to a single lane and you're at the mercy of the slowest person ahead. The views were beautiful as we drove along, especially when the road curved and it was possible to see beaches and homes on the shore.
We stopped at Higgs Beach in (the town of) Key West (free parking) to get our bearings (and a little earlier at a visitor center to pick up some spam with a few useful maps embedded), and walked around the beach and went into the water for a short while. The Joe Allen Garden Center at the West Martello Tower, maintained by the Key West Garden Club (for donations) was nearby; a real hidden gem and I'm glad we had the chance to go in and walk around a little. I even went back to the car and got my macro lens (105mm AF Micro-Nikkor) to take some better closeups of the various flowers (included above; hover over the picture for navigation/expansion controls; requires Javascript). It was a beautiful day for it, and even without a tripod I was able to get some good shots at f/8 and above.
We stopped for lunch and then drove back along the main highway to Anne's Beach, a small beach a little ways off the road, also rather rocky and with coarse-grained sand like Higgs, so we didn't spend a lot of time; got in the water, swam a little, avoided the seaweed, then continued back. We were on the lookout for key lime pie on the way back, and found Mrs. Mac's Kitchen ("Eat well, laugh often, live long") where we had key lime martinis (I didn't expect them to be so frozen) and I had (my first) slice of key lime pie and Honey had peanut butter pie.
After that we were pretty much headed right back; it was getting late, and we had many miles to go… we got a little snarled up around Miami but got home around 0200 Sunday.
Books finished: Dinosaur Brains, A Fine and Private Place, The Art of Readable Code.
<Previous 10 entries>
