Fnord.

Gotta transfer DNS from UltraDNS (now costing $50/month!) to EveryDNS.net. Not gonna be simple.

Wish me luck…

Update: Here’s why I’m moving. My UltraDNS contract is for 10k queries/month, and we’re getting 10 times that. It’s not showing up on the page views, so I’d guess it to be spammers.

Update 1/9/08 2:30PM: Update in progress, we have to wait for Network Solutions to update the root, and also for everydns to update their databases. Expect DNS errors for a day or two, sorry.

PS Yes, I donated to EveryDNS. Karma is good.

Update 1/10/08: Done! It works! A-maze-ing.

From HPWREN, a new set of cameras capturing 20-megapixel (!!) images of the city and view:

Wow. For those of you still in the depths of winter, feel free to click through and see the awful conditions here.

First off, a nice paper that talks about how Amazon builds their system to be scalable and reliable.

(I blogged about a related item not long ago)

Next up, a bit of very good news. I’ve been bummed that the brilliant (and I do not exaggerate) Google innovation of ‘map-reduce‘ for parallelism is proprietary. As in, I can’t look at it, try it, deploy it, etc. Ditto for GoogleFS and BigTable. Bummer, that, but it makes corporate sense.

Today, I found the Apache Hadoop project, which as far as I can tell explicitly recreates map-reduce and gfs! This pic is from their site:

What’s more, it’s not a toy project either:

Hadoop has been demonstrated on clusters with 2000 nodes. The current design target is 10,000 node clusters.

The filesystem is similarly designed:

The Hadoop Distributed File System (HDFS) is a distributed file system designed to run on commodity hardware. It has many similarities with existing distributed file systems. However, the differences from other distributed file systems are significant. HDFS is highly fault-tolerant and is designed to be deployed on low-cost hardware. HDFS provides high throughput access to application data and is suitable for applications that have large data sets. HDFS relaxes a few POSIX requirements to enable streaming access to file system data. HDFS was originally built as infrastructure for the Apache Nutch web search engine project. HDFS is part of the Apache Hadoop project, which is part of the Apache Lucene project.

Killer stuff! I’ve lost track of some of this stuff, but had read on the Register about an update to IBM’s GPFS that also sounded cool. It’ll be interesting to see which is more advanced, but I’m delighted that distributed computing is once again a cool and happenin’ thing.

Hmm, it looks like Hadoop is a) Java-based and b) designed for single-computer installs, so I don’t need monster hardware to play with it:

By default, Hadoop is configured to run things in a non-distributed mode, as a single Java process.

Right now, my home ‘net has a Linksys RV042 firewall/router:

backed by an 8-port SMC switch that I quite like:

I’m happy with both, and today found that Linksys has updated the RV042 to the RV4000 (product link), which updates the ports from 10/100 to gigabit:

With jumbo frames! (Read this page to see why you should care about ‘em.)

Very nice. Solid router/VPN plus 4-port gigabit, one less device to deal with. Hmm. Right now I have more ports in use:

1. VoIP hardware phone (Grandstream BudgeTone 102)
2. SIP <-> analog bridge (Sipura/Linksys 3102)
3. Debian server
4. Printer
5. Wireless AP
6. Network camera
7. Router uplink
8. Open

Hmm. Not easy to drop four of those, so maybe I’ll have to wait for the 8-port version. If you need 4 or fewer ports, the RVS4000 looks most excellent.

Via TupleShop, a nifty tool for watching and searching network traffic on the fly, the logically-named ngrep. Here’s a screenshot of it in action, where I watch HTTP traffic as I load up the main blog page:

 If you need it, it’s very cool. If not, please go about your business, nothing to see here.

As Terri noticed, there’s a new sidebar on the website. I got it installed last night, but due to the downtime I haven’t posted about it yet. It’s a bit of a tale…

Late last week, in a historic moment, I sold my Blackberry 7290 to a co-worker. Yep, an era has passed, and life is simpler now. Then again, I may get another one, or maybe an iPhone if I stumble upon a pile of small unmarked bills.

Post-sale, I had thirty bucks burning a hole in my pocket and was at the campus bookstore. I happened to see the Nike+iPod kit, and voila! Money spent, happiness purchased, a new gadget to play with. (I also spent ten bucks on a generic sensor holder, so I don’t need special shoes, but don’t tell Chris that.)

The kit is an amazing thing. Check out the review on iLounge for details, but the basic idea is that you have a sensor in your shoe:

which sends acceleration data to a 2×3cm sensor that attaches to your iPod nano:

Wireless, baby!

Once you get back to your computer, iTunes sends the run data to Nike’s servers, where they have a bunch of Flash applications that use it. You can plot runs, compare goals vs performance, compete against others around the world, etc, etc. All very nifty, and it still amazes me that the cost is thirty bucks! No use fees, either, just the one-time.

While reading about it, I found the Nike+iPod plugin for Wordpress. It, very cleverly, can download your data from the Nike servers and display it in Wordpress. It even uses the GD library to plot speed versus time!

A reader who knows me might well observe the spectacularly useless nature of all this effort and complexity…since I don’t run. To such a reader, I would reply that this entire weblog (Anna pages excepted) is a veritable monument to the spectacular and the useless, all the more better if combined.

My current plan is to use it for my shuttle walks. It’ll be thrilling data, you can be sure. I still need to calibrate the sensor for my stride length, so the current data is erroneous by an unknown amount. I would guess that the distances are too short, given that I have a longer stride than average. We shall see.

I am really tempted to send a couple of these out as gifts to the walkers in the family. Competitions would ensue, friendly ribbings and other such fun. Hmm… some of ‘em even have Nanos already…

For more info, check out the iLounge review. You can get the kit everywhere; I’ve even seen it at Nordstrom’s in the mall.

I’ve had a lot of people trying to use my wireless network of late

Sidebar: The Airport Extreme can send log messages to your Unix box via the syslog mechanism. Check out ‘Base station options’/ ‘Logging/NTP’ and ‘Send base station logging to’

I also set the LED light to blink for traffic, as I find that more useful than always-on.

See this page for syslog setup on Debian.

and I’ve been trying to close down the hatches. I’ve always used MAC filtering, so they couldn’t get on, but someone keeps trying. Given the rapid repeat, its certainly automated or just OS stupidity, but it annoys me.

Plan of attack:

So. First problem is my version 1 Squeezebox.

It’s been trouble before, but I don’t have the dosh to upgrade to the much-nicer v2 or v3. It’s WiFi is B-only. Fortunately, I had a Linksys WRT54GS spare, and had previously setup one as a bridge.

Since I wanted to put images in this post, here’s a pic of one borrowed from the Wikipedia page on it:

I found a slightly better set of instructions for bridge mode on AnandTech, and managed to get it working. I found that the newer Talisman firmware worked better than the Alchemy release.

Sidenote on firmware and Sveasoft: I am a former subscriber to Sveasoft, and have paid for a year of access. This time, subscription having expired, I downloaded the ‘Freeman’ version from this page instead, which lacks the ultra-stupid MAC-based copy protection. I am fairly certain that Sveasoft has bent or broken GPL on this, and FWIW the Freeman version is working well. Rant over.

After you do all the setup (subnet, DHCP, client-mode wireless) there’s just one real gotcha - to get it to work, you have to enable ARP proxying on the Linksys. There’s no way to do this from the web interface, and the setting is erased if you reboot the router. So you have to

echo 1 > /proc/sys/net/ipv4/conf/`route | grep default | awk '{print $NF}'`/proxy_arp

Messy, eh?

Once I had that figured out, I wanted to enable encryption. WEP is no good, so I wanted WPA or WPA2. I’m using an Airport Express which supports all of the above as my base station. Gratuitous picture:

However, the Freeman firmware pages use different terminology than the Apple admin program, so I had to google a bit. This page and this one got me going. You have to

Now, while it reboots, go to the Freeman firmware and select ‘WPA-TKIP’. Enter same key, reboot, do the SSH ARP voodoo above, and you’re good to go.

(You also have to go around to all your laptops and enter the key into their setups, but that’s much easier.)

Once I did this I hit the next problem: Slimserver is not working. I spent hours thinking it was the bridge setup, which was reasonable given the number of places you can make mistakes, but it isn’t. For some reason, the current release in debian unstable is borked, and the symptom is that the web interface never loads. You can connect to the port ok but you get no content. I erased the contents of /var/cache/slimserver/MySQL and restarted it, but got the same result.

Oddly, the web interface was working while it rebuilt the database, but somewhere in that process it Just Stopped. No error log that I can find, no errors in /var/cache/slimserver/mysql-error-log.txt either. I’m at a loss.

The other problem that I have is probably my error - I can’t load the Linksys web interface unless I’m cabled into it. I enabled the remote admin, but it may be subnet-related or such.

I really wish that the ARP proxy setup was a) permanent and b) web-interface-settable. Yeesh.

I also am a bit peeved at Slimserver. It’s the program single most likely to break on a Debian dist-upgrade.

Ahh well, maybe with G-only and WPA it’ll cut down on the neighbors trying to associate with my base station…

Update 8/19/07: Squeezebox got updated and appears to stay up now, so I’m reopening this one. Fixed the missing anandtech URL, sorry. I should also note that the WPA+G change did remove the slowdowns and associations — hooray! Now tackling the ARP proxy and such. Post to follow!

From the new firewall’s syslog:

Wed Jun  6 17:26:05 2007
RGFW-IN: BLOCK-SYNFLOOD (TCP 76.171.170.53:34556->204.128.136.1:80 on ixp1) [200,0]
Wed Jun  6 17:19:22 2007
SYSLOG_NK-(System Log)Mail sending to [redacted] successfully !

Seems like the box think’s there’s a SYN flood attack, which is a particular type of denial of service.

False alarm? Occurring all along and just now visible? Can’t tell. Does make me wonder if my old OpenBSD pf rules were also working on these. pf is amazing for firewalls.

(The IP points to a host on the Road Runner cable modem network, I assume its a pwned Windows box.

…Via this ADC thread, news of the spiffy VNCThing, a rather nice client. Homepage seems to be lost-domained, but the software seems to work pretty well. I guess it’s greedy of me to wish that CoRD would add VNC support…

I’ve been considering a different firewall router for the home network, and am looking at the Linksys/Cisco RV042.

The unit ships with decent Windows software, but they’re silent on the issue of Mac support. From this excellent article come the instructions and three key tidbits:

1. It won’t work if your Mac is behind a NAT router.
2. You configure the router under ‘PPTP server’ and not VPN server.
3. Enter the username/password into ‘Internet Connect’ and you’re good to go.

If you’re lucky enough to have OSX server, a VPN server is built in. I’m not.

Hmm, looks like the RV042 is ~$170 as of 6/07. Not bad. It can do 5 PPTP connections at once, which’d be fine for me. It’d be nice to be able to print from offsite sometimes, and SSH tunnels are a PITA.