Patrick’s Rants

I’d Rather Eat Worms
Than Drive a Ford

(On the bumper of a Ford F250 – wonder if the guy lost a bet)

Dear Wall Street, we’re sorry.

Scott Brown defeated Democratic candidate Martha Coakley in Massachusetts last night. Now we will get meaningful health care legislation. Fundamentalist Christian politicians are exactly what this country needs. Why could we have not had Sarah Palin and John McCain? Christians know that they must provide health care for the poorest of the poor, Jesus says so right in Matthew 25. In fact he goes so far as to say if you don’t, you are going to hell. Matt 25:41

Depart from me, ye cursed, into everlasting fire, prepared for the devil and his angels:
For I was an hungred, and ye gave me no meat: I was thirsty, and ye gave me no drink:
I was a stranger, and ye took me not in: naked, and ye clothed me not: sick, and in prison, and ye visited me not.
Then shall they also answer him, saying, Lord, when saw we thee an hungred, or athirst, or a stranger, or naked, or sick, or in prison and did not minister unto thee?
Then shall he answer them, saying, Verily I say unto you, Inasmuch as ye did it not to one of the least of these, ye did not to me.

So I am happy that conservative Christians will be able to wield their power. By letting one child go hungry or without health care, you are damning yourself to eternal fire and brimstone. It’s right there in Matthew, “that which you do unto the least of these you do unto me”. No less that God himself is watching what you plan to do to the most underprivileged, the least of these. Can you really look that poor, underprivileged and sick child in the eye and tell him he can’t go to the doctor, especially since you know that the eyes of God stare back at you when you do?

On January 5, I was having breakfast with J at Mike and Rhonda’s when my cell phone interrupted my casual coffee enjoyment. It was the office. The workstations were all off line. To me it sounded like a network issue. I stepped outside to finish my call, people talking on their cell phones in restaurants is one of my pet peeves (closely followed by people on their cell phone in any public place). To me it sounded like a network issue. Step by step each suggestion failed in turn. I resigned myself to cutting breakfast short and heading into the office before the paying job.

Once at the office I went through the steps that I was assured had already been taken. Power cycle the network switches, the server and then workstations. Nothing. Each phase that should have – could have – worked didn’t. I tailed the logs, watched as the workstations/clients booted up and nothing made sense. Then the screen went dark and the BIOS screen appeared. The server had just spontaneously rebooted; never a good sign. Nothing seemed to work and the office was shut down for the day. I went to my full time job for the remainder of the day.

After getting out of work at 7:00pm, I headed back to the tax office and again to read through the logs to see if there was anything that I missed. Workstations still would not PXE boot. The server spontaneously rebooted on me a couple more times and I resigned myself to the fact that the server at somewhere around 7 years old had reached the end of its life. The hard drives were reporting (using SMART) that they were aging, occasionally showing sectors not available. I knew at some point the server would need to be migrated, but I wasn’t ready. I really did hope to get another tax season out of that machine – it was not to be.

On January 6, I unstacked the stash in the corner. Imagine a tower of tower computers placed next to the wall width-wise and two lengths left to right. Imagine that tower at two to three high. Yep the bane of every geek’s non-geek wife (or non-geek husband as the case ma be). The overt hoarding of old computers just waiting for the day when they can be salvaged and recombined into a working machine. These machines are only awaiting the day when their geek overlord, master of their existence, has the chance to evaluate and resurrect them. I unpiled that stack looking for a gem that I knew was there – the beige beast.

The beige beast is pretty impressive. It houses the Intel® Server Board SE7501BR2, has dual hot swap power supplies, 5 hot swap fans with internal wind tunnels (firing this puppy up gave me wind chill) 5 scsi hard drives (well, 5 possible. Only one actually was installed a comparatively small 18g Ultra 320 drive), intrusion detection, dual Xeon 2.4ghz chips. Now this was a hand me down (thanks Steve) so there are no complaints. Some of the hardware is absolutely impressive – dual Xeons in a box that was decommissioned sometime around 2007 and ran Windows 2000 Server. That box cost a pretty penny when it was originally deployed. Today you could grab the board (used) on ebay for less than $20.00. Of course the case is not included at that price.

Wednesday night I began my installation journey. I burned the K12LTSP v5EL dvd. I let the drive select the speed and it warned there might be an underburn . Naturally I stuck it in the drive and booted – what could go wrong? It did not see the disk. It did not boot. That’s what could go wrong. I grabbed another blank dvd and set the drive speed to 5x. No warnings. Excellent. I swapped the dvds in the drive and… same thing. Then it dawned on me. The drive in the machine was CDROM. I pulled a dvd drive that I have on the shelf, powered the server off, and temporarily installed the dvd drive. I powered up the server and it still choked. (more…)

It’s got to be national news. Rumors are flying about how much snow we are supposed to get this week. El Nino weather patterns are supposed to hit Northern Arizona like it’s 1967. Three storms are lined up to completely dump on us. Monday it’s anywhere from 5 to 16 depending upon elevation, Tuesday is supposed to add another 5 to 10 inches of snow. And following that is another “stronger” storm that there is no prediction for yet coming in Thursday night. It’s anyone’s guess at this point, but it’s entirely possible that this web site, hosted the way it is, might go dark for a few days. I’m hoping not. It’s also entirely possible that school will be canceled for all of next week. With my Sonata, I’m not gonna leave the apartment if that’s the case.

Oh, and nobody tell Rush, because for him this is proof that there is no such thing as global warming. I mean, look what finding out the Obamas were vacationing in Hawaii at the same time he was did to him.

Anyone who has any number of servers that they manage will eventually see failures. It’s just natural, hardware gets old and dies. Or you run completely over the hardware’s ability to keep up with demand.
Both of those things happened this year.

First – and I have to say this, forgive me – Windows Server 2003 has served me well. But the hardware just would not keep up with three to five users who kept three to five programs open each. This is a machine that has dual PIII 1ghz chips and a whopping 1.5gb ram. Three full time users on Windows 2003 Server, even I’m a little impressed. But it was straining under the heavy load. And the load was heavy.

My partner ordered the new Dell to replace the VisionMan gray box server that served us so well for these last several years. The server itself – hardware – is still up and strong. I have had to replace CPU fans on one of our machines, but that happens sometimes.

The migration from Windows 2003 Server (using Terminal Services for Windows based software access) to Windows Server 2008 64bit (also with Terminal Services) has been a little bumpy.¹ I nearly fell out of my chair when the current year tax software installed without any major hitches. Our Windows Server is now online – all major software has been migrated and the Windows 2003 server has been powered off awaiting the day it is wiped clean.

1. Mostly chronicled in Geek News and Stuff

As the last hours of 2009 fade into memory, the pundits are talking about the stock market recovery from the Great Recession. And to hear them tell it 2009 was remarkable in the 64% bounce from the market bottom in early March. As I look over what I’ve done in my own retirement account I see that I managed to do better than the markets as a whole. And that’s the way it should be; managed accounts should do better than unmanaged accounts or the index. If you didn’t do at least better than the market overall (or your portfolio didn’t double in value like mine if you want to get really daring) it might be time to take over management of your account. I’m considering a newsletter of sorts for investors who might be interested in what I’m looking at or investing in. Actually it’s far more like trading but it’s not day trading – I’ve only had one trade that took place in one day. I know. Everybody and his brother has a newsletter or a financial blog. I’m not really trying to compete with that. I suppose that I can just get feedback here to see how many of my regular readers think I might have something valuable to add. Anyone can write they had a great idea and made a bunch of money. Just look at Madoff or Enron. And to write that I bought several stocks and sold them for an average of 10% return per trade – some of them more than once – is easy. I could very well fake a great hindsight history so that’s no proof either. An email newsletter, another blog perhaps, text message updates?

Let me know and see you in 2010.

Anyone who runs anything online has had to deal with bots. Wordpress has plugins to fight spam of all kinds, bulletin boards and mailing lists have to remain vigilant and firewalls have to be erected on personal computing and company networks. This last week the district closed up shop for two days to get the place cleaned up after a heavy snowfall on Monday. I took the opportunity to do a little reading and to try to fortify my web server. I started out trying to get my Apache logs cleaned up and found perishablepress.com to have a nice beginning. I don’t have everything working the way Jeff writes about over there, but let me tell you what I have been able to do. First, I’m using a simple add on to httpd.conf that looks like this:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^.*(,|;|:|<|>|">|"<|/|\\\.\.\\).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\=|\@|\[|\]|\^|\`|\{|\}|\~).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
RewriteRule ^(.*)$ - [F,L]

RedirectMatch 403 \/\/(.*)


To be honest I think the biggest work horse is the double slash redirecting to 403 “Forbidden”. I’m not even sure that the rewrite stuff is even working (I’m going to spend some time on it in the future to crank up the logging on it to see if it truly is working). Now all the danged bots looking for vulnerabilities on my web server hit those 403s. I set up a simple script to look for 403 and 404 failures. It takes those failures and adds a rule to iptables to drop the host if it happens to hit too many times. I screen out the requests for the favicon.ico file, robots.txt and even other image types and I’m left with small list of hosts that try to pound away at my server. I currently have it configured to look at the current Apache server logs for the 403 and 404 errors. It then (hourly) inserts a simple drop rule for that host into iptables, which then logs additional attempts to connect. And by additional attempts I mean on any port. So if somebody’s Windows computer is compromised and they have a bot that tries to compromise my server, I block any future attempts to connect to my server via email, IRC, etc. And those attempts are logged while my server looks like it dropped off the face of the earth to the infected machine. So I won’t be getting spam from those infected hosts either.

Now if infected (or mis-configured – msn search is hitting a lot of 404s – stupid bot) machines try connecting after getting the firewall treatment they will stay blocked for a month. Otherwise hosts that are cleaned up will only be in the block list for a couple of weeks the way it’s all configured. Then they can be back reading my rants. I also added a twist. I have a script that dumps the addresses of the stupid bots where my home firewall can grab the list nightly and add those IPs to a squidGuard blacklist. So if those hosts happen to be running rogue web servers, at least no one here will try to connect to them.

I’m sure there are much better solutions – and I might add hosts that run ssh connection sweeps to a block list – but I’m having fun thinking about all the ways I can make something like this work and cut down on the break-in attempts on the web server.

I guess I’m not the only person who thinks that CEOs are overpaid and that compensation needs to be fixed. Will Ashworth writes Executive Bonuses Must Go over on Investopedia.com and his arguments are compelling. Pay CEOs a decent rate of pay, say $4 million/yr and let them buy shares of the company with their own damn money if they want stock.

Over on Yahoo, Robert Kiyosaki writes,
The Biggest Scam Ever an article about 401(k)s. This in response to the Time article Why It’s Time to Retire The 401(k). He cites statistics on balances and averages.

I completely disagree with both arguments. Here’s the simple truth: the 401(k), Keogh, 403(b) and the multitude of IRAs are probably not going anywhere. When most people set up these plans at work, they meet for a few minutes with their HR person who doesn’t know anything about investing and just wants to get all the check marks done for the new hire. Retirement accounts are not a Ronco product – you cannot, cannot just “set it and forget it”. If that’s the way you plan your retirement fugetaboutit. You won’t retire, you’ll be like Robert Shivley in the Time article working on the golf course or greeting people at Walmart. The biggest problem with defined contribution plans like a 401(k) is there is no one to hold your hand, walk you through it and keep you on track. Sure there’s the HR weasel but their job is just to get you to fill out the paperwork. They don’t care if you should be more heavily allocated to stocks or bonds and by law they really can’t give you investment advice. And the investment firm that handles your 401(k) usually is not all that interested in sitting down with you to determine the right balance for your personal account. They usually get paid for the dollars contributed after that it’s a tiny commission amount on the total invested dollars.

It’s not the 401(k) or the IRA that need to be tossed, it’s the idea that you can Popeil your retirement. Wherever your money goes, if you have the opportunity and can allocate your own funds, sit down with a planner of some type. If your 401(k) is sitting at a local firm have a one hour review with your broker. If not and it’s one of those “follow the line” firms call them up. The people answering the phone at those firms want to keep your money and are paid salary to talk to you. There’s nothing in it for them(except keeping the account), it’s all about you. If it’s a local broker remember any decent broker will sit down with you and if they won’t fire them and move your money – assuming you can.

If you can’t move your money and your broker doesn’t have time for you – after complaining to your HR department about the lack of service – sit down with a fee based planner (as opposed to commission based planners). You can take all of your options to a fee based planner who charges you by the hour and has no vested interest in which investments you actually hold. The only vested interest an hourly planner has is to give you decent advice that makes you want to come by next year to pay them for another hour of their time – oh and the referrals of your co-workers who can’t get advice any other way helps.

While the statistics cited by Time are pretty scary not knowing what the statistics are based upon is even scarier. An average is just that, an average. More new accounts with lower balances, more older (presumable larger balance) accounts that have been rolled from 401(k)s out to IRAs, more people regularly withdrawing from their accounts all contribute to the average, just as much as a stock market downturn. Without the underlying numbers averages are just statistics. As has oft been quoted, “there are three types of lies: lies, damn lies and statistics”.

I don’t think the 401(k) needs to go away. I think people need to start planning more for their 20+ years in retirement than next summer’s vacation. They need to start looking at what they are invested in. Ron Popeil isn’t your retirement plan. He might be able to get a chicken done just right, but you have to set it and then reset when it comes to retirement planning. And just because Warren Buffett knows that a stock is a great value and will be worthwhile 40 years down the road doesn’t mean you can buy and hold forever. Even Warren sells once in a while. You still have to periodically look at your retirement plan. You have to take a vested interest in how much you have to retire on, no one else cares about your retirement – really.