Patrick’s Rants

On January 5, I was having breakfast with J at Mike and Rhonda’s when my cell phone interrupted my casual coffee enjoyment. It was the office. The workstations were all off line. To me it sounded like a network issue. I stepped outside to finish my call, people talking on their cell phones in restaurants is one of my pet peeves (closely followed by people on their cell phone in any public place). To me it sounded like a network issue. Step by step each suggestion failed in turn. I resigned myself to cutting breakfast short and heading into the office before the paying job.

Once at the office I went through the steps that I was assured had already been taken. Power cycle the network switches, the server and then workstations. Nothing. Each phase that should have – could have – worked didn’t. I tailed the logs, watched as the workstations/clients booted up and nothing made sense. Then the screen went dark and the BIOS screen appeared. The server had just spontaneously rebooted; never a good sign. Nothing seemed to work and the office was shut down for the day. I went to my full time job for the remainder of the day.

After getting out of work at 7:00pm, I headed back to the tax office and again to read through the logs to see if there was anything that I missed. Workstations still would not PXE boot. The server spontaneously rebooted on me a couple more times and I resigned myself to the fact that the server at somewhere around 7 years old had reached the end of its life. The hard drives were reporting (using SMART) that they were aging, occasionally showing sectors not available. I knew at some point the server would need to be migrated, but I wasn’t ready. I really did hope to get another tax season out of that machine – it was not to be.

On January 6, I unstacked the stash in the corner. Imagine a tower of tower computers placed next to the wall width-wise and two lengths left to right. Imagine that tower at two to three high. Yep the bane of every geek’s non-geek wife (or non-geek husband as the case ma be). The overt hoarding of old computers just waiting for the day when they can be salvaged and recombined into a working machine. These machines are only awaiting the day when their geek overlord, master of their existence, has the chance to evaluate and resurrect them. I unpiled that stack looking for a gem that I knew was there – the beige beast.

The beige beast is pretty impressive. It houses the Intel® Server Board SE7501BR2, has dual hot swap power supplies, 5 hot swap fans with internal wind tunnels (firing this puppy up gave me wind chill) 5 scsi hard drives (well, 5 possible. Only one actually was installed a comparatively small 18g Ultra 320 drive), intrusion detection, dual Xeon 2.4ghz chips. Now this was a hand me down (thanks Steve) so there are no complaints. Some of the hardware is absolutely impressive – dual Xeons in a box that was decommissioned sometime around 2007 and ran Windows 2000 Server. That box cost a pretty penny when it was originally deployed. Today you could grab the board (used) on ebay for less than $20.00. Of course the case is not included at that price.

Wednesday night I began my installation journey. I burned the K12LTSP v5EL dvd. I let the drive select the speed and it warned there might be an underburn . Naturally I stuck it in the drive and booted – what could go wrong? It did not see the disk. It did not boot. That’s what could go wrong. I grabbed another blank dvd and set the drive speed to 5x. No warnings. Excellent. I swapped the dvds in the drive and… same thing. Then it dawned on me. The drive in the machine was CDROM. I pulled a dvd drive that I have on the shelf, powered the server off, and temporarily installed the dvd drive. I powered up the server and it still choked. (more…)

It’s got to be national news. Rumors are flying about how much snow we are supposed to get this week. El Nino weather patterns are supposed to hit Northern Arizona like it’s 1967. Three storms are lined up to completely dump on us. Monday it’s anywhere from 5 to 16 depending upon elevation, Tuesday is supposed to add another 5 to 10 inches of snow. And following that is another “stronger” storm that there is no prediction for yet coming in Thursday night. It’s anyone’s guess at this point, but it’s entirely possible that this web site, hosted the way it is, might go dark for a few days. I’m hoping not. It’s also entirely possible that school will be canceled for all of next week. With my Sonata, I’m not gonna leave the apartment if that’s the case.

Oh, and nobody tell Rush, because for him this is proof that there is no such thing as global warming. I mean, look what finding out the Obamas were vacationing in Hawaii at the same time he was did to him.

Anyone who has any number of servers that they manage will eventually see failures. It’s just natural, hardware gets old and dies. Or you run completely over the hardware’s ability to keep up with demand.
Both of those things happened this year.

First – and I have to say this, forgive me – Windows Server 2003 has served me well. But the hardware just would not keep up with three to five users who kept three to five programs open each. This is a machine that has dual PIII 1ghz chips and a whopping 1.5gb ram. Three full time users on Windows 2003 Server, even I’m a little impressed. But it was straining under the heavy load. And the load was heavy.

My partner ordered the new Dell to replace the VisionMan gray box server that served us so well for these last several years. The server itself – hardware – is still up and strong. I have had to replace CPU fans on one of our machines, but that happens sometimes.

The migration from Windows 2003 Server (using Terminal Services for Windows based software access) to Windows Server 2008 64bit (also with Terminal Services) has been a little bumpy.¹ I nearly fell out of my chair when the current year tax software installed without any major hitches. Our Windows Server is now online – all major software has been migrated and the Windows 2003 server has been powered off awaiting the day it is wiped clean.

1. Mostly chronicled in Geek News and Stuff

As the last hours of 2009 fade into memory, the pundits are talking about the stock market recovery from the Great Recession. And to hear them tell it 2009 was remarkable in the 64% bounce from the market bottom in early March. As I look over what I’ve done in my own retirement account I see that I managed to do better than the markets as a whole. And that’s the way it should be; managed accounts should do better than unmanaged accounts or the index. If you didn’t do at least better than the market overall (or your portfolio didn’t double in value like mine if you want to get really daring) it might be time to take over management of your account. I’m considering a newsletter of sorts for investors who might be interested in what I’m looking at or investing in. Actually it’s far more like trading but it’s not day trading – I’ve only had one trade that took place in one day. I know. Everybody and his brother has a newsletter or a financial blog. I’m not really trying to compete with that. I suppose that I can just get feedback here to see how many of my regular readers think I might have something valuable to add. Anyone can write they had a great idea and made a bunch of money. Just look at Madoff or Enron. And to write that I bought several stocks and sold them for an average of 10% return per trade – some of them more than once – is easy. I could very well fake a great hindsight history so that’s no proof either. An email newsletter, another blog perhaps, text message updates?

Let me know and see you in 2010.

Anyone who runs anything online has had to deal with bots. Wordpress has plugins to fight spam of all kinds, bulletin boards and mailing lists have to remain vigilant and firewalls have to be erected on personal computing and company networks. This last week the district closed up shop for two days to get the place cleaned up after a heavy snowfall on Monday. I took the opportunity to do a little reading and to try to fortify my web server. I started out trying to get my Apache logs cleaned up and found perishablepress.com to have a nice beginning. I don’t have everything working the way Jeff writes about over there, but let me tell you what I have been able to do. First, I’m using a simple add on to httpd.conf that looks like this:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^.*(,|;|:|<|>|">|"<|/|\\\.\.\\).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\=|\@|\[|\]|\^|\`|\{|\}|\~).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
RewriteRule ^(.*)$ - [F,L]

RedirectMatch 403 \/\/(.*)


To be honest I think the biggest work horse is the double slash redirecting to 403 “Forbidden”. I’m not even sure that the rewrite stuff is even working (I’m going to spend some time on it in the future to crank up the logging on it to see if it truly is working). Now all the danged bots looking for vulnerabilities on my web server hit those 403s. I set up a simple script to look for 403 and 404 failures. It takes those failures and adds a rule to iptables to drop the host if it happens to hit too many times. I screen out the requests for the favicon.ico file, robots.txt and even other image types and I’m left with small list of hosts that try to pound away at my server. I currently have it configured to look at the current Apache server logs for the 403 and 404 errors. It then (hourly) inserts a simple drop rule for that host into iptables, which then logs additional attempts to connect. And by additional attempts I mean on any port. So if somebody’s Windows computer is compromised and they have a bot that tries to compromise my server, I block any future attempts to connect to my server via email, IRC, etc. And those attempts are logged while my server looks like it dropped off the face of the earth to the infected machine. So I won’t be getting spam from those infected hosts either.

Now if infected (or mis-configured – msn search is hitting a lot of 404s – stupid bot) machines try connecting after getting the firewall treatment they will stay blocked for a month. Otherwise hosts that are cleaned up will only be in the block list for a couple of weeks the way it’s all configured. Then they can be back reading my rants. I also added a twist. I have a script that dumps the addresses of the stupid bots where my home firewall can grab the list nightly and add those IPs to a squidGuard blacklist. So if those hosts happen to be running rogue web servers, at least no one here will try to connect to them.

I’m sure there are much better solutions – and I might add hosts that run ssh connection sweeps to a block list – but I’m having fun thinking about all the ways I can make something like this work and cut down on the break-in attempts on the web server.

I guess I’m not the only person who thinks that CEOs are overpaid and that compensation needs to be fixed. Will Ashworth writes Executive Bonuses Must Go over on Investopedia.com and his arguments are compelling. Pay CEOs a decent rate of pay, say $4 million/yr and let them buy shares of the company with their own damn money if they want stock.

Over on Yahoo, Robert Kiyosaki writes,
The Biggest Scam Ever an article about 401(k)s. This in response to the Time article Why It’s Time to Retire The 401(k). He cites statistics on balances and averages.

I completely disagree with both arguments. Here’s the simple truth: the 401(k), Keogh, 403(b) and the multitude of IRAs are probably not going anywhere. When most people set up these plans at work, they meet for a few minutes with their HR person who doesn’t know anything about investing and just wants to get all the check marks done for the new hire. Retirement accounts are not a Ronco product – you cannot, cannot just “set it and forget it”. If that’s the way you plan your retirement fugetaboutit. You won’t retire, you’ll be like Robert Shivley in the Time article working on the golf course or greeting people at Walmart. The biggest problem with defined contribution plans like a 401(k) is there is no one to hold your hand, walk you through it and keep you on track. Sure there’s the HR weasel but their job is just to get you to fill out the paperwork. They don’t care if you should be more heavily allocated to stocks or bonds and by law they really can’t give you investment advice. And the investment firm that handles your 401(k) usually is not all that interested in sitting down with you to determine the right balance for your personal account. They usually get paid for the dollars contributed after that it’s a tiny commission amount on the total invested dollars.

It’s not the 401(k) or the IRA that need to be tossed, it’s the idea that you can Popeil your retirement. Wherever your money goes, if you have the opportunity and can allocate your own funds, sit down with a planner of some type. If your 401(k) is sitting at a local firm have a one hour review with your broker. If not and it’s one of those “follow the line” firms call them up. The people answering the phone at those firms want to keep your money and are paid salary to talk to you. There’s nothing in it for them(except keeping the account), it’s all about you. If it’s a local broker remember any decent broker will sit down with you and if they won’t fire them and move your money – assuming you can.

If you can’t move your money and your broker doesn’t have time for you – after complaining to your HR department about the lack of service – sit down with a fee based planner (as opposed to commission based planners). You can take all of your options to a fee based planner who charges you by the hour and has no vested interest in which investments you actually hold. The only vested interest an hourly planner has is to give you decent advice that makes you want to come by next year to pay them for another hour of their time – oh and the referrals of your co-workers who can’t get advice any other way helps.

While the statistics cited by Time are pretty scary not knowing what the statistics are based upon is even scarier. An average is just that, an average. More new accounts with lower balances, more older (presumable larger balance) accounts that have been rolled from 401(k)s out to IRAs, more people regularly withdrawing from their accounts all contribute to the average, just as much as a stock market downturn. Without the underlying numbers averages are just statistics. As has oft been quoted, “there are three types of lies: lies, damn lies and statistics”.

I don’t think the 401(k) needs to go away. I think people need to start planning more for their 20+ years in retirement than next summer’s vacation. They need to start looking at what they are invested in. Ron Popeil isn’t your retirement plan. He might be able to get a chicken done just right, but you have to set it and then reset when it comes to retirement planning. And just because Warren Buffett knows that a stock is a great value and will be worthwhile 40 years down the road doesn’t mean you can buy and hold forever. Even Warren sells once in a while. You still have to periodically look at your retirement plan. You have to take a vested interest in how much you have to retire on, no one else cares about your retirement – really.

The other night my wife received a text message from Verizon that told her that one of our phones had gone over its allotted minutes for the month. If I recall it was the day before Thanksgiving. Of course it was my daughter’s phone (the phone we allow her to use, not that she purchased it). My first reaction was to snatch the phone away from her, which I did. Of course I over reacted and the correct thing to do is to lock the phone down during the peak hours – which one can do with Verizon. So the phone is locked down until the first day of the next billing cycle December 7.

A few weeks ago, S asked if I would help her with her Economics class coming up next semester and I told her I would. And now she has learned the first lesson, scarcity of resources.

The commercial introduces us to “Sophie” who wants a touch screen computer. She flies to Tokyo and states that Windows 7 is her idea. Really? The touch screen is over 30 years old according to James Walker on ehow.com. And guess what? The touch screen has been around longer that Microsoft. She didn’t need to fly to Japan or wherever, she could have just gone to Starbucks and seen that flat screens are in use.
Windows 7 was my idea, heh. Your “idea” has been around longer than you (“Sophie” looks to be in her 20s) and it’s more likely that IBM – the absolute king of retail touch screens – had its patent slide into the public domain.

As for the guy who says, a computer that doesn’t crash, that was my idea. Haha. Really. A computer that doesn’t crash? Anyone who has booted a Microsoft operating system has that idea. Windows 7 might be better, but it’s still a crap shoot. I have a Windows 2008 (based on Vista/Windows 7) server that has failed updates and I have to work around critical vulnerabilities. How about updates that don’t fail to install, no reboots required (oh yeah, you better believe they are still required), a company that doesn’t treat its paying customers like thieves and a secure by default operating system. That’s my idea. And it’s not Windows 7.

My wife and I did the 4am Black Friday shopping trip one year. We decided never again. We were late to the stores and could not believe that even in the sleepy town of Queen Creek, AZ the shopping madness had taken over. People were in line for the Gameboy color (that’s how long ago it was ) and getting told there were no more Gameboys. The line was nearly out the door from the electronics section at the Walmart. Several different Black Friday special priced items were wrapped in shrink wrap on the pallets until the store officially opened. The crowds were as crazy as you see on the news clips. People had this crazed look in their eyes. My wife and I felt lucky to have survived our one and only Black Friday experience unscathed.
This year, I am looking to upgrade my monitor to an LCD. I checked out the Best Buy ad online and they have two 18.5″ to 20″ flat screens on sale for less than $100.00 on Black Friday. Try clicking on the ad to buy it today (yesterday) and the price is $139.00. Ugh. The fine print tells me that there are a maximum of 12 in stock for the one monitor and a minimum of 15 for the other per store. So. What are the odds I’m going to get either one of these at these prices? I’m not sure, but I think it’s kinda low. Our Best Buy serves a town of 70,000. They may not all be out shopping for monitors but that reduces the odds of squeezing into the store to get that price .
I may just end up like a lot of people, shopping online. TigerDirect has some pretty good Black Friday deals. Check them out at the Marketplace (OK, I know that was shameless self promotion, but you can shop from home without body armor)