I heard a song today on the muzak in a restaurant, and recognized it.

I'd heard it previously, mixed with a video to Disney's Robin Hood. I think it was linked from tailsy's livejournal, but I don't think it's around now.

Anyone have any clue what I'm talking about?

Update: it's This

It's annoying to sit and wait and wonder why painkillers haven't kicked in, only to look down and see them still sitting on your desk. Like "oh".

I've recently started setting my terminals upon logging in to prime to have a "LANG" variable of en_US.UTF8, which basically means, instead of displaying things to me in ascii, use full on unicode.

The results of this have been pretty interesting. While most of my 8-bit encoded email comes through beautifully, and is readable (for example, emails from japanese coworkers actually show the japanese characters), I'm finding one or two problems.

The problems here are on two ends: on my local machine, and on the far end.

On the local machine, well:

First, there's SecureCRT. The way it handles Unicode is fundamentally broken: it forces me to choose which character set I want to use, when in UTF-8 mode. The UTF-8 namespace has room for the whole thing (that's kinda the point after all). Why should I have to choose? Also, SecureCRT seems to have some brokenness with regard to direct screen-drawing tools, where it assumes that all characters are two columns wide. (A screenshot would make more sense of this, I'll probably take one if I file a bug report).

I've been using Putty instead, and while putty has its own set of issues (the copy and paste support blows, for example), it's been mostly behaving.

The major issue for me has been rather, a fundamental flaw in Windows.

The fonts are a bear. There's just not a lot of fonts out there that have all the character sets built in. I mean, sure, if you look you'll find recommendations on viewing ONE SPECIFIC character set, using fonts like Mincho or whatnot. However, finding a SINGLE font that does all possible characters seems to be a pretty hard order. To the best of my knowledge, Microsoft has made ONE (count them, one) font that implements the full (at the time) unicode set: Arial Unicode MS.

Of course, that's useless to me too, because for my purposes, I need a MONOSPACED font (you know, all characters the same width, like courier new).

One further flaw that's bit me there, is something that is messing with me hardcore. Microsoft, in all their standards-compliant brilliance, mangled almost every japanese-supporting font out there. On my screen, right now, this looks like a yen-symbol: \ You can read all about it on the wikipedia page for the humble backslash.

Yet, macs and my ubuntu machine don't have this problem. I think one font I might look into is ascender Uni Yes, I may actually pay $99 for a font that I'll only use in an SSH window. I think I'll contact them first, see if I can get an evaluation license.

Note that I'm not at all a typography geek. I just want something that I can read. I don't really care what it is. I don't want foreign characters to look like plain-boxes, like boxes with the unicode character codes in them, or question marks. I don't want foreign characters to look like ^J^Z^S^D. In short, I want to see what the person who sent it saw.

On the far end, well, that's another story.

Alpine digests UTF-8 beautifully. It doesn't always support bidirectional characters correctly, and it has no real way of knowing if a character is one character wide or two, but those are more systemic problems.

Nano also handles unicode fine.

My livejournal client...doesn't. I may have to hack that in. In theory, it might be as simple as adding one extra tag when I post.

According to the person who wrote my AIM application, most ncurses-based tools kinda...suck when talking to UTF-8 (note that the last update of ncurses was three years ago, so this is not encouraging). Which means things like Naim, Finch, or the like don't stand much of a chance.

Oddly, my friend Noriko seems to have trouble viewing my name in hirigana, as sent to me by a japanese coworker. What do you see?

I've had a script that I've used for a number of a years to do things on prime: it's my one-shot account adder and domain-setter-upper. I wrote it when I was younger, and more foolish, and before I understood the best programming practices.

I just added two words to it. Two damned words. And those two words caused me quite a bit of headache that I just finished. It's back to the point where it actually runs, but the amount of rewriting I actually need to do to be really happy with it is...kind of incredible.

Those two words? "use strict".

For whatever reason, I didn't do my usual "friday reset" to my office last week.

It's been a mess all this week, and as a result I've been avoiding it like the plague.

I just did it now, and I think I'll feel a lot better come monday.

enjoys some espresso before heading home

My phone has been freezing up and choking lately, refusing to hold a charge, and generally not charging unless you "play with" the charger.

Now, what I'm wondering is this.

Could it have been...a software problem?

I'm noticing slow performance, and have like, 800 or so texts. I just told the phone to delete them all...which it's been trying to do for the past ten minutes or so.

Could the memory usage of keeping that database up to date really have crazed the thing so much that it wouldn't even notice it's charger?

Only one way to know, I guess.

My name is グッシー.

I'm noticing things like quality of sound, stability, and flash are in the shitter since upgrading.

I also notice the UI was changed in ways that reek of Vistaism: my previous background wasn't "broken", now it's no longer available. My previous titlebar color had nothing wrong with it.

In the software world, we call this a "regression".

I have a metrocard here. It may or may not have some money on it -- I'd hate to throw it out if it did. Anyone who lives in that area want it?

LJ Preface

I recently wrestled with something, learned quite a lot, and came up with a document that I'm really rather proud of, that shares knowledge that's not all out there in one place anywhere else. Along the way I've written some software that I'm releasing, that makes all of what I've learned a lot easier, and may help make the world a little more secure. I'd like to share it here.

This is going to be a technical post. For that I apologize. The target of this post is anyone who has a GPG key that they'd like to expand to a greater audience, and who controls DNS for any of the email domains they publish. Anyone that I host DNS or mail for is also welcome to do this, if you use PGP, as part of the goal of writing this is to encourage adoption and use of these methods

( This will be long and technical )

My windows PC has, for many months, had issues when I play a full screen game. Like Dungeon Keeper, or Command and Conquer, or any of the other stress-relieving blow-stuff-up games that I play to relax.

A night or two ago I finally fixed them.

These instructions are for win2k, which most of you probably don't use anymore.

Control Panel --> Sounds and Multimedia, Click the "Audio Tab", then choose your "Playback device". Click "Advanced". Set back to "Standard Acceleration"

Now if only I could correct that "hum" that comes over the wire to my TV, we'd be set. I think the problem on that end is my TV is expecting line-level output, but my computer's putting out amplified headphone signal. There's a couple potential solutions to this, but that's another post.

So I just got this piece of tripe in my mail:

Thawte Personal E-mail Certificates and Web of Trust are being discontinued

Dear Daniel Mahoney,

Over the past several years, security compliance requirements have become more
restrictive, while the technology infrastructure necessary to meet these
requirements has expanded greatly. Despite our strong desire to continue
providing the Thawte Personal E-mail Certificate and Web of Trust services, the
ever-expanding standards and technology requirements will outpace our ability to
maintain these services at the high level of quality we require. As a result,
Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on
November 16, 2009 and will no longer be available after that date.

Deciding to conclude these services was a difficult decision for us to bear,
specifically because of the community that has been built around these products
over the years.

To express our gratitude and sincere appreciation for being a part of our Thawte
community, we would like to offer you up to $100.00 off the purchase price of
our SSL and/or code signing certificates.

If you would like to take advantage of our offer, please forward this email to
our sales department. Their contact details are listed at the foot of this
message. Please note that this offer expires on November 16, 2009.

We have also made a special arrangement with VeriSign regarding replacing your
personal email certificate. VeriSign's exclusive offer to you is for a FREE
1-year replacement personal email certificate - a $19.95 value. This offer will
be open for 2 months after the service is discontinued and will no longer be
available after January 16, 2010. Simply follow appropriate link below to
request your certificate:

[...]

We hope we can keep you in the Thawte family as customers of our SSL and code
signing products. Thank you for your support of Thawte Personal E-mail
Certificates and Web of Trust over the years.

Kind regards,

Thawte Technical Support
E-Mail: personalcert@thawte.com
FAQ: Click here for FAQ

Okay, ranting time.

First, thawte, you haven't "made arrangements" with Verisign. Since about 1999, you're the same fucking people at the same fucking monopoly. And in case you thought there was still a competitive advantage, they also ate Geotrust in 2006.

Secondly, thawte, you had a legitimate shot at something: you were building community behind your products. Given, it was a free product, but it increased brand awareness and knowledge that email security was openly available to people, and it was a grade of email security that pretty much seamlessly integrated with every mainstream client out there, using well-defined standards. You had a way the geeks could do something cool. Hell, the ad revenue on that site alone could have been worth something, and you didn't explore that. Really, what were the maintenance costs of that? The code was already written, and if you'd have worked a little harder to deputize your community, even the costs you were bearing could have been easily offset.

Instead, you're taking a gamble, in that since not enough people flocked to the free product, the ones that DID flock will instead pay. Don't hold your breath.

Ah well, there's still PGP.

Weasels have eaten our phone system. They have been carried away by monkeys.

Kat and I have been watching the 1960's series "The Prisoner" recently.

The basic plot is this: A man resigns from his job, and storms out of his office. Upon getting home and while ostensibly packing for a holiday, he is gassed and wakes up in a strange place called "The Village" where everyone refers to everyone else as a number, and they want information from him.

It's a really decent series, very forward thinking in terms of some of its futuristic concepts, and patrick McGoohan, we just kept asking ourselves: "Why did they not make this guy James Bond?" However, toward the end of the series it approaches an untoward level of absurdity, and the last couple episodes just left us saying WHAAAAAAA?"

From wikipedia, on the last episode specifically:

"It forced McGoohan, who wrote and directed the episode, to go into hiding for a period of time because he was hounded at his own home by baffled viewers demanding explanations."

Still, an...interesting series if you should ever feel the need to check it out.

I recently decided to try doing cinnamon buns from scratch.

I used this recipe.

While the things came out okay (not amazing, not awesome, sort of an 8 out of 10), while making this I discovered that this recipe is a careful example of how recipes should not be written.

This recipe reads a lot like this test.

( Recipe Nitpicking )

I understand that there's some personal history with this woman and the recipe she's using, she apparently lost it on an old computer for many years, and she's probably made these many many times, but to someone who has never read them, these things read like stereo instructions.

If you've ever watched Good Eats, with Alton Brown, you know that he seems to have a bizarre fetish for measuring things by weight, not by volume.
The logic is simple in two ways: First, it eliminates the issue of "heaping or level, packed or loose". It eliminates any inconsistency between various measuring devices, and eliminates the dumb that comes when people call for "one stick of butter" or "one box of powdered sugar". It also tends to make the measurement cleaner. Imagine measuring out four tablespoons of something sticky like shortening or butter: how accurate can it be after you've had to cram it all into the spoon, then scrape it back out? How much of the measured amount remains on your fingers/spatula/measuring device?

You can't fake out a digital scale when the numbers are right there in front of you.

I recently grabbed a digital scale at ikea, and have run into some of the same issues this poster did: there's no ounce delineation. Beyond that, works swimmingly.

I'm hitting that point where I have several dozen half-composed entries that I should either commit to LJ or abandon, so you may see a bit of a surge from me.

I still really need a client that will floodgate these out, which I swear I will write some day.

What's over 2 gigs in size and can't be accessed from anywhere?

A broken unix mailbox!

So, I'll start as these stories often do..."I have this user"....

This user has been checking her mail with gmail's pop3 fetcher. She gets a lot of mail, and truth be told this is probably a better way to get your mail to gmail than forwarding it from prime, since it makes it impossible for prime to be seen as sending gmail a lot of spam (since the mail never gets SENT, only PULLED).

Anyway, gmails pop3 fetcher has this option, that says "leave a copy of the mail on the server".

And I think this is a crying shame, because it's become a problem. The old way pop3 worked, you grabbed what messages were there, deleted them, and waited for more. Sometimes, on rare occasions, you had the option to leave mail up there, so that you could use the mailbox from two places. But in order for that to really work, your mail program had to be aware of which messages were "new".

Now, for someone who checks this box in gmail, they slowly become unaware of the fact that messages are building up in their inbox, and that that Whole Damned File has to be opened when they check mail.

Well, as it happens, Mark Crispin, who is responsible for Pine, and my IMAP server, and development of the Imap protocol in general, is a bit of a pedant. When you open a mailbox larger than 2g, you get odd errors. Weird fucking errors, sometimes instantly and sometimes after several minutes of trying to open the file. Note carefully that the errors you get are segfaults or a message like "Unexpected changes to mailbox (try restarting)", as opposed to "box too big".

I had this problem years ago with my own mailbox getting corrupted, and was told to use the unix "split" command to split it down and merge the items manually.

The problem is, split splits on a line or byte boundary, not on a message boundary, so there's half a message at the end of one box, and at the beginning of the next (to the point where the next one won't be recognized as a mailbox since it starts with garbage).

As it happens, the format for a mailbox is simple: it's plain text. You can read a mailbox with more, or cat, or any other tool. The sole separator of a message is any line that starts with "From " (yes, that's From[space]).

This makes it remarkably easy to write a very simple perl program that does exactly what I need it to, better than the unix split command.

#!/usr/bin/perl
use strict;

my $started = 0;
my $file = 1;
open INFILE, "toobig";
open OUTFILE, ">toobig.$file";

print "starting up...\n";

while (<INFILE>) {
  if (m/^From /) {
    $started++;
    print "!";
    if (($started % 1000) == 0) {
      $file++;
      print "Reached $started messages, opening new file\n";
      close OUTFILE;
      open OUTFILE, ">toobig.$file";
    }
  }
  print OUTFILE $_;
}

After that, a simple one-liner from the shell to run "mailutil check" on them, and we're golden.

All that's left is to launch alpine, copy the "new" messages from the box back to inbox, and life is good.

This is why I love Unix. Could you do this with a corrupted Exchange message store?

I got a letter today, delivered to me AT WORK from the "United States Office of Personnel Management", Federal Investigative Services Division, OFFICIAL BUSINESS.

Now, I almost NEVER get mail at work. So of course I'm thinking tax problem or something.

The scary thing is the postmarking machine, across all that scary text, printed "HAVE A NICE DAY" so it was double-wierd.

It turned out to not be scary at all, just that someone had used me as a job reference, which I happily filled in the bubbles and replied to once my pulse got back under 200.

It occurred to me a long time ago that there's a common problem in the DNS/Hosting world.

One of the classic problems one encounters when dealing with a shared server (or whorebox, as they're often called) is one needs to know if your DNS is accurate, or hosting stale things.

Because this information can go stale, this is one of the major reasons NOT to mix authoritative and recursive servers. After all, say six months ago you hosted bob.com. Bob no longer uses your DNS services, but if you query your own mixed-mode server, your server will tell you old, stale info for that domain.

In working in the hosting world for a while, I've learned that hosting clients are notoriously bad tenants: they leave things behind when they go, and usually you only realize they're gone when you don't have a rent check. Ergo, the solution is not to expect them to nicely tell you they're leaving.

The solution is not to try to parse WHOIS data: there's no standard format for it, and many WHOIS servers will rate limit you after only a few queries.

For a while, I considered the answer was just to query a server that I knew wasn't authoritative, such as some of the classic known open resolvers out there. But even that was subject to caching issues.

The "correct" solution is to audit things from the top-down.

Using perl's Net::DNS, it's possible to basically perform a recursive DNS lookup yourself. Query the root for your TLD, follow the referral-path, and so on, until you get your answer. It involves multiple queries and more code than I'd like to use here.

However, ISC's "dig" tool, a standard on most unix systems, gives you an easier way. Dig comes with a "trace" function which will do exactly that: start at the top, and work its way down. It also removes any ugly socket programming from your code, and all you need to do is parse the output with a simple regex.

Here's a short (but complete) piece of code that lets me see this make progress in real time, and then view the results at the end.

#!/usr/bin/perl

use strict;
use DBI;

my $username = 'x';
my $password = 'x';
my $dbname = 'x';

# Get the data from the DB
# You could easily also write code to harvest ServerNames from your apache config,
# Or pull it out of your named.conf file, or even a grep of your master zone dir.

my $dbh = DBI->connect("DBI:mysql:$dbname", "$username", "$password");
my $query = "SELECT domainname, login FROM domains WHERE domain_is_active = 1;";
my $sth = $dbh->prepare($query);
my $rv = $sth->execute() or die "Cannot execute $query";
my $hr = $sth->fetchall_hashref('domainname');

foreach my $domain (sort keys %$hr) {
  print "Checking ", $domain, ":";
  open DIGOUT, "/usr/bin/dig +short +trace $domain NS|";
  $$hr{$domain}{active} = 0;
  while () {
    chomp;
    ## If your nameservers are very distinct and cannot match a regex
    ## You can simply duplicate this if block with elsifs.
    if (m/.*yourhost.org/i) {
      $$hr{$domain}{active} = 1;
      print "+";
    }
    else {
      print "-";
    }
  }
  close DIGOUT;
  print "\n";
}

## At this point we have a list of all our domains and a flag for if they're active or not.  
## From here what you do with the info is up to you.  
## Investigate further, delete from your DNS server, generate a report, send mail, etc.

# For this example, we can just use a simple print statement.

foreach my $bad (sort grep { $$hr{$_}{active} eq 0 } keys %$hr) {
  print "$bad is bad, ";
}