Log in

Malc's Journal [entries|archive|friends|userinfo]

[ website | meta-homepage ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Calling any DNS gurus [Jan. 26th, 2009|03:12]
Starting 9 days ago, all three of my DNS servers have been queried approximately twice per second by a small selection of hosts.  The query is the same each time: "NS .", i.e. a request for the list of root nameservers.  The servers are not configured identically: two respond with the requested data, and one refuses the query.

Anyone care to suggest an explanation?

The only possible cause I can think of is a rather lame DDoS attack.  However, as an interesting addendum, one of the servers started running rather slowly (as if it were heavily I/O-bound) at almost exactly the same time as the strange queries began...  I initially put that down to a dodgy disk, but the coincidence is unsettling.

Update: at least one of the apparent sources of the weird queries appears to be unrouteable, so I suspect source spoofing is happening, and that I'm being used in a traffic amplification attack.  Fun.  I've disabled recursive queries on all three servers but I'm not sure what else I can do other than wibble at my transit providers.  The link, if any, to the I/O increase is still a mystery though; I'm fairly sure I haven't left BIND doing query logging or anything similarly insane...

Epical fail. [Nov. 5th, 2008|04:09]

(Credit to kaberett for the idea, and the cookies :-) )

Question: electricians and data wiring [Nov. 2nd, 2008|03:36]
[mood |bouncyelectrified]

My parents are having some major work done to their house, and have been persuaded (i.e. whenever they mentioned the project I pestered them) to flood-wire the house with data cabling at the same time. The construction firm has no expertise in such matters, and luckily are well aware of this and are happy to defer to someone who does. My parents opted to enlist my help here, rather than having the construction firm subcontract to an expensive consultant to explain to the project manager what a network socket is. So it seems I get to specify the detail of how this is all going to happen. (This is, of course, a geek's dream come true. The house post-modification will have a dedicated server/comms room, exactly to my specifications. :-) Well, near enough my specifications, taking into account unfixable features of the building such as the room being accessed by a ladder, but one can't have everything.)

However, I have neither time nor sufficient experience to actually run the cabling myself, as it would involve spending several weeks working with the builders and plasterers etc. to get the cables run through the walls at the right point in construction. So what I plan to do is to draw up a detailed spec of where sockets should be installed, where cables should be run, what sort of cable, sockets, patch panels and rack are needed, etc. and let someone else do the actual installation. I know exactly how I want the installation to look when complete, and have worked with both well-installed and poorly-installed structured cabling installations and can tell the difference, but have never written a spec for someone to create such an installation before...

We will be enlisting the services of a qualified electrician anyway as part of the building work, as we will gain several new rooms and completely rebuild existing ones, all of which need (re)wiring. My uncle, who has recently qualified as an electrician but is sadly unable to personally do this job, tells me that in recent years the standard qualification for electricians covers data wiring. This surprises me somewhat given the poor quality of data wiring I've seen installed by presumably-recently-qualified electricians elsewhere, and so I'm doubtful whether a generic electrician will do a good job.

So what I'd like to know is whether you, dear reader, have any experience either way: are we likely to be OK getting a non-specialist electrician to install Cat6 cabling, sockets (probably 4+ in most rooms, totalling 24-48) and patch panels, or should we spend a bit more to bring in a specialist? If we opt for a generic electrician, are we likely to have to go into the very precise detail of exactly which core in the cable should connect to which pin, exact minimum turn radii, maximum cable lengths, etc.? Is he going to try to create twisted pair cable by attaching mains cable to an electric drill? Any advice welcome!

Icesave and the FSCS [Oct. 29th, 2008|04:04]
[mood |worriedworried]

Unless you've been living in a cave lately you'll probably have noticed that Icesave ran out of money, as did the Icelandic government; hence Icesave customers get the unique privilege of being part of the first major test of the Financial Services Compensation Scheme (FSCS), the "UK's compensation fund of last resort for customers of financial services". Cue lots of wibbling about how the scheme will actually work in practice.

The FSCS published a few days ago a statement in which they indicate (and I summarise greatly) that they have now decided how they are going to go about compensating Icesave customers, and that the process will start on 3rd November. They have opted to use an online process, as — apparently — this is quicker for them to set up than a paper-based process.

Um... so they are implementing (or rather, the Newcastle Building Society is implementing on behalf of the FSCS) a new online banking system. In ten days flat. And this will be Secure, of course.

Am I the only one who thinks this could well turn into a huge disaster?

(It would however be hilarious if the FSCS ended up having to compensate for a second time users of its own failed online compensation scheme.)

Project Showcase Day [Oct. 18th, 2008|20:29]
[mood |contentcontent]

Yesterday was my project's 2008 showcase day, to which we invited anyone who's interested (mostly senior people from industry, and sponsors) in order to show them that we haven't been wasting our funding for the past two years. I would have been dreading this for months, except that I was far too busy panicking about other deadlines to panic about this one in particular for more than a couple of days in total. This also meant that I started the day woefully unprepared and expecting everything to go horribly wrong, and also got little more than two hours' sleep the night before.

My personal contribution to the day (other than a bit of local organisation due to it being held in the building in which I work — or rather disorganisation, since I accidentally abandoned the group from UCL in that building on Thursday whilst I went to the pub since I thought they had already gone home) was a 15-minute talk on my work, followed by a 15-minute demo (repeated four times to different groups of attendees) of my prototype implementation.

The order of the first few talks was:

  • The Chair of the School of Technology and Head of Photonics Research, University of Cambridge
  • The Vice-president (R&D) of O2 / Telefonica Europe
  • The Head of the Ultra-fast Photonics and Optical Networks Group, UCL
  • The Chair in Communication Networks and Systems and Director of the Institute of Integrated Information Systems, University of Leeds
  • Me, with my BA

So, no pressure or anything!

I've never enjoyed public speaking. The last time I spoke to a group of over 20 people (in the very same room as my talk yesterday, ominously), the stress caused me to become ill for a week. However, this time my talk went surprisingly well; I was congratulated afterwards as presenting one of the most interesting of the talks. Having someone senior in a company involved in the project exclaim "Wow, this is amazing!" half way through was certainly a confidence booster. :-) (And it made my project leader like me, as this exclamation was made within earshot of someone senior in the research council sponsoring us!) I got several people asking interesting questions and just one doubting my justification (unsurprising, perhaps, as the doubter was representing a company which has committed itself to a massive deployment of MPLS, a technology which I imply has major problems).

The demo also went surprisingly well, considering that when I had set it up the previous evening I realised as I was plugging in the monitor that I had forgotten to write any code to display useful data on said monitor. The display code ended up being a combination of Python and standard UNIX utilities, hacked together in 15 minutes, but which nevertheless displayed the information needed (the internal state databases of three prototype switches).

By far the best achievement of the day, however, was observing that the serious-looking fliers distributed to attendees listed one of the major outcomes of our project as "MOOSE". :-)

(Edited post hoc because what I wrote on returning from the showcase day was not entirely coherent...)


Annoyance: pre-installed installers [Oct. 2nd, 2008|17:44]
[mood |confusedconfused]

I just bought a new laptop (actually the same model as my old laptop — HP 2510p — for reasons which make sense only to myself). On first allowing it to boot, the factory installation underwent the following steps:

  1. Boot Windows XP and start the usual first-run wizard (slightly customised such that it forgets to offer you the chance to create a non-Administrator account?!).
  2. Reboot into the recovery partition (running a stripped-down copy of XP, presumably WinPE) and start the setup program for the recovery partition software, with no options presented to the user but a few "Next" buttons to click.
  3. Reboot back into XP proper, and prompt me to log in as Administrator, whereupon the (again optionless) installation wizard for the "factory-installed software" starts. This takes some time and is not cancellable; all I could do was watch in despair as my nice new laptop filled itself with 31 GB of crap.
  4. When I finally got to use my computer, the system tray looked like this:

    ...and so I went about removing some of the more pointless installed things, such as HP 3D DriveGuard which is installed despite my laptop having a solid-state hard drive which does not support or require this.

I really cannot see why this stuff could not have been installed in the factory. Or if they must make the user sit through the installation, some option to exclude unwanted stuff would be nice.


Annoyance: MoinMoin 1.6 [Oct. 2nd, 2008|17:10]
[mood |irateirate]

I upgraded my home server, callisto, to Ubuntu 8.10 (Intrepid) prerelease yesterday, and in the process caused my copy of the MoinMoin wiki engine to be upgraded from version 1.5.8 to version 1.7.1. Now, I've been recommending MoinMoin for a long time as a sane, well-written piece of wiki software which is packaged sensibly in Debian and Ubuntu such that each individual wiki just needs a small CGI script (consisting of a few lines of Python) to instantiate the centrally installed copy of MoinMoin with a local configuration file. I've even gone so far as to write a handy script on the SRCF for our users to set up a wiki that they will never need to maintain again, as upgrading to a new version just requires the sysadmins to install a new version of the package centrally.

Except upgrading past version 1.6.0 is nothing like that simple. A few bits of housekeeping are required to upgrade individual wikis:

  • A configuration file change, because the configuration files are actually Python code to instantiate and populate a configuration class, and the default configuration class has been renamed;
  • A new CGI wrapper script, again because a few classes got renamed; shame this was previously considered to be the part of a MoinMoin installation which never needed changing;
  • ...And the trifling matter of changing every wiki page on the system because the markup syntax changed.

Allow me to repeat this. There have been backwards-incompatible changes to the markup language used to write wiki pages, between minor versions. Such little things as hyperlinks are now written differently, and there is (as far as I can tell) no provision for parsing the old-style markup. This seems absolutely absurd to me; imagine if OpenOffice.org were to decide that the next minor release would come with a new file format and no provision for reading the old one. Madness.

A set of upgrade scripts are provided, but they only handle the required page edits, require considerable manual work before and during use, and leave the user to diagnose a variety of unhandled error conditions by googling cryptic backtraces. [Edit: And there are required edits that the script manages to miss, too, as its parser is incomplete.] Upgrading my small personal wiki, which is running a plain and largely-uncustomised copy of MoinMoin in a centrally-configured "wiki farm" setup, took several attempts and a lot of guesswork as to what was required next. It also insisted upon renaming some pages, which I consider to be a cardinal sin. I am not looking forward to upgrading the 15-20 diversely-configured and likely highly-customised wikis on the SRCF.

The SRCF wiki script has proven popular with users and sysadmins alike, and it's a shame that it's just caused us a vast amount of work. Needless to say, the script as it stands is now deprecated, but I would like to reinstate it with a different wiki engine that won't drop us in a pit of spikes in a year's time. Does anyone have a recommendation of a sane wiki engine which fulfils the SRCF's criteria?


That DNS thing [Jul. 24th, 2008|00:59]
So an explanation of Kaminsky's DNS attack has been leaked by Matasano, but the explanation is dodgy.

If I were to tweak the Matasano explanation to be more interesting (and also conveniently involve CNAMEs as suggested), I'd say in the last-but-one paragraph that Mallory doesn't reply "CXOPQ.VICTIM.COM. A", she instead replies "CXOPQ.VICTIM.COM. CNAME WWW.VICTIM.COM.", with an additional RR "WWW.VICTIM.COM. A".

If I understand correctly, that is definitely in-bailiwick since the additional RR is for the answer to the original query (it's equivalent to the normal use of additional RRs for NS glue) and will successfully poison Alice's cache for WWW.VICTIM.COM.


(I don't expect anyone to canonically disclose whether or not this is what Kaminsky is getting at at this stage... but it would be nice to know :-P )

My new Linux shell [May. 22nd, 2008|03:52]
I'm so sorry.Collapse )

Election Day [May. 1st, 2008|14:29]
[mood |discontentdiscontent]

It appears (from my fairly uninformed perspective) that today I have a choice in Abbey Ward between:
  • A candidate whose party is filling the centre of Cambridge with duplicate coffee shops, fashion outlets and yet more cars (Lib Dem)
  • A candidate who has so far maintained the status quo in the ward, which in many respects is not a good thing (Labour)
  • An unrealistically idealistic, out-of-touch and somewhat illiterate candidate: "Moter-way building should stop." (Green)
  • A candidate whose party is in favour of closure of the Hills Road bridge for the best part of a year for the installation of a project of dubious utility to local residents, and also in favour of the badly-thought-out congestion charge (Conservative)

[ viewing | 10 entries back ]
[ go | earlier/later ]