I'm a Government Slave 220 Days Out Of The Year

Between SSI, Federal Tax and State Tax, I'm in the 40% tax bracket. For the purposes of this discussion, I'll use a nice round 100k to do my calculations. I won't say what I earn, but It's not $100k/yr. I also didn't say it's not 120K or 80k, so don't try to guess :-)

100,000 x .40 = 40,000

So, on the face of it, a person earning 100k pays 40k in taxes. However, there's also money you never see, not even on your W2. As I understand it, for every dollar that you pay in W2 taxes and SSI, your employer is required to match it. So for every dollar that you pay in taxes, that's 2 dollars you technically should be earning. So...

100,000 + 40,000 = 140,000 Actual Potential Pay
40,000 + 40,000 = 80,000 Actual Income Taxes

So, to calculate how much you'd actually pay in taxes:

80,000 / 140,000 = 57%

So, stripping away one of the hidden tricks that the government uses to hide your actual annual worth, the income tax you actually pay is 57%.

Add into that all the taxes you pay when spending your income: sales taxes, property taxes, gas taxes, automobile taxes, utility taxes, sin taxes, and user "fees". You now easily exceed 60% of your actual income going to the government.

365 x .60 = 219

So, give a day, I work under duress for the government 220 days out of the year. Now, I understand that there are things we need to government to pay for like roads, law enforcement, fire fighters, judges, and politicians. But with the exception of these, everyone should be paying their own way through life. Hell, even roads could be privatized more than they are. And all those social programs can be filled by private entities and actual charity, instead of the forced "charity" and bureaucratic systems we have in place now.

When I mentioned this situation to my fiance, she told me that when people ask me what I do, I should respond "I work for the government 220 days out of the year."

All I keep thinking throughout the day is: Damn it! Give me my life back!

Global Warming Fanatics Have an Epiphany

Finally, someone posts on SlashDot something that I, and many other less than liberal people have been saying for a some time now: The sun "may" be warming the Earth and Mars simultaneously.

No s**t Sherlock. F'ing martian's and their SUVs.

Update 3/12/07: Here's further proof that these people are more dangerous than global warming itself.

Learn How To Do Stuff

Just in case you didn't know, now they have a book to show you how...

Make you own sign at signgenerator.org

Move Your Firefox Close Tab Button

I recently had to re-install my PC and I decided to take the opportunity to freshen up my Firefox profile by abandoning my prefs.js file and only migrating settings and extensions as needed.

As part of this, I ran into an issue I dealt with a while back and had to look up once more.

http://ffextensionguru.wordpress.com/2006/10/22/firefox-20-close-tab-buttons/

I don't like having my little red X to close the tabs actually in the tab. I like it at the end of the tab-bar. Just a quick rundown of how to change this:

Browse to about:config and filter for browser.tabs.closeButtons. Set that value to 3.

Broadcom BCM5754 NIC on FC5

At work we got in a brand spankin' new Dell PowerEdge SC440. And what's the problem with brand spankin' new hardware? Driver support. Fedora Core 5 didn't install drivers for our ethernet interface. As seen in lspci...

05:00.0 Ethernet controller: Broadcom Corporation Unknown device 167a (rev 02)

How do you solve this? Well, first off, you need to make sure that you have kernel 2.6.18 or higher on your system. If you don't have this yet, and you have some other means to network access, run yum update. Otherwise you'll probably have to use sneakernet to get the kernel RPM file on there. Then, after installing and rebooting into the new kernel, add this line to /etc/modprobe.conf

alias eth0 tg3

Reboot and run netconfig.

UPDATE: You can alternatively let kudzu try to find the device itself, after you do the kernel update. First you need to make kudzu believe that this is the first time the device has been inserted. Remove these lines for /etc/sysconefig/hwconf:

-
class: NETWORK
bus: PCI
detached: 0
device: dev1804289383
driver: tg3
desc: "Broadcom Corporation Unknown device 167a"
network.hwaddr: 00:1a:a0:18:aa:98
vendorId: 14e4
deviceId: 167a
subVendorId: 1028
subDeviceId: 01df
pciType: 1
pcidom:    0
pcibus:  5
pcidev:  0
pcifn:  0

Run "rmmod tg3" to uload the module, then run "/etc/init.d/kudzu start" and "modprobe tg3". Run "ifconfig -a" and you should now see the ethernet interface. Run "netconfig" or netconfig -d eth1" (if you have this as a secondary interface) to configure it.

Change Your Default syslog Options to Disable DNS Lookups

Disclaimer: Nevermind. Turns out that this only disables lookups on remote syslog entries (from another syslog host). Still looking for a solution on this one. Feel free to read on if you wish.

So this weekend, someone (as happens quite frequently) attempted to gain access to my server via the FTP daemon. No big surprise there. What was interesting about it was that there was one attempt from an rhost named "oa". Not oa.1337hacker.com, or even an IP, just.... oa. As expected an nslookup of "oa" yielded nothing.

So I ended up turning off reverse lookups on syslog. I'd suggest you do the same. You can't really trust reverse lookups. What's to prevent someone who has control over their PTR record to create any bogus reverse lookup, even google.com or yourdomain.com and attempt the same thing? You have no means at that point to actually identify the attacker positively by IP.

To turn off reverse lookups for syslog on FC6, just add -x to this line in /etc/sysconfig/syslog:

SYSLOGD_OPTIONS="-x ... "

See here for my bug report on Redhat's Bugzilla. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227357

Albert Einsten: "Global warming will kill us all"

I was checking out the website of self-proclaimed global warming activist Laurie David today, when I noticed a quote in the header of the site:

"We shall require a substantially new manner of thinking if mankind is to survive."

"Wow" I thought. Did Albert Einstein really forsee some catastrophic fate for our very existence if we were to not buy into the theory of global warming? I'd heard/seen that quote somewhere before, and I didn't recall anything about global warming in its context. Could it be that such an anchor statement was being used to mislead people into thinking that Albert Einstein supported the theory of Global Warming? I had to look up the context of this statement. This is what I found:

"The splitting of the atom has changed everything except the way we think. Thus we drift toward unparalleled catastrophe. We shall require a substantially new manner of thinking if mankind is to survive."

This statement, in fact, has no application to Global Warming, other than to claim that we who do not believe the global warming theory are stuck in some age-old paradigm that will doom us all.

Server Migration

The era of Devnull is coming to a close as we usher in the era of "Courage".

My new server, Courage, has been up and running for about 4 weeks, however with limited usefulness. It had just been sitting there for some time waiting for a greater purpose. My home workstation, Integrity, was originally going to be the successor to Devnull, but after waiting for many months to get a new installation and start the migration process, newer hardware came into my possession that gave birth to Courage. Now I'm not quite sure what to do with Integrity. Another MythTV frontend maybe?

In any case, migration has started to Courage, and I believe that most of the essential services have been moved (http, mysql, ftp, named, and ssh). I have yet to move the mail-related services (smtp, imap, pop, etc.) as I am migrating to postfix over sendmail and am working around some configuration conversion issues. I expect that to be done in the coming days.

5 Voice Actors In A Limo

I don't know why or for how long exactly, but I've been interested in voice acting for some time. I just think it's cool how these guys sound. Check this out: 5 Guys in a Limo

MuchTallWare: Cron Runonce

I wrote up a small perl script that will run any executable file in /etc/cron.runonce once and remove that file. It's handy when we need to remotely deploy a change to multiple servers and make sure that we don't leave remnants of those scripts in cron. Download it and evaluate the variables for your needs. Currenly it assumes you have set up a cron.1min directory.

cron-runonce

MuchTallWare: fixmyself.pl

Today at work we had a situation where a server wasn't coming back on the network after a reboot. Normally this wouldn't be a big deal, but the server was across the ocean in a vastly different timezone, so troubleshooting normally has to be done in a 2-hour window.

It turned out that the sk98lin module that we were using for our nic has been superceeded/deprecated by skge. So I wanted to test out the new module on the new kernel version, but didn't have someone on the other end to reboot and types things in on the console should something go wrong. I needed a way to make the server roll back the changes and reboot if it did not see me come back to the server after 10 minutes. I didn't have any handy script to do this, so I wrote one up.

fixmyself.pl checks for a condition that you specify in the subroutine test_condition() and if the test fails (such as not finding any processes running on pts0 through 9), then it executes a response_action() subroutine. In this case it finds the changes I made, changes them back, and reboots the server.

I hope you find it useful: fixmyself.pl

MuchTallWare: ftpautoban.pl: Auto-ban IPs from VSFTP

Some dumbass has been pummeling my ftp server with brute-force FTP attempts. So I've written a script that you can add to your cron tab to help you auto-ban them via hosts.deny. Pay attention to the variables as this was written on a RedHat 9 box and may not be entirely applicable to other platforms or versions.

ftpautoban.pl

John's!@holmstadt.com

I give up. Thunderbird, as great as it is at classifying spam, just isn't good enough to combat the all the crap that fills my inbox. It probably only catches %80 of the spam that comes my way, and that's pretty bad when I get 50-100 spams a day.

Why so much spam? It's pretty simple. Just go and register any domain. Set up a catch-all for @yourdomain.com to point to an account, and watch the spam come in.... for everyone. Susie, Ron, Bob, Jack, Tom, Tim, Phil, and of course, John. If it's a common name, you'l get email for it at name@yourdomain.com. Spammers guess at all sorts of common names to try to find new targets for their herbal viagra ads and genital enlargment creams.

This has become a problem for my email address. John is a pretty common name after all. But really, few people actually email me there. I've taken to creating a new email address for each entity I share my contact info with. I've prepared for this by creating a catchall for the subdomain of @john.mydomain.com For instance, if I share my address with Joe Blo, I ask him to email me at jblo@john.mydomain.com. If his computer ever gets compromised, or he decides to share this address with spammers, I simply tell sendmail to start rejecting this address.

Other than the fact that i've been still accepting mail for john@, It's been working pretty well. The only people who have emailed me directly are family members and spammers. So I've told family to start using a sub-domained address and told sendmail to start rejecting john@mydomain.com.

So that's it. I give up. You've ruined my uber-slick email address, so I must reject all of your mail and move on to a less convenient address.

MuchTallWare: winfax2pyla.pl

I recently designed a deployment of Pyla/HylaFax for one of our offices. Part of this deployment required that we convert their WinFax Address Book(s) to Pyla's address book. To do this I wrote up a short perl script. You can get it here:

winfax2pyla.pl

Do me a favor and let me know if it helped you out!

Installing Fedora Core 6 using XFS

At work we use XFS primarily on / to allow us greater flexibility with file size, filesystem size, and inode limits. It's been working out great until FC6 came out. For some reason when you install an FC6 system using xfs (boot the install with "linux xfs"), the install goes great, but the system can't seem to write to the drive after it reboots. I'm not sure what the bug is all about, but it's been reported and is being discussed on Redhat's Bugzilla (XFS on FC6)

I think I've found a workaround that seems to do the job. If you install the system with selinux disabled (linux selinux=0 xfs), the system will boot up just fine. If you really want re-enable selinux, you can re-enable it after first boot (edit /etc/selinux/config) and reboot to apply the change.

Adding Firewall rules on DD-WRT

Just recently I got OpenVPN set up on my WRT54G (w/DD-WRT) to connect to the network at my workplace. However, I noticed that although the vpn tunnel was up, packets weren't traversing it. For a while I thought it was some odd routing issue, but then I realized that the issue was with the firewall config. I just assumed that the firewall config was automatically changed to allow VPN tunnel traffic.

So here's the problem. DD-WRT is meant, on it's face, to be a cutesy interface for average Joes, with some power-user features. I doesn't allow you to set custom firewall rules via the web interface. Furthermore, there's no flat file you can edit within the console to make changes. All configs get regenerated and overwritten on boot. The configuration alterations are actually stored in nvram. To see this data, just ssh to your DD-WRT and enter:

nvram show

Ahh. Brings back memories of configuring SpeedStream routers from scratch. Anyhow... Here's where you can see all the config that the DD-WRT uses to actually generate the volatile standardized conf files that sit in the ramdisk. You can actually see individual configuration variables if you'd like to alter or add to them by hand (instead of by web). For example, this will show you the NAT forwarding config:

nvram get forward_spec

You should see a list of strings showing the NAT config. It's all on one line with options separated by colons (and a ">") and delimited by spaces. That is, assuming you have any NAT entries configured.

But here's the fun part. I have 2 iptables rules that need to be inserted when the system boots to allow the VPN tunnel's traffic to pass:

iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT

First, check to make sure you don't have any existing config that you may have to add:

nvram get rc_firewall

I can add this to the startup config by sending following commands:

nvram set rc_firewall="iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT"
nvram commit

Copy this into notepad, edit it as you see fit, and paste it into your SSH session. After running them, just reboot to apply the change.

UPDATE 11/17/06: Apparently my habit of making solutions geekier than they have to be has bitten me again. It appears that if you simply browse to Administration > Commands (http://yourrouter/Diagnostics.asp), you can enter the commands there and hit "Save Firewall" to achieve the same effect. Damn. And here I thought I discovered something cool :-)

Adding SATA Controller Support in initrd

Today we had a problem at work where, after adding two 400G drives and a SATA controller to a server and adding the two drives to the root logical volume, the system would not boot. It would kernel panic because LVM could not find the drives. Turns out the SATA controller driver wasn't being loaded on boot, before the drives are accessed.

The solution was to run mkinird with SATA device probing. It was further surmised that RPM kernel upgrades handle this automatically by reading in the required devices from modprobe.conf.

This solution saved nearly a full day of labor by avoiding a complete server re-install.

Roundup of Work Accomplishments

I've been meaning to create blog of work accomplishments and have never quite gotten around to it, so I'm just going to start dropping them here. Here's a round up of things that I have accomplished so far:

  • cleanupsmbd.pl: Wrote a workaround script to kill off smbd processes before they start to bring a server to a crawl
  • FC5 Deployment: Readied and bugtested FC5 installation procedures for enterprise deployment
  • Overcame LDAP integration issues on FC5
  • Identified kernel panic cause on FC5 systems (running kernel 2.6.17-1.2174 w/e1000 NIC)
  • Configured anaconda and prepared Kickstart for FC5 (near hands-free install)
  • Preliminary work on fully automating branch server configuration (from fresh install to deployment)
  • Wrote runonce script useful for creating things like cron.1min and cron.5min
  • Corrected a long-standing shorewall startup issue relating to linefeeds
  • Wrote a patch to fix the LDAP BDB database on startup if corruption is detected (Redhat Bugzilla 207821)
  • Troubleshooting and adapted Samba configuration procedures to follow new printer permissions standards (deprecated printer admin option)
  • Identified shorewall slow (10 minute) startup cause (Redhat Bugzilla 211338)

Free Freedom?

Just the other day I work I noticed a saying surrounding an American flag posted on someone's cubicle wall, facing the ever-common "Freedom Isn't Free" decal on my manager's office window...

"If it isn't free, It isn't freedom."

But what does it mean? No, seriously. It doesn't make sense. A Google search of the above statement returns only two insufficient
results for this exact phrase, so finding the meaning there was
pointless. Logically, this is the best I can do to understand it...

If this sign/phrase is supposed to be a response to the statement that freedom often requires the selfless sacrifice of human life to maintain it (as history has shown us over and over again), then what does this say? If you can't get/keep your freedom without struggle, then it's not really freedom? Are we supposed to expect from this that others will just give us freedom, and that fighting for it defeats the effect? Sometimes I have to wonder if Liberals either don't understand English, or just don't understand History. In either case, it has got to be due to a great public school miseducation.

All throughout history, the enslaved and oppressed had to fight for their freedom, and lives were always lost. Bending over and taking it in the rear is not freedom. There's always some miscreant ready and willing to step right up with their pants down when you do. To be honest, these sound like the words of an either an idealistic brat or vagrant who cries that they deserve food or pay without work. There's always a price.

Freedom is never free. It never was.

One Cool Text Editor

I've been looking for a good text editor for a few years now. Yeah, I wasn't looking really hard, but I had tried a couple of the usual suspects, TextEdit and UltraEdit-32. Both seemed good if not great, but the nag screen thing bugged me. I also didn't like the idea of paying $30-40 for a text editor. I mean, the colors are cool and all when I'm editing Perl code, and I like the advanced search and replace features, but I don't think that I could justify spending $30 for that. I'll just use notepad and wordpad if it comes right down to it.

But in this last round of searching for a text editor, I found PSPad. It's excellent for the price (free). I may never make use of all of it's features, but for my purposes, it's perfect.