The Grumpy Troll

Ramblings of a grumpy troll.


Archive for 2010

PGP keyserver interface

This evening's minor tinkering: my web UI front-end to querying my PGP keyserver now uses AJAX to populate a list of servers that you can query instead of having to query mine. No JavaScript, no problem, you just don't even get shown a list of alternative servers and the functionality still works for querying mine. The list of servers is populated from the complete list of servers in the SKS peering mesh.


Verizon FiOS DNS redirection/hijacking/spoofing

Recording the solution here, after trawling through innumerable forum posts, broken support links, etc. Verizon FiOS supplies, by default, DNS recursors which spoof answers in place of NXDOMAIN, but ameliorate the impact by only doing so for queries in which the first label is "www". The page is a Yahoo/Teoma search. My, what a juicy target, should a government ever turn tyrannical -- force the revocation of domain registration for an unfavoured group, then serve Yahoo!


Shell anti-pattern security hole

I consider myself proficient in shell programming (POSIX sh, with variants). Today, I learnt of a surprising behaviour, which I then realised meant that some error-handling code wasn't firing when it should, which led to spotting why this is a rather common problem and, in certain circumstances, a security hole resulting from an anti-pattern. The anti-pattern: die() { echo >&2 "$0: $*"; exit 1; } foo() { local tmpdir=$(mktemp -d -t foo.



It's 18:43 and I still have home Internet connectivity. It's a very bad state of affairs that this makes me so happy. That's how bad Comcast (business class) was. Verizon FiOS for the win!

Scratch the Notion Ink Adam off the wishlist

I finally got an answer to my question of Notion Ink about whether or not there will be DRM locking down the OS image, and it's not the answer I was hoping for. Oh well, I guess I need to look more seriously at the competition. I'm not happy at this, I've been waiting for the Pixel Qi display for a long time now. I mailed info@, per their web-site. I got a boiler-plate response which didn't answer my question but said they'd be happy to reply to specific questions.


IPv6 troubles

As those who know The Grumpy Troll are aware, the troll uses IPv6 fairly extensively. I like it as a protocol suite, mostly. I have some negative opinions about the standards work behind transition mechanisms and some of the areas and will acknowledge that many of the improvements have been back-ported to IPv4 already. But still, I like the expanded address-space for my own use. I'm having to disable IPv6 to home for the time being, until I am Less Grumpy.


The wikileaks Afghanistan documents

The US Constition, Article III, Section 3, defines, "Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort." If the US government is supplying money to a regime which they *know* is forwarding some of it on to a group which the USA is at war with, then we appear to have a whistleblower who has provided proof of treason at the highest levels.



Everyone has different boundaries when it comes to sharing and privacy.  Some services are great for those that use them, but horrifying for those that don't.  Google Latitude is one of those.  It normally falls outside my comfort zone.  It's not even something you might normally have on, but turn off when you want privacy, as the act of turning it off draws attention to the time-period when it was turned off.


A brief parting of ways

Farewell, sweet Internet.  I know you so well, your inner workings and your dark secrets.  But it shall be but a brief parting; filled with sorrow and pain, but yet brief, as time is reckoned outside your embrace.  For though I shall disconnect the cable-modem shortly, in but nine days time I and mine, having become ensconced in our new domicile, shall be reconnected unto thee once more.  Nay, not merely reconnected, but on more intimate terms, as Business Class shall bring us together without the vines of sand attempting to throttle us or the watchman limiting our total bandwidth per lunar cycle.


Who benefits from referendums?

In the below, please note that I am a Resident Alien in the USA and do not get to vote. That will change when I become a citizen. I currently live in Santa Clara. Santa Clara operates its own municipal electricity company. SC also delivers, to all residents, a calendar/agenda each year which includes a summary of finances. So we get to see a huge amount of money flowing in as revenue and a huge amount flowing out again as costs.


Firewall features

In discussion with a friend, he writes, “[...] and [censored].. which is an SSL-VPN that we currently have, has allowed an awesome work/life balance because nobody can work from home” Nice feature-set.

Pseudo-intellectual Latin

There's a fairly common theme in the tech industry, that when something goes wrong, the incident report is called a “post-mortem”, even though nobody has died. That's fair enough. What still irritates me is the use of the term “post-morti” to describe a collection of post-mortems. Here's what I wrote on the topic when correcting the usage in a wiki page, before it was uncorrected because the wrong version was considered funnier.


The value of paying?

My wife was pleasantly surprised to get an iPad as a birthday present. She knew my opinion of it, so knew that this was a tech toy for her, not a "look what I got me^Wyou" gift. On the surface, very capable. When I set up IMAP access to our mailserver, I found out how shallow that is, but that's another story of poor feedback and buggy diagnostics. This evening, Mrs Troll decided to install some games.


Email address validity

This is a valid email address to reach me: Phil Pennock <a~`*&^$#_-={}'?> Does your mail-handling code accept that perfectly legitimate email address? It's not a catchall, it's explicitly configured as an address to reach me. If it can't be parsed, why not? FWIW, I'm quite happy that this address is not likely to be successfully harvested by spammers. :-) Other addresses that are legitimate in form:<""><"fred bloggs"><" foo  "><"X'); DROP TABLE domains; DROP TABLE passwords; --"> -The Grumpy Troll PS: see also email-cooperation from earlier this month.


MySQL Security

When deciding what to do about security of a product, it's important to think about your threat model. What are you defending against? Failure to do this can lead to situations that are most politely described as ‟silly”. For instance, let's say you want to support SSL connections between your client and your server. The client sets the connection up and can identify the server by the certificate presented, which includes a verified hostname.


Email Cooperation

People blather on. Today, they do it online. There are several different ways of going about it:Entering short messages into a transcript which others read over, such as forums or social networking websites, where later participants can see older messagesEntering longer messages onto a website, with indexing and optional commentary; blogsVoice communications online, or video, typically not archived, but can beShort back-and-forth realtime messages, ‟Instant Messaging”, IM, such as XMPP, MSN, ICQ, etc; some clients log these communications, and some server software does tooOnline memos, sent around, often delivered quickly but left in an inbox to be worked through.


Typing Weird Stuff

I speak English, for certain values of ‟English”. I speak varying amounts of other languages which use the Roman alphabet. For the most part, I can work in plain ASCII. I like to be able to use currency symbols too, whether working with £1 or €1. The former can be met with ISO-8859-1 (Latin1), the latter can be met by using ISO-8859-15 (Latin9). But that's not enough for me, because I'm picky enough to want to use accurate characters for many other purposes.


The Troll Awakens

Once, I sneered at the word "blog".  Today, I still feel that the word is abysmal and a sign of  social exclusion, rather than having any real purpose.  Yet I have become a realist and the word "blog" is now generally accepted. So this grumpy, cynical, troll has finally succumbed. What will I be posting? Mostly technical content.  How-tos, rants, monographs and more.  Over the years, I've written a number of emails with useful content; I'll probably dig through some archives and extract some and massage them into blog postings.