Another busy Monday, especially after discovering that my PFY is away for ten days holiday. I'm sure he probably mentioned it a while ago, but I wouldn't have minded a reminder last week... He appears to have left a number of loose ends dangling, and I'm a touch frazzled.
More work on the new pages, tonight, and hopefully something worth uploading tomorrow.
Busy with updates to the INFINITY2 pages - there's a lot to write, now I come down to it...
The first couple of pages are there now.
Our house is surrounded by cat owners whose charges seem to enjoy leaving little surprises in the long grass of the garden, and in the past I've sometimes employed a cheap Super Soaker knock-off to encourage them away. This summer, though, it's seals seem to have perished and most of my stealthy pumping and sudden, dramatic appearances have been followed by a somewhat anti-climatic fine mist and a loud hissing noise. It usually shoos the cat away, but not exactly in a manner likely to become a behaviour-forming experience, and it seemed that a replacement was in order...
I'm in the habit, these days, of searching the web for reviews of anything that I plan to purchase, and unsurprisingly there is no shortage of information online once you plug into the right pages. One of the prettiest sites is iSoaker, but navigation is awkward with far too much Flash for my taste even over broadband. Far more accessible are Aqua Armoury and Age Of The Soaker, and between them and the web ring of which they're part, there is certainly a wealth of information for the dedicated hydraulic shootist. The technology has advanced somewhat since I last paid any attention to this sort of thing, but any of the official Super Soakers seem more than adequate to drown an occasional cat, and I shall see what I can find in the local toy shops.
I've finally started serious work on the new INFINITY2 pages, but I'm really not happy with most of the photographs I took. I certainly don't have anything that I'd be happy submitting to the online case galleries, and I think maybe it's time to start thinking about the replacement digital camera I've been promising myself. The best price/performance ratio for digicams seems to come from buying relatively mature products at end-of-line prices - the promised ten megapixel cameras are still a few years off in the consumer market, and until then the difference between 2.6 and 3 megapixel CCDs is far less than the £200 price hike it commands.
I've been very happy with the reliability and performance of my old 1.2 megapixel DC120, bought with the same philosophy when 2 megapixel was the norm, so I will check out Kodak's more recent offerings first. Apart from it's large size and low resolution, by current standards, the DC120's only significant weakness is it's poor performance for indoor pictures under artificial light. The transition from CCD to CMOS photosensors in most cameras has improved this considerably over the last few years though, I gather, and photographing the new case in situ would certainly be a good benchmark - I shall have to see what I can borrow from friends to test-drive.
I seem to have been spoiled by the marvellous Distributed.Net client - it's multi-processor-aware "out of the box", whereas every other grid processing client requires a whole bunch of fuss with separate installation directories, fiddly command-line switches, and two instances of the executables. For a concept that predicates raw processing power, making it any harder than necessary to maximise the client's performance is just plain stoopid. Sheesh...
While on the subject of marvellous software, it's good to see that the fantabulous VNC Project is still going strong in spite of the threatened closure of it's creator and host, AT&T's Cambridge research lab. The project has moved to a new home page and released a new version, and all looks rosy.
And while on the subject of feeling rosy - if you use vitamins, dietary supplements or herbal remedies I can thoroughly recommend Healthspan for pills and potions by mail. Prices are very favourable compared to the high street, all concentrations etc. are clearly shown, and shipping is free and pleasingly rapid. They have a traditional printed catalogue as well as on online store, and even take orders by phone if you're e-commerce-shy.
Firmly back online, though, the New York Times has an article on "science's ten most beautiful experiments", voted on by physicists and published in Physics World. All the big names are there, but I was rather surprised that the winner was the English scientist Thomas Young - his early 19th century light interference experiment, "Young's Slits", conclusively proved (within the context of the science of the day) that light propagated in waves instead of particles, but the article considers his real contribution to have come many years after his death. During the first few decades of the 20th century, a modification of his idea became extremely useful as a thought-experiment during the formation of the laws of quantum physics, and the sheer elegance of a single idea that can simultaneously prove light to be both wave and particle is evidently widely admired. Bizarrely, however, the actual experiment (using a beam of electrons rather than of photons) wasn't repeated to test those laws in the real world until 1961!
Still with remarkable experiments, I read at Ars Technica that work on anti-matter is progressing well: last week the ATHENA group at CERN announced that they had created 50,000 atoms of anti-hydrogen, trapping antiprotons and positrons separately and then mixing the two together. A brief controversy raged after the announcement, but all now appears to be settled and the claim stands - they really did contain a whole bunch of antimatter at 15 degrees above absolute zero in a magnetic trap. Interestingly, this could be extremely useful in an experiment first performed earlier this year at SLAC, an attempt to test the accuracy of the predicted Standard Model value, the ratio of matter to anti-matter in the universe and an important constant in modern physics. The result was a little lower that the expected value, however, but apparently involved a considerable margin of error - which could be significantly reduced by having a ready supply of anti-matter on tap. Hmmm... So, would it be easier to move ATHENA to Stamford, or SLAC to Geneva?
And finally, humour...
The Distributed.Net RC5-64 code-breaking challenge is over, after 1757 days - nearly five years! The correct key, apparently calculated on an otherwise unremarkable 450Mhz Pentium III located in Tokyo, was the memorable "0x63DE7DC154F4D03".
My contribution to the project was quite small, but I think still statistically significant - at the peak, I had at least thirty computers running the client, mostly big-iron multi-processor PII and PIII servers that really chewed through the numbers - and in the four years that I've been participating they calculated 4,401,514,697,195,520 possible keys (all wrong!) between them... that's 0.023% of the total number calculated, and I finished in 228th place out of a third of a million worldwide - which I think is a respectable achievement given that some of the competition were honest-to-goodness supercomputers. <smug>
The correct key was actually found on the 14th July but, due to a horrible failure in the central processing scripts, lay undiscovered until the 12th August. Further delays within RSA Laboratories and problems locating the (anonymous) winner meant that the news only broke yesterday... That's a lot of wasted CPU cycles.
I shall almost be glad to see the back of it, actually - problems with the stats over the last six months have taken most of the "league table" fun out of it, and I was getting fed up with explaining to people at the office that 100% CPU utilisation on an NT server is not necessarily a bad thing, but could just be a sign of extremely efficient code making the best use of resources... So I'll strip the clients off all my systems <groan>, close the ports in various firewalls, and wave it a sad goodbye. I might try SETI@Home or something else graphically pretty for my own PC, but I don't think I'm inclined to run any more spare-time number-crunching farms - it could be a lot of work, sometimes...
The official announcement raises any interesting point, though - "While it's debatable that the duration of this project does much to devalue the security of a 64-bit RC5 key by much, we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time". As a network manager, I'm in the habit considering brute-force attacks on strong encryption as rather a limited technique - if good practice is followed and passwords are changed on a regular basis, the window for decrypting a captured authentication string may be much less than a month and so probably beyond the reach of all but the best connected.
The encrypted static data that my systems protect is considerably more vulnerable though, I've realised - bank account and credit card information could have a fairly long shelf-life, as could medical details or employment records... and taking it to extremes, the geographical locations of nuclear missile silos would still be of interest even if the decryption took many years. It has to be assumed that there are government computers all over the world patiently hammering away at data captured decades ago. It's a sobering thought...
It's been a funny couple of days... yesterday I arrived in the office to find that the combination of the computer room and store room locks had been changed overnight, which during a company "restructuring" is a great way of making a senior techy nervous... This morning I I discovered that, after I left, the department manager had apparently twisted my PFY's arm until he added a whole bunch of new user accounts for the company we've in the process of acquiring - not a problem in itself, but I hadn't been warned to expect it and none of the back-end structure of groups, scripts and distribution lists was ready for them.
Much clickety-clicking ensued, but it's still a bit of a mess - I've been hoping to delay most of this sort of thing until we move to Active Directory next year, as our current NT4 domain model is starting to creak at the seams a little. However, it appears that nobody else wants to wait that long, and as the new users are supposed to be kept temporarily in a division of their own while still being spread through our various departments (you want what?), I have to find a way of making a flat domain model appear hierarchical to the users! Fortunately there are some useful tricks in Exchange with customised Address Book Views, and that should keep the manager off my back long enough to finish the job more elegantly next year.
I have a feeling about the rest of the week...
... is weird science day, apparently.
Unification at last? Extra, hidden dimensions may link magnetism to gravity.
Strange things, close up: the original interaction between light and matter.
Mediocre black holes. They just couldn't make the grade.
Also from Stuff U Can Use, home of the remarkable faked moon landing pictures - a sneak preview of the next-generation Microsoft OS, Windows RG... I loved the Word and Reboot options on the Start Menu...
Back in orbit again, it appears that part of Apollo 12 has returned after more than thirty years wandering around the sun. The lower stages of the Saturn V boosters were discarded too soon in the ascent to reach orbit, and mostly fell into the sea, but the bus-sized Saturn IVb third stages had sufficient altitude and energy to achieve orbit after separation. This particular SIVb seems to have spun wildly around the earth for about fifteen months after launch, before transitioning to a solar orbit in March 1971 via a "portal" at the L1 Lagrange point, where the gravitational attraction of the Sun and the Earth is about equal. After 33 orbits of the sun, it's path led back through the L1 portal and it transitioned into Earth orbit again in April of this year - a cycle that it will repeat every thirty years until it runs into something or we go out and grab it... And although the latter is highly unlikely given the current NASA budget, the hardware would certainly provide some interesting data on the long-term effects of solar radiation and micro-meteorites.
Some repairs on the ISS kit today, following a collision during an orbital transfer manoeuvre. Well, Ok, a solar panel fell off while I was moving it out of the way before re-arranging the room last month...
It was all hands (thanks, Caz!) to the Dremel to drill out a hole in both panel and truss for the new supporting pin, a little length of thin fibreglass rod left over from an Indian fighting kite many years ago. There were a few awkward moments, as the bulk and fragility of the model made clamping it impossible while preventing access with the drill press in horizontal mode. I don't have the steadiest hands for this sort of thing, but fortunately our mistakes seemed to cancel out and it ended up very nicely. It's great to have it back in orbit above my desk again.
So, another Linux worm... And a very interesting one, too, in that right now nobody knows quite what it is going to do! Slapper infects Linux servers via the well-documented OpenSSL vulnerability in the Apache web server, forming them into peer-to-peer networks with each infected machine sharing data with it's peers and capable of assuming control over the network as a whole.
The vulnerability was first publicised in July, but such is the power of the "Linux is safe, Apache is safe" mind-set that it appears a large number of Linux users have failed to keep up to date. Some estimates suggest that as many as ten million Apache-based servers remain un-patched but, of course, there is active debate over whether this figure is accurate. The initial figures suggest so, though - since it was first detected, a week ago on Friday 13th, it has already compromised at least 20,000 servers - three of the worm's networks have been detected; one with 11,000 hosts, one with 6900, and one whose size has yet to be determined. Security firm ISS reports that at least one of these networks has already launched a large-scale denial-of-service attack against another (un-named) security company, involving compromised hosts from over a hundred countries.
Although the DOS code is already contained in the worm, the Apache exploit provides a shell session that could, in principle, run any malicious code. It will be interesting to see what the next payload turns out to be: there are other Linux vulnerabilities that could be exploited from within the shell session (running in the security context of the Apache user) to leverage control over the local machine. Given the peer-to-peer nature of the worm's network, one could hypothesise a little UUCP daemon that simply copies (or moves!) randomly chosen data files to a randomly chosen host. <grim smile> I'm glad that I'm not a Linux weenie right now, but I can't help but wonder how soon the Windows version will arrive...
An interesting article at Dan's Data, today, on how not to electrocute yourself - and he thoughtfully includes a picture of himself not being electrocuted to prove that he knows what he's talking about... I was somewhat reassured after reading it, actually, as I usually find anything more powerful than a torch battery rather scary... I leave computer power supplies for days (rather than the recommended hours) to allow the capacitors to drain, only touch things of a dubious electrical nature with one hand at a time (helps to prevent a shock through the heart), and refuse point-blank to open up CRT monitors at all!
It's probably a touch unusual for somebody who is constantly working inside electrical and electronic hardware, but in my defence I can only state that, over-cautious or not, I have only ever had one serious run-in with mains electricity - and that was when I was about twelve... Evidently it was a sufficiently formative experience that I'm not keen to repeat it even now, so I shall keep the fingers crossed on the hand held safely behind my back, do as much as I can at a safe distance of ten feet from the hardware, and let someone else open monitors whenever possible.
Possibly the scariest thing in Dan's article, however, is that there are apparently people who collect electrical insulators. Yes, that's right - insulators. The things that insulate one thing from another thing. They have a web site. And a magazine. And clubs... I don't want to talk about it, Okay?
Elsewhere, a genuine must-see: Definitive Proof that the moon landings were faked.
I've decided that I need another two lights in the new case - at present, the glow is best at night with the room lights turned down low, but I think I can improve on that. It would be neat if I could find a source of dual invertors, each capable of powering two tubes, but they're rare at present so I'll have to squeeze all four into the current location. Fortunately there is a very convenient little niche in the SuperFlower case which will hold them adequately, and the hardest part is likely to be the wiring - currently rather a hodge-podge. The case has two convenient, ready-made holes at the rear, which turn out to be just the right size for the switches provided with the lights, but it looks as if I'll have to extend the high-voltage leads for one of the tubes, and apparently that can be tricky.
My lights are the latest incarnation of the hightly-regarded PC Mods design and, unusually, the invertors are neatly enclosed in a small, rectangular plastic box. Most are wrapped in heat-shrink or dipped in liquid latex, and considering their output voltage (about 1000VAC) I've never been convinced that a sharp PCB edge or component pin couldn't wear enough of a hole to create some interesting and unexpected effects... With mine so well-protected, though, I think I can squeeze them all in next to each other without worrying about shorts.
Another less-than-ideal start to a week, when I arrived at the office to find that one of the LTO tape drives in the backup server had failed - everything ran through Ok on the other drive, if rather more slowly, and Dell dispatched both a replacement drive and (separately!) an engineer to install it within a couple of hours of logging the call.
I've been thinking a lot about backup in general, recently, after the failures on the home network... It's easy to forget that incremental backups are a compromise forced on us through lack of time and capacity, and not an ideal solution! In the good old days it was relatively hard to create a backup strategy for an entire network without budgeting for 36 or 48 hour days, but modern tape hardware performs faster than most hard disks did a few years ago, and with 100MBit network connections now the standard performance is far less of an issue. The slowest of my remote servers is being backed up at 150Mb/min, and the main-line systems at around 700Mb/min... And I'm fairly sure that the tape drives aren't running as fast as they could, either - I tested it on a spare server before installation, and it was negotiating 160Mbit/sec SCSI connections to the server - but only seems to make 80Mbit/sec connections to the same SCSI card on the live system, in spite of being in a 64bit PCI slot. I must get around to fiddling with that at some point!
When it comes to capacity, modern LTO and AIT libraries can certainly provide it in spades - our PowerVault is half-empty, inside, and is still capable of holding four or five Terrabytes... fully loaded with drives, columns and magazines, it offers a mind-boggling 14Tb, which it can suck in at upwards of 500Gb/hour! So, given both the time and the capacity to perform complete backups nightly, apart from the additional wear and tear on the tape hardware (which is relatively unimportant in the presence of a good support contract) I can't see any good reason not to. I shall see how it works out over the next couple of months...