DEBRIS.COMgood for a laugh, or possibly an aneurysm

The EFF reports that color laser printer output contains trackable digital watermarks. I doubt this “feature” is listed on the outside of the box. (“New and improved! The government can identify every page you print!”)

The EFF’s work follows a PC World article from last Fall, which had escaped my notice until now, perhaps because I’ve been busy composing notes of encouragement and support to your President by arranging letters cut from random magazines and gluing them onto scraps of paper rescued from the recycle basket at distant Kinko’s: Government Uses Color Laser Printer Technology to Track Documents

So until somebody slips tiny RFID molecules into my glue stick, I guess I’m still anonymous.

So I found myself in the car for about four hours today, occasionally scanning the FM band on the off chance I’d find something other than the regular morning masturbation of most radio show hosts during rewinds of the latest Dream Theater album.

I paused the relentless channel-scan on a news program. I realized after a few moments that the station was playing a “newsroom” soundtrack behind the announcer’s voice. It sounded like 100 people frantically hammering on typewriters.

Typewriters? Sheesh, why not telegraphs?

Granted, this particular station’s demographic is old enough for this anachronistic sound to be accepted without question. (“Coming up after the break: The Association! Stay with us.”)

No, it’s not at all ironic that I’m ridiculing the sound of one old technology while listening to another. My car’s cassette player is not deserving of your scorn. Besides, the other car has a CD player. Now leave me alone.

Sometimes it’s fun to lift up a rock and focus a little white-hot sunlight on the slimy invertebrates underneath…

Quoting from yet-another piece of mortgage junkmail:

If you are like myself [sic], you receive tons of fliers just like this one every week.

Wow, in addition to selling shitty mortgages you also read minds?!?!

Everyone is promising you the “lowest rates” and “best service.”

In contrast, your offer promises the “Worst. Mortgage. Evar.” Except that you spell it “10 year interest-only period followed by 20 yrs P&I,” in mousetype, natch.

There are no upfront fees to apply…

No, of course not. You add them to the loan amount instead.

STOP THROWING AWAY TENS OF THOUSANDS OF DOLLARS EACH YEAR!!

…when you can throw them all away, and some others too, in 10 years after you realize you’ve paid down exactly NONE of that $500,000 jumbo loan, and it is going to cost you 30 years’ worth of interest at then-current rates even though you’ll have only 20 years to pay it off. On the other hand, if you spent some of those tens of thousands of dollars every year on lottery tickets, maybe it will all work out fine.

Over two years ago I started building a new firewall. I foreshadowed the agony to come, in my first report: “The software is taking longer to configure… more on that later.”

It’s finally “later.”

I’d started, I think, with RedHat 8. I got sidetracked trying to make the machine work as a print server. I dislike futzing with hardware so much that I can only stand it in small doses, so I took a couple months off, by which time RedHat 9 came out. I kissed off the print-server failure and did a fresh install.

By focusing on setting the machine up as a gateway and firewall, I was able to quickly finish the configuration. But: within five minutes of booting up, the machine lost the network. A long download would pause and never restart. Outbound pings and traceroutes all failed (although inbound traffic seemed to work fine).

Other Mini-ITX owners had reported similar problems, but their solutions didn’t work for me: no amount of kernel switches or BIOS settings would enable the box to stay online for more than 5 minutes. I spent hours on APIC, ACPI, network driver debugging, network interface duplex negotiation, etc. I did dozens, literally dozens of kernel compiles. It sucked unholy penguin butt.

I asked my systems admin to take a look at the box. For him, on his home network, the machine worked fine. Argh.

I replaced network cables. I tried different ports on the switch. I even replaced the switch. No dice.

I upgraded to Fedora Core 1. Still no dice. Fedora Core 2? Ditto. Meanwhile, I’d put another two years of service on the old freight train of a 486 that I’d been using as a firewall since approximately 1975. All the time, I was thinking “what will I do if it dies?”

Finally I gave up on Linux. I’d wanted, in a (very) small way, to learn more about FreeBSD, so I tried that.

Eureka! Networking didn’t die. It was gratifying to have fixed the problem, but perhaps even more gratifying to prove that the machine didn’t have a hardware failure after all.

The next step was to learn ipfilter. Ugh, yet another obscure syntax for encoding access rules. ipchains was pretty bad, but at least it was familiar. Was I up for another round? Not really. So the fresh FreeBSD install got dusty for a few months, because except for the fact that it sounded like the test grounds at the Boeing factory, my old 486 firewall was working just fine.

Until it died, it worked just fine. On July 4, the NIC seized up. I could just make out the death rattle over the fan noise.

Configuring the ITX machine for NAT and firewalling was surprisingly easy, given this step-by-step recipe: How to Build a FreeBSD-STABLE Firewall with IPFILTER.

I needed to add a second NIC, because unlike Linux, FreeBSD isn’t able to alias a private IP (e.g. 192.168.1.1) to the same NIC used for the public IP and keep them both logically separate. The 2-NIC design is more secure anyway, and although it seemed possible that the additional hardware would max out the small power supply that came with my mini-itx case (this is one of the possible explanations for networking malfunctions), it hasn’t yet been a problem, but check back tomorrow.

In answer to the question, “why not just buy a $60 hardware firewall from CompUSA,” I’d say, first, that I’d rather eat a can of corn smut then give Comp USA another nickel, and second, that I run a DNS server and mail services on this machine. And maybe a print server too, given a couple more years to configure it.

This is the funniest thing I’ve seen in a long time:
Steve, Don’t Eat It!