I want this thing so much it hurts me.

Edit: Oh well, production has evidently been cancelled permanently. It was probably too ambitious for current technology, if you had to ask me, i.e. it probably was getting horribly reviews. Either that or the price point was too high to make any money off of it. Damn.

I just wrapped up a consulting engagement up here in New York and I had a great opportunity to highlight the power of Linux to my client.

The Problem

Their email server was having trouble sending email for some reason and we were trying to rule out the firewall that I had just installed for them. The firewall (Check Point, of course) was reporting that the email system was sending RST packets to the remote mail server, which it was reporting as a state issue and subsequently dropping the traffic. I confirmed this with tcpdump.

The client wanted to know if it was the firewall or the mail server, i.e. they were still concerned it was the firewall. I tried to explain that it was the firewall doing the dropping, but only because the mail server wasn’t operating correctly. As for why it wasn’t I could feign no hypothesis; the email server in question was Novell GroupWise (shudder).

Linux To The Rescue

The next thought in my mind was to show him what a normally functioning mail server looks like. In no more than 20 seconds I had a fully functioning installation of Postfix running, and pulled my Blackberry from its holster.

I then simply echo’d test, piped it to mail, and sent it to my personal email address:

echo test | mail -s Test daniel@dmiessler.com

I then quickly pressed the up arrow and enter like 10 times — launching 10 perfectly formatted email messages out of their network.

Roughly five (5) seconds later I heard the beautiful sonar ping sound of incoming mail on my Blackberry. 10 of them. My client just watched as they hit the screen, and when I showed him the 10 green outbound SMTP entries in Check Point (a stark contrast to the alternating green-red on the Groupwise box) he knew the problem was on his own email server.

Bottom line — I needed a fully functional email server to test outbound SMTP. 20 seconds later, thanks to apt-get install postfix, I had that test server and I was able to move along in the problem-solving process.

Case in point — Linux owns. And for those that care, score one for Ubuntu/Debian too. In cases like these, apt > portage without a doubt.

Someone’s noticed a very interesting fact about firewall filtering that relies on session sniping, i.e. killing connections with RST packets. Namely, it’s rather trivial to bypass.

For those who are into this sort of thing, the idea is very simple. China blocks people from going to certain sites by having their firewall kill browser sessions that contain certain banned keywords.

This particular security technique is based on sitting in between the users and the Internet, monitoring for banned words at the firewall, and then sending “kill packets” to the client when they ask for something China doesn’t want them to see. These “kill packets” (RSTs) tell the requesting computer to drop the connection immediately, which results in the user not getting the page they were looking for. Simple enough.

Unfortunately for China, it’s fairly trivial to drop various types of packets using a firewall on the client side.

In other words, the entire content filtering system is based on client systems receiving and responding normally to the firewall’s kill packets. If the client simply drops those packets, i.e. ignores them, then their session will continue on as if there were no filtering device in place at all.

And to make it even cooler, one can use TTL values to determine which RST packets are probably legitimately coming from the endpoint, and which are coming from a security device in the middle. So one could say, for example, “Drop all incoming packets with the RST flag set that have a TTL less than x.”

Of course, the firewall admin could exploit that rule by increasing the TTL on their outgoing RSTs, but then one could simply open up the rule and drop all RSTs. Cat and mouse, as usual.

Anyway, the idea’s quite interesting and it’ll be fun to see how it plays out.

I am so phucking psyched about this. OS X makes me giddy.

Somehow it still amazes me when certain stereotypes come true.

New Yorkers really do have wicked accents, and the whole Italian/Pizza thing is like a cariacture up here. There’s like a Pizza place every 50 feet up here in mid-state NY, and all the pizza looks, smells, and mostly tastes the same.

It’s damn good.

But it’s just so similar; it’s eerie. And the way New Yorkers eat the pizza is crazy too — again, all the same. They tend to fold the pizza in half and take large bites. It’s almost universal. I asked for a knife and fork the other day and almost got escorted out by some fellow that surely thought I was gay.

Anyway, the engagement is going really well. I truly love consulting; it lets me draw on so many different skills that I enjoy exercising and growing. I’m definitely going to stay in this for a while longer…

I’ve consistently heard one thing about IT consultants — most of them suck horribly.

I have to say that I’ve also found this to be true, but not for the reasons I thought. I thought it was an issue with technical ability, but it’s not. It’s not that the consultants I’ve seen are weak technically; their problem is that they seem to have very little regard for what clients want and need, which, if I were to nitpick, is of at least moderate interest.

I’ve seen on a number of occasions where the consultant comes in and essentially starts preaching to his flock. This is how it’s going to be, we know what’s best for you, etc. They simply fail to listen, and what makes it worse is that they seem to favor pre-packaged solutions over those that are customized. Of course, in order to customize a solution they’d have to listen to the client, which could be part of the problem.

At any rate, while it’s bad for most clients (since they’re dealing, by definition, with most consultants), it’s actually quite positive for me. I’m coming to realize that I can be at a major disadvantage technically, i.e. not even in my area, and still offer far more to the client than a so-called expert. The reason for this is simply the willingness to truly listen to the problems that a client is facing, and then follow-up with efficient, customized solutions.

Perhaps it’s bad business to do this; perhaps I’m being naiive about how consulting works. I’m willing to accept that as a possibility. I do know, however, that it’s not possible to make money doing using my approach then I will simply move on to something else. I refuse to become what I see in these others. For the time being, though, I’m going to continue with my theory that you can make money consulting in this ideal, enjoyable way.

We shall see.

ARTICLE: A writer takes Paxil to “cure” his shyness

I’ve been thinking for a little while about a few instances of where political correctness seems to be doing direct battle with something…natural. I say natural, and not “right” because I’m not convinced that these things are necessarily morally correct, only that they are quite natural given human biology and culture. The question is whether or not this equates, in our culture’s view, to being acceptable.

Examples:

1. Hooters, as a general rule, doesn’t hire guys to be waiters.
This is pretty much universally accepted and few people freak out about it. It’s common sense based on the type of organization it is. Its main draw is attractive women. Fair enough, but what happens when a guy wants to work there and isn’t considered because of his gender? Do we have a legal issue or a stupidity issue (on his part)?.
2. High-class casinos in Vegas require women to wear high heels and heavy makeup.
There are many women complaining that the demand is too strict, isn’t applied to men, and is simply unfair. The first argument comes to mind is that, yes…it is unfair. But the more important point is that the argument seems to fly in the face of human nature and common culture. I don’t know of a culture where the women weren’t paraded around in entertainment venues, and to think that this would somehow different today, in Vegas no less, is naiive at best.

So if we agree that it’s natural, common, and accepted for these things to be expected by male patrons (and therefore hiring managers), where do we draw the line? Do we permit them to refuse to hire unattractive women? What if their breasts are too small? What if men prefer one type of woman more than another. Blondes vs. Brunettes, Latina vs. Black girls, etc. Can a manager really use the “popular demand” defense to justify an entire staff of big-breasted blonde women?

I think it’s an interesting question. I think it’s a binary decision for us as a society, and we should face the underlying truths revealed by our choice. If we deem it acceptable to judge based on the desire of patrons who gets hired, and the rules of “equal chance” are set aside using this power, then I think it being taken to the extreme should be not only permitted but expected. Yes or no, but not “a little bit”.

Anything in between is a failure to fully acknowledge the implications of allowing this sort of “acceptable discrimination”, and it keeps society in an unhealthy state. As usual, we as a society choose to skirt avoid uncomfortable topics. We prefer to pretend there is no issue until someone gets a lawyer involved. It’s quite sad, and proof that we’re not very far along as a civilization.

Until today I’d never installed a single Adobe Reader update. I’ve been prompted many times over the years but I avoided it because I was somehow sure that it would be annoying.

Today my fears were justified. I decided to go ahead and do it and was soon prompted to reboot my system. Bastards.

But that’s not the bad part. I begrudgingly rebooted and went to lunch. When I got back and logged in, I was immediately presented with a friendly dialogue box from Adobe. It told me I needed to reboot to finish the install of the Adobe Reader update.

Bastards².

Thousands Feared Born In Nigerian Population Explosion

This is just…jarring. The Onion is something special. I don’t know whether to laugh, be offended, or to be upset about this “comedy” piece. At times, content like this is more real than anything else.