darkness

Wednesday, 04 December 2002

Insert Title Here

darkness @ 02:48:05

I think the past 48 hours have been mostly a blur for me.

Yesterday I seem to recall downloading some MP3s. I downloaded some Throwing Muses (something “Ramona”), Pixies (”Doolittle”), Sonic Youth (”Daydream Nation” IIRC), U2 (”War”), and the new Counting Crows (”Hard Candy”). The new Counting Crows is very good. I was already singing “American Girls” today. (BTW, are album titled underlined, quoted, or what?)

Last night I had to go to Columbia, SC to fix a down site. When I got there it looked like the firewall was having disk issues: a reboot (via the reset button) had the kernel booting after a conspicuous delay in BIOS (I was on serial console). The kernel pretty quickly panicked after identifying hdc, the second hard disk, as a “non-IDE” device, and then apparently doing something WRT DMA on the drive. I took it upstairs to a monitor/keyboard — their cable room is in the scary basement — and it booted just fine. OK, so go downstairs and plug it back up. No Internet. Sangoma card reports DCD, CTS both up. I think the “in service” “light” (it’s in software, ppipemon and friends) was even lit. I called TWTC to see if they had the circuit looped, but nyet, they didn’t. They looked in to it further, and after about 15m figured out that the circuit I was plugged in to had been canceled a week or two ago.

OK. Then they tell me there was another circuit at that location. TWTC has fiber in the Columbia area, and the corporate office was right on top of it. So they put the corporate office “on net”. I was at a branch office just down the street, which they also volunteered to put on net. However, because of complications close to the turn-up date, they installed a copper loop at this branch office in case they couldn’t pull the fiber in on time. Unknowingly I had plugged up to this copper loop… either that or the fiber Smart Jack wasn’t there when I installed our equipment. So after they told me the fiber circuit ID, I found the jack. Plugged in the card, and… oh, no worky! The “LOS” light on the card that was in the Smart Jack enclosure was red. To make a long story short, after a few calls and something like 1.5h, the TWTC people had the new circuit up. Sigh.

This morning there were all sorts of problems. People were reporting that “everything was slow.” This is the code for “DNS is down.” This is the same network in Columbia: one corporate office with a bunch of branch offices hanging off of it. I had configured (as mentioned in a previous entry) the branch offices to forward to the corporate name server. I don’t really know why; I think it just seemed “cool”, and I liked the idea of having the cache (and lookups) centralized. Well, when the VPN goes down, you can bet DNS is quite unhappy. On this call I noticed FreeS/WAN was saying the branch’s IPSec tunnel to the corporate office was down. I brought it down and back up from the corporate side, and voila! all was better. VPN was back. Why didn’t this work the first time? I also noticed that /proc/sys/net/ipv4/conf/wp1_ppp/rp_filter was 1 and not as I had requested in /etc/sysctl.conf. “Odd fluke, that,” and I reset it.

Back to bed now. I didn’t finish dinner until 0430 and didn’t get to sleep until 0630, after all. 30m later, another call. Multiple sites reporting “everything is slow.” Checked a branch office and it was unable to ping the corporate office. For fun I try the ping from the corporate side to the same branch… and it works. Now I try the branch to corporate again… and it works, too. This screams “iptables and connection tracking problems”. Sure enough, I found out iptables was parsing stuff like -s 10/8 as -s 0.0.0.0/8! This is RH 8.0 standard iptables, something like 1.2.6a-*. (Note that it parses 10.1.0/24, for example, just fine.) Fix some scripts, now everything is working. Calls 30m later again, after which I found a place I missed that was using 10/8. I fixed that and no more calls.

I puzzled over the wp1_ppp/rp_filter thing a bit longer, and then realized that wp1_ppp didn’t exist until after sysctl -p was run. So I took net.ipv4.conf.wp1_ppp.rp_filter = 0 out of /etc/sysctl.conf and put sysctl -w net.ipv4.conf.wp1_ppp.rp_filter=0 into /sbin/ifup-local. Stab.

Also, while perusing ipsec.conf(5) I found the disablearrivalcheck option, which apparently removes the checking of source/destination IPs on a FreeS/WAN tunnel. Naturally I find this after I hack everything up with GRE tunnels to get this same effect. Stab stab.

We were talking about playing a game of Assassins. Here are some links I just turned up for the game:

We wanted to play with paintballs, though. Now that I’ve quickly scanned some of these, maybe I was a bit too narrow-minded WRT weapon choice. I wonder how good a game of Assassins out of University would work? Just around a major metropolitan area?

Also checked out the laws in North Carolina as they pertain to paintball guns. http://www.jus.state.nc.us/NCJA/firearms.htm seems to be the definitive source on this. Of course, it also says that paintball guns might be considered “weapons of mass destruction or death” because they have a barrel with a bore larger than 0.5 inches. Either that or they’re air guns, and carrying them — even concealed – is probably totally legal except for on the grounds of a learning institution (school, university, etc.; they’re not allowed at all there, and it seems to be a misdemeanor at least to carry one). I need to call the State Troopers or the Attorney General’s office to ask about this, perhaps. Discharging the weapon seems legal too, as long as you don’t hit anything other than your intended target. That is, presuming your intended target isn’t going to be pressing assault charges on you, which I suspect they could do. Of course, in our current “terrorist-aware” climate, pulling a paintball gun in view of the public might earn you a charge of “disturbing the peace” or “going armed to the terror of the public.” One person also suggested that a paintball gun isn’t considered a firearm because it doesn’t fire “rigid” projectiles. Also also, euphorik brought up the point that a paintball gun might not legally be considered a “weapon”, which might make the law I cited above about barrel bore size irrelevant since it specifically states “weapons”. Of course, I suspect a paintball gun might fall in the same category as an air gun and be considered a weapon. Maybe it depends on how you use it? That seems doubtful.

A lot of uncertainty; I need to ask someone in the know. Also, if anyone has any information about the laws concerning the carrying of pocket knives, specifically any information (preferably with citations) about the specific (quantitative) length of legal knives, please mail me. All I can find is that it’s legal to conceal and carry “small” (not assigned a number) “pocket knives” (defined in above document, I believe).

Powered by WordPress