Yay, we won our game tonight, 5 to 0. Apparently the other team was kind of new though so it might not have been entirely fair. On the other side, they had twice as many people as we did which meant they could substitute in and out alot more than we could. Since we still don't have enough women on our team (this is a recurring problem) we also were playing short a person most of the game.
Sent off some ideas to the bind9 folks on a better method of working with views but havn't really gotten much response. As I mentioned before, the problem is mainly with slave zones, but I've got alot of those. :/ I'm also looking to pick up some cheap, older, but very stable machines for my ldap/kerberos servers. Unfortunately those are hard to come by. :/
My girlfriend and I are looking at building a table for the basement and I may be replacing some of the really crappy tables that are in here currently. The big wood table Megan and I are planning to build would be for most of the servers and head-less machines. The other nicer tables would be for a workbench probably and then there's the possibility of me getting a new desk. Rack-mount cases are also planned, but for farther off. Lots of fun stuff. :)

Brian's been doing some absolutely awesome stuff up at work. Basically it goes down like this: LDAP for account information; Kerberos v5 for authentication; TLS for LDAP connections; LDAP for authorization; nscd to keep things sane; totally transparent (and so fast you can't tell at all) failover for both the Kerberos and LDAP servers to their backup servers. Of course, he's not done yet. Next steps: OpenAFS for home directories and some data partitions; LDAP for mail aliases, etc; Winbloze 2000 clients logging in with Kerberos and having mount AFS home directories; sync between the labs we have. Possibly some other things. My role in this has mainly been to let him know what I'd like to see and then interject ignorant comments and he's done all of the real work. He gets to do it up at work, I'm going to be the one doing it all at my house once things at work settle down some. :) Basically I'm going to try and mimic much of the setup we're going to have in the end here at home. It's all stuff I've wanted to do for a while and just hadn't really gotten into it. For those curious, the LDAP + Kerberos combination is actually 'LDAPv3'. Additionally, the authentication is kind of tied together using SASL from my understanding. All-in-all, very cool stuff. :) Think that's enough for the moment. This stuff is totally da bomb tho. :)

Felt like doing an update from class, just because I can. Going to be registering for fall semester tommorow. Taking four classes in the fall and another four or so in the spring which will hopefully be the last I need to get my degree. Finishing my Bachelor's degree in Computer Science will be very nice. Only about a year more to go till I finish it up. Definitely a pretty nice feeling that it's all coming to a close. We'll see if I survive it. ;)

First DMZ user, Ken (friend from work) showed up today. Amazingly we had him up and working on the network in only about 2 hours. I also set up a box which he installed over at his place which is going to be my offsite DNS/mail server. Pretty nice arrangement overall. Next big network change is very likely to be the move to bind9. I've been working on it for a little while but it can be a royal pain getting all the different views to work the way I want them to. Unfortuantely there's not (yet) a way to say that you want one zone (the *same* zone) to be in two different views. This isn't so much a problem for master zones because you just list the same zone with the same file twice. With slave zones it's trickier though because if you specify the same zone in two views with the same filename there's a distinct possibility the file will get corrupted when a zone transfer happens from the remote master since it'll try and do the zone transfer for both views. This also means twice as much network usage and whatnot for the zone transfers since it's happening twice. There really needs to be a way to say "This zone should apply for these views." Oh well, work with what you have I suppose, maybe we'll see some improvment in this area in a future version of bind.

I just finished (mostly) restructuring the network by removing gw2 and having everything hang off of gw directly. You want to talk about a SPOF... Oh well, it makes some things easier. Hopefully gw will be reasonably stable, if not life will suck. This does free up an interface on gw which is going to be a dmz-type network. Basically it'll be where I stick people who can't stand to be behind my firewall. This way I can still muck with their routing, do traffic shaping on them and montior the network usage using mrtg w/o forcing them to deal with my firewall rules. gw is a bit cramped now though since it's got a total of 7 physical interfaces with just about 10 virtual (CIPE) interfaces. Makes for some interesting firewall and routing rules.

I finally decided to do it and it took less than an hour. I love Debian. Everything seems to be working correctly and happy. I'll probably upgrade the kernel on the box before too long. If anything isn't working the way it's supposted to let me know as soon as possible. Just a little fore-warning, I'll be moving to bind9 before too long since it has some capabilities that I've been wanting to play with for a while. Once that's done the world will be a better place. You know where to find me when shit breaks. :)

I went and bought a grill yesterday. They didn't have the model I bought in a box though so I ended up having to make them order it, hopefully it'll be in next week sometime. This is the grill I bought over at Sears in Manassas Mall. It was on sale for $159 and had an additional $20 rebate which made it a really decent price. Also picked up a lamp over at Target. Pretty cool lamp, really needed one for my room and now I've got one.

Wow, that was very cool and very much a suprise. bma and I have birthdays close to each other. Mine is April 16th, his is April 14th. Our signifigant others decided to suprise us for our birthdays and they managed to do a damn good job of that. Megan (my gf) and Karen (bma's wife) treated us to an awesome time down south, a little west of Richmond from my understanding. Now, we had no idea about this, and in fact they BLINDFOLDED us for the entire trip down south. Talk about an awesome time though. We stayed at the Best Western Governor's Inn in Richmond. Very nice place, jacuzzi bathtub, nice big bed, etc. We had an awesome steak dinner at Ruth's Chris Steak House where they have got to have some of the best steak on the east coast. An unbelivable weekend and a total suprise. Thank you for such a wonderful weekend Megan. So you all know, Megan's birthday is May 3rd and I fully intend to make it a memorable one. ;)

I'm strongly thinking about dist-upgrade'ing ns to sid. In the event that this happens lots of things will probably break. Hopefully they won't break for too long. I'll also probably move over to bind9 and set things up for it. Hopefully this will all happen this weekend on Sunday evening but don't get your hopes up too much. Added another tunnel for James (moss) which is on mrtg and whatnot. Up to 8 or so running I think. Need to work on my firewall rules some more I think.

webfreak's users decided they didn't understand the concept of 'log into the box and then scp *out*' so I've decided to encourage them to learn. I set up a cap on webfreak's CIPE tunnel to only allow about 10KB/s through. The traffic shaping you can do w/ Linux is really quite cool. The LARTC Howto is quite useful too and has a bunch of very smart people working on it. I'm not entirely sure I did it right but that doesn't really matter since it's *working* and doing exactly what I want it to do. It might even be nice and give interactive sessions higher priority than downloads and whatnot but I didn't really experiment with that.

Schedule change for soccer, looks like I'll be playing this Sat. at Poplar tree park at 7:30pm or so. At least I don't have 2 games back-to-back now which is nice but I'm sure I'm still going to be hurting. Maybe I'll post my soccer schedule online here somewhere sometime. Okay, put my soccer schedule on the 'projects' page because it was easy.

Changed a bunch more stuff on the site, added some more stuff to machines and projects, moved the links on the right around and added some links to both the left and the right lists. See? I'm actually keeping this website somewhat up-to-date and doing neat stuff to it. :)

The season has started again. I won't be playing this weekend but I've got 2 games next weekend, one on Friday at 7:45pm and one on Sat. at 7:30pm. All of our games this season are at Poplar Tree Park off of Stringfellow just north of 66 which is nice. It's not *too* far from my house and it's about half-way to my girlfriend's house where I might be able to seek some sympathy after the game. Of course, she's playing softball now so that might not work out so well, plus I'll stink. Oh well, hopefully I'll still be able to walk next Sunday. Joseph (my gf's little brother) has a T-ball game this Sat, that should be quite fun to go to.

Yay, I did up a machines page finally. I'll add it to the sidebar here shortly. It's kind of cute, does some simple shell scripts to generate the 'Details' and whatnot and parses out some information about each box. It'll get nicer as I find time to work on it (hint: I shouldn't be working on it now, really) but who knows when that will be next.

Apparently people are actually visiting this site so I suppose I'll continue to update it with my random thoughts and whatnot. I think I'm going to try and do some more stuff with the projects page since it's pretty bare right now. I really need to get a machines page, maybe I'll do that first since that really shouldn't be all that hard. Perhaps I'll update my .plan and make it available on here somewhere as well.

I got to hang out w/ Alison this past Sunday, that was cool, been a while (2 months or so) since I last got to see her and her bf Ros. Cool folks, we grabbed some food over at Mehak's which is a very cool Indian restaurant near my place and then my gf came out and we played pool over at the Shark Club nearby. Really need to try and hang out w/ her and other folks more often. So many things to do, so little time.

gw died a little while ago. Think it may have been the extra 3com card that was in it. It's back up now, of course, or you wouldn't be able to read this. :) Makes me more interested in getting:
a) rack mount cases or something,
b) some new hardware for it so the damn thing is stable since everything depends on it and
c) around to setting up a user server so the only thing gw does is routing/firewalling.
Of course, this all takes time and money, both of which are in short supply these days. There are also other more important drains on those supplies like my girlfriend, work and school. Maybe someday I'll have my own business where I have an unlimited supply of money, people who work for me to do the mundane and boring things and I can do the cool stuff as part of my job. :) Oh, and I'll also have unlimited bandwidth. ;) Ah, the dreams of the dot.commer, okay, time to go get some sleep so I can go to my real job tommorow. :)

Yay, the webserver has been up for 4 days now and appears pretty stable again. Hopefully the good luck will continue. I'm back to looking at rack-mount cases. I'm *very* tempted by the $80-$100 cases I've found but then I want to add rails and a quite power supply from PC Power & Cooling and the cost starts to get a bit much (Near $200 per case, >$1000 for 6 of them) so I'm thinking about it. I could just buy 4 of them this round and get more later. That would rack-mount ns, www, gw and debian at least. It would also give me more room, maybe enough room to put in a new desk which can actually support the 3 21" monitors I bought a while back. Of course, the intelligent thing to do would have been to buy the rack-mount cases first and the monitors later. :)

I have an ITP (Intent To Package) on Majordomo2 and looked at it some more last night. Gah. I'm still going to do it but I'm really afraid it's going to be something of a pain in the butt. Things like the suid programs to be built depending on the MTA you're using make it a pain because I can't expect a compiler to be on the end system and I can't know which MTA a user has installed prior to installation. There are other annoying things such as having to know the 'special' seperator for the specific MTA (ie: '+' for sendmail and '-'?! for qmail, which is quite evil in my view, isn't this stuff in a RFC somewhere?) so that the From addy can be set in such a way that a bounced message can include the list and user and whatnot that bounced. That's my understanding of it anyway. The Makefile.PL asking a whole ton of questions doesn't help either. I also need to be able to install it and *then* run through the majority of the config. Wheeee. So, anyhow, brought up some of these things to the authors a while back and they're working on some of the stuff anyway. Wish I had more time and was more familiar with the code base, I'd get in there and help out myself if I thought I could really do some good. It being all in perl doesn't exactly help since I'm not exactly in love w/ perl like the rest of the world is. :)

Went to a keysigning last night w/ some other Debian developers. Cool folks, always nice to meet up w/ some other developers and add sigs to my key. Analog finally finished its marathon run and generated the initial DNS lookup cache so future runs don't take nearly as long. It's back in the crontab now running nightly. Looks like I may be doing another keysigning sometime so if people are interested feel free to email me. Keysignings are good things. :) I'm also (hopefully) going to be doing a project for my Algorithms class which involves doing stuff w/ the public keyring similar to M. Drew Streib's keyanalyze work. Initially my plan was to attempt to more parallelize his analysis work since when I ran it on a keyring I found off of a european site it appeared to only actually use up one processor but I'm afraid the problem may have been with the data. I've sent a request to Drew for the public keyring he uses but I'm not sure if I'm going to get it and I'm also not sure if it's already available somewhere. If anyone knows where it's available for download please email me.

My gf forwarded me some funny stuff from her brother, you can check it out over here. I may actually make a page out of that and add more funny stuff over time. Of course, I might not too.

I played with cricket some and determined that it's just too bloody slow for some reason. Worse, anyone looking at the stats feels that slowdown. I like having the information gathering seperate from the graph generation but if it can't generate the graphs fast enough in the cgi then it shouldn't be doing it as a cgi. Honestly I think there is a problem somewhere and that it could be fixed to at least come somewhere *close* to the speed of mrtg but no one seems to know what the issue is. Of course, it doesn't help that I like the layout of mrtg more than that of cricket as well. I also added gw2 to the monitoring which is kind of neat.

Multi-Router Traffic Grapher. It's quite cool. I had been running it in the past and something or other broke it and so I didn't run it for a year or so. Finally got around to fixing it today. Also added some interfaces that I didn't have before. Unfortunately I can't get information on aliased interfaces or I could get pretty MRTG graphs for each of the virtually hosted sites on my web server. There may be something else I can do to get that information but I havn't bothered looking into it yet, at least I can see how much bandwidth the webserver is taking up now.

You can check out the MRTG Goodness here or by using the nifty 'Traffic Stats' link on the sidebar.

Fear my awesome analog skills. Turned off a bunch of the more silly reports (5 minute summary?) and turned on DNS lookups which makes it take a *lot* longer to run. Hopefully that'll get better once the initial DNSLOOKUP cache is built. For those who have websites hosted here, I run analog every night for all the virtual hostings and the output it put into the /analog/ directory under your virtually hosted site. It's still running now so if that directory is (mostly) empty at the moment don't be too suprised, it'll get filled in eventually. Runs start at around 6:30am and are done sequentially (analog doesn't support having DNSLOOKUPs done by multiple analogs and written to the same file so I'd end up with lots of duplicate lookups probably otherwise). Those of you interested in statistics for this site can check out my analog stats. There will also be a link on the sidebar showing up eventually.

Okay, so the webserver dieing wasn't totally due to those annoying user people. Turns out that one of the CPU fans in the box decided to crap out on me so now the web server is down to 1 processor but back and running again and probably even stable. No clue if the proc fried itself yet. Not sure when I'll actually go out and buy some PPro CPU fans since this is the second one that's died on me recently. One of them in ns died some 147 days ago and the box has been up and running since. Of course, I told myself I was going to buy a PPro fan for that box and get it back to dual proc sometime in the near future around 147 days ago too. Anyone wanna buy me some PPro heatsink/fan sets so I can make ns and www dual proc again? ;-)