Category: Other nerd pursuits

I do a lot of closed network design for projects. Island networks for developer teams, with no internet, but all the collaboration accoutrements a productive team might need. Authentication, repositories, build systems, file sharing, email, SSO, etc.

Yesterday one of them blew up. The collaboration suite stopped working. My first theory was that something ran out of space. And I was right, but not the collaboration suite itself. Turns out the LDAP server which handles authentication ran out of space, and the collaboration suite died because it couldn’t contact the LDAP server.

But wait, why did the LDAP server run out of space? All it’s doing is LDAP and DNS.

And the journey begins.

A while back, I had disabled recursive DNS queries because someone’s chatty MS product was spewing so many DNS lookups that would never resolve, and those queries were subject to a timeout, and those backed up queries created a logjam that prevented legitimate queries for local assets from getting through. Disabling/disallowing recursive queries seemed to shut everyone up, since the queries were immediately denied rather than waiting for the timeout, so I moved on.

Yesterday’s problem was a bit more intense. Someone had pulled an email from outside the system into Outlook on the closed system. Not a problem, right? Well, Outlook is downright screwy sometimes. Just the act of doing that caused that user’s Outlook to spew over 600 DNS queries per second, and since the DNS server had defaulted to query logging, it resulted in 20+ GB of query logs, to the tune of 46 million queries in less than 60 hours.

This seemed slightly excessive to me.

I know I could have just turned off query logging, but I thought of another approach that might stop the noise without sacrificing query logging, because, you never know how that information might help. Also, that doesn’t STOP the traffic, it only stops recording the traffic. So I took all the domains from the chattiest queries — by far the highest was from that clearly broken Outlook process, an infinitely-repeating query to an outlook mobile / O365 address on msedge.net — and created fake authoritative zones on my DNS server. I was almost surprised that that shut things up immediately. Because I left query logging on, I could see an immediate effect. I guess an authoritative no is enough to shut things up in cases where a denied query might not.

All this is to say, really, I think 99% of people really have no idea just how much communication goes on behind the scenes in their so-called private networks. This is a set of clients that have never touched the Internet. Fresh out of the box, with updates applied from WSUS offline bundles, and I’ve got hundreds of thousands of queries to Facebook, Twitter, Ebay, Amazon, Google, MS and more. None of it was initiated by the user. This is all of that “user as product” bullshit.

Nice in-person meeting last night. One attendee brought his portable modular synth case. I wish we would have gotten around to plugging it in, I’m interested in the sounds of some of the modules.

Sorry to those who were hoping we’d be virtual as well. Maybe you had your own separate meeting. Maybe DC540 has forked now.

We discussed yet another new direction for this year’s badge. Sounds fun and intriguing. Even more so if people run with the idea.

A discussion came up about the state of CentOS replacements after CentOS’ shift to an upstream rolling distribution model. I thought I’d share this writeup by computingforgeeks, which summarizes the four main contenders, mainly in order to battle one member’s contention that “only four people use Rocky.”

Rocky Linux 8 vs CentOS Stream 8 vs RHEL 8 vs Oracle Linux 8 vs AlmaLinux 8

My two favorite reasons for upgrades are expanded capabilities and simplified workflow.

I recently upgraded my mixing board/recording console from a Tascam DP-24SD to the Model 24. They’re both 24-track recording consoles, but the operation is night and day.

First, the DP-24SD only has 8 real-time input channels. This is fine for someone who wants to lay down tracks one or several at a time, but not for someone like me whose primary limiting factor was “too many sound sources.” The Model 24 can actually receive 24 channels of audio at once. Bye bye rack-mount submixer, hello modular synth sound sources!

Second, while the DP-24SD was really capable, with panning, effect sends, per-channel EQ, etc., all of that was controlled in a menu. When your’re in a zone making bleep bloop sounds, it takes you out of the zone to have to navigate menus. The 24 has dedicated knobs for panning, FX send, EQ, etc. for each channel. It’s like the gear I learned to do this stuff on back in the day. Except now it records 24 tracks to an SD card.

The end result of these improvements is that making music gets me high again. Instead of frustrated menu-navving, I’m tweaking sounds and levels in real time and doing more, with less context-switching. It’s a more organic relationship between myself and my analog synths.

And yes, it’s messy. I find myself changing my wiring choices every time I fire it up. In real time. On the fly. Someday the semimodulars and the modular stuff will be closer together. Until then, here we are.

It’s a similar upgrade decision tree for the laser engraver. I found myself deciding not to try new things a few times because it would require a height adjustment. Two hex screws to loosen, move the laser head to the new height, and then tighten again. A recipe for stripped screws, and a pain in the butt. Found the plans for this on thingiverse, installed it, now changing the height is just turning the knob. SO much easier to adjust the height for wood, leather, aluminum, or even the roller attachment.

We’re opening up the basement for an in-person meetup tomorrow evening. The usual location at the usual time. Masking is still encouraged.

I’ve been working on calibrating and documenting the laser engraver settings. I also added a 3d-printed height adjustment mechanism, which is amazing. If you want to bring home a souvenir, open up GIMP and create yourself a business card. 84x54mm, or 54x84mm if you want it vertical. I have several colors of coated aluminum business card blanks to choose from, and I’ll be happy to burn you one while you’re here. This is from a recent commissioned request.

If we have enough cats to herd, we’ll talk about the official organization and maybe even elect a board. Bring a snack or bev to share if you’re so inclined, or just mooch. Your choice. We’re all family here.

If you’ve never been and you’ve been vetted and have the address, come on out. If you’re a complete stranger, consider getting to know us in the Discord for a meeting or two.

Got the news in the mail this weekend. The process took 7 months once the corporate structure was correct. Feel free to join the discord this evening. We currently meet on Mondays at 1830 Eastern time. Virtual only until Covid lightens up.

Meetup this evening in the Discord @1830ish. The decision was made to stay virtual-only until Omicron loses some momentum. Don’t want to participate in the spread. Taking advantage of the downtime to refresh the space.

I know a bunch of you are traveling or otherwise engaged with family and holiday activities. Therefore, there will be no in-person meetup on Monday 12/27.

However, I will likely be online, assuming I make it home on time. I have to pick up some auction stuff in Maryland in the afternoon.

I’m very excited about the badge discussion we had last week, and look forward to further discussions with those who have been read in to the project. I’d like to see what thoughts you’ve had since last week.

So I finally put shiny white wallpaper on that long table at which we normally convene, and I thought, since it’s starting to shape up in there and the table is clear, perhaps we should have a minor little holiday gathering of some sort, and maybe our little death cult could recreate the last supper?

In other words, hybrid again Monday, I’ll restock the beer by then. Dress in your holiday finery. Be photogenic unless you’re in the witless protection program. We can discuss food options in the Discord over the weekend.

Show up in person or stay virtual if you must. We’re getting a little better at Hybrid.

Maybe we can talk Kevin into walking us through an RE challenge.

Maybe we’ll talk someone into drinking Malört.

Maybe the asteroid will show up early and obliterate us all.

I’ll be burning wood again during the meeting. If anybody wants to burn a custom holiday ornament, I have extra blanks. Bring a round image. 85mm x 85mm at 300dpi is optimal, but the software is very forgiving.

Actually, no, I take that back. Making that association would give evil a bad name. Parallels hijacks media file associations and routes them to Windows VM!

Installed Parallels on my M1 Macbook Air so that I could have a Kali VM when I needed it.

Eventually installed a Windows VM for reasons.

Then I noticed that Parallels had hijacked some of my media file associations so that when I clicked on MP4 or AVI files, default behavior became “Launch Windows VM and play it using Windows Media Player.” On what planet is this desired or acceptable behavior?

Of course, I undid it. Finder/file/Get Info/Open With/make change/for all. But part of me wants to meet the people that thought that would be a good idea and educate them with a hemlock cocktail. Is this simple pseudo-benevolent scope creep, or is this evil payola? I’d like to believe that the number of people desiring media to play inside a VM is less than 1%. It’s the least efficient way possible to play media. The only thing worse would be if, when you click a media file, someone is dispatched to your door to play it on their phone for you.