the stream

Links to articles, short comments on various topics - basically the sort of posts I would have put out on Google+ in previous years.

left-handed mouse

Alexander Bochmann Saturday 04 of February, 2017
Some time ago, the Evoluent Vertical Mouse I've been using at work has gone unusable (was a VM3 - it's ok technically, but it's rubber coating is gooey after a couple of years of use, very uncomfortable to touch), and so I thought - why not just use a normal mouse, with the left hand for a change.

Yeah well. That's harder than I thought. Precision is not a problem for normal tasks (I often use the left hand to handle tools), but using the mouse still needs a lot more attention right now. I hadn't realized how hard-wired these things are. With the right hand - even when using the Vertical Mouse, which enforces a slightly different kind of arm movement - just takes no conscious effort. I think I'll try for another week, but right now I'm taking a sharp hit in effectiveness while doing anything that needs the mouse. Even in the small things, like habitually picking up the coffee cup with the left hand, and then noticing I'd need that hand to click on a link right now...

I also noticed that I still use the left mouse button for left clicks (with the left middle finger), instead of the index finger on the right button. With Windows, that's actually an advantage, because the local mouse settings don't map into terminal service sessions, and I'd have to change the mouse settings on every system I connect to otherwise.

Derek Lowe - Thoughts on Corruption

Alexander Bochmann Saturday 04 of February, 2017
Here: http://blogs.sciencemag.org/pipeline/archives/2017/02/03/thoughts-on-corruption

I think that there are, broadly speaking, three levels of corruption, and that they can be ranked in order of severity and destructiveness to the social order. [..]

Level One is when you’re paying someone to do something that they wouldn’t ordinarily do. [..] This sort of thing happens everywhere, and I’m willing to stipulate that it’s human nature. [..]

Level Two corruption, though, is when you’re paying someone to do what they’re supposed to be doing in the first place. [..] Now you’re bribing people just to stay even, not to get something extra. The deadweight loss to the economy and to society should be clear. [..]

And that shades into Level Three, which is the most harmful of them all. This is where you’re paying them not to hurt you. [..] Now you’re not getting favors, and you’re not even just getting what the law or the contract says you should get. You’re actively trying to avoid harm, and thus you exist at the sufferance of whoever has the leverage on you.

Google Project Shield & Krebs on Security

Alexander Bochmann Friday 03 of February, 2017
Ars Technica has an article with some more background on the DDOS attacks targeted at the Krebs on Security blog, and how Google engineers dealt with them after Krebs was accepted into Project Shield.

The attacks used a variety of techniques beyond just packet or http request floods:
Ars Technica wrote:
The attacks were the most powerful in the first two weeks, but as they continued, they incorporated a variety of new techniques. One, dubbed a WordPress pingback attack, abused a feature in the widely used blogging platform that automates the process of two sites linking to each other. It caused a large number of servers to simultaneously fetch KrebsOnSecurity content in an attempt to overwhelm site resources. Google was able to block it, because each querying machine broadcast a user agent that contained the words "WordPress pingback," which Google engineers promptly blocked. Another technique dubbed "cache-busting attacks" was also stopped.

Also, about Google's decision making process:
Ars Technica wrote:
"What happens if this botnet actually takes down google.com and we lose all of our revenue?" Google Security Reliability Engineer Damian Menscher recalls people asking. "But we considered that if the botnet can take us down, we're probably already at risk anyway. There's nothing stopping them from attacking us at any time. So we really had nothing to lose here."

Update: Brian Krebs now has an own post on the topic

TikiWiki as a blog platform...

Alexander Bochmann Thursday 02 of February, 2017
Hrm. Possibly, I should consider using something else. Blog doesn't seem a major focus in for Tiki - I see that after all these years, Trackbacks still don't work. But then maybe it doesn't really matter...

I also notice the page layout look really bad on a widescreen monitor after upgrading to a more recent Tiki release. I didn't really want to have to mess with the themes :(

another Cisco hardware blunder - "Clock Signal Component Issue"

Alexander Bochmann Thursday 02 of February, 2017
Cisco has identified another component that's prone to failing over time (after we had the dying RAM issue maybe two years ago): Although the Cisco products with this component are currently performing normally, we expect product failures to increase over the years, beginning after the unit has been in operation for approximately 18 months. Once the component has failed, the system will stop functioning, will not boot, and is not recoverable.

Details over here: http://www.cisco.com/c/en/us/support/web/clock-signal.html

Of the affected platforms, I assume the ASAs will be the most painful for us, if it turns out we have bad hardware revisions...

still experimenting

Alexander Bochmann Sunday 29 of January, 2017
Note: I'm still experimenting with this. While I've been running this TikiWiki installation in various incarnations for over a decade, I've never bothered to learn how to deal with many of the advanced features. Unfortunately, the Tiki documentation is somewhat of a mess.

Not sure about the Youtube iframes, for example - I think I want to find a way to only show them on the actual post page, not in the blog overview (similar to "below the cut" back in Livejournal), or maybe hide them in something like a bbcode spoiler tag... Never used the Tags feature up to now, either (and I really need to remember to not use a comma as separator).

For now, I'll probably mix german and english language posts, and just tag them accordingly (with english being the default, especially when I'm linking to other english language content).

Youtube: Gemma Ray - The switch

Alexander Bochmann Sunday 29 of January, 2017
Really like her voice in this song recorded by Le Bruit des Graviers...

video: Gemma Ray - The switch

[edit: replaced inline video with a simple link - didn't like the various trackers being loaded by the Youtube embed code when the blog is accessed]

[edit 2: Not sure what happened here - the video is now private, and Sébastien Brodart has removed his article referencing the session from his web site...]

bash option to send command history to a syslog server?

Alexander Bochmann Sunday 29 of January, 2017
Stumbled over an old entry on the SANS ISC blog today that explains how to set up bash for remote logging of it's command history (it's a compile-time switch): SANS: Improving Bash Forensics Capabilities (cache)

Since the version 4.1, Bash supports Syslog natively but in most distribution, it is not enabled. To use this feature, you need to recompile your shell. [..] You just have to define "SYSLOG_HISTORY" in config-top.h

The post also has some more information on the various environment variables that control bash history options.