wonko.com

DenySSH is a Ruby application that monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

There are already a few excellent tools that do almost the same thing, but none of them use PF to block attackers, which makes them less useful to someone like me. Thus, I wrote this.

It's not quite finished yet (I still need to write some documentation), but I've been using it on my servers for several months now and it works well. If you'd like to try it out, you can grab it from the Subversion repository.

Three strikes, you're out. I was willing to believe that the previous problems were unfortunate anomalies, but this time there's no excuse. You have failed me for the last time, UPS.

Jetpants' new server was scheduled to be delivered to the hosting provider today. I'd been tracking the package closely, so I knew that it was right on time. It went out for delivery this morning. I checked in this afternoon to see if it had made it, only to discover that the package wasn't delivered because "the receiver has moved".

I quickly contacted "the receiver" to verify that they hadn't moved in the night, and sure enough, they hadn't. They verified that the shipping address was indeed correct. I called UPS; they also verified that they had the correct shipping address, and sent a message to the local delivery facility asking them to contact me to explain what went wrong.

The local office called me an hour later and explained that the driver claimed nobody had answered at the recipient's address, so he tried to deliver the server to the office next door. Yes, that's right, he tried to deliver my server, with a declared value of $1,500, to the office next door. Why he thought that was acceptable I don't know, but in any case, the folks next door refused to sign for it and told the driver that they never saw their neighbors anymore, so they thought they had moved. The driver, who apparently trusts these people implicitly, said "ho hum" and declared the package undeliverable.

The best I was able to get from them was "we'll try again tomorrow". They weren't willing to make another trip today, and they gave me no guarantees that they wouldn't pull the same dipshit antics again tomorrow. Just, "we'll try again". Thanks UPS. I'm a FedEx customer now.

Update: UPS actually managed to deliver the server on their second attempt, and Simpli is being totally awesome and getting it set up tout suite. Hooray!

Many years ago, a tribe of cannibals abducted me, strapped me to a chair, put me in front of a FreeBSD machine, and forced me to go without food, water, or pie until I had configured a working Sendmail server with SMTP authentication, TLS, and anti-spam features. After several days of intense, searing pain, I achieved victory, and the cannibals sent me on my way, scarred for life.

Ever since then, every mail server I've set up has used Sendmail. People told me Postfix and Qmail were easier to use, but I laughed at them. I had conquered Sendmail. I knew how to make it do my bidding. It had been a long, hard battle, but Sendmail was my bitch. Why would I want to start all over with something else?

And yet, every time I set up a Sendmail server, something inside me twitched, as if Satan himself had just bitten off a tiny piece of my soul. In spite of my hard-won Sendmail expertise, I knew, deep down inside, that there were better tools out there. Tools that I could use, if I would only commit to learning them. But then I remembered the pain involved in learning Sendmail. I didn't want to go through that again.

Nevertheless, the time came when I realized that Sendmail just wasn't capable of meeting my growing needs. Good MySQL integration, flexible virtual domains, the ability to reload config files without restarting the server, sensible config file syntax...Sendmail had none of these things.

I decided it was time to learn Postfix.

Today, I went from knowing nothing about Postfix to having a complete, working Postfix server with all the bells and whistles, doing everything Sendmail had ever done for me and quite a bit more, in about two hours. And it didn't hurt at all.

I <3 Postfix.

My first choice for Jetpants' new colocation provider fell through yesterday when I discovered that they wanted to charge me double just to provide an additional network drop for the server's remote access card (which I'll probably use once every six months or so). I'd have understood charging a small additional monthly fee for the extra connection, but charging me for an additional unit of rack space and a terabyte of bandwidth was unacceptable. I tried to negotiate, but they wouldn't budge an inch. So screw 'em. If that's the kind of service they provide, I'm not interested.

I've been emailing other companies all day asking for quotes, but none had responded until this afternoon, when I sent an email to Simpli Hosting and got a response within minutes saying that they'd be happy to provide an extra network drop free of charge. Guess who's getting my business?

I've had several purchases of various sizes shipped to me via UPS from different companies over the last few weeks, and every single one of them was "rescheduled" and delivered several days later than they should have been. What's the deal, UPS? Not enough tubes—I mean trucks—to deal with the load?

Jetpants was down for about 20 hours beginning last night, apparently due to "power-related problems" at the data center hosting our server. Every other server in the data center was back up and running this afternoon, but for some reason they didn't bring Jetpants back up with everyone else.

Over the course of the day, I filed an urgent support ticket (which went ignored); called about fifteen times and spoke to support personnel who repeatedly assured me that they would immediately investigate the cause of my server remaining down and get back to me, but never did; and spent a great deal of time banging my head on my desk.

I also ordered a brand new server from Dell and chose a new hosting provider. Jetpants will be moving to the new data center in August.

One application sorely missing from the default set of apps on the Sidekick is a simple alarm clock. Sure, there's a calendar application that can be used as an alarm clock in a pinch, but it's really too complex for a simple morning alarm. Since I depend on my phone to wake me up every morning, I wrote myself an alarm clock application, which I've dubbed (for reasons that I hope are obvious) "Alarm Clock".

The more I develop for the Sidekick, the more I like it. Once you get the hang of the process, development goes very quickly. I can see why there's such a large development community for this phone in spite of its closed nature.

Update: Stop asking for developer keys. Seriously. I cannot create a developer key for you and I will not give you mine. If you want an alarm clock and you don't have a developer key, download Time Traveler from the catalog. Stop pestering me, you ignorant bastards.

I finished my first application for the Sidekick this afternoon: a simple client that periodically reports the phone's uptime to a script running on my server. I tested it extensively on the hiptop emulator provided with the SDK, and when I was satisfied with it, I sent it off to Danger as part of my request for a developer key (which is necessary in order to install unsigned software on the actual phone).

Within an hour or so, Danger had approved my request (on a Saturday, no less!). Now, for the small price of voiding my warranty, I can install whatever I want on my phone. Result!

I'm very pleased so far with the Danger SDK, their API, and especially the incredible support on the developer forums. Thanks to the excellent documentation, I've only had to resort to posting questions on the forums twice so far, but each time I got a helpful response from a real live Danger developer almost instantly, even after hours on Friday and on a Saturday. That's pretty impressive.

My only real complaint is that the resource editor included in the SDK is a buggy piece of crap with an almost unusable UI (a real surprise coming from Danger), but I think I've finally learned how to avoid making it angry. When all else fails, I can at least edit the resource files by hand.

I've been playing with my brand new Sidekick 3 for the last few hours, and I'm pretty impressed.

I owned an original Sidekick way back in 2003, but while it was a great Internet gadget, it was a pretty crappy phone. I ended up dumping it for a Nokia 6600. Sadly, my trusty Nokia has begun to show its age (and refuse calls), so I have once more laughed in the face of Danger and taken a bold leap into Sidekick land.

The Sidekick has gone through three hardware revisions and countless software upgrades since I last looked at one, and the end result is pretty slick. The Sidekick 3 is much smaller than the original, and even than the Sidekick 2. It's still just a tad large for a mobile phone, but at least it doesn't look like a brick anymore. It actually feels like a phone when I hold it up to my ear, which is pretty sweet, since talking on the original Sidekick was a little awkward.

Everything about the Sidekick 3 is slick. The new shell, the flip-out color LCD, the backlit qwerty keyboard, and especially the translucent trackball, which lights up in a variety of sexy colors when certain events occur (like incoming messages or phone calls). I'm also mightily pleased with the inclusion of a ringtone that sounds more like a normal telephone ring than any actual telephone I've heard in the last five years. It's such a convincingly normal ring that it's a little hard to believe it's coming out of this sexy, sexy gadget.

There are the usual downsides, of course. The built-in 1.3 megapixel camera takes horrid photos (although the photo application itself is really sweet). I still think it's ridiculous that you can't install unsigned third-party software unless you obtain a special developer key from Danger. The Sidekick has the best mobile OS on the market, an excellent user interface, and a great API, but any innovation is effectively stifled since users can only install commercial software distributed through official channels (and the official channels have no interest in distributing free and/or open source software).

Nevertheless, I'm pleased with my purchase. Now I'm just trying to think of a semi-useful application I can submit with my developer key request so Danger will let me install unsigned code on this thing. If anyone has any ideas, I'm all ears.

A few weeks ago I stumbled across SmugMug, an excellent photo sharing site that I had inexplicably never noticed before. I was impressed by its look and feel and intrigued by some of its features (especially the Google Maps-powered geocoding stuff), so I uploaded a few of my photos and started playing around with it. I'm very pleased.

Most of my photos are currently on Flickr. I like Flickr a lot, but SmugMug takes a slightly different approach that I like even better in some ways. Flickr has its strengths; the endless stream of photos is especially conducive to freeform, random photography like photoblogs. SmugMug is more structured, which works well for more organized, professional photo galleries.

Since I liked so many things about both SmugMug and Flickr, I needed to find a way to use both of them without spending all my time uploading, tagging, and writing captions twice for all my photos. Enter Picasa.

Flickr and SmugMug both support IPTC tags and EXIF captions embedded in photos. Picasa conveniently supports those features as well. What's more, the latest beta version of Picasa integrates with Google Earth, so I can easily add geotags to my photos that SmugMug will recognize. The only thing I have to do twice is the actual upload process, and that's easy.

I love it when good software makes my life easier.