DiscoverCard.com & Password Length Restrictions

Posted on Thursday, May 5, 2011 by David Veatch

With all the major breaches in the news lately (RSA, Gawker, PSN, Lastpass, MySQL, Texas Comptroller, etc. – hit the googles with you!), I finally got angry enough to ask a question of DiscoverCard that has been sitting on the back burner for too long. It’s about what I consider to be absurd password length restrictions on their site, and what that might say about how they’re storing those passwords on the back end.

Let’s clear one thing up: On principle, I believe I should be able to use whatever password I want. If I want to use “abc123″, or “puppy1″, or “;a3Wfzu0J|rqVHj%l]x6PZdQHqhpK39vx5?|fSb9NmFdq”, I should be able to. I should have the right to be as smart, stupid, paranoid or legitimately cautious as I want (here’s the thing) so long as my choice doesn’t affect others using the same system. I’m not the only one to think along those lines.

Principles aside, I don’t have a practical problem with complexity enforcement. I understand that repositories of critical and/or sensitive data and services have a need to shore things up a bit with more complex passwords. That doesn’t stop me from thinking there are design issues at hand if my weak web password can compromise someone else’s data. I also can’t help but think the whole mess is, at least in part, driven by a disgusting, ludicrously naive and juvenile expectation that “everything will always be ok, and I’m entitled to it. It’s my right! So there!” and all the litigation that goes along with that childish attitude.

That all said, it’s one thing to require password complexity, it’s another entirely to not allow it past X characters. It raises some questions…

So I asked DiscoverCard about it: (May 05, 02011 09:41 AM)

Can you please explain to me the exact method by which discovercard.com website logon passwords are stored? The length limit greatly concerns me. With the major breaches of late (PSN, Sony, Lastpass, MySQL, Gawker, etc.) it is critical that passwords be stored securely, with adequate encryption, or at the very least, salted hashing. Thank you.

Admittedly not the best in terms of wording and stated concerns. But there you have it. I can’t help but believe DiscoverCard, of all places, is using top-notch methods for storing passwords, but you just never know, do you?

DiscoverCard’s first reply: (May 05, 02011 10:46 AM)

Thank you for your recent message. I understand your concern about online security, and I will be happy to assist you today!

Our emphasis on privacy provisions and improved Internet security has made using our website safer than ever. We use the Secure Socket Layer (SSL) protocol for encrypting communications with our Cardmembers. SSL uses public-key cryptography to scramble the information sent between senders and receivers. In the unlikely event that third parties try to eavesdrop or intercept this message, SSL encryption prevents them from viewing its contents.

We also have Superior Fraud Protection, which means that when you use your Discover Card to shop anywhere on the Internet, you will not be liable for any unauthorized transactions. For more information about our security, please see the following page:

http://www.discovercard.com/customer-service/safety/site-security.html

I appreciate your business and the opportunity to be of service. Thank you for choosing to use Discover Card.
[signature and legalese removed]

Awesome, but no, that’s not what I asked. So, I completed a survey indicating as much and replied… (May 05, 2011 11:06 AM)

Thank you for the prompt reply. I appreciate the information on SSL, however, that doesn’t answer the question I asked. I asked about password storage (at-rest), not information on the wire (in-transit). My question is restated here for your convenience…

“Can you please explain to me the exact method by which discovercard.com website logon passwords are stored? The length limit greatly concerns me. With the major breaches of late (PSN, Sony, Lastpass, MySQL, Gawker, etc.), it is critical that passwords be stored securely, with adequate encryption, or at the very least, salted hashing. Thank you.”

To which they replied… (05/05/2011 12:06 PM)

Thank you for your recent inquiry. In an effort to provide you the best service possible, I have escalated this issue to the appropriate parties in our company for further assistance. We will respond as soon as we have any additional information concerning this matter. Thank you for your patience.

I appreciate your business and the opportunity to be of service. Thank you for choosing to use Discover Card.
[signature and legalese removed]

I don’t expect another reply anytime soon… but I’ll let you know if I do get one, either in the comments, or as a new post depending on the reply.

Near Native FreeBSD Full and Incremental Backups to a Removable USB Storage Drive

Posted on Tuesday, January 25, 2011 by David Veatch

UPDATE 2011/03/09 – I updated the code to backup to an NFS mount, and to include the “-h 0″ flag to skip all nodump flags. That was causing me serious problems.

Summary

I’ve given quite a bit of thought to backup procedures at home since my FreeBSD 8.1 box dropped my mirrored filesystem. The signs of impending apocalypse were there, I just didn’t pay them proper heed. Fortunately, all of my data was salvaged; unfortunately, I lost all the custom PHP code I wrote over the last 6 months, my wordpress themes, plugins and modifications, and everything else that actually DID anything with all that data. So, while I’ve been rewriting that, I’ve been giving equal, if not more attention to backing it up. I’ll catch up again, but before I do that, I’ll make sure I won’t fall behind again.

I did a few searches for FreeBSD backup solutions, and rolled my own little backup script using dump. It was decent, but it didn’t do everything I wanted as well as I wanted it to. Every night was a full backup, and there were no incrementals. I had to implement some pretty inelegant code to accomplish a couple things simply b/c I didn’t know how else to do it. So I kept looking and eventually zeroed in on David Andrzejewski’s work. He clearly states what he put out there is a use-at-your-own risk kind of script. I took it anyway as a starting block, and fleshed it out for my own purposes.

My requirements were similar to his, with the exception that I don’t have a cloud based storage account at the time of this writing and instead will be using a removable USB connected storage drive.

Project Goals

Run with native or easily accessible tools.
Full off-system backup of entire system once a week.
Incremental off-system backup of entire system nightly.
Separate off-system backups of individual critical files to make future restores easier.

Future Goals

Play with ${DUMPCACHE} to see how it affects the time to execute in my environment. Drop it back to 8MB for a week. Ramp it up to 64MB for a week. Recommended is 32MB, but it’s a party! Let’s see what happens.
Continue monitoring and fine tuning the hardware, OS environment and script to ensure maximum performance and stability. I haven’t recompiled a kernel in a while, maybe I’ll see about that.
These are “as money allows” goals. I’m sure my wife is getting tired of me spending money on hardware. Then again, she does appreciate that I have a hobby that keeps me off the streets and out of the brothels.
- Continue looking for consumer level, but sufficiently robust NAS solutions featuring RAID5 mirroring and access via secure and/or open protocols (ssh, smb, rsync, etc.) to replace (or augment) the removable drives I’m using now. No Windows-Only solutions please.
- Evaluate cloud based storage for off-site backups. I’m looking at SpiderOak right now at the recommendation of a friend. I like their zero-knowledge solution and pricing, but more research is required. We’ll have upwards of 500GB of storage requirements, so we’ll have to weigh the monetary costs of cloud storage and bandwidth usage carefully against the risk of my solution failing when (!if) I need to restore. For the moment, I’m relatively comfortable with dumping the filesystems to removable drives, and keeping certain ultra-critical bits of recovery text (bsdlabels, fstabs, choice config files, etc.) in Google Docs.

My Environment

Two physically identical servers built from the ground up running FreeBSD 8.1. Each system houses a 150GB system drive (/dev/ad4s1) and a 500GB data/storage drive (/dev/ad6s1), and runs with 2GB of RAM.

I have /, /usr and /var mounted individually on the 150GB drive, and /home (containing /users and /www) mounted on the 500GB drive. I thought about getting separate drives for /www and /home, but decided I didn’t want to deal with planning for storage allocation. Instead I created /home/www for web files, and /home/users for user accounts. It’s not exactly standard, but it’s not unprecedented, and I make it work.

Off my “production” server I’ve hung a 2.5″ 320GB USB2.0 removable drive. Off my “development” server I’ve hung a 2.5″ 100GB USB2.0 removable drive. I’ll adjust the size of the drives as needed. That’s just what I had on hand. Both were UFS formatted using fdisk.

During the backup job, those drives are mounted at /backup. The rest of the time they’re plugged in, but not mounted.

The Script

You’re welcome to this, but be warned, if it borks up your machine, destroys your pr0n collection, or sends terrifying space monkeys into your engine room, don’t blame me. Use at your own risk. There, now that I’m all disclaimed…

#!/usr/local/bin/bash

# Much appreciation to David Andrzejewski, and the work he started at
# http://www.davidandrzejewski.com/2010/03/01/freebsd-backup-using-dump-and-duplicity/
# I'm sure his current script/processes far outstrip this, but this
# is my (f)stab at it

# Version: 0.5
# * Provides 1 set of full backups and 6 associated incrementals
# * Backup files stored on mounted USB drive only

# I would like to see...
# * Writing to NAS with RAID5 and standard access (ssh, SMB, etc.)
# * Retrieve the cloud based storage interaction I stripped out

# DUMPLVL: provided via a command line flag ${1})
# WEEKDAY: provided via a command line flag ${2})

# HOSTNAME: The host being backed up. Used in informational messages
HOSTNAME=$( hostname )

# FSLIST: The list of file systems that will be dumped along with the
# name of the dump Example: /dev/ad4s1a=root will dump the /dev/ad4s1a
# volume and name it DDD.root.dump.levelN.bz2 where "N" is the dump level
# and "DDD" is the weekday
FSLIST="/dev/ad4s1a=root /dev/ad4s1d=var /dev/ad4s1f=usr /dev/ad6s1d=home"

# BSDLABEL_PARTITIONS: The list of partitions to run `bsdlabel` on
# This will be saved in the backup directory during runtime as
# ${WEEKDAY}.bsdlabel_${PARTITION}.txt
BSDLABEL_PARTITIONS="ad4s1 ad6s1"

# DUMPDEVICE: The location the files will be dumped to
DUMPDEVICE=sosaria:/home/dumps/${HOSTNAME}

# DUMPDIR: The directory that the dumps will be written to
DUMPDIR=/backup

# STAGINGDIR: The directory where dumps are stored before being written
# to ${DUMPDIR}
STAGINGDIR=/home/dumps/stage

# ARCHIVEDIR: The local directory dumps are stored after being written
# to ${DUMPDIR}
ARCHIVEDIR=/home/dumps/${HOSTNAME}

# NODUMP_DIRS: List of directories to set the nodump flag
NODUMP_DIRS="/usr/ports /usr/obj /usr/src /home/www/logs /home/www/src /home/dumps"

# DUMPCACHE: The amount of memory to give dump
DUMPCACHE=32

# DUMPFLAGS: The flags to feed dump
DUMPFLAGS="uanL -h 0 -f"

# FSTYPE: The filesystem type of the mounted partition
FSTYPE=nfs

# These should be standard

# BSDLABELCMD: The bsdlabel command
BSDLABELCMD=/sbin/bsdlabel

# DUMPCMD: The dump command
DUMPCMD=/sbin/dump

# MOUNTCMD: The mount command
MOUNTCMD=/sbin/mount

# UMOUNTCMD: The mount command
UMOUNTCMD=/sbin/umount

##---------------------------------------------------------------------
# Shouldn't have to edit anything below here

# Get the start time so we can gauge how long this is taking. Useful in
# tweaking ${DUMPCACHE}
START=$( date +%s )

# Get the directory we're running from
SCRIPTDIR=$( dirname $0 )

cd ${SCRIPTDIR}
if [ $? -ne 0 ]; then
       echo "ERROR: Unable to cd to ${SCRIPTDIR}! Aborting!"
       exit 1
fi

# If we were executed like "./whatever.sh" - set SCRIPTDIR to the pwd
if [ "${SCRIPTDIR}" == "." ]; then
       SCRIPTDIR=$( pwd )
fi

echo "Script is running from ${SCRIPTDIR}"

# Check the command line to make sure we have what we need from it
# First check for the dump level
if [ "${1}" == "" ]; then
       echo "Must specify dump level. Aborting!"
       exit
else
       DUMPLVL=${1}
fi

# Sanity check
if [ "${DUMPLVL}" == "" ]; then
       echo "ERROR: For some reason DUMPLVL never got set! Aborting!"
       exit 1
fi

# Then get the weekday name off the command line
if [ "${2}" == "" ]; then
       echo "Must specify weekday name. Aborting!"
       exit
else
       WEEKDAY=${2}
fi

# Sanity check
if [ "${WEEKDAY}" == "" ]; then
       echo "ERROR: For some reason WEEKDAY never got set! Aborting!!"
       exit 1
fi

# Create the flag file so we can't run more than one instance
if [ -f "${SCRIPTDIR}/myself.flg" ]; then
       echo "Script running?! ${SCRIPTDIR}/myself.flg exists! Aborting!"
       exit 1
else
       echo "Touching myself at ${SCRIPTDIR}/myself.flg"
       touch ${SCRIPTDIR}/myself.flg
fi

# Check for the existance of ${STAGINGDIR}
if [ ! -d "${STAGINGDIR}" ]; then
       mkdir ${STAGINGDIR}
       if [ $? = 1 ]; then
               echo "Could not create ${STAGINGDIR}!  Aborting!"
               echo "Removing ${SCRIPTDIR}/myself.flg"
               rm -f ${SCRIPTDIR}/myself.flg
               exit 1
       fi
fi

# Check for the existance of ${ARCHIVEDIR}
if [ ! -d "${ARCHIVEDIR}" ]; then
       mkdir ${ARCHIVEDIR}
       if [ $? = 1 ]; then
               echo "Could not create ${ARCHIVEDIR}!  Aborting!"
               echo "Removing ${SCRIPTDIR}/myself.flg"
               rm -f ${SCRIPTDIR}/myself.flg
               exit 1
       fi
fi

echo ""
for DIR in ${NODUMP_DIRS}; do
       echo "Setting nodump on ${DIR}"
       chflags -R nodump ${DIR}
done

echo ""
echo "Dump Level: ${DUMPLVL}"

# Preserve a copy of root's crontab (/root/crontab is
# manually created with `crontab -l > ~/crontab` with every change
echo ""
echo "Copying /root/crontab to ${STAGINGDIR}/${WEEKDAY}.root_crontab"
cp -f /root/crontab ${STAGINGDIR}/${WEEKDAY}.root_crontab

# Preserve a copy of fstab
echo "Copying fstab to ${STAGINGDIR}/${WEEKDAY}.fstab.txt"
cp -f /etc/fstab ${STAGINGDIR}/${WEEKDAY}.fstab.txt

# Preserve a week's worth of bsdlabel copies for each partition
for PARTITION in ${BSDLABEL_PARTITIONS}; do
       echo "Writing bsdlabel for ${PARTITION} -> ${STAGINGDIR}/${WEEKDAY}.bsdlabel_${PARTITION}.txt"
       ${BSDLABELCMD} ${PARTITION} > ${STAGINGDIR}/${WEEKDAY}.bsdlabel_${PARTITION}.txt
done

# Dump the filesystems!
for FSITEM in ${FSLIST}; do
       # Get the devicename
       FS=$( echo ${FSITEM} | awk -F= '{ print $1 }' )
       # Get the filesystem name
       NAME=$( echo ${FSITEM} | awk -F= '{ print $2 }' )
       DUMPFILE=${WEEKDAY}.${NAME}.level${DUMPLVL}.dump
       echo ""
       echo "Dumping ${FS} to ${STAGINGDIR}/${DUMPFILE} at dump level ${DUMPLVL}"
       echo ""
       echo "${DUMPCMD} -C${DUMPCACHE} -${DUMPLVL}${DUMPFLAGS} ${STAGINGDIR}/${DUMPFILE} ${FS}"
       ${DUMPCMD} -C${DUMPCACHE} -${DUMPLVL}${DUMPFLAGS} ${STAGINGDIR}/${DUMPFILE} ${FS}
done

# Test for an existing backup device mount and either use the existing
# mountpoint or mount our backup directory

MOUNTRESULTS=$( ${MOUNTCMD} | grep "${DUMPDEVICE} on ${DUMPDIR}" )

if [ "${MOUNTRESULTS}" == "" ]; then
       echo ""
       echo "Mounting ${DUMPDEVICE} on ${DUMPDIR}"
       ${MOUNTCMD} -t ${FSTYPE} ${DUMPDEVICE} ${DUMPDIR}
       if [ $? = 1 ]; then
               echo "  ... failed. Aborting!"
               echo "Removing ${SCRIPTDIR}/myself.flg"
               rm -f ${SCRIPTDIR}/myself.flg
               exit 1
       else
               echo "  ... succeeded"
       fi
else
       echo "${HOSTNAME}:${DUMPDEVICE} already mounted on ${DUMPDIR}"
fi

# Copy the files to ${DUMPDIR} and archive them to {$ARCHIVEDIR}
cd ${STAGINGDIR}
echo ""
for FILE in *; do
       echo "Copying ${FILE} to ${DUMPDIR}"
       cp ${FILE} ${DUMPDIR}/${FILE}
       if [ $? = 1 ]; then
               echo "... Failed to copy ${FILE}! You might want to see to that."
       else
               echo "Moving ${FILE} to ${ARCHIVEDIR}"
               mv ${FILE} ${ARCHIVEDIR}/${FILE}
       fi
done

# Get a snapshot of how the dump directory looks for verification
echo ""
echo "Recent Additions to ${DUMPDIR}:"
echo ""
ls -lt ${DUMPDIR} | tail -n +2 | head -n 8

# Umount the backup filesystem
echo ""
echo "Unmounting ${DUMPDIR}"
${UMOUNTCMD} ${DUMPDIR}
if [ $? = 1 ]; then
       echo "  ... failed. You might want to see to that."
else
       echo "  ... succeeded"
fi

# Clear the running flag
echo ""
echo "Removing ${SCRIPTDIR}/myself.flg"
rm -f ${SCRIPTDIR}/myself.flg
if [ -f "${SCRIPTDIR}/myself.flg" ]; then
       echo "  ... failed. You might want to see to that."
else
       echo "  ... succeeded"
fi

echo ""
echo "Backup of ${HOSTNAME} Complete"

END=$( date +%s )
RUNTIME=$(( ${END} - ${START} ))
H=$(( ${RUNTIME}/3600 ))
M=$(( ( ${RUNTIME}/60 ) % 60 ))
S=$(( ${RUNTIME} % 60 ))

echo "It took ${H} hrs, ${M} mins and ${S} secs with -C${DUMPCACHE} (${RUNTIME} secs)"
exit 0

The Crontab

Here’s how I’ve set up my crontab. Like Mr. Andrzejewski, I opted to keep the specifics regarding the type of backup and the day it’s run in cron, rather than build it into the script. While it does make for a slightly longer crontab, it simplifies the logic in the script considerably. At the end of the day, I just feel better about telling the script what kind of backup to run (full or incremental), and the weekday name to embed in the resulting filenames, rather than letting it determine it itself. It’s a control thing.

# Daily Backups of filesystems
# Full backups on Sunday. Incremental backups every other day.
30 0 * * 0 /root/bin/backup/backup_script.sh 0 Sun 2>&1 /dev/null | mail -s "System Backup" dvicci
30 0 * * 1 /root/bin/backup/backup_script.sh 1 Mon 2>&1 /dev/null | mail -s "System Backup" dvicci
30 0 * * 2 /root/bin/backup/backup_script.sh 1 Tue 2>&1 /dev/null | mail -s "System Backup" dvicci
30 0 * * 3 /root/bin/backup/backup_script.sh 1 Wed 2>&1 /dev/null | mail -s "System Backup" dvicci
30 0 * * 4 /root/bin/backup/backup_script.sh 1 Thu 2>&1 /dev/null | mail -s "System Backup" dvicci
30 0 * * 5 /root/bin/backup/backup_script.sh 1 Fri 2>&1 /dev/null | mail -s "System Backup" dvicci
30 0 * * 6 /root/bin/backup/backup_script.sh 1 Sat 2>&1 /dev/null | mail -s "System Backup" dvicci

This will finally result in a list of files looking something like this come Sunday morning. Sort to taste.

backup/Sat.usr.level1.dump
backup/Sat.var.level1.dump
backup/Sat.root.level1.dump
backup/Sat.fstab.txt
backup/Sat.bsdlabel_ad6s1.txt
backup/Sat.bsdlabel_ad4s1.txt
backup/Sat.root_crontab.txt
backup/Fri.home.level1.dump
backup/Fri.usr.level1.dump
backup/Fri.var.level1.dump
backup/Fri.root.level1.dump
backup/Fri.fstab.txt
backup/Fri.bsdlabel_ad6s1.txt
backup/Fri.bsdlabel_ad4s1.txt
backup/Fri.root_crontab.txt
backup/Thu.home.level1.dump
backup/Thu.usr.level1.dump
backup/Thu.var.level1.dump
backup/Thu.root.level1.dump
backup/Thu.fstab.txt
backup/Thu.bsdlabel_ad6s1.txt
backup/Thu.bsdlabel_ad4s1.txt
backup/Thu.root_crontab.txt
backup/Wed.home.level1.dump
backup/Wed.usr.level1.dump
backup/Wed.var.level1.dump
backup/Wed.root.level1.dump
backup/Wed.fstab.txt
backup/Wed.bsdlabel_ad6s1.txt
backup/Wed.bsdlabel_ad4s1.txt
backup/Wed.root_crontab.txt
backup/Tue.home.level1.dump
backup/Tue.usr.level1.dump
backup/Tue.var.level1.dump
backup/Tue.root.level1.dump
backup/Tue.fstab.txt
backup/Tue.bsdlabel_ad6s1.txt
backup/Tue.bsdlabel_ad4s1.txt
backup/Tue.root_crontab.txt
backup/Mon.home.level1.dump
backup/Mon.usr.level1.dump
backup/Mon.var.level1.dump
backup/Mon.root.level1.dump
backup/Mon.fstab.txt
backup/Mon.bsdlabel_ad6s1.txt
backup/Mon.bsdlabel_ad4s1.txt
backup/Mon.root_crontab.txt
backup/Sun.home.level0.dump
backup/Sun.usr.level0.dump
backup/Sun.var.level0.dump
backup/Sun.root.level1.dump
backup/Sun.fstab.txt
backup/Sun.bsdlabel_ad6s1.txt
backup/Sun.bsdlabel_ad4s1.txt
backup/Sun.root_crontab.txt

Power vs. Mobility, a Question of Need Raised by the Chromebook

Posted on Tuesday, December 28, 2010 by David Veatch

At the tail end of the day, with a beverage in your hand and your feet up, that’s what it usually boils down to. You can have power, or you can have mobility. You can’t have both. Take your pick.

I’m not saying modern mobile platforms aren’t powerful. You can have both, but to reach the pinnacle of mobile PC performance, you’re going to pay, and you’re going to pay dearly. On the other hand, with a desktop rig, you can spend the same amount, get more power and maintain some upgrade potential. You can also spend a great deal more and get a great deal more power and upgrade-ability, but I’m talking similar specs. So it still comes down to power vs. mobility. What do you need?

That was the unexpected question raised by the arrival of the Chromebook.

Though they’re a lot cheaper than the desktop replacement monsters I’ve been looking at to finally replace my Aurora (the Alienware m17x, for instance), I’ve never even considered a netbook or mini laptop. What’s the point? They’re far too underpowered for my needs. With their tiny little screens, cute little keyboards, cuddly CPUs and GPUs… bah.

That cute little black rubber ducky of a computer changed things up a bit. I’ve had to revisit the question of why terrible power has to accompany convenient mobility. The answer used to be to make it easy to attend LAN parties. That and… well, that’s pretty much it. But I don’t attend LAN parties anymore. All my old beloved LAN party buddies have moved away and/or started adult really-real-world lives (including myself), and this new generation of whipper snappers is just too much for this old fogey to handle. Strike bestial power from the list of mobility requirements. I still want/need the mobile, but I no longer require a gaming Tour de Force in my lap. In fact, my Aurora has basically become a desktop, and hasn’t left the office in months.

The Chromebook allowed me to realize I can have my power cake, and slather it up with lots of mobility icing too. I don’t need All the Power All the Time. For most of what I do, I can get by with far less. I can, with nary a reservation, return to my old hobby of building my own rig (assuming I don’t go the way of the Forbidden Fruit) to get a stupid fast setup for less scratch that allows me to save the world in high resolution and cranked up detail, and yet have my little laptop for when I’m out and about, or don’t feel like getting off the couch to look something up, answer an e’mail, throw together a senseless blog post on the quick. After all, that’s all I really need out of a mobile computer.

There’s another benefit of going the mini/netbook/ultracompact laptop route, besides savings. Those gaming laptops can be heavy! Sure, they’re technically mobile, but they’re not feather weights. Then there’s the fact that they’re hot! There’s a reason there’s a glut of laptop cooling pads available, complete with fans and fins and all manner of cooling whatnot. I wonder how long it’ll be before they have liquid-cooled laptop cooling pads. Wait, what?

Finally, when I consider the cost of a fully decked out gaming/multi-media laptop, and an comparably decked out gaming/multi-media desktop, the difference easily allows for a separate, smaller, more mobile mini or netbook. While I’m spec’ing out a new desktop rig, I’m also paying attention to what hardware Chrome OS will eventually be retailed on. Rumor has it that it’ll run in the $300 – $400 range, easily within the margin between a bleeding edge gaming laptop and an equivalent desktop.

At the tail end of the day, with a beverage in my hand and my feet up, I can have my power and mobility too. By separating them, my power will be more powerful, and my mobility will be more mobile. All it took to finally realize that was the surprise arrival of a Chromebook.

On Google/Verizon’s Chrome OS Pilot Program Data Plans

Posted on Monday, December 27, 2010 by David Veatch

I’ve never been subject to bandwidth caps or quotas, so I’ve never really paid it much heed. I have been aware of their existance, and have kept them in (the back of my) mind with my own designs in the past by keeping imagery low and abiding by the “Content is King” mantra, and keeping my content in the realm of text.

Now, with the Cr-48 Pilot Program, I’ve been inducted into the frightening world of Bandwidth Caps and Quotas, and it’s been a bit of an eye-opener. My own estimates of how much data I throw about in a typical browsing day fell dramatically short of the mark. To their credit, they do say the free plan is “…enough for hundreds of emails or occasional browsing” (emphasis mine), I just wasn’t listening. That’s assuming your e’mails don’t include attachments or crazy signatures with images (any signature with an image is crazy, but that’s a subject for another post in which I lament the demise of plain text as the primary e’mail delivery format).

Their Plans

To help us preview their new OS, Google, in cahoots (ok, in cooperation) with Verizon, initially offers the following plans:

2 year 100MB of data per month for $0.00
1 day (24 hour) limitless pass for $9.99
30 day (720 hour) 1GB pass for $20.00
30 day (720 hour) 3GB pass for $35.00
30 day (720 hour) 5GB pass for $50.00

All plans are effective from the moment they’re activated. Though most of the plans are for 30 days instead of calendar month, I believe the 2 year plan is by calendar year. So, starting the 1GB plan on 12/01/10 means it’s good through 12/30/2010 (30 days from date of plan activation). Starting the free plan on 12/01/2010 (as I did), however, means you get 100MB free per 30 day period until 12/01/2012. It would end on 11/20/2012 if it were a 720 day (24 months * 30 days per month) plan. I’m sure this is all documented somewhere, but half the fun is guessing!

I’ll take note when my data cap is reset to 100MB to verify my assumptions, but it should happen on 1/19/2011.

My Plan

I plan to spend most of my time connecting via Wi-Fi, rather than 3G, so I opted for the free 100MB/month. However, burning through nearly 90MB over the space of 3 days while at my parent’s house with *exceedingly* careful usage has got me thinking about how much a typical browsing session uses.

By “*exceedingly* careful” usage, I avoided, as much as possible, all streaming media, all file downloads, any image heavy sites, online gaming, and kept my forays onto the Web as short and sweet as possible. Mostly, to be honest, I was just writing my Initial Impressions post. And that was mostly offline, with occasional textual updates online to make sure I didn’t lose anything (it is, after all, such a fine post… meh). Unfortunately, advertisers aren’t worried about the bandwidth capped or those charged by the MB. There are far too many bandwidth heavy flash and streaming ads out there for my taste, and in some of the most unlikely places.

So… Here are some numbers I’ve put together. It’s not scientific, terribly regimented or documented, but I wanted to get a general sense of how much data is transferred in a typical session for me. I’m using NetWorx on my Win7 laptop, b/c there isn’t a bandwidth usage monitor available yet for Chrome OS that I found (that would be incredibly useful, if someone wanted to put that together). I don’t feel like hacking my router just yet to install DD-WRT, Tomato or whatever other alternate solutions are available, nor do I feel the need to implement Squid, so I’m going to deal with local monitoring for the time being. Most of my time is on Google Reader, Gmail, Google Docs, and my own site. My Google Reader usage is primarily text, but there are some feeds that are fairly image intensive, including a few online comics thrown in for good measure.

My Results

Tonight, over the course of about three hours of intermittent browsing broken up by an episode of Firefly, some financial talk with my wife, and dinner, I burned through 18.8MB of data. No single site I visited carried a heavy media payload, and I didn’t honestly browse around that much. I caught up on a few feeds, read some articles, and fixed some books on Goodreads. Nothing was that intense. Truth be told, I saved this video for my Chromebook so it wouldn’t be counted amongst the bits tallied.

I’ll keep monitoring my usage to see, but it’s certainly looking like 100MB/month truly is a pittance that would fulfill only the most spartan of Internet users.

As an aside, just collecting links by visiting the site to copy/paste the URL, and polishing this post burned another 14MB. Ain’t that something?

Windows 7 on my Alienware Aurora M9700

Posted on Sunday, December 5, 2010 by David Veatch

Well, I did it. I bit the bullet, ordered me a copy of Windows 7 Ultimate 32bit/64bit, and started the installation saga yesterday at around 3:30pm. As of this afternoon, I’ve achieved what I hope is system stability. Nearly all of my devices are accounted for, and the system boots without apparent issue.

The first step was, of course to install Windows 7 using the supplied DVD media.

That done, I tackled the video drivers, b/c even though the default drivers support 1280×1024, the native screen resolution of the Alienware Aurora m9700 is 1920×1200. I’m a little spoiled by all that real estate, to say nothing of the sharp crispiness that comes with using the native resolution. There was a problem, however.

Alienware doesn’t have a video driver for the 32bit version of Windows 7. The closest they have is Vista. LaptopVideo2Go does, and they include the modified .inf files that you may have heard about if you’ve attempted any after market laptop video driver updates. nVidia themselves also have drivers. But no matter what video driver I tried, be it the old and dusty Vista driver, or the bright and shiny drivers from LV2G or nVidia, the problem remained the same… right before presenting the logon screen, the laptop screen would go black, and wouldn’t light up again unless I sent the laptop into hibernate (or possibly standby), and then woke it up. However, after waking it up, the keyboard refused to work. So, I had the option of a black screen, or no keyboard. If I had no password on my account, I could have possibly just passed through to a Windows desktop, but I doubt the keyboard would have been available. Having no password isn’t an option, either.

I tried a few things, but I found a forum link somewhere (now lost), that described the same problems, and pointed me to a BIOS update. I noted that I was running BIOS v3.17, and the link was to v3.18 (Alienware & Local if the official link changes [855KB]). Trusting that it wouldn’t brick my machine, I downloaded the new version, ripped the .iso to a CD, and flashed my BIOS.

Lo & Behold! That fixed my issues completely. Aside from a momentary panic from a non-fatal checksum mismatch error on POST, it went perfectly. About 4 hours of trial and error (mostly error) were finally over. I’m now running driver version 7.15.11.7948 dated 1/30/2009, from the 179 series that nVidia determined in their wizardly wisdom was the best driver for my machine.

I haven’t tried running dual monitors yet. I was more concerned initially with getting SLI support running (which I have). Dual monitors won’t run with SLI enabled, and the first time I tried it, the screen flickered manically, and eventually resulted in a BSOD. I’ll try it again some day, but now I’m happy that it’s working, and don’t want to screw it up just yet.

So, that mostly solved, I went about tackling the fact that I had no audio support. That was a relatively easy fix. I pulled the Audio 5.12.01.5500 driver from Alienware’s support site (Alienware & Local if the official link changes [24MB]). I installed it, rebooted, and my ears were graced with wonderful sounds. Easy peasy. 15 minutes.

This morning, I went up to Best Buy to pick up a new mouse, because neither Logitech nor Windows 7 has full support for my 10 year old Logitech MouseMan M-BD53. I need my customized buttons. So as a replacement, I picked up Logitech Wireless M510. So far, after about an hour, I’m pleased. I thought about a rechargeable, but I went with a standard battery powered option because I didn’t want to find myself stuck without a mouse while it was on the cradle.

I’m not completely done yet, because I still have two instances of “Base System Device” and one instance of “PCI Modem” that aren’t recognized by the OS. I’ve seen nothing in the way of instability, however, since last night, so I’m not going to sweat them too much until I do. I suspect they have something to do with mainboard chipsets. However, like I said, things are working as is.

One last note. Flashing the BIOS reset the RAID settings. I was running RAID 1 and noticed this morning that my second drive was sitting idle and offline. I was able to go back into the BIOS, enable RAID, and rebuild the mirror in no time flat, though. It’s now running perfectly.

Driver issues aside, I’m pretty impressed with Windows 7. Something about having to invoke administrator rights when I install new software makes me feel safer. I’m getting a handle on Libraries, and am well on my way to customizing my set up to way I like it. Aero will take some getting used to, but so far, I don’t see any reason to quit using it.

Here’s to hoping Windows 7 continues to get along with my Aurora M7900…

Update Later That Same Day… I’m nothing if not daring where computers are concerned… I risked another string of BSOD’s and an unbootable brick of a laptop and attempted dual screenies on an unproven setup. So far, so good. :)

Update 12/31/2011 A kind reader moving his own m9700 from XP to Win7 did a little research and found that those missing “Base System Device” instances in the Device Manager were actually for the media card reader. I pulled down the drivers from Alienware’s Help Site Vista section (Alienware & Local 3.5MB), and wouldn’t you know it, duder was right. Now all that remains is the PCI Modem, which is also available on the help site, but I just don’t have any reason at all to install that. Thanks, man!

Getting my Geek On

Posted on Tuesday, November 23, 2010 by David Veatch

Previously, I mentioned that I had a good time at MicroCenter. Though it come as a major surprise to you, it was vastly different from my experience at Best Buy. I don’t fault my White Shirt sales rep for her lack of knowledge and experience. Though she did literally shudder at the thought that I would let loose the hounds of hell on my home computer by using *gasp* freeware (and I use the word “literally” in it’s true sense – she literally physically shuddered), I don’t fault her that. By virtue of her virginal White Shirt, she was new to the game, and remains a corporate shill, bless her heart.

At MicroCenter, however, my experience was vastly different. I’m no n00b to the computer hobbyist game, but let’s just say it has been a long time since I took Arctic Silver to my CPU before clamping that fan down, and leave it at that. Knowing that I have a ton of catching up to do, I struck up a conversation with Patrick, and opened my mind and just let the conversation and questions flow. He seemed knowledgeable enough, and even if he was wrong on any number of points, he was providing plenty of topics to research, and knibblets of knowledge to verify.

Our conversation started with me asking about storage solutions at home (more on that below). We spoke of NAS and SAN and RAID. We talked SATA, eSATA, SSD response times and P/E cycles and life expectancy, HDD cache size, transfer rates and platter speeds. From there, we branched out into completely unrelated topics. We touched on video cards and their chipsets. We reviewed motherboards and RAM and chassis (chassi?) and sound cards. We discussed low, medium and high end differences, and manufacturer reasoning behind this feature and that. We talked CPUs, hard drives, sound cards and RAM. He spoke with pride of liquid cooling, daisy chaining and hot swapping. I spoke with pride of being completely self-taught.

As our conversation progressed, I realized that one of my suspicions was being confirmed. In spite of all the changes, one thing remains unchanged: the price one pays. Running the most demanding apps and latest and greatest games at the highest settings with no lag, be it network or FPS, will cost roughly the same now as it did years ago. Sure, certain things are cheaper, but at the end of the day, a top of the line rig will still set a body back a few thousand.

As that realization set in (tempering my geek joy but a little), I resolved myself to research for the foreseeable future, and excused myself, feeling the better for our conversation. Turns out I enjoyed myself so much that I didn’t even realize that Jami was nowhere to be found. My best guess is that she high tailed it the heck out of there at the first mention of a techy term she didn’t understand, oh, say… somewhere around “NAS”. I found her in the Apple room, content playing Marble Mixer on an iPad while I got my geek full on. She beat me fair and square twice at that fangle contraption, and from there, we went on to Best Buy where the rest is history.

As for what started my geeky foray into current gaming rig technology, I want a simple RAID1|5 capable set up that allows us a central storage location for family files, be they music, video, images, or financial documents. I’d like at least 3 separate drives, and would be pretty pleased if they were hot-swappable, but that’s really not a deal breaker. I’d rather not mess with FTP, or silly web based transfer solutions, preferring something simple and seamless like SMB/CIFS that allows Windows, Mac and Unix to interoperate. I’m beginning to realize this means I may have to custom build my own file server, rather than just dropping a pre-fab setup into my network right OOTB. Recent experiences with printing problems and file corruption have left me a little leery of a FreeBSD-based solution, but I’m game to keep barking up that or similar trees (OpenBSD, Ubuntu, etc) if for no other reason than cost. I recognize that those issues have arisen on relatively ancient hardware using on-board RAID technology that was new at the time, and thus prone to less than stellar operation. A system built on a solid and stable motherboard without all the fancy bells and whistles included in my gaming rig-turned web/dns/smtp/file server might be just the ticket.

New Laptop in the House

Posted on Monday, November 22, 2010 by David Veatch

We’ve finally made the foray into the land of Windows 7. The old XP laptop that my wife was using started showing signs of age a couple weeks ago when the NIC decided it wasn’t going to work anymore. Right in the middle of a browsing session, it just quit. I honestly didn’t do much in the way of troubleshooting, other than disabling/enabling it, and uninstalling/reinstalling the drivers. I just declared it dead. We’ve been talking about getting her a new laptop for a few months now, so this was as good a reason as any.

We hit a couple stores, but settled on a Dell 17R from running Windows Home Pro, with the i5-460M, 8GB system memory, and a 5,400rpm 500GB drive from Best Buy. We had an interesting time obtaining it, which I’ll relate here for your edification.

Sunday, Nov. 14th, 2010, the price was $749.99 in the store, and online.
Sunday, Nov. 21st, 2010, the price was $799.99 in the store, and $749.99 online.
We called, and they confirmed that they would honor the online price, thus saving the ~$50 that another, less observant or stand-upish individual would have spent.
Arriving at the store, the sales associate (White Shirt) told us that the price was, in fact, $859.99 due to it being the last model available, and being preloaded with additional “optimization”, and the inclusion of restore media.

I wasn’t aware that setting the native resolution was an “optimization” service, and that it dramatically increased the speed of the machine, real or apparent.
I didn’t realize that laptops no longer came with restore media.

We refused the “offer” and asked the White Shirt to call around.
Few stores had the model (which Jami was pretty set on at this point, having encountered resistance), and the one that the White Shirt called was the same price, and also “optimized” and with media.
We decided to wait until over Thanksgiving to check around again, and started to leave.
The greeter at the doors held us, however, saying that a manager wanted to talk with us.
A young man in a Blue Shirt came by and explained that they could, in fact, sell us the laptop for the advertised price. They wouldn’t charge us for work we did not request, and had no choice but to accept if we wanted this particular laptop. The original sales rep was unaware of how this particular sale could be finalized; she’s a new employee, as denoted by the White Shirt.
We bought the laptop and left happy.

Jami postulated that it was a sales technique designed to get a few extra dollars out of unsuspecting or willing customers. By saying it was “optimized” and came with extras, customers would be more willing to part with some extra dollars. I’m inclined to agree, but we weren’t those customers. When faced with the loss of a sale, they opted to acquiesce to the formerly agreed upon lower price.

The lesson here is stick to your guns. If a price is advertised, that’s the price you pay. If they refuse, take your business elsewhere. You’ll either get the price you wanted there as they flail about trying to keep your business, or you’ll get a better deal somewhere else.

We got the laptop home, and I dove in to get it setup up for Jami, and attached to our home network. I played around with Windows 7 for the (admittedly) first time last night. I was impressed by the OS itself. I haven’t played with it enough to offer more than a “seems pretty slick”, but it… well… it seems pretty slick. I’ll play around more though, I’m sure. I had some trouble getting it to see the Samba shares on my FreeBSD server. That’s my task tonight. I’m sure it’ll be a stumper. As a side note, I was immediately impressed by the fact that the hard drive (500GB 5,400RPM) was split into system (c:\) and a data (d:\) partitions. I’d not seen that before on an OEM machine. Perhaps that was one of the “optimizations”.

I’m a little discouraged by my own Alienware Aurora m9700 laptop now. I was looking to install Win 7 on it, preferably the 64bit version, b/c 64 is always inarguably better than 32, right? Well… the hardware maxes out at 2GB RAM. What I’ve found online says that 2GB is fine for the 32bit version, but at least 3GB is recommended for the 64bit version. Still, I might go with the lowly 32bit version anyway, given that it looks compatible with the specs, and might be more compatible with the various hardware bits and pieces. I’ve not done the research, but it’s possible that 64bit drivers don’t exist for all the components.

As for the original laptop with a dead wireless NIC, I’ll recondition it as a print server until I can figure out why my CUPS/Samba setup is so flaky.

Next, a positive note about my experience at MicroCenter, and NAS…

Viva la Vino!

Posted on Wednesday, September 22, 2010 by David Veatch

Over the weekend (and one of the reasons I didn’t get to post about Saturday’s ride until today) I rolled a quick wine database app for my wife and I. I’d been toying with the idea in the *very* back of my mind for a little while, and when Jami said “That would be really cool!” Saturday night, I understood how I would spend my Sunday.

It’s sad, really, how much PHP I’d forgotten. I used it about 10 years ago to write a quick and dirty rough draft for a mod_perl driven LAN party organizing site that helped us, get this, organize LAN parties. The people involved in those awesome times were spread between Lawrence, KS and Kansas City, and we wanted an online RSVP system for our weekend frag-fests. Before it fizzled out due to people moving away, moving on, and generally growing out of it, it was a very nice community blog with event organization as it’s core. Hewn from scratch, it was also a great vehicle of personal growth in all things web design for yours truly.

The rough draft for that site was the last time I’d used PHP. It’s amazing how much one forgets. In building this little ditty, I had to relearn such language specific basics as assignments and conditionals, much less deeply nested hashes and objects (all arrays in PHP are, apparently, associative – who knew?). Most of the concepts are fresh from my work (at work) with Powershell, but the syntax, naturally, differs.

The engine, if I can be so bold, is still rough. In fact, it’s a tangled mess of burnt spaghetti code sticking to the bottom of the hard drive that doesn’t deserve the name “code”, but it works.

Our requirements are pretty simple:

Must work easily in mobile browser for updating while we’re out with nothing but our smart phones.
Must have rudimentary rating system so we know which wines we’ve liked, and which we haven’t.
Wines must each be sufficiently described so we know what they are:

Vintage (year)
Varietal(s) (grapes)
Winery (producer)
Region (geographic location of winery)
My Wife’s Opinion
My Opinion
Comments (general notes to jog our memories)

Must be able to search on a variety of fields seamlessly and simply.

And that’s pretty much it. Everything else is gravy.

While it’s fully functioning, and in working order now, like I said, it’s a hideous ugly mess behind the scenes. From here, I want to clean it up, separate logic from presentation as much as feasible, utilize more fully objects and classes, incorporate more best practices, and generally do what I can with what it is to learn as much as I can.

It’s really been a lot of fun!

This is the search form. It’s the header, basically, and appears at the top of the screen no matter what. Very simple.

This is the form for adding new wines to the database, available via the “Add” button at the top of every page. Again, very simple.

This is the form for updating wines that already exist in the database. I just call the add form code with the right values to populate the form. Code reuse is a beautiful thing.

This is the results when you search for something. I like the pretty. You gots yer yellers, yer reds, yer sparkleys, and yer pinks. Sum’pin’ for everyone!

Jack of all Ports, Master of None

Posted on Thursday, September 16, 2010 by David Veatch

Following my most recent foray into the world of Logo Rhythms with an upgrade from FreeBSD 5.3 to current, I decided to really clamp down on a few things and settle on some processes that made maintenance staying current easy. Ish. Of the many things I wanted to get a handle on (again), DNS, SMTP, printing, etc., I knew that keeping current was critical. It can also be a pain in the rear. It was that pain that caused me to lapse many versions behind to begin with.

So, the first place I started was with the ports collection. I was (and still am, by the way) determined to maintain a firm handle on this. I won’t go into what it, the ports collection, is in too much detail here. If you know, and care what some inconsequential geek does on his currently solitary home FreeBSD server, you’ll continue reading. If one and/or the other of those conditions does not apply, then it’s been fun! Talk with you later!

If you’re still here, then read on! Continue reading →

Hardware Bug

Posted on Friday, August 27, 2010 by David Veatch

I’ve got the bug again.
I can’t help it. I remember having so much fun building my own computers 7-10 years ago. I’d find the fastest video card I could (it was all about the monster gaming rig back then), then the best motherboard to support it, a top-of-the-line CPU (I preferred AMD back then) to run it, and fast memory to carry it all. Once that was nailed down, I’d go for speedy hard drives, a rockin’ sound card, optical drives, fancy internal cabling, and finally an easy to work with aluminum case with a power supply beefy enough to run it all to hold all the guts.

Back then, it was all about pushing the most polygons in the least amount of time for maximum framerates.

I operated that way for years, until I got tired of lugging around the heavy rig to LAN parties. So I opted for my first pre-fab computer in the form of a desktop-replacement laptop. I’ve used it steady and with very few problems for the last 5 years or so. Ironically, once I finally decided to go with an easily transportable laptop for LAN parties, the LAN parties fizzled out. No matter, I still love having a laptop around for general portability.

To this day, I’ve not owned a desktop that I haven’t either put together entirely on my own from the motherboard up, or at least heavily modified one way or another. Nor will I. I won’t – no nay never – buy a pre-fab monstrosity from Office Buy, or Best Depot, or some Corner Geek Shop.

A laptop? Sure. A desktop or server? No. Nay. Never.

Now, having updated my server to the latest version of FreeBSD, I’ve got the bug again. All that playing around with the guts of FreeBSD, relearning this and that, up and woke the bug up again. Which is good and convenient, because I’ve had some interesting fixed disk issues with the new kernel.

Hardware issues
Part of the upgrade involved utilizing the onboard Promise RAID on the Gigabyte GA-7DXR. I’m not convinced that’s the root of my problems, but I’m not convinced it ain’t. For starters, and most likely completely unrelated, I’m getting the following errors in dmesg:

GEOM: ad0: partition 1 does not start on a track boundary.
GEOM: ad0: partition 1 does not end on a track boundary.
GEOM: ad0s1: geometry does not match label (16h,63s != 16h,255s).
GEOM: ad5s1: geometry does not match label (255h,63s != 16h,63s).
GEOM: ad7s1: geometry does not match label (255h,63s != 16h,63s).

I suspect FreeBSD’s installer for those messages, actually. But, since the upgrade, I’ve had two spontaneous and unannounced reboots. The first time, there were no indications of anything amiss in the logs. The second time, I found this:

ar0: WARNING - mirror protection lost. RAID1 array in DEGRADED mode
kernel: unknown: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=765023
kernel: unknown: TIMEOUT - WRITE_DMA retrying (0 retries left) LBA=765023

Followed immediately by a 7 hour gap in logging clearly indicative of another hard reset. Pretty sure that’s RAID related.

That 7 hours ended when I noticed the server stuck in POST at an angry FastBuild screen demanding attention, and had to rebuild the array in order to get past POST. It worked, and all is up and running again, but with diminished confidence.

The research I’ve had time for has yielded sparse results, indicating either that I have a serious problem that needs immediate attention and I’d better have solid backups or I’m screwed to Taiwan and back, OR… it’s nothing serious and has been showing up for the last few FreeBSD releases.

I’ll dig into fdisk, atacontrol, smartctl and sysctl in more depth this weekend to see what that turns up, and then I’ll turn my attention to hardware research.

Server Plans
When some funds clear up, I’m going to build a new server to operate as a media center/file server for the family. It’ll be a beefy box with built in data redundancy, lots of drive space, backup power, and not much in the way of gaming potential.

I may entertain MythTV or something like it to replace the rental DVR (and then some).

So, the bug is back, but it’s purpose is vastly different now. Framerate has taken a distant backseat to reliability now… well, at least until Diablo III comes out…

Dave's Good Stuff

Drink wine, and you will sleep well. Sleep, and you will not sin. Avoid sin, and you will be saved. Ergo, drink wine and be saved.

Tag Archives: Computers