Pope Snow

When it snows, the snow is everywhere. It’s on the roads, it’s on the sidewalks but it’s also on the media. Local news covers it. National news covers it. Cable news and newspapers cover it. If you want to know about non-snow issues at the height of a snow storm, you’re fscked. Everybody’s covering snow.

Reporter in snow

They report it because people are interested and it’s easy to do. Send a reporter into the street. See that white shit falling on his head? That’s Goddamn snow! How much is going to fall? We don’t know, between one and a million inches.

The pope is in the US right now and he’s on all the channels. There’s probably newsworthy events also taking place — you know, things that affect our lives — but we don’t know about them. Why? Because everyone’s covering the Goddamn pope. The pope is basically snow.

Last night, NBC News covered a bus accident in Seattle and devoted the rest of the broadcast to the pope. Did he cure a leper? No, he got in his stupid Popemobile and cruised down Fifth Avenue to St. Patrick’s Cathedral. What did he do when he arrived there? He went inside.

Is this newsworthy? Your JoeDog’s not a religious sort but he’s pretty certain the pope’s been to church before yesterday. He pretty much lives in one.

It’s cool that the pope recognizes climate change and irritates the moralizing wing of the Republican party but Your JoeDog can’t wait until he gets back on that plane to Leipzig or wherever the hell he’s from…

Whatever Happened To German-America?

Von Steuben paradeThe Times posed this question a few days ago but Your JoeDog is catching up: “Whatever happened to German-America?” The short answer is this: two Goddamn global wars. After those bitter conflicts they didn’t feel like being German any more.

In the late 80s, Your JoeDog moved into an Upper East Side apartment in Yorkville. That’s a Manhattan neighborhood also known as Germantown. It stretches from the East River to Lexington Avenue. It was there that he witnessed first hand the dying of the German-American light.

Back then, it was filled with German stores, delis, bakeries and bars. The Viennese were there, too. Their pastries could brighten any morning. With two exceptions, these businesses were in their dying throes. The owners were old and the help was even older.

On Third Avenue, there were yellow pre-war tenement buildings. On top of those buildings you could find swastikas formed with brown bricks against a yellow background. They remained on those buildings until the early 21st Century. When they were laid by German-American construction crews, Hitler was not yet revealed as evil. Yet they remained on display long after the world knew he was a monster. The brown emblem was eventually blasted away but you can still see the Nazi symbol thanks to its brick outline.

Now almost nothing is left of Germantown except the venerable Heidelberg Restaurant on 86th and Second. Your JoeDog still visits that bar several times a year. A little while back we met an old Czech woman at the bar. She nursed a Jaegermeister with a beer and finished both drinks at the same time.

She was an ethnic German from the Sudetenland. In 1945, she hid under a bridge as the Red Army marched over it. She was there with her sisters and a cousin. The Red Army was raping its way across Eastern Europe then. We weren’t sure if she was unscathed but they didn’t find her on that particular day.

She emigrated to New York in 1948 and never lived more than a few blocks from her original apartment. I told her Barack Obama — a German-American — lived in this neighborhood, about a block from my old apartment. This greatly excited her and she announced it to everyone at the bar. Then I reminisced about the Old Neighborhood and that made her even more excited. Finally she met someone who still remembered it.

Siege Socket Timeouts Redux

Your JoeDog plans to put the brakes on you people.

The number one we email message we receive goes something like this: “When we hit the server with 60 billion users we get socket timeouts. How do we correct that?” Short answer: configure your web server with a pool of 60 billion threads.

If you run more siege users than you have web handlers, requests start to queue up and sockets start to timeout. Out of the box, apache has a pool of 256 handlers. So if you run siege with 1024 users, 768 of them are waiting for a thread to handle their request.

So this is where the brakes come in. Your JoeDog plans to add a 255 thread limit in the siegerc file. If you configure more users than that, it will warn you and reduce the pool to 255. You can override the limit inside the file but in the comments you’ll find this lecture splaining why you shouldn’t do that without configuring your site for high capacity.

[drops mic]

Siege 3.1.1

Your JoeDog is about to violate the RFC.

It won’t be the first time. Beginning with siege-3.0.6, we normalized URLs inside a Location header even though the RFC is clear: IT MUST BE AN ABSOLUTE URI, people. Just about ever browser does this so who are we to buck the trend?

With siege-3.1.1, we will add URI fragments to the request and send them to the server. Under nearly all conditions, a client is not supposed to do this. But if you want to send fragments to the server, then who are we to turn down the volume on your Ramones?

Now as far as we can tell, most servers strip the URL fragment from the request. Yet a couple people have requested this feature and Facebook uses it ways we don’t understand so maybe it’s a Thing. Most browsers don’t send the fragment but javascript can.

It if proves problematic, we’ll make it an option. To avoid sending fragements, omit them from your URLs.

Starting with version 3.1.1, siege supports Server Name Indication. During the SSL handshake, it will send the name of the server with which it wants to connect. This means it supports virtual hosting of HTTPS servers.

Siege 3.1.1 also includes several minor bug fixes. See the ChangeLog for details.

Ashley-Madison Usernames Were Created By 7th Grade Boys

Ashley-MadisonThe Ashley-Madison story just keeps giving and giving.

Gizmodo unearthed more evidence that most users cheated with bots. As a result of the hack, a minister who spent nearly $3000.00 by the time Your JoeDog grew bored tabulating his transactions killed himself. And finally TechCrunch shows us that not only did Ashley-Madison users make poor life decisions, they also used shitty passwords.

From the TechCrunch story, we learn the most popular password was ‘123456’ and number two was ‘password’.

TechCrunch cracked the file with a decryption utility. It didn’t take them long to unearth more than 25,000 matches thanks to poor passwordsmithing. While that’s interesting, Your JoeDog was much more fascinated by their usernames.

They look like they were created by 7th grade boys. Let’s examine them after the jump!

Continue reading Ashley-Madison Usernames Were Created By 7th Grade Boys

Searching For Email Addresses In Ashley-Madison Data

Your JoeDog was recently asked about the Ashley-Madison email list. Could he use his nerd-powers to find a particular email address?

“Yeah, sure, but that data dump is huge, I’ll need some time.”

Before he could act, Your JoeDog’s IM was filled with curse words. His contact found the address she was looking for in a website that lets you to search the Ashley-Madison data.

“Okay, but let’s see what’s in the actual data.”

Getting your hands on that data is no easy task. As soon as it’s posted, it’s deleted because no hosting company wants it on its severs. Pastebin is Your JoeDog’s first stop for this sort of thing. An “ashley-madison” search returns many links that point to deleted data. Strike one.

Unable to find it on pastebin, he turned to the gray web, specifically Kickass Torrents. There he found the data available for download … all 23 gigs of it. Can you imagine trying to download 23 gigs over torrent? That’s not going to happen.

Fortunately, Torrent allows you to look at the contents within the zip file. Your JoeDog found a list of files with names like member_email.dump.gz If he could pull down just the parts he wanted, then the download would be quite manageable.

He searched for ‘member_email.dump.gz’ and hit pay dirt. A site had the files listed on Torrent along with their PGP signatures for verification. The hackers posted the verification so you could ensure the files came from them.

As it turns out, the email address she found on that website was NOT in the actual Ashley-Madison data. It was a scam.

Be careful out there. The internets are a scam machine. Sites like the one she used are filled with spammer’s email lists in the hope of extracting payment for scrubbing addresses from the database. People are also using the data to extort money. “Hey, I found your email address in the Ashley-Madison dump. Be a shame if your wife found out.”

In order to determine with certainty if an email address is in the Ashley-Madison database, you will need a quality nerd. But before you find that nerd, ask yourself this: do you really want to know?

NOTE: Even if an email address and a credit card is in the database, there’s still no guarantee the person used that site. Accounts could be opened with stolen cards. Again, Your JoeDog urges caution. Do you really want to confront your significant other only to learn they were the victim of theft? Be careful out there.

Introducing BCachefs

Well this is interesting:

An ex-Google engineer is developing a new file system for Linux, with the hopes that it can offer a speedier and more advanced way of storing data on servers.

After a number of years of development, the Bcache File System (Bcachefs) “is more or less feature complete — nothing critical should be missing,” wrote project head Kent Overstreet, in an e-mail to the Linux Kernel Mailing List late Thursday.

[PC World: Introducing BCachefs]


A New Use For A Familiar Tool

Gedit line numbersWhen he works out, Your JoeDog likes to do twenty reps of twenty things. Unfortunately, that’s a lot of shit to remember. “Wait, wait, wait — what set is this?”

Now whenever Your JoeDog loses track of his reps, he starts with the one he last remembered. A few weeks ago, he must’ve had amnesia. He woke up one morning and it felt like he was struck by a car the night before.

He tried marking lines on paper in the Roman counting fashion. But this is 2015 and he doesn’t have much paper. The previous evening’s bar tab kept rolling up and running away. Plus the Romans were slave holders. Why are we taking inspiration from them?

There’s gotta be an app for this, amirite? After a set of twenty, you can add an increment to your phone. Convenient! Except we know how that really works: after a set of twenty, you unlock your phone then add the set. Not Convenient.

Then a brain storm struck — hey, they happen sometimes. Your JoeDog codes in vim but he does use a programmer’s text editor for writing notes. “Hey! This thing has line numbers. I could use it to count my workout reps.”

Now Your JoeDog takes his dogs, his weights and his laptop onto the deck when he works out (it’s a production). After each rep, beginning with the second since the counter starts at one instead of zero, he simply hits the return key.

In Internets parlance this would be filed under “Life Hacks” but we’ll just call it an helpful heuristic. Hope it helps. Happy hacking.


Pinochle 2.0 (or how to manage cards in a GUI)

Your JoeDog’s Pinochle contains a bug. Under yet-to-be-determined circumstances, some cards won’t render. It’s not clear why. No exceptions are thrown; the cards just silently disappear. It only happens on startup. If you have cards when the game begins, you’ll have cards when it ends.

The game was written in java and we used the Overlap Layout to help manage the presentation of the hands. It was easy to implement but it led to some design gymnastics. For example, each player had a reference to the JPanel on which his cards were positioned. We suspect this is associated with the disappearances.

Rather than fight this design any further, Your JoeDog decided to rework the architecture. He wanted the GUI to be as dumb as possible. A thread runs in the background and it just paints cards on the table. That thread runs in an endless loop. It asks the model, “What am I painting? Where am I putting it?” The GUI — or View, in MVC parlance — also listens for mouse events. When the user clicky-clicks, it sends coordinates to the model to determine if a card was clicked. If a card was selected, the controller determines what should become of that.

To make this system work, Your JoeDog needed a way to track the coordinates of the cards. It was then that he stumbled upon JGameGrid. The author, Aegidius Plüss, treats each game piece as an Actor. Each actor contains a Location object which holds its positional coordinates. Your JoeDog didn’t steal the entire GameGrid but he did incorporate that notion into his pinochle game. When the View thread asks “What am I painting?” The model hands it a list of cards. When it needs to know “Where am I putting it?” It just asks each card. 

Version 2.0 should be available shortly. 

Hackers Have Your Ashley-Madison Account Information

It’s a bad time for cheaters. Two months after Adult Friend Finder was compromised, Ashley-Madison was also hacked. The online infidelity broker was breached by a group known as “The Impact Team.” They now have account information for all of Ashley-Madison’s thirty-seven million users. Unless the website is permanently shut down, the “group” plans to release this information to the public:

Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.

How many members do you think comprise “The Impact Team”? Their demand sounds like it was prompted by scorn. It sounds like a guy whose woman hooked-up on Ashley-Madison. He’s bitter and he wants the site removed. Your JoeDog will answer that question with his guess: it’s a team of one.

Ashley-Madison is a multi-million dollar industry. There’s no chance that Avid Life Media shuts down the site. The Impact Team will soon release that data and we’ll be treated to a lively news cycle. The list probably includes a sitting Senator or two….

Note: You can find the Adult Friend Finder database information here.

[Krebs: Online Cheating Site Ashley-Madison Hacked]