All posts by paul

"We have located approximately 2,170 pages and 3 videos or other media which are potentially responsive to your request"

So I did a big dump of Privacy Act requests to the various parts of government that seem interesting. The DHS, ICE, TSA, and Customs and Border Patrol, the US Postal Service, the FBI, and US Marshals service.

Of the agencies that responded, only the USMS and FBI had anything on me (which I kind of expected). The USMS sent me a packet of information, mostly biographical, detailing my arrest record specifically related to the 2003 Lowes case, and some really grainy mugshots and fingerprints. I'll admit, it was mostly just information I gave them as a condition of bond and probation, so it wasn't that interesting.

I thought the FBI was ignoring me. They didn't respond to my requests for status. Then, on August 15 (almost 2 months after I submitted the request), I finally received a response by postal mail.


"We have located approximately 2,170 pages and 3 videos or other media which are potentially responsive to your request. Per US DOJ regulations, .. there is a duplication fee of ten cents per page if you receive a paper copy. Releases are also available on CD upon request. Each CD contains approximately 500 pages per release. ..You will owe $252 for a paper copy with the 3 media CDs, or $95 (7 CDs at $15.00 less $10) to receive the release on CD. The actual charges could be less."

They go on to say I may reduce the scope of my request (which was simply for any record pertaining to me, and my social security number was given) and warn that I'll be in a medium queue because my request is 500-2500 pages.

Obviously, $95 is a great deal to learn that much about yourself. *I* couldn't write 2,170 pages about myself, so what they have should be pretty interesting.

Racism and misinformation

Today, while eating at one of my favorite restaurants, Idle Hour in Spring Lake, MI (I've literally been eating there since I was able to eat solid food) I found some printouts on the lazy susan on the middle of the table.

Naturally, I picked them up, and one set of them was filled with a printed email containing a racist "joke" about painting a golf caddy robot black and having it fail to show up for work, apply for welfare, or become president, or something along those lines. Someone has reproduced this "joke" here

It was prefaced with the words:



I corrected this with my sharpie to then read:



I think it's important to call a spade a spade, and let other people figure it out. You can't hide behind blatant racism with wimpy claims of "political correctness". This isn't someone saying "A black man" rather than "A man of African American decent". It's a straight up racist joke. If you think it's funny, that's fine, as long as you realize it's actually racist, not just some stupid jab in the culture wars.

I then set it back in its place. Found another email printout, this time some email forward talking about how Obama is screwing old people by putting a 3.8% sales tax on all home sales. I got the correct information from stating that there is such a tax, but you have to have more than $200k a year in income, and it taxed the sale in excess of $250k for single people, and $500k for married filing jointly, and only to the extent that it exceeded those values would it be taxed (a sale of a home for $501k would only have $38 in additional taxes, as long as the person had $200k in income that year, otherwise it'd still be not taxed). So I made massive corrections to that email and put it back as well.

I don't think the owners were involved, or possibly even aware. But I won't allow racism or disinformation to go unchallenged.

xenserver2 issue – power supply

The power supply in xenserver2 failed. As I don't have a spare on hand at the moment, I brought it back to life by smacking on the case.

Percussive maintenance being the temporary fix it is, I'm not putting anything critical on this box. I'm going to tee up both of these machines for a power supply replacement, and look at either getting a third machine, or increasing RAM in these two drastically.

As i write this, the filesystem fell out from under xenserver2, so I strongly suspect something far more unseemly is happening, perhaps still power supply related.

So at this point it sits cold in the datacenter for a few days until I get the resources (time/money/etc) together to get this bad boy back to health. If anyone's feeling generous, it's an ATX power supply, pretty standard, actually. It needs the standard compliment of connectors modern supplies have. 450w or better.

affected vms:
and a few test vms of mine.

Maintenance – 7/11/2012

On 7/11/2012, I'll be performing maintenance that will take xenserver2 offline for a short period of time.

Unfortunately, due to the nature of the maintenance (a reboot to clear a likely kernel panic of the dom0) it is unlikely I will be able to live migrate the virtual machines off this host first.

Affected hosts will be:

Others will be affected, but I cannot any longer access the management console to find out which ones. Nor can I SSH into it (the connection is immediately reset).

I will try to live migrate the hosts from the console, but I don't expect much in the way of useful console.

(this is of course the OTHER server – xenserver1 freaked out last week. ugh!)

How to handle a (temporary or permanent) failure of a master server in Xenserver

OK. So you found you logged in, and you see one of the servers down, but don't see the virtual machines that were on that host anywhere in the resource pool. It's as if the entire system just freaked out and the server, and the VMs running on it, disappeared without a trace.

You've verified your shared storage is okay, and thus you're stable enough to begin remediation.

Now you have a problem, but it's easy to fix. Begin by connecting to the remaining server as root with ssh.

The following commands will get you back to a known good state. Make sure your master server is good and dead (unreachable and unlikely to come back without intervention of some sort – in my case it was a kernel panic, and a reboot and fsck -y / fixed the issue, this procedure will work fine in this scenario)

Last login: Fri Mar 18 16:42:03 2011 from (hostname redacted)
Type "xsconsole" for access to the management console.
[root@xenserver2 ~]# xe pool-emergency-transition-to-master
Host agent will restart and transition to master in 10 seconds...
[root@xenserver2 ~]# xe pool-recover-slaves
[root@xenserver2 ~]#

You are now at a point where the cluster is now usefully reporting a master server, and any remaining slaves are now pointing at it.

Now for the finishing touch – marking the powered down VMs as dead, so you can restart them on other servers. Note that if you're not correct on this, really awful inconsistent things will happen. You have been warned.

[root@xenserver2 ~]# xe vm-reset-powerstate --force --multiple
operation failed on ae820fb7-8416-68ee-35c8-c37REDACTEDf18: The operation could not be performed because a domain still exists for the specified VM.
vm: ae820fb7-8416-68ee-35c8-c37REDACTEDdf18 (REDACTED)
domid: 51
operation failed on aa2bc87f-9ef4-dd8e-492e-bREDACTED4: The operation could not be performed because a domain still exists for the specified VM.
vm: aa2bc87f-9ef4-dd8e-492e-b4REDACTE14 (REDACTED)
domid: 54
operation failed on e4f76313-2be1-0d4e-1e78-78e1REDACTED75: The operation could not be performed because a domain still exists for the specified VM.
vm: e4f76313-2be1-0d4e-1e78-78e1REDACTED5 (REDACTED)
domid: 2
operation failed on 557c9030-b995-fbaa-ab0b-61REDACTED4df: The operation could not be performed because a domain still exists for the specified VM.
vm: 557c9030-b995-fbaa-ab0b-61e4abb074df (REDACTED)
domid: 21
[root@xenserver2 ~]#

This marked every unreachable VM as "powered off" and thus it can now be restarted. You'll see it mercifully decided not to hurt my VMs that were confirmed to be operational. You may want to be more cautious and use host-id=your-uuid-here rather than –multiple but that's up to you.

More information available here:

So let's say, for the sake of argument, you found a Linksys WIP-330 in your couch

OK, so anyway it's no secret we're madly, hopelessly disorganized around here.

But anyway, I have this "friend" who may or may not have lost a very expensive (at the time) 802.11g IP phone that ran windows mobile. Let's say, for the sake of argument, it was sometime around 2006.

And let's say that in 2012, he had a toddler that was jamming toys in the couch, and again in this hypothetical world, let's say that his wife was trying to clean the toys out of the couch and 6 YEARS LATER found this device. And it was still in good working order, only having been used for a few months before disappearing. But it had firmware from 2006 on it. And it was lost to the sands of time when Cisco bought Linksys. It's running one version up from the bone stock firmware, 1.00.06. Not 1.00.06A, mind you.

This is a story of that "friend", since clearly while being disorganized I'd never lose a $350 phone in my couch for 6 years, after all. That'd be embarassingly careless.

Aaaaanyway. Here's the story of how to upgrade it. You'll need an 802.11b or g access point. No, 802.11n won't work even though it should supposedly fall back to 802.11g. It won't until you get the new firmware on there, so forget it. Go to a coffeshop or something if you have to.

First, take it to version 1.00.06A (that A is important, it is crucial for the next steps. I found the web browser upgrade interface to be useful for nothing else than getting 1.00.06A on, anything but that tends to just make the web server error out and reset the connection.

This adds the ability to firmware upgrade from the handset directly. From there you need to get the wip330_sbe.bin file onto the handset. Once you have the upgrade from handset options, you're good to go. (You can get all these files, by the way, at and can use that url with your handset if you want, it's no skin off my back. Mind you, it's only 1.5m connection, but hey, at least you can get a copy. Linksys/Cisco don't host it anymore)

At this point you have a fancy windows ce .net machine, no sip phone, no nothing. But now, you can get to the new firmware release! YAY!

Once you have this, the on-handset upgrade can take you to wip330_v1_03_18S.bin, where you will have access to any network running open, WEP, or WPA1 (not WPA2!). If you are connecting to a WPA network and getting a prompt about WEP keys, make sure you have your authentication set to WPA/WPA2 (or WPA1/WPA2) PSK. It assumes WPA2 is WEP, no idea why. But it won't work. Mixed authentication mode will work okay, and leaves the more secure WPA2 mode available for other devices.

Android Issue: IPv6 literal in EHLO – Exim4 fix/workaround

To fix the issue where android does this:

IPv6 address/MAC address sanitized

 31.855405 2607:f4b8:2600:1::1 -> 2607:f4b8:2600:5:b607:f9ff:xxxxxx:xxxxx SMTP Response: 220 ESMTP Exim 4.69 Mon, 08 Aug 2011 00:28:43 -0400
 31.857239 2607:f4b8:2600:5:b607:f9ff:xxxxx:xxxx -> 2607:f4b8:2600:1::1 SMTP Command: EHLO 2607:f4b8:2600:5:b607:f9ff:xxxx:xxxx
 31.862978 2607:f4b8:2600:1::1 -> 2607:f4b8:2600:5:b607:f9ff:xxxxxx:xxxxxx SMTP Response: 501 Syntactically invalid EHLO argument(s)

Do this in your exim4 config, and restart exim:

helo_allow_chars = _:

Technically, only the colon is necessary, but the underscore fixes some other handsets that use the android_aklsjdfljasdf style names in ehlo instead, also a bug.

More details:

Before you have unprotected sex, read this

(tl;dr: I am not threatening my kid with the knife, it's a tool. If you're gonna read this thing, read the whole thing)

As I stood in front of my calm, smiling child with the exposed blade of the knife from a multitool in front of me, I considered for a split second how I arrived at this point.

Sure, he is a fine child, and I love him dearly. He's getting physiologically ready to potty train, and what comes out down there is always a surprise, both in quality and in quantity. Today is no exception.

Before me, I am confronted with a quiz. You have a nearly two year old in front of you, whose plain undershirt onesie he's been running around in is a faint brown color near his nether regions, but they can only be practically removed by pulling the item over his head. This has been easily done in the past, but today, he's outdone himself. The entire bottom is soaked and the area you have to unsnap is also a brownish color. He thought it best to hide from you while doing this, since he of course wanted his privacy. So you decided to declare the onesie a loss, as it's the cheaper undershirt kind anyway.

So you size up the situation, note the boy hasn't been squirmy and is very interested in what you're up to. So you pinch his shirt near the belly, and with the sharp side toward yourself, you make a 4" incision from the center to the left side across the shirt, and close up the blade, putting the multitool back on your belt. With some easy tearing, your son now has an exposed midriff, and the bottom portion slides safely off via his legs, as he patiently smiles.

Now you remove the diaper, which is apparently more… well, liquid than usual. It's clearly… soft. Mixed with a bladder full of urine. Which explains how the mess happened so quickly.

Slipping both off, wiping your child from the bellybutton down, front and back, and up the legs to the feet, you begin to wonder when he'll be able to communicate his need to use the restroom before he does it. Soon, hopefully.

Disaster averted, you play happily.

Now I don't say this stuff to discourage procreation. Not by any means. I love my child, worked diligently with my spouse in a long term loving relationship to have him, and plan on eventually having another.

But when you think to yourself "boy, that condom sure is a pain in the ass, I'm sure we'll be okay just this once" I want you to consider that visual for a moment. If you're cool with that, with the partner you're with, by all means, have at it. If you're not, well, trojans are the same cost as that onesie, when both are purchased in quantity.

Be safe out there and have fun!

For me, for later. For others?

How to change from blockio to fileio on a running openfiler instance with initiators connected and filesystems mounted:

[root@filer1 ~]# cat /proc/net/iet/volume
lun:0 state:0 iotype:blockio iomode:wt path:/dev/mudkips/minun
[root@filer1 ~]# vi /etc/ietd.conf

edit the iotype to fileio in this file – but you're not done yet!

Also edit it here
[root@filer1 ~]# vi /opt/openfiler/etc/iscsi/targets/iscsi_settings.xml

This part sounds like it will kill xenserver. It won't. IO will hang for a second while the target is stopped.

[root@filer1 ~]# /etc/init.d/iscsi-target restart
Stopping iSCSI target service: …… [ OK ]
Starting iSCSI target service: [ OK ]
[root@filer1 ~]#

[root@filer1 ~]# cat /proc/net/iet/volume
lun:0 state:0 iotype:fileio iomode:wt path:/dev/mudkips/minun
[root@filer1 ~]#

The internets say you can do:

[root@filer1 ~]# ietadm –op delete –tid=1 –lun=0 && ietadm –op new –tid=1 –lun=0 –params Type=fileio,Path=/dev/mudkips/minun

However, you can't delete a target that's got initiators connected. You CAN do this to a running copy of ietd/iscsi-target if this target has nobody connected without restarting ietd.

Now you know, and knowing is half the battle.

Remember, if you care about my more ephemeral stuff, I'm usually posting that to Facebook these days.