Diana the Valkyrie's Newsletter - February2006
A hard man is good to beat
It's been everything from fairly cold all the way down to brass monkeys, but no snow.
Galleries added this month.
Stories added this month.
Nothing new
Movies added this month.
No problems.
On Friday 13th, disaster struck.
The first symptom was with my daily backup of files, run across the internet from Watford to Chesham. It was stopping on some files; they just refused to transfer.
As a work-around, I used SCP (secure copy) to transfer the files that gave the problem. SCP encrypts the files before transferring them; because that changes the content, it meant that whatever was triggering the block, wasn't there any more. But that's not a solution, it's a kludge.
First, I took one of the problem files, cut it into two halves, and determined which half had the problem. Then I did that again, and again, and again, until eventually, I was left with a six byte sequence that triggered the problem. So, I could use this file for testing. I found that I could get the problem with ftp, and also with http and telnet. This means that it's a problem down at the TCP level, which all these protocols use.
I found that I couldn't upload the test file from Watford to Chesham, or from Chesham to Watford. So then I contacted both ISPs; at Watford it's Cable and Wireless, and at Chesham, it's Nildram. Then, with the problem reported, I went to bed.
The next day, it wasn't Friday 13th, but it was the day of the full moon. I did some more investigating - I used my laptop, connected via Vodafone, and found that I could reproduce the fault both to Watford, and to Chesham.
Hmm. The fact that the problem can be seen Vodafone<->Chesham, means that Watford isn't the cause. The fact that the problem can be seen Vodafone<->Watford, means that Chesham isn't the cause. So I called C&W and Nildram to tell them this information. They were baffled. So was I. We started drawing complicated diagrams showing what gave a fault and what didn't.
I spent several hours talking with various tech support people at both C&W and Nildram; they agreed that this was a really knotty problem, and they couldn't think of a way forward. And they were regarding it as a problem "interesting but not really important" until I pointed out that this probably wouldn't only affect me, it would affect all their customers, and that I was just the first one to tell them, not the only one, and that if we couldn't get this fixed by Monday morning, a lot of businesses would be calling them up and screaming loudly.
Meanwhile, I started to get complaints from members, unable to download certain large files. Obviously, these files contained that six byte "active ingredient". I checked some more files; they didn't have that "active ingredient", and by doing the same "binary chop" process, I found two other six-byte active ingredients.
By Saturday night, I knew that this was a really horrible problem; subtle but nasty. I put out a call for help, on various message boards, asking people to access my test file, tell me whether they could or could not access it, and to give me a traceroute.
By Sunday 15th, I had a bunch of responses. Putting all these together, I could see a common factor - Linx.
Linx is the London Internet Exchange. It's like a gigantic roundabout for internet traffic. Everything coming from other ISPs in England, would go via Linz, and anything coming in from Europe, plus a bunch of stuff from America.
What I was seeing, was that the people reporting a failure, were coming via Linx. So I called C&W and Nildram tech support, to tell them my idea. Nildram pretty much ignored me, and as far as I can tell, as of a few days later, they were still looking for a problem with one of their routers. But C&W listened, and did some checking that confirmed my hypothesis, and they talked to Linx (I can't talk to Linx, because I'm not their customer). And late on Sunday night, a network engineer at Linx found that the problem was with one of their data switches. He rebooted the switch, then reloaded the switch's software, and the problem went away. Hurrah!
And another disaster one week later.
The cause was a power glitch that lasted for a few seconds, but that tripped the RCD (residual current detector, a safety feature), which took all power out. This left my UPSes to carry the power load.
I have an alarm system, which screams at 110 db when there's a power cut. But the relay system that switches that on, had failed a few days earlier, and I hadn't gotten around to fixing it yet. So, I didn't know I had this power failure, since I was asleep.
I was woken by the plaintive pianissimo beeping of the UPSes. I immediately saw what had happened, and started looking for the cause. In doing so, I triggered the house security alarm because I forgot to disable it from its overnight setting when I was running around. Fun fun fun - that means that the security alarm people have to be told a secret code to let them know that it's a false alarm.
By the time I'd found out that the problem was the RCD and reset it, some of the UPSes had run out of juice, and shut down. Well, that's a pain, but not too bad, they come up automatically when power comes back. Except one that didn't, and I had to manually switch it back on.
And then I noticed that my firewall hadn't come back up.
Everything is behind my firewall, so if the firewall doesn't work, nothing at Chesham works. Most of the site is at Watford, but some small but important parts are at Chesham - for example, the Secure Server, where people sign up to pay for the web site. That's important - web sites consume quite a lot of cash.
I tried powering the firewall on and off a few times, but nothing happened. So, I put it on my workbench, and tried again. This time, power flicked on for a second, and then went out. And I know what that means - power supply.
My firewall is a homemade thing, it's a Linux box with three ethernet cards, using iptables to do firewalling. It's very flexible, and very effective, not to mention really cheap. I set it up a few years back when my Sonicwall Pro stopped working, and I was looking at $4000 to replace it.
Now I see a drawback I hadn't thought of before. Because it's a Linux computer, there's a lot of moving parts. The hard disk, the CPU fan, the power supply fan. And there's lots more stuff that can fail. My strategy was to have another firewall, set up just like it, ready to run, so I could just put it in plae. In practice, in this case, replacing the power supply took a few minutes, so I didn't need to use my spare firewall.
But then I thought, what would happen if the firewall went down while I was away? No way could I fix that remotely - I wouldn't even be able to access anything remotely.
So I thought, what I need is a firewall of maximum reliability, preferably with little or no moving parts. So I ordered a Cisco Pix.
The Pix is what I use at Watford. It's a heavy-duty, corporate-type firewall, with a price to match. The one I got, costs $800, but you can buy Pixes for several thousand.
But this cheap-end Pix, only has two ports; "inside" and "outside". That's fine for Watford, because I want the whole world to be able to access the servers there, and there's no servers there that I want to cut off from the world. But at Chesham, I have several computers that the world doesn't need access to. The way you usually do that, is to have two regions, "Lan" and "DMZ". Of course, firewalls that do that, have three ports, "inside", "DMZ" and "outside". And they cost three times as much as two-port firewalls. Or even more.
Here's where I can box clever. I'll use the two-port Pix to firewall off all the computers here from the outside, and then I'll use another firewall (and that can be a cheap $30 firewall) to separate the "inside" computers from the rest, which will be my DMZ. And, because they're two different kinds of firewall, if any security vulnerability is found in the Pix, my "inside" computers will still be protected by a different brand of firewall. Not that there's any problems with the Pix that I've heard of.
The other nice thing I can do with the Pix, is use unroutable addresses. You see, I'm allocated a certain number of IP addresses (like 62.25.96.131). If I have more computers than IP addresses, I can't use them until I get more IP addresses, and I have a feeling that it's going to be a lot more difficult now to get IP addresses than it used to be.
But there's a *lot* of IP addresses that I can use - that anyone can use. Anything that starts with 192.168, for example, can never be used on the internet, but anyone can use it on their local network. So, I'll renumber my computers to use those, which gives me 65534 addresses to use, and if I ever get up to that many computers, I'll need a bigger house.
I know what you're thinking - if I use those addresses, then you won't be able to access any of my servers. Well, the Pix takes care of that. With the Pix, I can translate things, so that when you access 62.25.96.131, the pix sends that to 192.168.96.131. So, as long as I don't need the outside world to access most of my computers (and I don't), I'll be fine. For example, with the Older Newsthumbs, there's the server that you access, volds.thevalkyrie.com, but there's also 60 other servers that this one gets data from, and you don't need to access those, so I don't need to give them external IP addresses.
The cheap $30 firewalls won't do that (it's called Network Address Translation), and that's why I'm getting the $800 Pix instead of another $30 cheapo firewall.
The new cam system is up. The main difference, is that the cost is $3/minute.
We tried 10c per minute. We tried 25c/minute. But they weren't successful, because unless the performers get adequate income, they aren't willing to spend their time in front of the cameras.
I'd hoped that at the lower prices, the volume of people would make up for the low per minute price, but that didn't happen.
Nothing new.
I don't make these up, although the comments on the spams are mine, of course. These are actual spams sent to me, which just strike me as funny. I don't include their contact details - go find your own spammers!
By the way, if you're using StoneColdMail
(which is free to web site members) then you won't see most of these spams, they'll be delivered
into your "Spam" folder.
IN SPITE OF THIS PROSTITUTES, WHORES, ESCORTS, LESBIANS,
PORNOGRAPHERS, HOMOSEXUALS, SWINGERS, LYING POLITICIANS, ATHEISTS,
CHRIST-HATERS AND THOSE WHO BELONG TO FALSE RELIGIONS ARE GAINING MORE
AND MORE ACCEPTANCE THROUGHOUT OUR SOCIETY.
Yes, we're all pleased that society is becoming more tolerant
Most of the sponsorships now are by giving women server space and bandwidth, so they can operate their web sites without having to pay these fees. There's also photoshoots, which gets some revenue into their hands, as well as the traditional direct-funding sponsorship.
Another new site, Ultimate Amazons, and also Zebodoy
Here's Lady Rock
Here's Muscletease
Here's the full list of DtV family web sites
You can give a Diana the Valkyrie membership as a gift.
Sign up here for the gift that lasts and lasts. Perfect for an Easter gift!
Member | Posts |
| tre1313 | 4316 |
| zig563 | 4035 |
| Terry | 2994 |
| hiram2000 | 2985 |
| TomNine | 2407 |
| boomerflex | 2279 |
| buffy18976 | 1637 |
| Jerroll | 1498 |
| lpdorman69 | 1356 |
| GrappleJack | 1175 |
| shad349 | 1082 |
| gaily304 | 1068 |
| rainer0000 | 972 |
| madman3579 | 851 |
| Diana the Valkyrie | 819 |
| mit19237 | 784 |
| dday888 | 714 |
| bro007 | 665 |
| mac999 | 541 |
| fistman | 505 |
The magnificent Tre at the top spot, chased by Zig
There's been a major discussion on my board, about the message board software. Once again, we're talking about the idea of changing to a different software package, possibly to YaBB (that's the package I put on Herbiceps and other sites). But I've also been changing the existing software to accomodate many of the things that people say they want.
Look here to see a new style of board, with threads, and multiple posts on the same page, and the ability to handle as many inline links as you want to have. The old style of viewing the boards will still be available when that version of the software starts to be used.
2727 posts this month.
Most posted Board of the month | Poster of the month | ||||||||||||||||||||||
|
|||||||||||||||||||||||
| Sport and politics again. | Steve and Zig again, but this time, Zig well ahead. |
Mavis is counting the number of times the message list is checked for each board. This gives a very different picture from the one above.
Most listed Board of the month | Most read Board of the month | ||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||
| It's all about FBBs, wrestling and mixed action. | Look how popular Gabrielle is! |
I checked the site statistics that Sandra counts up each night.
At the end of January 2006, there were about 885,000 pictures (69 gigabytes), 172 gigabytes of video, 10,000 text files (mostly stories) and a total of about 242 gigabytes. There's about 175 million pictures altogether in Newsthumbs, increasing at about 5 million per month.