Archive for June, 2009
Random thoughts from scripting (perl)
Tuesday, June 23rd, 2009Here’s a couple of nifty tricks from today’s scripting adventures:
1) This one is sort of obvious in retrospect – but, if you’re processing a long list of items and want to show a status indicator, this works rather well:
for($i=0;$i<10000;$i++) { print "$i\r" if(!($i % 100)); }
I’ve always used the !($i % 100) trick, but never the \r, which returns the carriage to the beginning of the line.
Also fun is:
$|=1;@spinner = (“|”,”/”,”-“,”\\”);
for($i=0;$i<10000;$i++) { print $spinner[($i % 4)] . "\r"; select(undef,undef,undef,0.1); }
2) moving a byte: handy constants to memorize are 65280, 16711680, and 4278190080, which are the second eight bits, the third eight bits, and the forth eight bits, respectively. You can do ($value & 65280) >> 8, ($value & 16711680) >> 16, and ($value & 4278190080) >> 24, respectively, to get at bytes two, three, and four. The reverse operation is even easier: $b1 + ($b2 << 8) + ($b3 << 16) + ($b4 << 24);
Cisco 501 w/ VPN configuration file
Saturday, June 20th, 2009These lines are from a configuration file that will allow the current (4.x) Cisco VPN client to connect to the 501. They took me a couple of hours to derive – hopefully sharing this with other people will help save someone some time.
The problem: You’ve got a cisco 501, and users using the Cisco VPN client. They can’t connect, and you don’t know why. If you turn on ipsec debugging with
# logging on
# debug crypto ipsec
# debug crypto isakmp
You get things like this:
——–
ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: extended auth pre-share (init)
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: extended auth pre-share (init)
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 256
ISAKMP (0): Proposed key length does not match policy
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 5 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: extended auth pre-share (init)
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 6 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: extended auth pre-share (init)
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 7 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 8 against priority 1 policy
ISAKMP: encryption AES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 9 against priority 1 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: extended auth pre-share (init)
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
crypto_isakmp_process_block:src:10.101.1.61, dest:10.101.2.4 spt:500 dpt:500
VPN Peer:ISAKMP: Peer Info for 10.101.1.61/500 not found – peers:0
————
The solution: Try this
sysopt connection permit-ipsec
crypto ipsec transform-set default esp-3des esp-md5-hmac
crypto dynamic-map dynmap 50 set transform-set default
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client configuration address initiate
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 3 authentication pre-share
isakmp policy 3 encryption 3des
isakmp policy 3 hash md5
isakmp policy 3 group 5
isakmp policy 3 lifetime 86400
Funding for candidates dependant on their campaign promises
Wednesday, June 17th, 2009So, I had a idea that might be a little hard to implement, but would bring some honesty back to the democratic process.
I think individual donors should be allowed to specify which campaign promise led to their donations for a candidate. Then, if the candidate failed (by a impartial observer) to at least attempt to live up to the promise, they’d have to refund the donations. This might literally mean they couldn’t run the next election cycle, because they would be too far in the hole to their donors.. but it would be a way of making sure that politicians “stayed bought”.
The problem with the current situation is that a politician can promise anything they like – and them completely forget every any promises they want after they get to office. If they upset the majority this way, they might not get reelected – but if they just upset a minority – making promises to that minority to get them extremely motivated in getting the pol elected, and then ignoring the promises after their election – nothing bad will happen to the pol, even though they’ve behaved dishonorably.
(This is partially in response to this article – I’m disappointed, but not particularly surprised. Supporting rights for LGBTs is just not a centerist thing to do, and Obama is playing to the center, probably in the hopes of getting reelected. (says the Sheer, who is clearly not a expert at politics)
Personally, I’d rather he didn’t care about the next term – that would show that he was a truly honorable politician, willing to do the right thing on every issue even though it cost him 4 years in office*. But that’s also too much to ask for, as well I know. I guess I can always hope that after he no longer has to worry about reelection – assuming he gets reelected in 2012, and the world doesn’t end – he’ll deliver on his earlier campaign promises
* = of course, then I’d also want him to be honorable enough to bow out in favor of a Dem candidate who could win
ArcGIS 9.3 unix port
Thursday, June 11th, 2009Probably I just missed them all, but I did a fair amount of searching trying to find other users reviewing the ArcGIS 9.3 unix port, trying to decide if I should run ArcGIS on unix or Windows.
Well, I’m here to say, stick with windows. The unix port uses enormously more CPU to achive the same goals. It’s built on a porting platform called MainWin, which seems to have been written to allow porting developers to avoid having to do too much work when porting a product from one OS to another, but doesn’t seem to have given much thought to, for example, efficiency. I would guess that ArcGIS on Unix uses about 5 times the CPU – and GIS is usually pretty CPU-intensive, so this is a Very Bad Thing.
Also, a lot of functionality that works well on windows, such as starting and stopping services, deleting services, etc, works poorly or not at all on unix. ( caveat: I didn’t try installing the patch, and I didn’t try 9.3.1 – this may have all been fixed).
The unix port also definately has a ‘we didn’t feel like actually porting the application’ feel to it – processes show up with names like ‘dllrunner {hex-guid}’ and ‘arcsoc.exe’. While it’s sort of amusing watching the opposite of Cygwin happen, it doesn’t give one warm and fuzzy feelings that a lot of effort was put into taking advantage of the operating system’s native strengths.
The unix port also seems to have reletively bad process isolation. When one process is off generating cache tiles, other completely unrelated services will become unusable.
I do give ESRI props that they bothered to try and make a unix port. I just wish they had done it in the traditional way of actually porting the code / writing support libraries for unix to replace any key windows-OS functionality, instead of by slapping it in a win32-replacement framework and calling it a day.
On the *good* side – migrating the services from a unix server to a windows one took very little time, and was smooth and painless.
nostalgia..
Wednesday, June 10th, 2009So, I’ve been reading about assorted musical instrument technologies that were old before I was born. I can’t remember how I got started, but the best find this time was the optigan, a 70’s era sample-playback organ that worked by storing the music optically on a disk – sort of like analog film soundtrack, only laid out like a record. Truly funny. I also got interested in the Mellotron – and reading about same – and the Hammond B3. (My ultimate studio would probably have a B3 sitting right next to a Yamaha C7 baby grand. Since I can’t afford either one, I use electronic versions instead). I learned lots of fun things about the innards of the B3 at the Hammond Wiki, including that most B3s (apparently the instruments I’ve played were atypical) have a startup sequence involving holding down a start switch until the tonewheel assembly gets up to speed, and then switching over to the run switch to let the synchronous motor take over. By the way, I still think that Boston’s ‘Walk On’ album is the final word in awesomeness when it comes to the B3. And by the way, yay mechanical tone generators!
I also read about the Ondes Martenot, a rather impressive little synthesizer for it’s day – I especially like their idea of using different speaker configurations with unusual things in front of them (gongs, sympathetic resonators) to change the character of the tone. I drooled a bit over the mighty Wurlitzer theater organ (they just don’t have enough places where a amataur can try these things out!), got a good laugh out of the Wurlitzer side man. (I’ve got to meet this Pea Hix character, if only I can convince him I’m cool enough to be worth hanging out with ;-)), and just generally enjoyed a nice bout of nostalgia for electric instruments that were old before I was born.
Those of you who follow this blog regularly will remember my nostalgia-fests over The Set, a old TV repairman’s successful endeavor to restore the first-ever NTSC TV receiver to operation, and of course my ongoing fascination (some day I’m probably going to buy one) with the CED Videodisc format. For those of you who missed out on that last one, it’s a example of geekery gone wrong at it’s finist – it was a competitor to the VCR that stored video on a disk that was read by a mechanical (or quasi-mechanical, since ideally the pickup never touched the grooves) playback head.
I also, along the way, discovered 8 track heaven, which among other things lists bands that are still releasing their works on 8-track tape. As in those clunky cartridges with a continuous loop tape inside. Oddly tempting, that..
I wonder what interesting bits of nostalgia I’ll come across next? Anyway, thanks to the authors of all those sites for keeping little bits of our geek history alive.
Oh, yeah.. I remember one thing I wanted to whine about: Geocities is shutting down, AOL hometown already has. AOL hometown – what AOL did with the free web pages hosted by all the ISPs that it absorbed in the early 90s – had many thousands of fascinating pages. All gone. AOL pulled the plug with less than a month’s notice. Jason Scott from textfiles.com did a good job of describing the carnage and also suggesting a solution that may help prevent future carnage.
Tourist attraction I’d like to see before I die..
Monday, June 8th, 2009Organ Stop Pizza. I wonder if you can buy the right to play the thing for a few minutes.. 😉
Yaaay!
Saturday, June 6th, 2009So, after years of begging, grovelling, and whatnot, Lucasfilm is publishing a new Monkey Island game. Well, actually, they’re publishing the original game, remastered, and allowing Telltale Games (those fun guys who brought you Strong Bad’s Cool Game For Attractive People With A Really Long Title) to publish a new monkey island game, but anyway, they both seem to have the right voice actors. Hopefully Murray will put in a appearance in the new MI series as well – there are going to be 5 of them, in monthly increments, just like the Strong Bad games. We’ll see if they manage to keep the humor value MI is so famous for – in any case, I’ll definately buy copies. (Among other things, I’ve already mastered the art of getting Telltale Games to run, since I played SBCGFAPWART)
I’ve discovered this since I am for some reason unable to sleep at the moment. It’s getting a bit frustrating.
Horrible
Friday, June 5th, 2009According to a variety of newspaper sources, including this one, a mob beat and seriously injured a man that police had listed as a possible suspect in a rape case. Nothing bad happened to the crowd – in fact, they were given a reward by the father of the girl.
Even if the man had been found guilty, every member of that mob should have been doing time – it’s not okay to physically attack people. But it’s especially not okay to attack people who haven’t been found guilty, based on the fact that the cops have identified them (probably using some very questionable techniques) as a possible suspect. It terrifies me that the lynch mob isn’t all cooling their heals on assault charges. It says horrible things about the world we live in – including that we don’t actually believe in innocent until proven guilty and we do believe in vigilante justice.
Is there any way that the cops in question can be put in jail for failing to do their jobs?
The collapse of California..
Wednesday, June 3rd, 2009So, California, having discovered itself broke, refuses to raise taxes (even though the state taxes are hardly what I’d call crippling.. compared to the federal taxes, I don’t even *notice* my state taxes) and instead is turning off everything .. wasting hundreds of thousands of man hours of work in the process – closing parks and letting them decay, turning off welfare, closing prisons, firing the cops and the firefighters.. Remind me again, why aren’t we raising taxes instead? I wouldn’t begrudge California another thousand or two on April 15, and I can’t imagine there are many that would, especially if they kept the wonderful services like nearly-free higher education, free beaches, world-class firefighting service, excellent highway system , and whatnot. Who’s objecting so mightily to them raising taxes? It’s not like they’re using the money to *bomb* people – Especially if they agreed not to use the money for more war-on-drugs sorts of idiocy.
On the other hand, California is apparently not the progressive paradise that I like to think it – they did vote yes on Prop 8. Maybe we should move to New England? 😉
However, all you libertarians, this is your chance to see how the libertarian model actually works out – or doesn’t. My problem is that I’m libertarian on Federal government, but socialist/green on a state level.