rebelpeon.com

Blog

  • Guantanamo Bay

    I know what you’re thinking to yourself, “What is this political garbage doing on rebelpeon.com?”  Well, I’m here to tell you that this will not become the normal.

    On my way to Erin’s place tonight I was listening to This American Life and was disturbed with what I heard about Guantanamo Bay. Currently it looks like you can only purchase the program, but give it a week and you too can listen to it, or you can listen to it tomorrow at 1 on Chicago Public Radio (for those in the area).

    After listening to the whole program, I’m starting to realize why foreigners hate us so much.  I’d hate to think what sorts of anti-American thoughts would be going through my head if I were held at Guantanamo Bay for, potentially, an indefinite amount of time, being interrogated in the most abusive ways. 

    I honestly can’t believe how calm the “PoWs” (I leave it in quotes because these people were innocent, and the gov’t seemed to know it) were on the air.  I don’t think I’d be laughing like there were after spending as much time as they did there.

    All I have to ask, is are the American people this dumb, that they can continually be lied to over and over?  How do they justify this in their minds?

    **Update 3/19/2006**
    You can listen to the broadcast now for free.  Plus there’s an extended version for the web only.  Unfortuantely, they are in real player format, but I think it’s worth downloading just to listen to this one.  You can get the Free version of realplayer here.  Personally, though, I’d recommend the Real Player Enterprise version, as it has a lot less “crap” installed on it.  Just put in some bogus information in the fields, and you’re on your way.

  • Links 3/10

    • Will Wright’s Spore—This will be the ultimate Sim City.  I could see this being Will Wright’s last Sim game, since it incorporates all of his previous works into one awesomeness.
    • Don’t Just Tear Up Credit Card Offers—Maybe I should start looking to burn them now?

  • You DO Learn Something New Everyday

    In fact, some days you learn two things!  Be warned, techno-speak is about to ensue.

    Lately, I’ve been reading a lot about Windows sercurity.  Now, all the books I’ve read that have dealt with authentication bring up the differences between LM, NTLM, NTLMv2, and Kerberos.  The general idea that these books give you is that the Lan Manager and NT Lan Manager authentication methods use a hash or a challenge/response hash, while Kerberos uses time based tokens.  The key word being “time”.  Nowhere in my reading was it brought up that any versions of Lan Manager authentication had time involved. 

    This leads me to my problem yesterday.  We have an NT4 domain setup to mirror a customer’s environment.  This NT4 domain contains many environments for various testing purposes.  One of these purposes is regression testing with date changes.  Prior to this week, changing the date on the machines has been fine.  However, this week we ran into problems.

    Now, for those of you that aren’t familiar with NT4, it uses LM, NTLM, or NTLMv2 (SP4 or above) authentication, which according to everything I’ve read had no time restrictions, and everybody in the office was in the same boat as me.  In fact, these machines authenticated fine with date changes until this week.  The difference being a security template we had been applying to all machines that was given to us by the customer. 

    To begin with, we knew that it was a problem with the security template because non-hardened machines would work fine with the date change still, while the hardened ones would throw errors.  Basically, critical application services couldn’t start after the hardening had happen.  Now, it was my job to figure out what the security template was doing to prevent these services from running.

    First I went through the documentation that came with the security template to see what they changed, and tried to find the obvious answer.  Well, of course that didn’t work.  So, instead, I just started changing settings back to the original.  Thankfully I started at the bottom, and four changed settings later, I was at my solution: Network security: LAN Manager authentication level.  The security template was setting it to “Send NTLMv2 response onlyrefuse LM & NTLM”, while the default setting is Send NTLM response only.  The default setting worked, but I wanted to try the other two settings between the default and the hardened setting: Send NTLMv2 response only, and Send NTLMv2 response onlyrefulse LM.  Needless to say, neither of those settings worked either. 

    Now, you may be thinking that we were having problems with NTLMv2 because our PDC and BDC on the NT4 domain aren’t at SP4 or above.  Bah, I say to that, we’re at SP6, so we can have NTLMv2 authentication on our domain.  So why was the hardened setting, or any NTLMv2 setting for that matter, not working?  Well, after much googling it appears that NTLMv2 is time dependent.  In fact, the NTLMv2 response contains a little-endian, 64-bit signed timestamp.

    Let me tell you how assured I was in the books I was reading after that. 🙄  After reading about this timestamp, we wanted to figure out how much of a time delta NTLMv2 allowed (for purely scientific reasons).  After some testing with the hardened machine, it was concluded that the timestamp of the response cannot be greater than or less than 30 minutes from the challenge machine (in this case the PDC).  So, in our testing, setting the date back a month, obviously was outside of this delta.

    Then, later that night I was playing with my ISA 2004 machine at home.  A little background first.  I’ve got multiple websites on multiple machines at the apartment that use port 80, so I’ve been using ISA to publish the websites.  Otherwise, all the sites would have to be on one machine, since the router only supports port forwarding, and not host header forwarding. 

    So, I’ve been dealing with a problem where whenever I would set the firewall rule to “Requests appear to come from the original client”, my website wouldn’t load.  This is a nice feature for stats, so that you can actually see where visitors come from.  For the interim, I’ve had it set to “Requests appear to come from the ISA Server computer.”  So, everything from referrers to log files show the IP address of my ISA server, bleh.

    Finally, last night, I had time to figure out the problem.  I knew I needed to head over to ISAserver.org, but I didn’t realize how fast it would be to find the answer.  Basically, since my ISA server, isn’t acting as a gateway on my network, it can’t be set to requests come from original IP.  However, by making the ISA server the gateway on my web server, everything works the way I want.  Unfortunately, this means that I can’t route outside of my network on the web server anymore, but since it’s just a virtual machine used to serve static webpages anyways, this isn’t a big deal.

    So, to recap, NTLMv2 responses are time sensitive and ISA must be your webserver’s gateway if you want requests to appear to come from the original client.
     

     

  • Links 3/9

  • Another Five Years

    In addition to buying the game today, I’ve also renewed this domain for another 5 years.  With the talks of VeriSign upping the price of domain names, I figure 5 years should keep me from worrying about it for awhile.

  • Burnout Revenge

    So, today I picked up Burnout Revenge for the 360.  It’s everything I like about it, only prettier.  Actually, scratch that, there’s a few new annoying things that I could do without.  The largest is playing on xbox live.  I think I was able to finish one group of races successfully.  What’s really frustrating, is that I was playing people ranked around 100, and was beating them, but then I’d get disconnected from the stupid EA servers.  Once I sign back in, I notice that my score has actually increased instead of decreased.  I think there’s some fixing that needs to be done there.

    The other main annoyance with this version is at the end of a race.  To begin with, you seem to be forced into watching the review, which I’m not a big fan of, and then you can’t skip any of the awards, achievements, or unlocked cars.  Plus, during the achievement it seems to pound out your stars much slower. 

    Overall though, it’s still a great game, I just wish I could play more online, because from what I have been playing, it’s quite fun. 

  • Puerto Vallarta Pictures

    So, you can view about half of the pictures we took in Puerto Vallarta!  I know you’re excited to go see them, so I’ll wait here a few minutes while you go check them out. 

    If you want a fullsize picture, just click on the medium sized ones.  These are straight from the camera too.  I tried to filter out some of the really bad ones, but a few are slightly blurry when viewed at full resolution.

    Anyways, now it’s time for some Puerto Vallarta statistics.  I’ll create another post for when the other pictures get put up (have to develop them and then scan em in), and that will detail our adventures a little bit more.  Right now I need to finish studying for my elective exam.

    • Total 2 for 1 drink specials we hit up: 2 (I think that’s right)
    • Total times we were asked if we were practicing for our honeymoon: 2 or 3
    • Total times offered pot: 3
    • Total nights there: 4
    • Total days there: 5
    • Total miles flown: 3885
    • Total times we were asked if we were honeymooning: I lost count
    • Total siesta’s taken: I lost count

     

  • And We’re Off

    See ya in a week!

  • Unions

    I don’t know where to even begin with this.  There are so many things wrong with what the UAW is doing to the American automotive industry.  How long do they expect to bite (more like ravage) the hands that feeds them?  I guess if they’re going down, they’re taking everything with them.  I suppose that’s one way to think about it.  🙄 

  • Links 2/21

    Today is an homage to the McRib.

    • What Started Todays Homage
    • Boneless Pigs: The Official Boneless Pig Farmers Association of America (BPFAA) Site
    • The McRib Farewell Tour—I personally like the McRib Farewell Tour Shirt #2
    • Random McRib Images!