31/03/2005 @05:38:48 ^09:14:42

sshd is so reassuring

Mar 22 15:38:16 caco sshd[21183]: scanned from 213.76.217.17 with SSH-1.0-SSH_Version_Mapper. Don't panic.

Fonts, again

You may recall last year when I ranted about things I didn't like about Debian Sarge when I installed it. One of them was fonts. But I got used to the font, it's called Bitstream Vera, that Firefox seemed to use everywhere.

Yesterday or the day before yesterday a package called fontconfig was upgraded. This morning I restart firefox to find half the sites on the web are now defaulting not to Vera but to something called Nimbus, which looks a bit like Helvetica only with fucked up kerning and other reasons that make it almost unreadable at the font sizes web sites typically use.

I don't know what changed or how to put it back. It's extremely annoying. I can put up with a lot of the visual niggles I see from time to time using this system, but when nearly every site I'm going to has become unreadable, then I cannot really put up with it.

Eventually I installed a package called msttcorefonts which downloaded all the stupid fonts that come with Windows. Most sites' style sheets default specifically to using one of those fonts. I can live with them, I guess. It's just annoying when things change and you have no idea how to fix them.

cf. the compose key, etc.

curl's progress meter

I have sought for a way to force curl display its progress bar. It's something I've looked up in its extremely large man page every so often. However a cursory glance at its source seems to suggest the only way to force the meter's display is to redirect stdout away from a terminal:

curl <URL> >/dev/null

I wanted this because I've discovered curl can upload files to FTP servers as well as download them, and I wanted to make it display its progress bar (when you're uploading, there's no obvious output to terminal, so you don't redirect stdout, so you get nothing) This mailing list post seems to confirm you need to use a redirect.

Note you can suppress the progress bar by adding -s as a command-line option. This is usually a good idea when you're using curl to pipe a download into another command, unless the target command produces no intermediate output of its own.

(curl itself is a data transfer client which, from the "standard" utilities is probably most similar to wget. However wget is purely for downloading; curl is a data transfer client for multiple protocols more useful for testing, scripting, and so forth. I guess it's somewhere between wget and writing your own command line client with libwww-perl. I found it a number of years ago while looking for something with which I could easily do HTTP HEAD requests from the command line and since then I've become so used to it that if it's not just "there" I get irritated and have to build it)

27/03/2005 @09:50:16 ^11:46:22

0044 <RjY> hahahahaha fucking score i successfully trolled fdave

Second update today, I hated the previous one.

Weird shit with traffic control I feel I should share

Last week I changed my traffic control script after I had a complaint of this site not working at all! The only thing I thought the trouble could be was I'd too aggressively shaped the webserver's bandwidth. For some reason I have five bands, as follows:

Crap had as near to zero bandwidth as I could give it without tc complaining. Now most of the time my own outgoing traffic is chopped up into very small packets that don't clog up the connection. You know, a few ssh packets here as I'm typing into something, a few http ack packets from downloading a webpage, etc. However on this one occasion I choked up the entire "bulk" band uploading files to dog. Of course this hardly affected any of the higher priorities (which is the point) but caused the webserver to effectively be stalled, leaving the person who'd just tried to connect hanging and it looked for all the world like my site was down. This clearly isn't right.

So I investigate HTB a bit further, and find myself trying to get the concept of quantums [sic] Simply put, HTB processes a quantum's worth of bytes for each priority. The default size of a quantum is 10 multiplied by your interface's MTU, which is typically 1500 bytes. So HTB is working in units of 15000 bytes every second, which given that I only have about 24000 bytes per second of upload bandwidth, is a bit too coarse! Anyway this is easily solved by putting r2q 1 on your tc qdisc add command. Thus a quantum is 1500 bytes (per second), and this is the smallest unit I can shape.

So I set all the rates to multiples of the quantum size (that is the MTU size since r2q is 1) As I say the smallest one is 1 quantum per second so the web server has a guaranteed 1500B/s. This is probably enough for SNAFU at least... All the others I set to multiples of the quantum size. I think they all sum to the total upstream bandwidth. I'm not sure what would happen if they summed to more than that; if they summed to less, you'd be wasting upstream...

Oh yeah I set the bursts etc. for each of the classes to multiples of the quantum size as well. I'm not so sure about this burst thing, really, I mean the concept is obvious but I'm just guessing at the numbers. I guess I need some sort of traffic profiler.

26/03/2005-27/03/2005 @00:00:57 ^07:04:44

THE BRAD GOODMAN UPDATE

This is all pretty much out of a chatlog book and I want to preserve it for humour posterity

the ten forms of twisted thinking

1. All or nothing "You see things in black and white categories. If a situation falls short of perfect, you see it as a total failure"
2. Overgeneralisation "You see a single negative event, such as a romantic rejection or a career reversal, as a never-ending pattern of defeat by using words such as always or never when you think about it."
3. Mental filter "You pick out a single negative detail and dwell on it exclusively, so that your vision of all reality becomes darkened. For example you receive many positive comments about your presentation at work but one says something mildly critical. You obsess about his reaction for days and ignore all the positive feedback"
4. Discounting the positive "You reject positive experiences by insisting they don't count. If you do a good job you may tell yourself that it wasn't good enough or that anyone could have done as well."
5. Jumping to conclusions "You interpret things negatively when there are no facts to support your conclusion. e.g. (mind-reading) without checking it out, you arbitrarily conclude that someone is reacting negatively to you. e.g. (fortune-telling) you predict that things will turn out badly. Before a test you may tell yourself that you're really going to blow it and what if you flunk? If you're depressed you may tell yourself you'll never get better."
6. Magnification "You exaggerate the importance of your problems and shortcomings, or you minimise the importance of your desirable qualities."
7. Emotional reasoning "You assume that your negative emotions necessarily reflect the way things really are. e.g. you feel terrified about going on an aeroplane, so you think it must be dangerous to fly. Or, you feel inferior, therefore you must be a second-rate person.
8. Should statements "You tell yourself that things should be the way you hoped or expected them to be. e.g. a gifted pianist, after playing a difficult piece, told herself that she shouldn't have made so many mistakes and gave up practising for days. Musts, oughts and have tos are similar offenders"
9. Labelling "Labelling is an extreme form of all or nothing thinking. Instead of saying `I made a mistake' you attach a negative label to yourself: ``I am a loser''. You might also label yourself a fool or failure or jerk. Labelling is quite irrational because you are not the same as what you do. Human beings exist, but fools, losers, and jerks do not.
10. Personalisation and blame "Personalization occurs when you hold yourself personally responsible for an event that isn't entirely under your control. When a woman received a note that her child was having difficulties at school, she told herself it showed what a bad mother she was, instead of trying to pinpoint the problem so that she could be helpful to her child. Some people do the opposite. They blame other people or their circumstances for their problems, and they overlook ways that they might be contributing to the problem."

symptoms of social anxiety

• "You believe that people have X-ray eyes and can always see how you are feeling inside, and that feelings of shyness or anxiety will be noticed and judged as foolish and unacceptable. This makes you avoid social situations. You would rather die than let anyone know how nervous you feel."
• "You feel that you are in the limelight, being judged by others. You believe that people are cold and would readily hurt or humiliate you."
• "You believe you have to impress people to get them to like and respect you. However, you don't think you have anything interesting or worthwhile to say that will impress them. You are more preoccupied with pleasing people and acting the way they expect you to act, than in being yourself."
• "You don't believe that people will like the ``real'' you. You fear that if people found out about the ``real'' you, they would brand you as a fraud or look down on you. You feel inferior and defective in comparison with others."
• "You think that people are very judgemental and expect you to be polished, poised and perfect. You have stereotyped ideas of appropriate social behaviours. You have rigid standards of how you should feel, how you are supposed to act, and so on."
• "You are terrified that you will make a fool of yourself in front of others. You feel convinced that if you do, the word will spread like wildfire and soon everyone will look down on you."
• "You have extreme difficulty expressing negative feelings like anger. You are very unassertive and you avoid conflicts or disagreements with others."

Brad Goodman quotes

Read this Episode 1F05: Bart's Inner Child

Conclusion

Deleted

21/03/2005 @19:10:33 ^21:08:10

SOMETIMES YOU'RE LUCKY, SOMETIMES YOU'RE NOT

While replying to an email (don't laugh, I do reply sometimes, just very rarely) from Dave this morning (Look he's linked to me like four times today, show him some love) the following humorous anecdote came to mind and rather than confine it to an email I thought I'd share it with you, my faithful readers: (god I sound like a prick. I'm sorry. I've been awake for about 28 hours and I feel woozy. But prior to this I slept 23 hours out of 32! I don't know.)

Reverse Schroedinbugs

A schroedinbug is defined by the Jargon file as follows: (from the definition on Foldoc)

A design or implementation bug in a program that doesn't manifest until someone reading source or using the program in an unusual way notices that it never should have worked, at which point the program promptly stops working for everybody until fixed.

Last month you may remember while at its old location the site's front page emptying. This was an artifact of the way the code calculates which updates to display* I knew full well this was going to happen and could do nothing to prevent it, and indeed was quite looking forward to it (I have that sort of sense of humour)

However the date passed and it didn't happen. I was thoroughly perplexed. The port of the old PHP code to perl was behaving as expected. I stared at the twisted evil that is PHP code until my eyes grew hot and cindery, and failed entirely to spot any reason why what I believed was physically impossible was happening right before my eyes!

So I gave up. I had to run the PHP code again to see what the hell was going on. But I'd resolved not to let the black heart of the PHP interpreter blight my CPU cycles with its blood and intestinal discharge, so instead I ported the entire site code to the dystopian and obsolescent fields of crocuses. This took ages. The code went over all right but file format incompatibilities between different versions of the Berkeley DB library reared their many (well, three or four I know about) ugly heads. It took a long time to get the old update database into a format the DB library which which PHP on mimosa (well, crocus) was linked. Some hours and many bizarre error messages later I finally got it working.

And there it was, staring me right in the face, an update-less page, pure as the driven snow, if the driven snow was grey and had a hexagonal tessellation of circles imprinted upon it. Totally mystified and confounded, I reloaded the tab which contained the page at triv... At exactly which point it emptied.

I had spent in total several hours proving that what triv's PHP interpreter was doing was, as I suspected, totally impossible. At exactly the point it was proved it was behaving impossibly, and I have to stress only at that point, did it stop doing it. Mental. Reverse Schroedinbug. See?**

* given time T, defaulting to "now", include:
 • all the updates from the month containing T prior to T, and:
 • all those from the month before the month containing T, if the day of the month of T is before the fifteenth.
Yes quite. Who the fuck cares. I know. I only put this shit in because I'm anal.

** While you could very well argue that I simply fell foul of an simple web caching issue, I will still argue it's PHP's fault for being retarded. Its date functions in particular are terrible; the parameters they take and return differ wildly from the POSIX standard functions with which they share their names, and which everyone knows (or at least, knows which man page to read to check them)

17/03/2005-18/03/2005 @01:58:31 ^03:06:01

HELLO AND WELCOME BACK

It's here, the epoch time is 1111111111, and you're looking at my site's new location rjy.ath.cx! It is now hosted on my own connection under a sort of banner which is called troa.ath.cx. Check it out, at last I can do all sorts of crap I've always wanted to do! Hell, this is why I bought caco in the first place!

ChangeLog

As you might have noticed there have been some changes. Here is a list of all the ones I've done I can remember off the top of my head and can be bothered to write down

• There's not one but two sites. Largely to justify squatting on two domain names I made a "network" page (as opposed to a "personal" page) at www.troa.ath.cx. The idea was sort of that I separate my content, which will go here, from my scripts and web applications and things that exist for other people, their sites, etc. as well. For example the tracklist is on this domain but snafu is on the other one. Okay whatever who cares, I'm just probably introducing extra complexity for the hell of it
• NO MORE PHP OH THANK GOD and I don't have to do anything illegal to read the web server logs either ahahaha
• SNAFU has a new look, a new URL and a slightly new backend that runs on a SQLite database. Also if you have a home page that's different from your site page I can make it link your name to your home page. CDave asked for this like two years ago but I told him no, I'd have to put HTML into the data file and it would be a gross hack. It never occurred to me that I could just add an extra column in the table. Oh well.
• There's none of that query string crap going on. You know, all that old question mark p equals pagename shit. However old links should still work for the time being, as Simon has or will have kindly set up an HTTP redirect and I wrote a module with the humorous name TRoA::TrivLegacy to do URL rewriting

Also (having missed getting my site up for its birthday last month I was sort of waiting for this) happily I got another free speed increase from ntl just this evening. In particular instead of having 128kbit of upload I have 200kbit! Hooray, more upload! At last! It's still nothing like a real web server but I'm not hosting much beyond text here so with any luck you won't notice too much. (I've also got 2048kbit down instead of 750kbit. There's some sort of daily limit on this but I've been testing and I never get anywhere near it, so I don't care. You too could get this if you're stuck on ntl. Here are some links: announcement on cable forums (hey I could have got this for my birthday if I'd known about it!!) ntlworld upgrade page ntlworld upgrade page for cable modems (if you have a set-top box it may need replacement) the page where you type your password in to get all this shit)

While we've been off the air I wrote a large number of updates, none of which were actually written on the date they say they were written and most of which I suspect nobody will read. But, here's the links anyway.

• 22/1 Upgrading caco to Debian Sarge, part 1
• 23/1 tmpfs (this is sort of part 1.5, I don't know)
• 25/1 Upgrading caco to Debian Sarge, part 2
• 1/2 Firewalling and traffic shaping part 1. How (not) to write an iptables script.
• 2/2 Firewalling and traffic shaping part 2. How to shape traffic (if you were a retard)
• 12/2 Bunch of Doom maps
• 14/2 "Oops I missed my site anniversary. Fuck it. Here's some more Doom maps I've played"
• 27/2 Having too much to drink and randomised misogyny. Site stuff.
• 28/2 YET MORE DOOM STUFF OH GOD ISN'T IT GREAT
• 1/3 My firewall versus a well-known port scanner. Some crappy maps that should never have been made
• 9/3 A domain name and a dartboard come out of nowhere!
• 11/3 Random crap I don't have a clue about!
• 16/3 More reasons why firefox is shit and hurts people's web servers. Please read this, it's important.

Finally these are the things I still have to do

• Put my MP3s back up! And a few other pages that are "missing", although its likely I won't bother. Who needs a FAQ and a contact information page anyway? I might steal the idea of Errant's TALK TO ME page though. But on the other hand I am and always have been loathed to provide any way you shitheads can post your crap on my site. So who can say?
• Go through the old updates replacing links. I should be able to do with with a well-chosen perl -pi -e if I'm careful
• Improve the server configuration, the way all the perl modules fit together etc. It's pretty good but it could be better
• Make a few small pictures and maybe a background image for troa.ath.cx, it's pretty dull at the moment in spite of stealing that blue colour off of Something Awful that I've grown to like a lot
• Improve SNAFU beyond belief. It needs a better way to check if pages have changed, for one thing, since some people are either not able or not willing to implement Last-Modified headers in their site code. Also it still needs to be customisable, but since that means processing user input I'm still reluctant.
• Find a way round SQLite's insistence on having write permission for the parent directory of a database. Okay if I'm modifying a database file I obviously need write permission on the database file itself but why does the parent directory need to be writeable? It creates temporary files in proper temporary directories after all.
• Implement some other stuff I'm not telling you about yet!!

Enjoy!

16/03/2005

THEY SHOULD HAVE CALLED IT MOZILLA HOTBIRD

Half the people who use Firefox use it to look at porn!

FAVICONS

Favicons are stupid and so is Firefox. Let me explain. Favicons, short for "favourite icons" or something, was a concept invented by Microsoft, for Internet Explorer. Recall that IE calls bookmarks "favourites" so they're icons for favourites. There's some ghoulish spiel about using them to "increase the identity of your website" but basically it means you get your own icon next to your site in somebody's bookmarks file. That's the point. Of course with the advent of tabbed browsing the dratted things creep into your tabs as well.

There's two ways of implementing favicons, let's call them "per-site" and "per-page"

• per-site favicons are implemented in a horribly non-standard way by IE (and coerced by Firefox); you put a file called "favicon.ico" in your documentroot and it loads that
• per-page favicons are slightly more tolerable, you put <link rel="shortcut icon" type="mime/type" href="path/to/icon"> in your page header. The jury is still out on whether it's "shortcut icon" or just "icon"; some say the rel string is a space separated list rather than a single string. I don't know.

Anyway the point of all this is that Firefox in its infinite wisdom implements favicons in such a way that if your site, say with URL "http://myhost.com/mysite/" provide neither of these two methods it will with EVERY SINGLE FUCKING PAGE REQUEST generate a SECOND request for "http://myhost.com/favicon.ico". This is fucking bullshit and it needs to stop.

Therefore I would ask anyone reading this to type "about:config" into their address bar (or copy and paste that link, you don't seem to be able to click on it, probably for security reasons) and set browser.chrome.favicons to false.

11/03/2005

What's the deal!

Today I'm going to post a number of different topics and waffle in a puzzled, bemused, and typically unreadable stream of consciousness writing style, about all of them. Enjoy! And, keep on spankin'!

threads

While attempting to decide whether or not to use the threaded or non-threaded version of Apache 2 I got totally sidetracked by the issue of writing threaded programs themselves. This is an arcane art and frankly I don't understand it. The idea seems to be that you have a program that has N copies of itself and... uh... no, I don't get it at all. How is it different from forked processes?

I tried to make a sieve of Eratosthenes in Perl. Well, it's sort of there already on the perlthrtut man page, I just rewrote it and tried to understand what was going on at each point. But I blatantly don't. The way this works is that for each known prime you have a thread that filters out all the numbers divisible by that prime. If not, you pass it on to the next thread.

My program and the program in perlthrtut takes a list of consecutive numbers and filters all the primes out of them until you stop feeding it numbers. I wanted to create N threads at the start of the program and feed consecutive numbers into the first one until the last one told me it was full, but it didn't work. All that happened was the first thread kept passing numbers into the queue for the second thread. It never yielded control to any of the sub-threads. I don't know. Maybe I'm totally missing the point of threads.

Fraunhofer has a lot to answer for

I don't get MP3 bitrates and whatnot. Check this out. Let's record a sample and encode it. Let the sample rate be 48kHz, that's the maximum my soundcard will handle. Let's then pipe it into lame and spit out an mp3. This is what radioshow does every week when I record the drum and bass show to disc. For reference here's the command:

sox -t ossdsp -r48000 -wsc2 /dev/dsp -t raw - | lame -rxts48 - OUTPUT.mp3

LAME defaults to 128kbit. That is, 128,000 bits per second. What does that even mean? Let's look at the output of mpg123. If I play the MP3 I've just recorded, it reports "384 BPF" which means 384 bytes per frame. That is, 3072 bits per frame. What's a frame? I don't know, but mpg123 seems to indicate a 2 hour radio show is 300,000 frames. So, one second is 300000/(2*3600) ie 125/3 frames. Therefore we have 3072 * 125/3 = 128000 bits per second. Okay, the numbers add up! Hooray!

But wait! How come, when I record at 44.1kHz like on a CD I get 418BPF? Obviously it's in inverse proportion; 48000*384 is roughly 44100*418. How does it turn 48kHz into 128kbit? Once again, I don't know what the fuck.

Where's my damn compose key got to

The compose key is a concept unfamiliar to most computer users aka "Windows faggots" as it never seemed to progress beyond Unix. This is relatively surprising since it is very intuitive to generate accented characters by "overtyping" letters with punctuation symbols. For example, é is an e with a ' over it (well it is if your font puts a slant on an apostrophe. That's how directioned quotes are done it TeX, who am I to argue) Or ç looks like a c with a comma on it, ö looks like an o with a " on it, etc. The point is you can work all these things out easily and generate them in your documents by pressing Compose e ' without having to refer to a character map or whatever.

I used to enjoy the use of the compose key. But here's the problem. Since upgrading software, the damn thing has disappeared off my keymap! Seriously, where has it gone? I tried to work out how to get it back but I don't know what the hell's going on with X's keymapping system (you know, xmodmap and all that shit) It took me a fair amount of digging to even find that the compose key is referred to as the "Multi_Key"! I don't know what the fuck. And don't even get me started on UTF-8!

What's this button do?

It's red nose day today. Hasn't that got really shit? I remember the first one and being enormously annoyed at not being able to stay up to watch it. And the second one, similarly. All the kids would be talking about it. But I'm standing there excluded because I don't know what the fuck. But anyway now it's just shit. I mean you get about 15 minutes of comedy and 45 minutes of "PLEASE GIVE US ALL YOUR MONEY" per hour. It's dull. The last good red nose day was in 1997 when we got a half day of school and it was non-uniform too. Yes I was in my final year of A-levels in 1997 and still had to wear a uniform. This is why I now loathe suits.

09/03/2005

Birthday update for 2005-03-09

Oh here we go again

rjy dot org dot uk

I woke up to find in my email a link to a domain registration site and the message "happy birthday!"; the upshot is that I have a(nother*) real, actual domain name. In fact for a while that morning I didn't know what the hell to do. I had always planned to use the two DynDNS names on which I've been squatting, since 4th January 2003 or before.

Anyway so for now rjy.org.uk is an alias for rjy.ath.cx. troa.ath.cx is more precisely www.troa.ath.cx; I might make some other things with *.troa.ath.cx domains, I don't know yet. SNAFU, which is currently planned to be at www.troa.ath.cx/snafu, for example. I might give that its own subdomain, just for the hell of it.

Anyhow, thanks to Dave and Nelis - jesus, everyone has their own domain name these days!!

*You may remember I had therealmofanarchy.co.uk as a freebie with my old dialup account, but I had little to no control over it and it was only an MX and I let it lapse, replacing it with a DynDNS account. It was way too long and hard to type in anyway.

OH GOD I'VE GOT MY DARTBOARD BACK OH SWEET HALLELUJAH

Okay look I don't know how many people knew this but way back in the day like when I was about 8 or 9 or something I had a dartboard. It was a proper dartboard, as well, not like my pool table which is as tiny and rickety as you'd expect a child's pool table to be.

The pool table never really had a place to go in my dad's house and since it wasn't very good it got put away. The dartboard was on my bedroom wall right up until they redecorated my room in 1992, at which point it disappeared into the loft. I never got it back. I was never a good player, I'd miss the board completely on an embarrassingly high proportion of throws and sometimes I'd deliberately throw the darts at something other than the board... I don't know, kids, eh? I don't think my father was ever very happy about the state of the wall, at any rate...

Anyhow, just before my parents separated and my mother and I moved to Earlsdon I'd rescued the pool table and set it back up, inspired by the pool table in the sixth form centre and, well, not so much the proper one the popular kids played on all lunchtime but the broken one in the corner that I and a few other outcasts had invented a weird variation on the theme of pool which I'd called "pond" (discworld reference), anyway, uh, never mind that now. The point was when we moved out the pool table came with us. And of course I wanted my dartboard to go with it.

But, and this was another of my father's little quirks, he wouldn't give it to us, and we didn't know where he'd stashed it. I suspected the loft, but the loft was the realm of ghosts and goblins and monsters and places where if you put a foot wrong you'd go through the floor and end up in the bathroom and little chittering things and dust and basically it was where mortal man feared to tread so I thought it was gone forever.

Well, no. Fast forward nine years and I guess my mother must have brought it up and said she couldn't think of a decent birthday present (fair enough, I never ask for anything and am impossible to please) and my father must have changed his mind, I don't know, who cares, I've got the damn thing back and its up on the wall in the back room and I'm still shit I mean I was stuck on double one for about fifteen minutes and I still miss the board completely way too often but oh god I can't stop smiling this is so cool I'm going to go play again

01/03/2005

The internet is an orgy for binary data

I mean look a 1 is shaped like a phallus and an 0 has a hole in the middle what more do you want?!

nmap vs. netfilter

This is how you set up a TCP connection, such as the one from your browser to this website!

• You send me a packet called a SYN packet, it stands for "synchronise" and means "I want to connect, this is the sequence number I shall be using from here on"
• I send you back a SYNACK packet. This is a SYN packet telling you what sequence numbers I shall be using, that also acknowledges receipt of your SYN packet.
• Finally you send me an ACK to my SYN and we have established a connection.

The point is, the connection tracking code that is in Netfilter (that's the firewall/NAT code in Linux) uses the ACK packet, the third one in the list above, to note when a connection has been established. And that's all it does. As soon as an otherwise blank ACK packet goes through it it says "okay that's an established connection". It keeps this established connection in its list of tracked connections until it gets a matching FIN or RST.

Now we get to nmap. This is a portscanner, as I'm sure you're aware. Before it scans a target host it tries to ping it, else it might sit there for hours scanning a host that's down and not going to make any kind of response at all. To do this, in recent versions at least, by default it sends a blank ACK packet. TCP says if a host receives an ACK packet it doesn't expect it should respond with a RST, which nmap uses to determine a host's status.

But note that blank ACK packet is exactly what netfilter thinks is the packet that establishes a new connection! The upshot is, if you use nmap to sweep a bunch of hosts, all of the ones that are down create an entry in netfilter's tracked connections table (which you can view by typing cat /proc/net/ip_conntrack) So you can fill up this table pretty quickly.

Tracked connections have timeouts though. Depending on its state, a connection will be dropped if it doesn't see any traffic within a certain amount of time. An established connection by default has a timeout of five days. So these fake connections will hang around in the table for five whole days. It's a bit silly really, especially since they show up in the table as [UNREPLIED] and you'd think it would reduce the timeout for such packets. But I guess not?

Also there are various badly-written network applications such as Bittorrent (what a surprise, a badly-behaving peer-to-peer program) that can also fill up your table. You can't really empty the table on demand, except by unloading and reloading the kernel module, or rebooting the router. You can increase the table size* or reduce the timeout** which is what I did. I set it to six hours (21600 seconds, you set it in seconds) which hasn't caused me any trouble. It's not that I was ever approaching any upper bounds but all these spurious things hanging around grates on my brain.

*echo "$HUGE" > /proc/sys/net/ipv4/ip_conntrack_max
**echo "$SMALL" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

Imp y Celyn

Carrying on in the great "shitty map" traditions of The Real Wright Junior Senior High School I downloaded from /newstuff the other week the following atrocity. Named Impy, this is simply a copy of Doom Episode 1 with everything taken out, and replaced by hordes of imps. Not only does it break the rules of the archive about blatantly derivative reworks of id software's maps (so why it hasn't been taken out yet I don't know) but it even says it's an attempt to get "on the infamous list on doomworld". In other words, it's a joke and a bad one at that.

However I am a sucker for really bad maps so naturally I played it as much as I could. Remember it's a rehash of episode 1. It is episode 1, just with new monster placements. That's it. A few of the maps have moved your start position, and there are minor changes to mean you have to visit every area of each map and clear it of enemies in order to beat it. I love this kind of shit.

Maps 1, 2, 3 and 7 were done with relative ease. That is I finished them pretty much first time. Thousands of imps can be quite a threat though, especially if they attack you from all angles at once. Thus map 5 took a few attempts and map 4 took a few more. Map 9 I decided was beyond me. Almost the entire map wakes up immediately and there's just nowhere to run to.

That leaves maps 6 and 8, which is where it gets really annoying. Map 6 is quite easy - there are hordes, but they tend to get caught in bottlenecks so you just stand there and shoot, then close the door they can't open and run back to the start for more plasma cells - right up until the point where you try to press this button on the wall and OH SHIT it doesn't do anything. Map 8 does this too but thankfully nearer the start. I fixed both maps in Yadex and restarted them, finding map 6 to be as easy as I thought it'd be, but map 8 was completable but so stuffed with imps that it's impossible to get 100% kills with the ammunition you're given.

In summary, unlike The Real Wright Junior Senior High School this was a disappointment. Also I will save a rant about ZDoom, Doom Builder, and idiots making bad maps and not even realising it, for another time.