I was recently talking to a friend of mine, that had to go through all sorts of hoops setting up a socket policy file server for his Adobe Flash content. This is a weird beast, which does not use HTTP for some unknown reason. Adobe provides some very simple server examples, which they say are not "production quality", and I'd have to say I agree. So, I whipped up a simple Perl server using the POE framework, and with a little help from Rocco, I think it's a pretty decent implementation. It doesn't do any logging or anything fancy like that, but if anyone is interested, I could certainly add that (or anything else that might be useful). The little perl script can be found here ftp://ftp.ogre.com/pub/leif/perl/policy_server.pl .

For more information on this new "protocol", see http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html . There are several example implementations there, as well as full explanation on how and why the policy files are important.

Feedback and comments is welcome.

For some reason, my boxes seem to get a lot of login / hacking attempts to them. For a long time now, I've deployed an iptables filter that blocks a lot of these attempts. They still keep trying, even though they only get a few attempts per IP. Maybe I'm sticking out my head too much here, showing what my filters are, but I figured that someone else might find this useful. And besides, if knowing my filters makes me more vulnerable, then I rather find out about it.

So, here it is (well, the parts of it that blocks login attempts):

-A INPUT -p tcp -m tcp --dport 22 -m state --state new -m limit --limit 10/hour --limit-burst 4 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 22 -j LOG --log-prefix "IPTABLES SSH-LIMIT: "
-A INPUT -m tcp -p tcp --dport 22 -j DROP

-A INPUT -p tcp -m tcp --dport 21 -m state --state new -m limit --limit 10/hour --limit-burst 4 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 21 -j LOG --log-prefix "IPTABLES FTP-LIMIT: "
-A INPUT -m tcp -p tcp --dport 21 -j DROP

Be careful to not lock yourself out. If you need to go over these limits from a particular IP, whitelist it first with a rule to always grant access.

I just moved ogre.com and all my other sites to a new ISP, http://cari.net/ . So far so good, excellent system, nice bandwidth, all at a very reasonable price. Oh, and their setup time was really fast. The IP they gave me was mostly "clean", although the netblock they have is blocked by Yahoo, which fortunately isn't a problem for me, and I managed to quickly get my IP unblocked.

All in all, I'm very happy so far.

We recently got DSL to use as a backup to our cable modem, since both of us work out of our home, being without network even for a short time is unacceptable. Being used to cable modem for quite a while now (we get a very good deal from US Cable, with high upload and download speed), I have to wonder why anyone would pick DSL. I did some fairly large downloads on the DSL, and noticed ping latency skyrocketing for other traffic. making things like interactive logins etc. pretty much useless. Round trip times went from around 80ms to well over 1,000, with a "load" on the DSL at about 500KB/sec. I've never seen anything like this on any of my cable modems....

See the attached graphs for the inconvenient DSL truth.

I've been using Comcast cable at my house for a while, primarily because it's the only "reliable" network provider that supports my area (I live sort of in the boonies). The performance is ok downstream, but of course completely pathetic upstream.

A while back ago, we upgraded to the "professional" service, which although expensive, did give us a bit better bandwith both up- and downstream. This was a simple switch of a button somewhere in their system, no upgrades or changes on my side. Recently they introduced what they call the "Home Network", which cost less than the "professional" service, but the same bandwith.

Now, all I really care for is the bandwith, but "Home Network" in this case apparently implies that you want their firewall and wireless router. For me, this would create some headaches and lost hardware/software investments, since I've already built my house network around a Linux firewall and two existing wireless hubs (supporting 802.11g). And to make things worse, I'd have to pay a $199 "service and installation" fee, plus new hardware cost (or rental fees). All this, to get something I already have. Nice thinking, Comcast ...

I spent well over 3 hours total on the phone trying to convince them I really only wanted the higher bandwith service, and that I was willing to pay the extra monthly charge without taking any of their router/hub hardware and installation. But they completely refused, and being a stubborn ass myself, I then simply downgraded my service again to "basic" internet services.

So, instead of taking my $10 / month with no extra work on their side, they forced me to downgrade the service, and save me some more money (maybe I can get that Traxxas Revo now). I guess I could have sucked it up and take the loss on my cable modem, the $199 installation fee, and rent (or buy) the new wireless router (that I don't need), and get the extra bandwith. But it just seemed so wrong on so many levels, I just couldn't take it.

So, for now, until SBC or someone else can provide me with reasonable bandwith to my house, I'm stuck running at the lowest possible bandwith from Comcast... Kill me billy.