>Hallmark doesn’t Grok the Web, Part 2: The E-Mail

>Just for completeness since I’ve already ranted about them… At 8:10 AM (CST) get this email from Hallmark…

Subject: The Hallmark Web site is now available

…and the body is just an image that says:

Thanks for your patience.
We invite you to shop our After-Christmas Sale.

Now, nevermind these troublesome facts:

  1. The site was available since sometime on Saturday (Dec 22)
  2. I’ve gotten Hallmark E-Cards from people.
  3. The After-Christmas sale was already started Saturday.

Come on Hallmark… I expect better.

>Hallmark doesn’t Grok the Web

>So, if you go to hallmark.com right now you’ll see:


but our site is temporarily unavailable while we mark down merchandise for our big After-Christmas Sale.
If you’d like to be notified by e-mail as soon as we’re back online, please enter your e-mail address and click the Submit button.
Thank you.

Um, excuse me? What, you’ve got store staff running around your server room marking down merchandise?

Quite unlikely.

No site that large needs to do this. Even if they needed to see what the day-after Christmas would look like, they most certainly have internal development sites. Furthermore, I would be surprised if their database couldn’t handle what the cost of all items will be each day for the next six months.

Marking down merchandise is not a reason for bringing an enterprise-level website down and to say so is simply dishonest.

Besides, all I wanted to do was to send a silly free e-card anyway. I doubt that a free e-card will be any cheaper after Christmas.

>How to Get a Static IP at Home

>Like any self-respecting geek out there I’ve wanted to get an IP address unconnected with a place of employment and without pesky upstream firewall restrictions.

The problem is that I was looking at around $50/mo for getting a box at some co-lo’d place… and then having to buy a 1U server. To put it simply that kind of outlay for this kind of activity had a very low WAF.

Then I happened upon a solution.

VPSLink offers OpenVZ hosting for as low as $6.62/mo if you purchase a year at a time. That certainly has a higher WAF. At the time I set this up they didn’t have XEN hosting, although they do now.

The problem is that its a really crippled box. OpenVZ has no swap, so when they say 64 meg of ram, they mean you can only have 64 meg in ram! This means that aptitude on Debian cannot run (as it uses 69 meg of ram itself on my home box). Now with Xen it could swap this out, but that would be horribly slow.

However, there is a solution. It was to ask for a TUN/TAP device (although new accounts don’t need to ask anymore). Then, after installing openvpn, poof! a tunnel was born.

On my home box (which is doing way too much, but that’s another story), I am running a VMWare server with another Debian instance to actually be my Internet server. My home backend acts as a client to my VPSLink server, and as my home IP changes, the OpenVPN connection is automatically reestablished.

The basic concept is this:

  1. Request comes in to my OpenVZ instance at VPSLink
  2. iptables either rejects it or uses DNAT to route it to my VMWare instance handling the backend — via the VPN
  3. The backend deals with it as it would (apache, BOFH excuse server, etc), and responds over the tunnel.
  4. the DNAT on my VPSLink translates the traffic back to the world.

In fact, I now have two backends, with the other one running Asterisk. Its a simple matter of having the iptables DNAT to the correct OpenVPN backend.

Now, there are issues with this:

  1. You are effectively halving your bandwidth (as each packet needs to ALSO travel back to your house or wherever). The $6.62/mo plan gives you 100 GB/month. Granted, my usage is so pathetic that isn’t a problem, however, any serious usage is going to suck 50 GB in a short time.
  2. You’ve got a long winding path now for your service. Each packet needs to wind its way around the Internet over to VPSLink and then back to wherever you’re running the backend.

At least for the good folks at VPSLink this shouldn’t be an issue — I’m not exactly using a lot of CPU, disk or network.

So, if nothing else, this is one way to get a static IP out in the world. The cool part is that as far as what your network provider that is preventing you from having an unencumbered static IP at home (Charter, SBC, whomever) will only see OpenVPN traffic… they will have no way of knowing what’s crossing it. Furthermore, since the VPN connection is established outbound, you could have all incoming connections denied yet this method would still work.

So, your mileage will vary on this, so do your homework. This isn’t something you should try unless you happen to know how IP networking, iptables, and openvpn play nicely together.

But it works for me 🙂

>Moebius Transformations Revealed

If your head didn’t already hurt. Mike: did they cover this at U of P? 😉

>Beer Bottle Orchestra


Of course, the amazing part is how they did it:

Those crazy Aussies….

>Grow Damnit!

>It took the better part of my lunch hour to solve this:

And no searching on the internet for the answer. That’s just cheating.

>How America Lost the War on Drugs : Rolling Stone

>How America Lost the War on Drugs : Rolling Stone: “After Thirty-Five Years and $500 Billion, Drugs Are as Cheap and Plentiful as Ever: An Anatomy of a Failure.”

To quote Slate’s Jack Shafer

If I were maximum dictator, I would force every newspaper editor, every magazine editor, and every television producer in the land to read Ben Wallace-Wells’ 15,000-word article in the new (Dec. 13) issue of Rolling Stone

I don’t think I could say it any better. Clearly the war on drugs is not being fought to win. If it was being fought to win, then perhaps a look into why people want the drugs, and perhaps helping them get off them, would be more predominant. Nah, that’s to soft… we have to use guns and the military, because that will accomplish the mission.