Cox Crow

On April 12, 2005, Microsoft released MS05-019 to address several vulnerabilities in the IP implementation. One of the issues addressed was CVE CAN-2004-1060, a denial-of-service vulnerability in Path MTU Discovery. According to Microsoft, their patch

The update removes the vulnerability by restricting the minimum value of the MTU to 576 bytes. This update also modifies the way that the affected operating systems validate ICMP requests.

It fails regression tests, and the following caveats have been identified. In particular, network connectivity between clients and servers may not work.

Connectivity may fail because the Path MTU Discovery is failing. When the upstream router tells the sender to send a smaller packet, the sender doesn’t.

It would be nice if they would identify what it is that they changed, rather than beating around the bush about it.

Sometimes you just want to reach across the Net with your Mighty Clue-by-Four and revise all incorrect, or partial, examples in one fell swoop.

Here’s one. O’Reilly offers some enterprise best practices for Java developers, and in this sage advice on using Content-Disposition:, they suggest the following.

// Set the headers.
res.setContentType("application/x-download");
res.setHeader("Content-Disposition", "attachment; filename=" + filename);

// Send the file.
OutputStream out = res.getOutputStream(  );
returnFile(filename, out);  // Shown earlier in the chapter

No! Not + filename! The filename may contain spaces and other special characters, and the value of filename= is, in the ASCII case, a token or a quoted string.

But these are “enterprise” recommendations, so why should I be surprised?

This must be the season for private bills.

Sen. Santorum (R) of Pennsylvania has introduced a bill that would ban the federal government’s meteorologists from making this information available for free since that creates a problem for outfits like The Weather Channel and AccuWeather, which want to sell it.

As Josh Marshall puts it,

Your tax dollars fund a massive apparatus of meteorological data collection for reasons ranging from agriculture to disaster safety to keeping airplanes in the air — everything under the sun.

Which pretty much covers why this bill is wrong. The only outfit that I know which does not simply republish the National Weather Service’s data is Weatherbug, which instead siphons it from weather stations at local schools around the country.

I must first disclaim that I have not read Mr. Barnett’s book, but I have skimmed his web site. Therefore with something approaching more authority than most pretend to have, I offer these two observations.

The first, regarding the SysAdmin force, is more a question. Where in the First Principles of System Administration do we state that we look for more work? A sysadmin is, first and foremost, lazy.

Secondly, I beg to differ regarding his analysis of the election of Benedictum XVI. Mr. Barnett writes,

Until a real New Core or Gap pope succeeds Ratzinger … the papacy will decline in global relevancy to an amazing degree.

The peoples of the Southern hemisphere tend to be more extreme in their beliefs than those of us here in the Mid-Atlantic States. They are, to an extent, in conflict with the Church’s orthodoxy, but more out of ignorance of the finer points of theology than because of any essential disagreement with it. As the Society of Jesus was crucial to the success of the Counter-Reformation, and the Order of Preachers was to the Inquisition, so may be Benedict XVI to his time. There is tension there, between those historical precedents; the question is how it will be resolved. I think he was the obvious choice.

Now, speaking strictly as a sysadmin, one of the Church’s problems is that the priesthood does not scale. We Protestants have got y’all beat on scalability.

So the other day, Little Sister did y, and so we said she couldn’t watch a show. She didn’t particularly care about missing 64 Zoo Lane. She missed her sister.

I want Emmy! I want to snuggle!

Little Sister, there’s a special visitor coming to tumbling class this morning. Guess who it is.

Daddy!

No, but good guess.

For some time now the New York State Department of Transportation has been studying what to do with a section of Route 22 between I-684 and Doansburg Road. Their inclination was to widen the road, add left-turn lanes, etc., which doesn’t sit too well with the community activists. And wouldn’t solve the problem.

I posted my solution to the problem on the Brewster10509 list, just to get some people thinking: change the intersections. It sparked a bit of conversation — and appears to have stimulated the creation of a Brewster blog. I suggested using traffic circles, but apparently there’s a difference between circles, circuses, rotaries and roundabouts.

Roundabouts appear to be under serious consideration by several States’ departments of transportation, which I think is a good thing.

It appears to me that while County or State or Federal jurisdiction over the highways helps pay for them, and gives a semblance of regional concern, the people most affected may not have the responsibility that they should. Or, is it simply that State and Federal funds come with strings attached?

When I use my down-level version of Safari, Google says, Your browser is not officially supported by Google Maps. In order to improve the user experience here, like they do elsewhere, I would greatly appreciate it if they would link my search to alternatives at Expedia, MapQuest, Yahoo!, and other purveyors of fine goods.

Just watched the Democratic Convention on The West Wing, and it was much more exciting than the real-life snoozefest in 2004.

Disney’s World.

At a site where I use Blogger, someone commented. Looks like there’s a problem with either Blogger or the template I’m using: so he commented at 6:31 PM. BFD. What date?

Can you imagine the trouble that could be caused if letter like symbols were allowed in domain names?

In the paper he links from there, letter-like symbols, I learned that there are glyphs for “telephone sign” and “facsimile sign.” That is, ℡ and ℻.

Being obtuse, and English-speaking, this begs the question, “Why?”

I’d say some glib and meaningful here, but what I really want to make are observations about a company. Maybe I should get an opinion on this that isn’t clouded by The Shadow.

Hey, these kittens are crazy critters.

I just noticed that Google now displays satellite images in the map results. This is the really neat, and paranoia-inducing, upshot of their earlier purchase of Keyhole.

The difference between this, and, for example, Terraserver, is that it is just so easy.

FAQ: Will I be able to see my house? Yes.

Firefox fails to check the prefetched cache before requesting the next page when the in-memory cache-size is allocated.

To repeat, set browser.cache.memory.capacity to a known value, then wait until the memory reported as being used by Firefox is greater than said known value. Then, clear the disk cache. Then, request the test case and observe the headers in transit.

They’ll look like this.

We’re taking down the ProdigyBiz environment today, and have off-loaded the web work to another host. However, instead of just taking the hosts off-line, we have tried to provide a somewhat more palatable experience for unwary visitors.

For those of you interested in the details of the implementation, keep reading. And if you were a ProdigyBiz customer, you may want to check your e-mail address of record.

(more…)