"smtp fixup" is the worst PIX/ASA default configuration ever. So obvious what The Problem is once you see a bunch of asterisks censoring the SMTP conversation.

Yay UCSD and Roger Revelle! More charts of the Keeling Curve, which passed 400 three months ago. "1700 to Present" is my favorite.

I'm still totally amazed people can't look at a before and after of the summer ice in the Arctic or glaciers in Patagonia and Glacier National Park and make the leap that, "Okay, releasing carbon from long-dead dinosaurs in the form of petroleum and coal results in atmospheric carbon dioxide which warms and expands oceans and makes ice melt."

Okay, fine, here's a link to pictures of glaciers melting over the last century.

It's not amateur. The external connections (the wires, the SMA) may be sloppy but tossing together some breakout boards makes a prototype not a product. I mean, the GPS I made for the tracker in my car is amateur, but it's still a formal product on a PCB, not a bunch of wires sticking out of a breadboard.

Totally pleasant to hear from other people that have flown from KSMO. Anyway, it's my understanding without seeing video myself that he had altitude before the engine completely malfunctioned and he had u-turned to bring it back. I bet if he'd had another 100' he could've cleared the VOR and set it down on the runway, but witnesses report it basically clipped a tree and came right down.

(Unrelated, having worked underneath the flight paths for both MCAS Miramar in Sorrento Valley and KSMO on Rose Ave and as a resident of Venice who supports general aviation, one word: Surfridge.)

I was a year old when my father was diagnosed with pancreatic cancer. At the time he worked at a hospital where they later named an auditorium in his honor; at his first diagnosis they gave him two to four weeks to live. After six months he removed his oxygen mask to die.

So here's my first suggestion: Don't record hours and hours and hours and hours of video. It'll be like the wedding movie no one watches, or the thousands of baby pictures no one looks at. Pick your favorite photos, have them printed into a hardcover book with iPhoto, and write down who is in them, what the event was, and why it's important to you.

My dad recorded about a twenty or thirty minute message to me on reel-to-reel tape. I sent it to a professional sound engineer to have it digitized a few years ago. I've probably listened to it three times in thirty-five years. I didn't understand it as a kid but it was amazing to hear his voice.

Every night until I was three years old I slept with a picture of my dad. At some point we accept and progress.

So, here I am as an adult and I have basically a couple items that were my father's: 1) The patch from his Air Force uniform with my surname. 2) In my bedroom, an 8x10 family picture with the three of us. 3) A shoebox with all the letters his mother sent him from the farm in the 1960s and 1970s. 4) That half-hour of him talking into a microphone, imagining his one-year-old as an adult and telling me to "find a beautiful girl and marry her."

No one cares about your material possessions when you're dead. Don't worry about sorting all your old possessions. Fill a small box with the most important items for your family and write down why they're important. And be realistic. I care immensely about the collar my dog had when she was a puppy; to anyone else it's a frayed blue ribbon for the trash can. My maternal uncles have spent a decade looking for my grandfather's original pilot's license from the 1930s with little concern for anything else he possessed; it's the records of achievements and milestones we cherish. I hope my college degree doesn't get tossed in the trash but expect every single one of my books will be quickly donated and destroyed, no matter how important that Oxford Dictionary or human anatomy textbook is to me.

So, all that aside: Your child has the advantage of knowing you today. So look back at your own life and the major events you cherish, and tell her about those. "The day I met your mother... so when you meet someone..." or "The day you were born was so important to me because... so when you have children..." Don't tell her about dating boys or finding a good job or reading books or traveling. Everyone figures that out on their own. Tell her about how important family is to you, and your connection to her future and her family as she experiences the wonder of life. Don't talk to her like a sixth-grader, you do that everyday already. Talk to her like she's 25 or 30 or your age. She'll understand your words when she needs to look back and understand.

Something positive can happen from the misfortune that has come upon your family. I understand life is precious because my father died when he was forty-two. So I've lived my life as if that's my expiration date: I've lived in New York City and Los Angeles. I've travelled to five continents. I've learned to sail. I've studied flight. I ride horses. I have a dog. I've spent well over a decade living at the beach because that's what I want. Every day is a gift and I live it like it's vacation. So many people have these simple plans: "When I retire, I'm going to the Grand Canyon and on a cruise around the Mediterranean." I learned from the death of my father to, well, it's a cliche, but seize the day. Do everything you want to do without fear because you might not ever get a chance. So consider your daughter might live a life greater than either one of you imagined only last year. Yes, it hurts you'll be apart. But I'd probably still be among cornfields without my tragedy propelling me forward.

And think about your wife too. So many people keep paying the bill on an old phone just so they can call it and hear the voicemail greeting for a dead relative. Your wife will soon be a single parent, terrified about working all day and paying the mortgage and mowing the lawn and lighting the furnace and snaking the sewer pipe and wondering what a soon-to-be high-school girl is doing between 3:30pm and 6pm while she's still at work. Never mind the immense loneliness resulting from the unexpected. Give her a thirty-second recording for those moments when she just wants to cry and laugh and run away all at the same time. Write her a letter that says, "Open in 2016." Just let her pick whether it's on January 1st or December 31st.

Finally, turn off your fucking computer and go take a nice trip together for a few days. We don't need a hundred hours of goddamned video, we need memories of love.

Amen. I just received a handful of FT323RLs in the mail today from Mouser. It costs 5x as much as a Chinese import, but this certainly isn't the first time FTDI has used driver updates to protect their technology, it's just the first time (that I know of) they've actively disabled chips. But if FT-Prog can fix them, great.

Anyway, there are cheaper alternatives, I'm growing fond of the WCH CH340/341 series for being a tenth of the price of an FT232. But it requires driver installation, whereas MacOS just works with FT232s.

I mean, I even address that in eBay listings for products built on CH340s ("this is $4 cheaper because you have to install drivers, and it's known to not be counterfeit") and in my products using the FT232RL ("It costs more, but you just want it to work, right?"). Like my USB GPS adapter.

Most people involved in a pre-textual motor vehicle stop and issued a warning for a trivial non-offense won't know to say the magic words that begin their legal defense: "Am I free to go? Why am I being detained?" and when the polite officer says, "Well, I'm sure you've got nothing to hide, let me search your vehicle, and no matter what I'll make sure you're on your way quickly," many quickly hope compliance is their best option in the short-term.

So they say, "Yeah, go ahead," instead of the alternative, "I do not consent to search and invoke all protections afforded me by the Constitution; while I am cooperating within those constraints, please advise me promptly when I am free to go."

You'll get searched anyway, whether it's your phone or your car. You might get arrested anyway. But having invoked your rights instead of freely waiving your rights gives the defendant ample opportunity to assert their innocence in court without having already accidentally proven their guilt without the benefit of counsel.

I expect most people, despite the Supreme Court ruling, will find their phones searched anyway; consider stop-and-frisk in New York City. Please set a passcode on your device, preferably alphanumeric instead of a simple PIN, and avoid interacting with law enforcement, they have better things to do than read a neckbeard hacker's text messages to his mom about picking up more Mountain Dew at the store.

(Nevermind Border Patrol checkpoints in the US or Customs/Immigration interviews...)

(IANAL.)

"Herd" animals have eyes on the side of their heads, because they're prey. "Pack" animals have eyes facing forward, because they're predators.

Running NTP on ESX guests is often nasty and a great reason to use the vmware-tools:

vmware-toolbox-cmd timesync status
vmware-toolbox-cmd timesync enable

After having the good fortune to spend a few weeks testing everything free, I've got to spend a minute evangelizing for Zabbix.

It took me a week to understand the concepts, but the clone button and templates make Zabbix my favorite tool. The local Zabbix agent on each host gives detailed metrics and the screens of graphs are great.

Check out the appaloosa-zabbix-templates for more MySQL and Memcache charts than you ever thought might work out of the box.

Zabbix is ridiculously powerful, from auto discovery on subnets, to simple ping and snmp, up through more advanced tools.

I'd add a #4, or #2a, Man-In-The-Middle the certificate. Diginotar's compromise, never the huge bundle of trusted certificates in every browser/OS, makes it easy. Whatever an enterprise can do with GPOs and Websense can happen in the wild too. (I kinda prefer self-signed certificates anymore.)

Overall I agree, but I still cry out in pain when I see people choosing to use 3DES and disable PFS.

It's important to remember that only a year ago RC4 was a recommended solution and TLS1.2 support in browsers like Firefox and older operating systems has been slow to arrive. So I look at this as an important first step, with progressive refinements sure to follow. In the same way that Facebook introduced https in response to Tunisia and slowly made it an option for all users before making it default, Yahoo, while slow in adopting a model of default security, has to walk similar steps. They may have had an SSL-beta-option for the last year, but given their AOL-Like user base, I can understand being conservative in adopting new methods and being liberal in the ciphers they provide. Someone using Chrome in Mavericks may expect support for SPDY3 with AES-GCM, but for a user base that may be using IE6 or FF3 on XP still, for a company that caters to people who will never know what GCM or SHA2 is it best to avoid the headline, "Yahoo Mail is Broken for tens of thousands of users." They'll get there. Thanks for trying, Yahoo.

Now, can someone at Microsoft turn on STARTTLS? For that matter, I wish NANOG would turn on STARTTLS for inbound connections.

Also, IPv6... please... IPv6...

The headline could do without that loaded word "big" and the connotations it brings. An easy counterpoint is DNSSEC: The entire dotgov TLD has had DNSSEC deployed for years in stark contrast to the adoption rate among the general population. Complex projects in technology are not all alike.

T-Mo USA was an acquisition of Omnipoint/Voicestream. Seattle is where they started from.