Older blog entries for Bryce (starting at number 50)

A somewhat uneventful day.

Again, after getting to the office there were still confusion in the ranks as to what was done with piranha and what the initial ruckus was about. Repeated myself a few fimes. It almost makes you wish there was a local TV channel to go and explain on. (it'll never happen though)..

Slowly but surely the press articles are getting it right.

BIG HINT: "Linux" is an OS ie the KERNEL. The piranha GUI is a php3 web *application* and has no direct relationship to the linux kernel. So reading 'SECURITY HOLE IN LINUX! NEWS at 11!' sadly shows a great lack of understanding. In this, the major linux system distributers are partly to blame. They should make it fairly obvious that the linux kernels they are shipping are at version 2.2.X or 2.3.X (at this time) not <Vendor> 6/7/8/9 . These are simply convient linux based bundle software packs. The version numbering normally slattered over the front of the boxes should be seen as that verdors sw options package. A bit like when you go and buy a new car, it has a basic model which is enough to do the job and, for value add purposes, it has a suite of optional extras that you may wish to buy in.

Went back to the apartment to wait for the cable guy to turn up for his appointment. He arrived about 90 minutes late, though, I now have cable... more importantly, I have access to the cartoon network and the powerpuff girls. Life is good again.

Got back to the Office and spent the rest of the day replying to email and other fun administrative items.

About 19:15ish, went off to 'Best Buy' to get a VCR. Here, UK and US cultures seem to diverge. In the UK we have the equivilent of 'best buy' in the form of 'Dixons'. If you walk into a Dixon's shop and even so much as glance at a product on a shelf, at least 2 shop assistants will zero in on you and immeadiately start developing your need for their latest hard to move stock. In 'best buy' however, I desperately tried to get a hold of anyone in the sales staff to stop nattering between themselves and come answer some questions. After some time one of them did decide to get into the mood of answering questions about service contracts and features. Finally came away with an 'ok' sony VCR. It may be a NTSC restriction however, the normal PAL VCR's in Europe seem to be better featured than the US models. Then again, I'm basing that on the instore range of 'Best Buy' which may not be representitive of the VCR market in the US.

Got home, hooked in the VCR and settled back to watch TV. I had planned to play with the VCR as it has a 'commercial pass' feature which I thought would be a must to have.

I'm running late tonight (12:50ish)

So a quick overview of the day. I'll make up for it tomorrow.

Got in. ISS wrote back to complain that they believed the design of the GUI to allow people in without requireing a password was flawed,.. There are many schools of thought on this, however, the political thing to do is to seal it up and stop people even having the chance to play with the GUI. To this end, the password update has been superceeded with piranha-0.4.14-1 which has removed the password change facility entirely. If you're intrested at all, then please have a look at the update and send in feedback. Without feedback I can't evaluate mistakes or overlooked features. (Feedback to: http://bugzilla.redhat.com/bugzilla please)

Had a number of people ask if they could quote from yesterdays diary, well for all those that care, from my viewpoint, the diary is 'public domain' information, if you want to quote from it, go right ahead,.. they're my thoughts on my day to day experiances.

Anyway, spent 3/4 of the day in the labs going through install upgrade, test repeatidly with the QA people. I hope that 0.4.14-1 burries the security issue as a non event. The next set of updates should simply be feature/normal bug updates (most likely spelling corrections)

Umm well other than that the vast majority of the remainder of the day was simply batting away the queries and the jouralists.

I did find time when people went home to setup the webcam on the desktop machine. If you want to point and laugh etc you'll find it here I have to fix the time,.. it's showing 3 hours into the future which is odd.

I have the cable guy coming out at 13:00 tomorrow so hopefully I'll have something to watch at home tomorrow night.

I'm shooting off home now.. 12:59am. I'm just plain tired.

Today was a bad day.

Having kipped over at Joels place due to being locked out for the night, I drove off to Hertz to try and recover the missing apartment key. Well I spent an hour there walking with one of the reps through the entire car lot of 3000 cars trying to find the one I'd been driving to get the key off the keyring. An hour later we havn't found it and another search of the online booking system shows that the 'locked/do no hire' status on the car was ignoreed and rehired that morning... DOH! NO KEY!!! Very miffed. Wasted an hour.

Rushed off to Redhat to find that ISS/MSBNC have managed to completely blow out of proportion the 2 bugs in the piranha package. Now I personally took 2 days timeout to work out exactly what the exposure was and how it affected people. So to be brief

The 'rogue' backdoor account wasn't a backdoor at all but the frontdoor that people were supposed to use to make use of the GUI pages. These pages are controlled by the very standard .htaccess control mechanism. Unfortunately in packaging the software to be burned onto the CD, it looks like the default password file pointed to by the .htaccess file was altered by some last minute testing, which is where the password 'q' came into the story. The password for the user 'piranha' was actually meant to be BLANK so that people could use the package out of the box.

What should have been done had the 6.2 deadline not been so ludicrously tight was that at that the password should have been set as a non login account but that on trying to use the GUI pages, a message stateing that as the root user of the box you should type in htpasswd -c -b /home/html/piranha/secure/passwords "<password>" before attemping to use the package. All well and good in HINDSIGHT. However, leaving the acount wide open with no password was, while not great, a mostly acceptable situation, because all that the gui would have allowed you to do would be to alter /etc/lvs.cf which is for the cluster configuration.

Sub point: the default install of RH6.2 didn't even install piranha. If you wanted to use clustering services, then you would have to want to use the packages and should have read the documentation which did point out that you should change the password after you installed it. Unfortunately we lost the documentation person assigned to the piranha project back in January and it's been quite a struggle trying to keep documentation in sync with what we were coding. Anyway. I digress..

The SECOND bug and the one that carries the greater value of weight from a security point of view was the passwd.php3 web page which made an external call to the htpasswd program normally built up with the apache distribution (though it's root origin is from CERN's httpd src tree). I might as well as show EXACTLY what happens and why. Theres no point just saying 'bug' if you don't understand it.. This is going to ramble a bit so you might like to skip to the next paragraph after this one 8)

The offending code fragment in passwd.php3 lines 121+ are shown below.

$temp = `/usr/bin/htpasswd -b /home/piranha/conf/passwd
               piranha $try1`;
       if ( $temp != 0 ) {
               echo "...HOWEVER, I wasn't able to update the
                        password file. Permission problems
                        maybe?";
       } else {
               echo "Successfully updated the password for
                        'piranha'";
       }

What this code portion shows is the php3 variable $temp having a shell command constructed with the aid of $try1. $try1 was actually the input field for the first of the password verify fields (<INPUT TYPE="PASSWORD" NAME=try1>)
Now, because php3 evaluates and executes in a seperate shell anything between the ' marks, $try1 was unprotected from being passed the ';' character which from the shell expansion viewpoint allows it to execute the htpasswd and ADDITIONALLY another string of commands as long as they were colon seperated.
Bad call. I need to be slapped down for missing that. In my defense, I plead time pressure and lack of sleep.
As a consequence. you have to understand the enviroment that the piranha pages are running in. The web server itself runs as user nobody by default so any shell commands will be run as user nobody. Ok, so what can nobody do? Well in theory, nothing, however, it CAN execute something like "rm -rf / ". In theory this will do bugger all. Alternative scenarios are that you could mail out the /etc/passwd of the box which would give the evil cracker some targets to hit against but again, the default install is to install shadow passwords which only root can see and operate on though people do have the choice to use the old BSD style GCOS passwd file which isn't protected from other people reading out the encrypted password strings. Humm ok, theres a possible nasty. The charge of 'defacement of a website' is almost groundless. because pretty well all web sites I've ever seen are created under the id of webmaster and local user ID's. User nobody doesn't normally have any featureed files in an HTML_HOME and if it did then you arn't reading the httpd server documentation which says, *run* the server as user nobody but keep files as webmaster or your own personal userid. Humm I truely can't see 'defacement of website' being an issue, though I'm prefectly happy for someone to show me how it would be possible. By very careful arrangement of typed in passwords, you could actually manage to export a shell to an external host through xterm. So shell access to the machine is possible but as user nobody who *should* have nothing intresting he can attack. Mostly you'd be suffering information leakage and in an extreme case loss of CPU/memory through some form of DOS attack though trust me,.. there are MUCH easier ways to do that than this method.

Reading through the 5000+ articles on zdnet/slashdot and other places, I see people getting lambasting OpenSrc as a result of all this,.. Bad news folks, This *is* the first showing of the piranha GUI, it hasn't had a full peer review as yet so claiming that OpenSrc doesn't work is imeadiately shot down in flames because this exposure was something I never had before,.. community feedback.. admitidly I didn't expect it in this form. Some gentle prods of 'hey! look! I can make it do this in the following circumstances' in a newsgroup or email would have sufficed.

Lets see what other charges are there,.. ah,.. not audited. Hum. Actually it was audited before being put on the RH6.2 CD, however, the piranha package was literally nailed together a day before the CD had to be finalized so there was <24 hrs for other people to review the code. It's not surprising it got missed.

Miscillanious charges: Yes, this is a security exposure. It will, however, not end up in your web server being trashed or your machine being left inoperable. Provided that when you installed the original gui package, you read the text that prompted you to wander of and set a password on the gui, you should have been safe because only you would know the password that would then let you get at the change password function which had the security flaw.. A chicken and egg security flaw.

Now then as to how MSNBC/ISS handed the announcement, that was woeful. They misrepresented the severity of the problem and they claimed backdoor access to the syetem which was inaccurage as their 'backdoor' was, as I said earlier, the frontdoor!. Also the severity of the problem seems to have been set at 5.. somewhere akin to 'This will result in your machine catching fire and all data being deleted (not necessarily in that order). in truth, I would have rated it as 'easily solvable blunder' that allows for information leakage. I can't see an armageddon scenario from this.
I guess in ISS/MSNBC's eyes, I'm the author and am biased. Pah, humbug. I hope the above is semi intelligable for those that care and gives a measured account of the security flaw. MSNBC seems to have launched a political attack on RHAT over this since they were caught with something akin to this in their software which they got badly bitten for. I wonder if this is simply their attempt to try and push the spotlight away from themselves. On the pluss side they *DID* come to redhat with their findings so there is some thread of decency in there somewhere. I don't think they're all bad however I can easily spot the break between engineering and marketing/sensationalism. Why can't people just report the facts and not make things up? 'Honest mistake, leads to potential following security exposures, fix available'

Things got progressively worse during the rest of the day,.. Wanger kept getting called by journalists throughout the day asking about the above problem and whay was it so devastatingly serious,.. He also got a radio show interview about it,.. he may even have had two. I think he's feeling the heat. I better watch out as that probably means my life is no longer worth living for the next fortnight.

Allstate Insurance rang to get even more details about my car insurance in the UK Reminsds me to send over a lump of cash to the UK account after the next pay cheque comes in. So lots of emails and calls later they are finally happy that my insurance is correctly sorted out. Good.

Tried to call my apartment complex managers office several times to find out what process/hoops I needed to jump through to get new keys cut, but couldn't get through. Hopped in the car and beat down the road to the office to see if I could find anyone there at all only to find out that the reason I couldn't get through was that the manageress was busy singing to her mother down the phone line.. (bizzare). Fortunately they were able to open the door to the apartment and had the locks changed which didn't cost me anything because it turned out they only had the one key to the apartment in the first place (the one now on someones Hertz rental car keyring) So that was ok and I now have two spares ,.. on hidden in the RHAT office and one on the my car keyring.

While I was in the vacinity, I beat round to the Western Union bank?/hut? to try and pay off the deposit on the phone. They'd run out of Bell South deposit slips and could I come back tomorrow.
DOH!!!!

Went back to the office, and overheard lots of political piranha mutterings from the closed conferance room behind me. At one point they were all clapping which initially I took to be agenda item 1: Fire responsible people. Finally got fed up with it so I went back and stared doing code changes to piranha 0.5 (not 0.4). Any chance of a good day has really kind of crumbled to dust.

Mail arrived,. My first bank statement.
There is a problem with this,.. where is my personal cheque book?? it was ordered up over 3 weeks ago. Called up Wachovia to check that they wern't holding it at the branch or some other oddity. Nothing there, so I had them cancel the entire cheque book and reorder a new one (muppets). Additionally NONE of my home banking kit cas come through but they vanished off the end of the phone after cancelling/ordering the new cheque book before I had time to query it. I wasn't feling in the mood to beat down the call waiting system to get another person to ask about it. Maybe tomorrow when I'm not being savaged by a fish.

Went home at 20:40 via WallMart where I bought some audio cable to hook up the speakers and surround sound/cd player system I bought off Keith (cheaply ie <$400) and in the process picked up a trinitron TV from 'Best Buy' which I neeed to do anyway for the cable guy who's due in on thursday 13:00ish to hook up to the cable network. Sony need to be reminded that adding 10" of extra dimentions to the tv packaging can make for intresting moments loading a car up. finally got home and installed all the above components. Seems to work fine. I don't have a TV supply as yet so being bored, came back to the office to type up the diary

I would write more but I'm too shattered and my entries are starting to become novels.

I'll try and make up in tomorrows diary.
In short, MSBNC are cowboys that have almost zero journalistic ability to report the truth. May they be cursed as the equivilent of the British newspaper 'The Sunday People'.

Up early. I'm supposed to have researched berkley db2/db3/xml/ldap and any others as a means of data distribution.
Lets see,... said meeting about this was on Friday at 19:00ish,... so, during the weekend that I was busy fixing the mistake that broke the piranha errata horribly (mixing version 4 and 5 to make a mess) I'm also ment to do the above a security redesign, a configuration change/enhancement and an outline of Monitoring and administration.... Humm overtime?? I think not.. Bah.

Lord,.. soo many things to do today.

• Have a presentation to give to ewt
• Have to sort out BellSouths phone deposit
• Have to get insurance sortted out so I can buy the car.
• Have to leave the hire car back to hertz
• Have to get cashiers cheque ($3000)
• Have to do loads of miscillanous items

First off, in the office and rechecking the piranha-gui errata. Convinced the build is good and go looking for Christian to get the package re-signed and up up on the updates archive. Meanwhile a battle of language has broken out over ISS's wording of the security errata 'Intentional backdoor' which is a load of cobblers because the piranha account as initially installed isn't even meant to have a password!. I hope this is resolved.

Wanger points out a mechanism that may have been the source of the src tree contamination. All I can say is that CVS is annoying and that knowing about 'cvs -A' may have saved all the problems *sigh*

A bit before 12:00 I called up BellSouth to find out where exaclty I can go to pay off the deposit they wanted for the phone connection, which turns out to be $90 payable at Western Union on the Airport Road. So I gathered up all the bits I required and set out to pay off the deposit at the bank. I eventually find it ahving missed it twice, because instead of the modern brick bank building I was expecting, I find out that BellSouth wants it's bills paid into a bank that uses a wooden hut for it's premises. Umm,.. Worse still, the bloody bank was shut for Easter. It must have been the only one that did.

Returned to redhat miffed.
Ok, The presentation for ewt isn't going to happen which is a good thing as I'm utterly out of time and haven't had a time to dig out everything on LDAP/db3. This still needs doing though 8(. Called ford for find out whats was happening about the car, Told I needed the full insurance. Humm,...
Also need a $3000 cashiers cheque too. Made a dash for the bank to get the cheque as I had sudden visions of Wachovia being closed as well. I wasn't so got the money fine. That just left the insurance. Much annoyance as Allstate were the only ones that would talk to me without a NC drivers licence, and that was only if I could prove up to 6 months previous insur4ance with another insurance firm in the UK. This being a bank holiday in the UK direct line wern't available and the time ment I was outside their normal office hours to. Called mum up to hunt down my insurance policy's and have them faxed over,. Finally Allstate are assured that I'm a sucker for their insurance rate of $576 for 6 months *ouch*

Vanish witha friend to leave the hire car back to Hertz. Drop off the car and then proceed to ford to finalize the deal and sign my life away to ford credit. ... long waits etc later I finally get off the forecourt with the car (hurragh!)... got back to Redhat and realise I don't have the apartment key
DAMN! (actually I said a lot of other words too..)

Made a dash for Hertz to see if I can rescue the key from them. Unfortunately I left the car back at 8:56 and I got back again at 10:25. They've either thrown the key away as an 'unwanted' or have it still on the key fob that would be in the safe upstairs that one one could get into.

DAMN DAMN DAMN

Evening made worse by MSBNC/ISS security announcement about piranha which reads like I've somehow knifed Redhat in the back. Pity they have almost zero intelect and didn't bother to check their story properly. I wonder if I can sue them for slander. Basically they negected to understand that the 'rogue' account isn't even ment to have a password on it and that the package isn't even installed by default. We'll thats what happens when everyone tries to throw togther a package right up to the deadline of printing the CD's.

Ah,.. last night,.. I completely forgot I had some frozen food in the car boot (US: read trunk) Fortunately it was a clear night so it was quite cold. Had a toasted bagel and nipped off to bed, but set the alarm for 09:30, I have piranha built/testing to do.

The alarm went off,.. *thump* <snooze>
The alarm went off,.. *thump* <snooze>
The alarm went off,.. *thump*
Ok, gave in,.. Mikes alarm clock wins and I get up. It's about now that I remember I didn't unpack my suitcase from the move from the other flat. Eventually stumble out into the kitchen and remember that I don't have a cereal bowl (mutter, somebody is going to get hurt)... opted for two toastd bagels instead.

Did various chores. By about 11:30 there wasn't anything else to do, so having procrastinated long enough, I drove over to Redhat to complete the piranha errata from last night. The problem with the piranha gui package is that it has to install with no password set. Additionally, there is no reliable way of telling the system administrator to go set a password on the server as that would break the redhat installer... damn,... now *if* the apache web server was pam aware by default I would have pointed the .htaccess file to go and use the system password file (/etc/passwd) and none of this would be an issue.This is not the case, and I'm left having to look after another password file that one one really expected to have to manage. Double damn.

Made the src rpms and tested that it really was the correct src tree being compiled up agains and checked the install and uninstall of the rpms. Finally satified, I dropped them off on the build servers for Wanger to so the Errata build on. Grabbed the ensuing build back off the server and subjected piranha to the same tests again. Hopefully that'll all get approved and signed off in the morning. I also revisited the errata on bugzilla and strongly stressed that people should set a password on the system when they update the package.

I had thought to go and get some miscillanious items from the shops, however, I just plain didn't get around to it through reading all the email I've been avoiding to read throughout the week. Err,.. there is a LOT of it.

Seems mum has managed to get herself into difficulty trying to print from her windows box to the printer. As it turns out this was partly my fault for leaving the default using a network printer. Oops. Hopefully that's sorted out and I won't be disowned. Mum seems to be quite worn down/ill and tired 8( I hope she's going to be ok.

Humm, my sister wants to take my old car (Ford Mondeo (US: contour)) across to the mainland to a) be evaluated for auction and b) to drag back a load of my gear from her house 8) Now would be an EXCELLENT time for Telsa to speak up if she wanted to grab my complete B5/B7 collection of video's along with the associated feature length films. Unfortunately the US seems quite ignorant of PAL encoded video so theres no point trying to get them shipped across along with the other 500+ anime video's. (did I mention I was an avid anime fan?)

Ingo kept emailing the engineering lest that the machine he was working with kept dying. I think we need to invest in a dialup powerswitch for him 8) I'm fairly certain that such beasts do exist.

Telsa forwarded an email to me from an old friend from back during my BioMedical days at Bradford uni. I wondered what happened to him. Mark was a good friend that I had back then. If anyone does know their computing history well, they'll remember him as the author of play and modplay for the PC.. A good assembler programmer. I wonder if he's been itching to fiddle with the gnu assembler and the intel port of linux 8)
Probably not, he has enough on his plate I suspect.

Additional observation about the US road system. It has potholes. LOTS of potholes. In fact compatred to Eire back in the mid 1970's the US pothole crisis is going to bite the goverment hard when people realise that bad road maintance leading to an accident (eg blowouts) are the goverments responsibility as they are the ones that tax the people for the upkeep of the roads. If they don't maintain the roads, they can hardly claim to be using the tax for transport correctly. If they require a bigger budget and taxes to go up for that purpose then so be it. They should not be allowed to get away with a 'so what' attitude.

Need to bone up on the NC driving test,.. I might take it on monday if I have time. I've arranged for to collect the new car on monday and drop the hire car back to Hertz by 18:00. I hope I can find a warm body to help me drop off and collect the cars.

Saturday,
Today I moved into my apartment, so I gathered up the remainer of my belongings from the temporary accomdation, tidied up the place, ran the hover over it quickly and washed the bed linen. and emptied the fridge of the remaining food.

Dropped of the keys at the office and made tracks to the new apartment.

Spent a few minutes at the apartment.. in the UK we'd call it a 'flat' and since thats shorter to type, I'll keep refering to it as such.

Made out a list of extras I needs to go buy,.. specifically bed linen. Drove off to "Linen 'n' things" and bought fitted sheets, a denim comforter,.. (we in the UK like to call them quilts), a pillow, some cuttlery, a stainless steel skillet, a fan and a crockery set (which I'm annoyed at because the cereal bowl that was supposed to be in the set wasn't).

The spending never stops,....
Bought a phone, a number of kitchen knives, various cleaning fluids, some food and condiments. I'm by no means finished yet,.. I'll probably buy a microwave oven sometime soon because a lot of the food ranges in the stores seem to be dependant on you owning one.

Got home and made the bed up. Hurragh! I have somewhere to sleep tonight. Moved the living room furniture around a bit as the TV wall socket is in a really useless place. I have yet to buy a TV/video and a cable connection. I'm not terribly impressed with American cable TV but it's ONE single redeeming feature is the cartoon network. There are two cartoon networks in the UK, but alas, in the US, the time warner cable company seems to only offer one of them. I might be better off with satilite TV where I would also get the BBC news, though I can watch a much grainer but perfectly good BBC 9 O'Clock news program from the BBC web site (see the top right corner for the tag "BBC ONE TV NEWS" which changes every day)

Poped into the office and was dismayed to find out the errata build for piranha that was done on friday is a complete mess. Looks like the CVS trees are badly corrupted. Called wanger to discuss how to go about untangling this mess and spent the rest of the night repatching and testing the piranha errata. Moral of the story, NEVER trust the CVS tree to be correct. Just cos the changes checkout/in on your box works fine doesn't mean the main cvs tree repository is 'perfect'. Wanger will be rebuilding the CVS tree tomorrow. I've built and tested a new src tree which appears to be 'clean'. I'll be in the office tomorrow with wanger going over rebuilding the errata

Went home late,... (ie it's 04:56 now)

The last few days have been very busy.
Basically all kinds of fun items have come to the fore

Went to the bank as they rang to ask for a photocopy of my passport/entry visa which they forgot to get when I was applying for credit cards. They need this for to do an international credit check. Oddly, my own bank in the UK pushed up my credit rating again without me asking, moving my credit from 1500 UKP to 2500 UKP which equates to ~$4000. I'm rather hoping the Wachovia pick up a good report as a credit rating of zero in the US, while substantially better than a BAD credit rating, makes getting finance a bit harder.

Having been warded off living in Durham by just about everyone in Redhat and a number of external people.. (though no one gives a full account of why, but guns were mentioned by a few) I've found a place reasonably close about 6 miles away. I would have prefered Innsbrook though as it was all of 2 miles away from the RH offices. Given that everyone seems to believe Durham is a pit, I can't help wondering why RH chose to set up it's offices there as the current offices are rented and is the 3rd building redhat have moved to.
I kinda liked the temporary accomodation I had out at Cary, however, traveling 26 miles round trip a day would be a pain and the I40 isn't known for free flowing traffic.

I've rented the apartment at Bradford place for $790 a month which seems to be about the normal price in the area for 6 months. Paid a fee, deposit ($250) and the remainder of the month rent ($260). I want to see how things pan out over the next few months and decide if I should buy a house or continue renting.

Needed to get furniture. Went looking around for furniture rental places, though I had a 25% off first months rent for Cort which was only 4 miles away. So I went and got the manager special at $85 a month though I upgraded the bed size and the dresser table. So for $110 a month (ouch) I get

• A sofa
• a matching chair
• 2 table lamps
• a cocktail table
• an end table
• dresser
• a mirror
• a nightstand
• a headboard
• a frame (hey, it was part of the 'special')
• a queen box
• a queen box mattress
• a dining table
• and 4 dining chairs

I got a hold of the local electric company (Duke Power) and got the electric to the apartment sortted out. Minor fee of $160 to pay.

Phone,.. I had the apartment management people sort out the phone application, however, I have to go pay a deposit at the phone office, which is a pain, because I have no idea where that office is and the person I spoke to at BellSouth just said 'bring it to the office but just couldn't get it through her head that I needed the address of the office... <mutter, stupid woman>.. as a result the phone line connection is an unresolved issue.

I need to get rid of the hire car ASAP, so I poped off to Capital Ford to see about my prospects of buying a car. I've gone against the idea of getting a 2nd hand car as they were not that much cheaper than a new car and don't come with what I would call decent warrenties. Although the NC state have a rulling that car damage >$1000 has to be reported and placed online there are a lot of nasty gotcha's that can slip under $1000.

Finally found Capitol Ford after making a wrong turn. Had a look around, but really the only two cars of intrest were the Ford Contour (known as a Mondeo in Europe) which is similar to my last car or a Ford Focus, which is being pushed hard by Ford as it's next product to gain market share with. I'm thinking of spending around $16,000 on a car which is about 10,200 UKP, so the bank advised me that I should probably get financing from the car company as they could probably do a better financing package. So I've applied for $16,000 credit through the ford credit scheme.
Because I'm new to the country ford then wanted a load of details abou my UK bank and credit which was all fine and good,.. up until they found out there was a 5 hour timezone differance. They'll be in touch.

Decided to skip on TV in the apartment for a while. From what I can see, most of TV in the US is advertizing. If I do get a TV, it'll only be for to watch VD's or video's

Back at base (RH) things are going okish, lots and lots of fun trying to get website space sorted out, documentation written, designs made and scoping out the piranha enhancements. Fortunately Keith has shouldered the brunt of the work while I try and get myself sorted out with apartments and the like. Theres a new features list that runs several pages in length now. At some point that list will stop growing and some serious design/coding will get going under the hammer.

Ah, easter break (good friday),... turns out the aparment office complex will be closed. This is annoying because the furniture people will be turning up and there will be no one around to let them in to deliver the furniture. Called up Cot's to discuss this, and they seem happy to simply call me when they get there for me to go out and open up the apartment for to let them in. Unfortunately this means I can't go to the DC LUG, which I would have has a logistical problem with anyway. See I also needed to return the hire car to hertz on saturday which opened up even more problems.

Ford ran to confirm that they were prepared to finance the buying of a car. Good. I'll have to find a warm body to come out with me (I can't drive two cars at once). Though I have yet to select the car and options, however, I have a very good idea of what I want. I need to sort out car insurance as well. That'll be expensive,.. somewhere around the $900 mark even if I am 30 and never caused an accident.

New Items to aquire,.. bedding, pots/pans, plates, cutlrey. Is there no end to this buying spree? At this rate I'll be single handidly be pushing up the intrest rates in the US (ok huge exageration).

Consumer gripe of the day:
The US hasn't caught onto the idea of direct debit.
A lot of companies won't accept credit details over a phone.
This means that the aparment, and furniture, has to be paid for by cheque, Power can be paid for by credit card over the phone but don't have a direct debit facility. The phone company will accept credit card payment but deposits have to be in person with a cheque. I have as yet to find out what ford will do. I'm really hoping they'll do direct debit. I'll be annoyed if they don't.
Conclusion: The US financial structure is arcane and badly needs a kick on the shins to get it's act together.

I bought a USB PC webcam from Staples Office supplies. In theory it's one supported under linux. In deferance to my common sense, it's the IBM PC Camera Pro. I have checked that it works, and works fairly well under windows. Under linux however, the story takes a different shape. It turns out that the linux ibmcam driver is for the model 1 or model 2 cameras. Im my case I have a model 2 revision 3.01 and not 3.0a as the ibmcam driver expected. I got in touch with the Xirlink maintainer, Dmitri to ask for advise (The IBM PC Camera is a rebadged Xirlink camera) So we've been modifying the kernel driver and testing away. We seem to be at the point that a data stream is coming in from the camera so it's possible to read the dataflow, just that xawtv which I'm using is brain dead and buggy. Need to find a better tool to read the images with. This one looks like it's going to be a battle to fix.

I notice that NC seems to have one outstanding natural feature.
Trees.
Now I may be a bit cynical about this, however, when I was driving around, I did notice that there seem to be quite a few new apartment complexes being built in the area in the forested areas. There seems to be quite a number of slash and burn operations in the forested areas. I wonder if they ever follow the idea of replanting trees somewhere else. I watched some local council TV the previous night and noticed that planning permission seems to be very strictly controlled. Though some of the proposals for various schemes seemed quite dubious to me. I'm sure they know what they are doing...

Went off in the afternoon to Capitol ford as they rang to tell me the financing went through (Hurragh!). Got there and proceeded to go browsing the various models kicking around. I didn't go overboard with the options and althought there were none that had sunroofs, I was assured that one could be added later. I'm not fond of the US brear indication grouping. I prefer the clear/amber/red indicators, I dislike an indicator being a brake light as well. I might be possible to have that changed. We'll see. After taxes etc the whole deal costs $16,075. Insurance... well liability insurance cost me $214 for 6 months unfortunately, as the car is financed, I have to get full insurance... catch 22, you need a NC drivers licence and a car serial number for to get full insurance,... DOH!... someone shoot the stupid moron's in goverment.

Well, the long and short is that need to get the NC drivers licence ASAP. In the meantime, the dealership is going to provide me with dealer tags while that gets sortted out. Now I need to learn the DMC driving laws. Someone need to thump them for silly things like making statistics a part of the driving test. WHO CARES??? The should be emphisising safe (defensive) driving rather than litigation and statistics,.. Oh well, I can't change that beyond lobbying later on, so I've printed out the online DMC guides. Looks like I'll be revising this weekend. From what I can gather they don't even bother with a practical driving test here eaither except when they feel it might be waranted. I feel so safe knowing that the driving population of NC has never actually physically proven they can drive sensibly to a goverment official standard.

I need to call up Hertz in the morning and let them know I'll have to extend the hire car lease till monday.... Damn,...

Ha! I knew all the lack of sleep would finally catch up with me. Tumbled out of bed at 11:30. by 12:00 I'd managed to get upright again. Did a quick tidyup and took some rubbish out.

Bored...

Went into the office wit the intention of doing some work, but got sidlined into fixed some bits and pieces on ZenII though _A_ had to fix one of the problems I was looking at. Typical blindingly obvious error...

Went for lunch with Trond and Jeff. We initially were looking for a sushi restraunt but the one we went to initially was closed so we ended up at a mexican joint instead. Probably just as well. I think it's being arranged to have a camera around for my first experiance with sushi.

Returned to the office and fiddled with the alpha. I think I'll be putting the voodoo3 3000 PCI card back in based on the card benchmarks posted recently. I'm just a bit dissapointed that I don't have an AGP socket on my alpha or I'd have tried the voodoo3 2000 AGP I happen to have brought over with me. It'll have to wait until I buy another computer.

Made a lot of calculations on the back of an envelope,... after taking into account rent, car repayments, taxes, various other expenses, I reckon I have anything from 1000-1300 USD a month to 'play' with. I think, after I get settled in I'll buy a 19" trinitron monitor similar to what I had back in the UK. I tend to like trinitron monitors as the mask on them provides a very stable image. The ViewSonic G773 I'm using at work flickers too much for my taste. I also need to get a USB webcam and a new digital camera.

Noticed that solar flare activity is becoming much more common. Maybe I can start using it as an excuse as to why some things don't work. If you have time to download lots of pretty pictures of the sun have a look at the current solar data

I'm suffering diary neglect...

Saturday.
Traditionally, when I worked for IBM, I would work 10-16 hours a day through the week and catch up on all the 'missed' sleep at the weekend. I seem to be having less and less sleep now. Typically 3-4 hours a day. I have a horrible feeling that it'll all catch up with me in a bad way.

Woke up at 07:00, 07:10, 07:20, 07:30, 07:40... by 09:10 I was finally awake. Got dressed, put some clothes in the wash and threw some dishes into the dishwasher and made tracks for the office. I had told deviant that I'd be there at 11:00 for to go off to the LUG at Raleigh. As it turned out, I was a bit late as I had to drop into a petrol station first. US petrol pumps don't seem to deliver fuel that quickly.

The LUG was a bit of a sorry affair. Not that many people turned up but I was told this was probably due to a previous meeting that was only held 2 weeks previously. Mostly people seemed too engrossed in making their machines work themselves to socialize much. I doubt they would have been intrested in a lecture in DNS administation and the evil of NSI/ICCAN, monopoly and control.

At 14:00 I had to excuse myself for to gooff and look at another apartment. Managed to get off campus and back on the highway without getting lost which I thought I might end up doing as most of the campus was one way.

Arrived and looked at the apartment. The kitchen is too small. Oh well that leaves the falls at Duraleigh to look at tomorrow.

From other people I've learned that driving anything from 15-20 miles to work is quite common. I don't think I'd like to live quite that far away.

Returned to the office to check up on email and tidy up on a few bit's. Got bored and went home.

As I went home through Cary I decided to drive around a bit to get a feel for the area and what was available. Ended up at Wall Mart, where I bought a screwdriver set and a headphone extension lead. Both vital pieces of equipment for any serious computer geek..

On the way back from the store to the apartment, I got caught at a railway crossing where a very slow moving and very long train was going by... The train itself must easily have been 1/2-3/4 of a mile in length. There is something almost hypnotic about a slow moving train pulling endless identical carriages across your line of vision.

Finally got home, made some food, watched the adverts, then went off to read a book.

Not one of the most action packed days I've had here.

Many things happened today.
Hopefully I can remember them all

I got in a bit later than I would have liked to have been (09:40) however my anticipation of being 'late' was groundless as no one in engineering bothered to turn up till well after 10:30... I spot a flaw in this. Admitidly I used to turn up at work at AT&T/IBM later than that, though normally after doing 15-18hrs of work.. (cough)... Actually thinking about it, we used to have an online timesheet system to log hours worked on projects etc at IBM,.. it was generally hated and dispised, however, I did actually use it, until such time as it started complaining that I couldn't possibly be working the hours that I was.

Called up the SSA to see if they had my social security number available. They did. Joy, this makes a lot of things much easier to do now. I needed to go to the bank, however, today is pay day. I had to wait to get a cheque signed by the HR/payroll dept first. By this time I decided to put off going to the bank until after going out to have a look at the housing at Innsbrook.

Innsbrook isn't that far away at all. I had a look at two types of apartment a 2 bedroom/1 bathroom and a 2 bedroom/2 bathroom apartment. the 2br/1ba was a bit dark and not as large as I thought it might have been. The 2br/2ba apartment I saw was a showcase apartment so had some furniture and decoration already in it which while it was designed to show off the apartment as best as possible gave me an idea of just how much space was available for furnishings. Many people have gone on at length about facilities etc however, all I truely want is a bedroom, a study, a living/dining room, a bathroom and a kitchen/utility room.

Beyond that, I really have no special needs. Still, at 785 a month, it's quite affordable though I need to factor in intresting things such as furniture rental, electric, phone, food, other living expenses. I still have three other places to go look at out at Chapel hill, (Rock Creek, Bradford Place and The Falls at Duraleigh). I'll see how it goes over the next few days. One intresting observation about US household electrics compared to the UK, in the UK to switch a light or appliance on we switch DOWN and not UP as the US seems to have adaopted as it's standard. (oh, and the UK have better switches as well which won't snag on a jumper or coat.). Another observation I've made is this odd dependance on haveing a washing machine and a tumble dryer using up rediculous amounts of space.. observe the future... Washer dryers that take up a fraction of the space.

Having grabed a load of documentation from the Innsbrook people, and been surprised that Redhat *wasn't* a prefered employer even though I had originally been told they were, I popped over to the Wachovia bank. Happily filled out the rest of the banking details and applied for home banking, the bill payment facility and credit rating. I did find out that international money transfers are still behind the times though they have given up on requireing a 1/2 pint of your blood for the intricate scrollwork of selling your soul to the devil. As I've had to pay the hotel bill out of my credit card, I'll have to pay it off from here in the US since RH kindly decided it would rather I paid for it (duh!)

As a result I estimate the costs as follows
10 days in the hotel + various taxes etc = $832
payment = my UK credit card
So, having to submit an expenses claim, I will actually have to claim the $832, and additionally, the currency conversion charge that my credit company will charge which I won't know until I get a statement and when thats done, I'll need to wire over that amount to the UK which incurs a $30 wiring fee.

So, any new RH employees coming to the US should beware. I really have no idea as to why RH wouldn't pay the hotel bill directly it's simply made things more complex and expensive than they had to be.

Wanger has made noises about the hire car on his credit card,.. however, my hands are tied until the bank gets the credit rating sortted out. At that point I can go and buy a car. Again, having talked to a few more people, the saving on buying a 2nd hand car is offset by the various warranties that you would get with a new car. As I'll be in the US for 3 years, and don't expect to be driving any large milage, I think I'd be better off going to buy a new car for the sake of a few thousand. From what I can tell, a new car (bizzarely) will mean I'll get cheaper insurance with one firm... umm....
The bank also told me that I'd probably be better off with a car dealership finance package rather than getting a loan from them to buy a car with. Seems fair enough to me. I might need to wait to get the credit rating and a formal chequebook though.

Ah great! something I was unsure if I'd brought with me or not has turned up. the ScanDo 1024 which is used to convert the SVGA output of a computer to NTSC/PAL via composite/rgb or SVHS. It seems it had somehow got left in Keiths car after he picked me up when I first arrived at Raleigh. This is good news because I have plans to use it to make 'training' video's, though I'll need a few other 'toys' to add in audio.

Looks like I'll be visiting a LUG in the area tomorrow with devient. Seems I'll have to be at RH at the ungodly time of 11:00 in the morning on saturday, though I'll have to disappear later on to go look at Rock Creek.
fun...

Note to Raph or someone, Advogato is BADLY in need for alphabetical sorting for the projects area as well as the people index.