Update: See Fletch’s write up over here!

On the face of it, 1600 miles of driving in three days across various parts of Europe (France, Belgium, Germany, Switzerland and Italy) might seem a bit crazy. But when you do it in some of Bayeriche’s finest (an E39 M5, a Z3 M Coupe, a Z4 and a 745i) and cover some of Europe’s best roads you start to understand the appeal. The roads and views we encountered have to be seen to be believed, and thanks to the miracle of technology that is the Internet you can right here. They’re up on Facebook as well but that does a pretty good job of mangling colour profiles and compression so they look a bit cack. I’ll whack them up onto Flickr too at some point just for good measure.

I didn’t take as many shots as I like as I spent approx. 99% of my waking time over the weekend behind the wheel but there’s a few good ones in there. Fletch took a shit load as well with both his camera and mine, and he’ll no doubt write something more descriptive fairly shortly. All in all it was an amazing weekend, great roads and good people to be on a road trip with. Highlights for me had to be Faz’s physics-defying driving in the 745i, Fletch’s ability to control the weather by singing various songs, Matt’s psychotic overtaking manouvres, and the views from along / around Great St. Bernard’s pass.

So when’s the next trip? :-)

“You signed a petition asking the Prime Minister to ‘Prevent Portsmouth City Council closing Southsea Skatepark in September 2007.’

The Prime Minister’s Office has responded to that petition and you can view it here: http://www.pm.gov.uk/output/Page13600.asp“

The bit that we care about:

However, the Government understands that the council has had a change of heart and that Southsea skatepark will now remain open throughout the winter and beyond. Government further understands that the council is committed to the future of the park and is looking at a range of options both internally and externally.

Best get down there really and ride it before it does eventually disappear… KOC 2008 anyone?!

Some really bad news. I got an email from Taylor and there’s a bulletin on Myspace about this, so I’ll leave it in his words.

Recently our world lost one of its finest members. Gary A. Nesbitt’s body was found in the San Diego Harbor on Sept 29th. Gary has had a tremendous impact on many people. He has no close family so as his friends, we are all he has. We are making arangements for a memorial service at the Clairmont YMCA skatepark. If you would like to help plan or contribute to this event, please contact Taylor Robinson at 619 987- 7433 or email taylorpagerobinson@gmail.com. please foreward to any and everyone who was blessed to know Gary. We are all deeply saddened by this loss.
You are gone but not forgotten

A memorial service is planned for Saturday Oct 6th at the clairemont skatepark
3:30 pm-5:00 pm bike jam
5:00 -? memorial service
please bring food, drinks and stories of how gary impacted your life.

Gary wasn’t a myspace-er. I started this page after hearing of his death. I invite everyone to log on to his myspace page and make it “savage” style. Please sign out and re log on as garynesbitt@yahoo.com with the pass word savage1 and post any thing (pictures, stories, movies) that you would like to share with Gary’s friends.

http://www.myspace.com/garynesbitt

Gary was one of those people that you meet that you instantly consider a friend. He’ll be sorely missed.

RIP Gary.

pf, which originated from the OpenBSD project, is easily one of the most elegant firewalling solutions I’ve ever come across. Check this example out. I was getting pretty tired of all the SSH dictionary-type attacks on our new box - a problem compounded by the fact that we’re running various jails and so multiple instances of sshd - and so I looked for an easy way to stop this. The obvious solution is to move sshd off port 22, but I couldn’t be bothered with the user education for this to happen. Another option is to use something like DenyHosts, but as that has its own history of security invulnerabilities I decided against that as well.

Enter pf, and a trivial rule such as this:

pass in on $ext_if inet proto tcp from any to { $fork, <jails> } port ssh \
flags S/SA keep state (max-src-conn 15, max-src-conn-rate 5/40, \
overload <bruteforce> flush global)

So we have a table called ‘jails’ which contains a list of IP addresses for each hosted jail, and a persistent tabled called ‘bruteforce’. SSH to port 22 is allowed, however if there are more than 15 connection from one source, or if the connection rate exceeds 5 every 40 seconds, they’re stuck into the ‘bruteforce’ table. And right at the top, we have:

block quick from <bruteforce>

So they’re instantly blocked and tracked for future reference. A few days later…..

$ sudo pfctl -t bruteforce -Tshow | wc -l
130

So 130 IP addresses caught and tracked. Nice.