Press "Enter" to skip to content

nuxx.net Posts

Garland Resort’s Website is Very Insecure

Published August 26, 2009

Next month I’m going to be attending a wedding at Garland Resort in Michigan’s northern Lower Peninsula. When reserving a hotel room there I noticed that not only was the reservation system using plain old http, the form which accepts a credit card number is insecure. It then again uses HTTP when submitting the form:

<form name='frmRes1' method='post' Action='CCard1.asp?IRM=yes&BtrvID=4249' onSubmit='return NextPage()'>

Here’s an excerpt from a network capture of me submitting a page full of garbage info:

POST http://65.123.67.67/irm/CCard1.asp?IRM=yes&BtrvID=4249 HTTP/1.1\r\n

Line-based text data: application/x-www-form-urlencoded
    [truncated] firstname=Test&phone1=987-555-1212&lastname=User&phone2=&address1=12345+No+Street&sob=WI&address2=&ccname=AMEX&city=Default&ccnum=1234567812345678&state=AZ&ccexp=01%2F12&zip=99901&cardid=555&country=&email=test%40example.com&pa

See that last line there? In case you don’t know, the & sign delineates the fields, and it’s a simple valuename=value pair. Therefore, ccnum=1234567812345678 is the garbage credit card number I submitted, cardid is the CVV2, ccexp is the expiration date, etc. This is very definitely not PCI compliant and is a thief’s dream if the victim were submitting this form across a sniffable public network.

Suffice to say, I phoned in my reservation. This is obviously not an ideal solution either, but at least I didn’t use that crap.

Leave a Comment

In The Face!

Published August 24, 2009

Please excuse the poor quality photo, but it’s hard to take a macro photo of one’s own lip.

Today while riding back towards Rochester along the Paint Creek Trail with Bob, Erik, and Kristi, just before getting to the Tienken Road crossing I crossed paths with a large insect. While hitting, inhaling, or simply swallowing bugs is pretty common during late-summer riding, this was different. As soon as the bug hit my face I instinctively closed my mouth, which apparently trapped it between my lips.

In between that time and when I was able to pull it off my face (seconds, really) three quick bites or stings were applied to my lip. I’m not completely sure what it was, but the spindly, leggy feeling between my fingers and multiple punctures in such a short time leads me to believe that it was a wasp. It could have been a black fly or deer fly but I’ve never known them to bite so quickly.

At first the pain was like a sharp, stabbing cut, bothersome enough that I needed to stop for a few moments. After that it went down a bit, and now is sting a deep ache, similar to both the pain of split open chapped lips and having bit one’s lip quite hard.

At least the ride tonight was really nice. We started out at Rochester Mills, then headed up Bald Mountain South Unit, rode most of the mountain bike trails, then (due to my misdirection) didn’t quite find the connector to the Lake Orion High School mountain bike trails before sunset threatened.

Leave a Comment

Damaged Inner Plate on SRAM PG870

Published August 22, 2009

I’m really unsure how this happened, but this is why the aformentioned chain link is stuck. It seems that the very end of one of the steel inner plates had some metal torn away from it, and this metal was then pushed between it and a roller, wedging the roller and link in place.

As this is the very end of a plate, it couldn’t have happened from hitting something. I can only figure that either a manufacturing defect which left a bit of metal flashing sticking out was finally hammered down into place, or maybe a rock or piece of metal or something got on one of the teeth and during a sudden/hard pedal stroke it cut the plate. While the cassette is steel and may have been strong enough to do this, the chainrings are aluminum and likely couldn’t make this happen. I’ve also looked over all of the teeth and they all appear to be in good shape without any exceptional burrs or dented spots.

Later tonight after eating dinner I’ll try to get the bit of metal out, in hopes of salvaging the chain. If this doesn’t work I imagine that tomorrow will also include a quick run to REI for a new chain.

UPDATE: Removing the offending link and dropping in a spare (which I’d forgotten that I had) seems to have sorted it all out.

Leave a Comment

Stuck Link!

Published August 22, 2009

Today I took a ride from my house up to Stony Creek, around the trails, into Downtown Rochester, then over to Bloomer. Bloomer is a bit convoluted, and the only trails that I could find are the rather intimidating ridge trails, which are a bit riskier than I prefer to ride. (See this photo, which shows where I stopped riding as I prefer to not duck around chest-height trees on off camber bench cut trails with steep drop-offs.)

Right as I began heading towards my house, something wasn’t going right in the drivetrain. Every couple pedal strokes or so I was getting a bit of ghost shifting, particularly when in physically smaller gears. A quick look showed that it was likely a stiff link on the chain, so I headed back towards home. En route to home things became worse and worse, to the point where I could only ride in the big ring and somewhere above the middle of the rear cassette. Regular ka-chunk sounds were heard as the derailleur jumped around a bit.

By the time I got home there were 34.37 miles on the odometer, in just about 2:49. I was rather wanting to ride more, but the chain was saying otherwise. This is a pretty new chain, and prior to this ride (at about the 120 mile mark) the factory lube still seemed to be doing its job. Everything was moving very smoothly, there was no noise from the chain, and everything was shifting well. Right now I’ve got the chain soaking in degreaser, and then post-cleaning I’ll give it a bunch of (physical) attention to try and loosen up the link. At least a new chain isn’t particularly expensive if that doesn’t work.

(The bandage is from cutting a good slice mostly off of my finger tip yesterday while slicing limes with a bent, dull knife. Doing this made me very mad at myself.)

UPDATE: Problem found! It’s a damaged inner plate.

Leave a Comment

Python Is Interesting

Published August 20, 2009

Yes, I’m very late to the party, but as I’ve been hearing quite a bit about how useful Python (Wikipedia) is, I’ve spent some spare time over the last week giving it a look. As was suggested by some friends I started with Python 2.6.2, which is the latest version of the previous branch of the language. (There is also a 3.0 branch, but it’s my understanding that it’s not yet widely used and is sufficiently different from the previous version that it’s best to start at 2.6.2.)

After going through most of the very nice official Python tutorial I began playing with Windows-specific things, most notably Tim Golden’s WMI Module, which seems to work quite well. I still have to get more comfortable with the language, but thus far I’ve had no problems reimplementing many of the basic scripts that I’ve written at work to automate random little tasks.

2 Comments

Trashwall Is Dead

Published August 18, 2009

Yesterday while at work Danielle informed me that she was unable to reach the internet from my house. SSHing into Trashwall showed that while it could talk to the public network, for some reason it couldn’t talk internally. I figured that a quick reboot might be worth trying, but after that it never came back. Watching the console yesterday showed it dumping core while booting, and that the system’s time had been reset to the epoch. Hopefully this is just a case of the PRAM battery having failed. It’s a SAFT LS 14250 C, which is thankfully easy to find. Out of the system the battery reads 3.6V, which is normal for it, but it’s possible it’s right on the edge.

I think that after replacing the battery and getting Open Firmware properly set back up I’ll look at replacing it’s el-cheapo 2GB Compact Flash drive with an actual hard disk. The extra space will allow me to run Cacti, which I think would be pretty nifty to use for logging per-device bandwidth use, wireless network stats, and things like that.

Currently my house is running just-fine on an AirPort Extreme which works well, but is a bit limited feature-wise. It’s really nifty that it supports IPv6 and all, but that’s not something that I currently use. If I’m not able to get Trashwall (that is, the Mac with the many-port NICs and such) going again, I’ll have to figure out something else for network connectivity at home. I really like the idea of a ultra-quiet OpenBSD box handling everything, but I’ll have to find (and silence) a PC in order to do the same thing. That might take a lot of effort.

UPDATE: Trashwall was fixed by fitting a new hard disk, replacing the PRAM battery, restoring the OpenFirmware settings, and installing OpenBSD 4.6. Everything is working great again.

Leave a Comment

Bob’s Tour-de-Addison

Published August 15, 2009

Wanting to show some people around Addison Oaks, Bob set up a group ride, the Tour-de-Addision, for there today.
This morphed a bit, with some of us riding up from Rochester Mills.

This was a really great ride, totaling somewhere around 40-42 miles. We rode up to Addison Oaks via the Paint Creek Trail and some dirt roads, two laps around the park’s single track loop, through Bald Mountain, then out to the PCT again. On the way back the three people I was with (Nick, Jon, and Erik) were really pushing each other, holding a solid 22MPH for the roughly 8.5 miles from Lake Orion to Rochester. I was able to hang on behind them for a while, but once they got up near 25MPH I was lost.

After making it back to Rochester we all had food and beer at the Mills, then Erik, Kristi, and I walked over to Bean & Leaf for coffee. Unfortuntely my stupid-in-retrospect choice of espresso pushed me over the edge, and I ended up with a good bit of heat exhaustion. By the time I got home the feeling of a migraine was coming, I was really sleepy, and nausea was coming on. With this being signs of heat exhaustion and/or dehydration the AC was turned on, and I went to lay in the basement while sipping cool water. After mixed napping and drinking of cold beverages for three hours I’m feeling better, but I still haven’t had to urinate. Hopefully soon.

Leave a Comment

Broken Crank Puller Cap on Race Face Deus XC Crankset

Published August 13, 2009

Tonight I went to pull the crankset off my bike so I could change the chainring bolts and this happened. That bottom flat piece of metal is supposed to be a taller cap, known as the crank puller cap (see crankset instructions here). It sits on the outside of the crank bolt, and as one undoes the crankset bolt it pushes against the cap, which pulls the drive-side crank off. Instead of doing that it just came apart, breaking off at the first ring of threads. This is not supposed to happen. Not much force was needed to break the part and the splines of the crank were well greased when I reassembled everything a few weeks ago, so I figure the cap simply failed.

While I can get another cap, there is a relatively thin cylindrical threaded piece of aluminum stuck in the crankset. I’m not completely sure how to get it out. I also can’t wholly disassemble the crankset until this piece of metal has been pulled and a new cap acquired. A very large easy out may work, but I might end up having to make something which digs into the remains of the cap and can unscrew it. It’s not very tight, but its not moving.

UPDATE: After a bunch of effort I was able to get the cap out and use a crank puller to remove the crank.

4 Comments