Category Archives: Uncategorized

The EBS volume is full: a tale of undue woe

Oh, that’s easy. We’ll shut down the instance, snapshot the instance, and then create a larger volume from the snapshot! Simple!

Somebody put in an /etc/fstab entry to a network file system that isn’t mounting. The instance goes to single-user recovery mode because the nofail option isn’t specified. Well, we’ll attach it to another instance and that’ll fix the problem.

The original image was a CentOS 7 image taken from the AWS “marketplace”, and EC2 won’t let me mount it to a running instance. Awesome. Let’s spin up another instance that we can easily attach it to. I still have the terraform script I used to launch it, so I’ll just change the terraform resource name.

Instance boots, shut it down, attach the other volume to fix the fstab, and… the instance won’t boot. Somehow, /dev/xvdf is causing that remote filesystem to mount. How can that be? Unattach the volume and the recovery instance boots. Re-attach the volume to recovery as /dev/xvdg and… nope, instance hangs for the same reason. How can this be?

Theory: for everything that cloud-init changes, it doesn’t change the volume UUID and it’s the UUID that’s being referenced by the bootloader. The newly attached volume has the same UUID as the root volume, and it over-rides it, making the newly attached /dev/xvd[fg] the root volume, processing its /etc/fstab, and hanging the instance in single user mode.

Alright, how about I change the UUID of the root volume? I can’t do that: you can’t change the label on a mounted volume using xfs_admin. I am so not doing direct editing of the block device. Terminate the instance, launch using a different AMI that will have a different UUID on the root device, shut that down, attach the volume to recovery, edit /etc/fstab, terminate the instance and finally we’re along enough to re-snapshot the broken volume. This should be fast as only a few boot logs and the /etc/fstab blocks have really changed since this whole thing started. OK, it’s a little slower than I like but it does get done.

That… was not fun. Marketplace codes attached to zero-pay open source instances are the devil. They aren’t desired to serve the goal of protecting the image, but they do cause all the pain.

PS: All of this was avoidable if I just had the machine’s salt configuration role defined. I grabbed the locally-created sls file I’d written as I went along when this instance was originally launched, head into my repo to add it as a new role… and it’s already there. I could have launched a new instance with the appropriate salt configuration the whole time. THE WHOLE TIME!

Insane Default Insanity


The lack of that one line basically led to my blog being offline for over 8 months. That’s ridiculous, but I had other things to do than investigate why MySQL would be OOM killed on my personal blog when clamping down on known memory settings did nothing. In the same vein of ridiculous things, my MySQL server was using 450MB on startup when I’d given it a 5MB innodb_buffer_pool_size. What the shit. It has been years since I’ve had to heavily tune MySQL, but this is a very low traffic blog with a very simple setup. Why is it practically on fire and getting OOM killed every day or two?

I’ve had an unusual bought of time to devote to personal projects in this week, and somebody at work asked me today if I blogged. I decided I’d resurrect the thing.

The fact that this is all contained in two linked docker files that aren’t document didn’t make it easier to deal with. But there I was, holy hell fire and all, with MySQL taking up 450MB without Apache running. I’d fire up WordPress and down went the ship as the whole server would lock up for a few minutes until every last malloc was at its wits end and the kernel OOM’d MySQL, and sometimes Apache with it.


With those absurdly small values at play and the memory entirely unaffected, I was now using refined Google searches like “mysql too much memory”. And there was hint at the unholy answer from somebody else burning up too much memory:

With your configuration, before running no query, you need 1.5 GB of static memory assignment- before the buffer pool is even used an no connection is performed. Most of it (1GB) goes to performance_schema, but there is still 500MB that are allocated (vs the 42k for the default configuration).

Somewhere along the line, the new version of MySQL managed to, by default, use intense amounts of memory on startup for a profiling feature that I didn’t care want. More than that, I’d argue that it’s not the kind of thing you’d want to turn on be default in system. If it takes expert knowledge to use it, and it puts a load on the system (in this case, an extreme of 10-20x jump in memory use at idle vs. being disabled), then it should be something that is only actively turned on.

What a terrible little gift I had waiting for me.

Can’t touch this: you should get a YubiKey NEO.

Try to imagine an answer to somebody having full access to all of your devices and still being able to have a chance at wrangling back control of your online accounts. This device is it.

Here’s why I have two Yubikey NEO devices:

  • Availability. All TOTP tokens are initialized on both devices, and any U2F sites get both keys enrolled. I keep one safely stored and the other with me. If I lose one, I can still get into all my accounts to rotate credentials. This is far better than Google Authenticator on my cell phone which is much more likely to be broken or lost, and much less annoying than trying to replicate a similarly backup by printing tokens or trying to store them somewhere online that is both secure and accessible without my two factor device. I can plug my Yubikey into my computer or use NFC on my phone.
  • Security.
    • TOTP: If my token isn’t in a computer, you can’t be me. If you didn’t capture my TOTP secret when it was initially created (or steal it from the provider’s server), you can’t copy it from my devices.
    • PGP: My latest PGP key was device-generated. Nobody has a copy and you can’t steal it. There’s a device counter that keeps track of how many signature operations have been performed, so if I’m actually that diligent I can detect any unauthorized access to it for signing.
    • FIDO U2F: I don’t believe that there’s any better system for 2-factor authentication than this. It goes a very long way to preventing spoofing as well as avoiding shared secrets. It also requires me to touch the device so get an authentication token solely through software.
    • SSH access: A spin-off of PGP support, my ssh identity can be run through a PGP agent so nobody can ssh as me without having access to my device.
    • Yubikey OTP: If you can’t implement U2F, this may be the next best thing.
    • The firmware is fixed, so no Bad USB attacks are likely.

If your access credentials are worthy of a 2nd factor, this is the way to store it. If you can possibly use U2F, do so: not only for your own sake of security, but also for the rest of us by helping to speed adoption. The more people buying U2F devices, the more likely the world is to write code supporting it.

Seriously, this $50 device really is all that and a bag of chips. Other than physically storing my passwords, it supports every method I use to authenticate myself online and it does it more securely than any other method than I’m aware of. If you know of a better device, I’d love to hear about it. If you have an excuse to not buy one, I think it’s probably a poor excuse.

On storing passwords: Don’t go all Ashley Madison; use write-only access.

Let’s start with the basics: you’re supposed to hash your passwords. Basic cryptographic algorithms are a long-gone recommendation there: you should be using PBKDF2, bcrypt, or scrypt. That’s the standard that we call good, but there’s more that you should do beyond how they’re written to disk.

Now that you’ve stored them securely, make sure you don’t go Ashley Madison: don’t use passwords as a basis for anything! In fact, you should never read a password hash for any purpose other than to compare it to a hash. It should be absolutely impossible for your webservers to read the password hash. Webservers should only have access to meta information about the password hash: things like the salt and the number of rounds. The actual comparison to check if the password is valid for a user should be a function call that returns true or false. You can implement this as a stored procedure in your database engine or provide a dedicated authentication service. It’s fine if your webserver can insert or update a password, but it should not have the permission to select it.

Which brings about the next part: if you can’t read a password, you certainly shouldn’t have cause to display it, and thus there are so many things wrong here:

Finally for good measure, I give this admonition for anybody creating session tokens for a browser: create these with random values and store these in their own table so they can be cleared out server-side. It should be possible for you as an administrator to terminate some or all logged in sessions without altering anything else. Each session should have its own random cookie. Facebook, for example, provides this functionality very cleanly:

Facebook allows you to end individual login sessions

But why is my music offline? BGP tracing post-Hurricane Sandy

At the time, I couldn’t reach them from California either. That presented a bit of curiosity, so I started with a traceroute to figure out what might have happened.

$ traceroute
 traceroute to (, 30 hops max, 60 byte packets
 5 ( 5.906 ms 5.902 ms 6.568 ms
 6 ( 6.524 ms 6.278 ms ( 6.688 ms
 7 ( 6.478 ms 4.454 ms ( 4.625 ms
 8 ( 77.596 ms 77.703 ms 77.687 ms
 9 ( 78.191 ms ( 93.865 ms 93.851 ms
 10 ( 77.554 ms 77.763 ms ( 77.761 ms
 11 ( 89.285 ms 78.158 ms 88.893 ms
 12 ( 77.901 ms 77.647 ms 78.381 ms
 13 * * *

It looks like I can get to Level 3’s network, but something is breaking either within their system or when it hands off to another network. Often the first step is to check from a few other locations. I tend to log into my EC2 instance in Virginia when I want a view from somewhere else, but I’m confident right now the whole network connection is going wrong since I’m seeing statements on Twitter too. So, we’ll move to the next step: the Looking Glass.

Looking glasses are machines on provider networks that provide information to the public and other providers to help with diagnosing problems. provides a good list of looking glass systems.

I first started with the Hurricane Electric looking glass. Their system won’t let me link, but typing in and selecting “BGP Route” would give me the information I was looking for. The key point is that the address I was looking for was advertised by AS29791. is now part of Agile Hosting Solutions which is owned by Internap and indeed visiting will bring you to

We can learn lots about an Autonomous System through its Peering Database entry as well. Between the traceroute and the peering database entry, we can presume that their system went offline in the 165 Halsey Street “meet-me” room in Newark, NJ.

Knowing this, we can try to find other peering points that might work besides, letting us know if the network is down only for people entering via Level 3. Searching for networks Voxel peers with or other exchange points can be helpful for this. A less involved method is to cue up a looking glass site and select many different locations to ping from at once.

I tried to paste some text, but WordPress decided to use the “Format Like Hell” option and manually pasting in the CSS was… unpleasant. Regardless, from the screenshot we can see that the site is now online, but still hobbling from Fremont. Every time I run traceroute, the route (Level3 Kansas City) is ok, but the (Hurricane Electric Fremont 1) link shows packet loss in the Voxel network.

As a network provider, this would be a time to possibly kill the route. As an end-user, if it’s bad enough I can try to call any of the providers in my upstream path to them as seen from my traceroute and convince them to change the peering. If I can’t get any help, I can also tunnel my connections to a machine that does have a working path. Most people shouldn’t be trying to get BGP routes updated, but network administrators should be familiar and know who to call that is on a network operations center list. See also the NANOG mailing list.

With that, I can now find a better way to stream my online music and know what part of the Internet is broken.

LinkedIn hash leak analysis

Today it was announced that LinkedIn was compromised at some point and 6.5 million unsalted SHA1 hashes were posted. LinkedIn has since confirmed that the hashes relate to accounts from them. Before the official announcement, though, I was curious.

Trying to confirm

The first question was, “Is this real?” Since I’ve had an account on LinkedIn for years and I assume this password file would be highly linked to, I guessed that it would probably be indexed by Google in minutes if it were posted in plaintext. I searched for the SHA1 value of some candidate passwords, but they didn’t get any results. That’s probably a good thing for me.

Without this lead, though, it took some searching of stories to find and download a copy of the full list. Given that, I again searched for possible passwords that could be associated with the account, and searching against the file I again found no matches.

Outside sources

This is where the human networking aspect of the profession comes into play. I heard from a few people that I respect and consider to be likely good sources of information after I linked them to the file, and while some folks like me didn’t find their password there, others did. The one that I really latched onto was an individual who found the SHA1 hash of a 30 character random password in the list.

It’s real: now what?

First off, shame on LinkedIn. They failed to take simple steps to protect leaked passwords, and for that it’s relatively easy to attempt to crack them.

Why is the list not comprehensive? Initially when I scrolled through the file, I saw an odd pattern: the characters in columns 7 and 8 were staying the same when everything changed. They were either “a8” or “a9”. It would be very strange to sort a file by those columns and to include only a portion. To check that what I was seeing at top and bottom of the file where the case, I ran it through a quick series of pipes:

cut -c 7,8 hashes | sort | uniq -c

It turned out I was wrong and distribution was rather uniform. I haven’t come up with a solid explanation as to why the file seems clustered around those offsets in the hashes, but I’m guess it relates to the fact that already compromised passwords have had the first characters of the hash replaced with a string of zeroes.

Why is it just hashes and not usernames or email addresses paired? Whoever compromised the accounts is holding onto something valuable. Because people tend to use the same usernames and passwords across several different sites and email addresses are often linked part of that, whoever compromised the accounts has information that can be sold on the black market. Releasing the hashes offloads the work of breaking them, but the value is in tying them back to an account. It would be bad to have any financial passwords tied to the LinkedIn site’s email / password combination. It would be devastating if one used that password for their email account as access to an email inbox often provides the ability to reset paswords.

The simple reminder

Change your passwords if you used the site. Change any passwords that are the same. Even if you use a simple variant of the same base password, try to have some variety between sites. Make certain that you use a unique password for your email. Consider using unique passwords for other high-value accounts. Ideally, every account would have its own unique complex passwords, but the bounds of human memory are often a challenge to that.

In summary, duplicate passwords might cost you by providing access to an important site if it uses the same password as a low-value site. With vendors adding features and once-free sites making more use of financial data including credit card information, things that used to be low-value to you may now be higher risk.


Tell me what I need to know RIGHT HERE AT THE TOP

A user asks a question in 3 parts. The title, then two paragraphs.

Title: Run compiled c program without ./

At this point I’ve already formulated an answer: “You can put “.” at the end of your path. There are risks to that, but it will solve your problem.”

The user clarifies in the first paragraph:

Quick question. After compiling a program, I always have to explicitly tell it to run from the current directory by prepending ./ to the name. For example $ ./testprog -argument1

The user has again demonstrated again that what I’m answer is correct. Perfect! At this point, I’m done thinking. The user, however, continues:

Is there a way to set up some kind of alias which would allow me to call it simply by saying $ testprog -argument1 , essentially allowing me to run the program from any location?

I’ve already registered everything and the last part doesn’t contradict what I’ve got in my head, so I’m done. Now, what are the 3 most important words in that question? They are from any location. Re-iterating the most important part of a topic in a long piece of writing is good, but introducing the most important part of your question at the end of it is very bad.

Let’s beat this horse to death:

Imagine you’re calling 911 (or 000100108111112119, or 999 depending on where you live… wow). What discussion are you going to have? “I was watering my flowers and I saw a little bug, so I kneeled down, blah, blah… part of a wall fell down, my leg is broken and squirting blood.” You’re either going to tell me something like, “I’m have an exposed broken bone and arterial bleeding from the leg. I’m at 123 Any Street, Middle of Nowhere, South Pole,” or you’re going to end up passing out before you finish the call. You’ve told me what you need, how urgent it is, and where to find you. Do that with your questions, and do it in that order.

Why does would 911 ask for the nature of the emergency before the location? It allows them to prioritize your call if there’s an overflow (or know that this is the 10th call about that same car accident in 3 minutes), to select the resources that need to be sent, and then where they need to go because there’s a lag of at least 30 seconds between when you tone out a fire truck or ambulance and the time the vehicle makes it out the door.

Here’s another life experience: “Jeff. Jeff, wake up. Jeff? Jeff, help I’m hurt.” Want me to move in 3 words? Start with help I’m hurt and I’ll be on my feet before the 5th word drops. Try anything else and it might be a minute before I’m moving.

So, with all this blabbering, here’s the “how to” lesson:

How do I determine the important part?

Write whatever you feel you want to ask. Remove a sentence. Remove another. Keep pulling out sentences until you’re down to the last one. Now put them back in reverse order of what you removed and make it sound like something normal from that. Alternately, try to build a tree structure where each level is more specific than the last. Save my soul for this one, but if it’s your thing consider the Twitter Rule of Importance: can you express your thought in 140 characters? Start with that converted to normal English.

Whichever way you look at it, reducing your thoughts to a bare minimum will help with your ordering. Provide all the details, but tell me the important part first, especially if it defines the scope of your problem.

When working with a non-professional, the professional has to spend the time to ask questions helping them to determine the importance of things. When you’re a professional speaking to another, save their time because you know enough to understand which parts should be important.

When scripting is too damn slow

Israel Torres wrote a nice write-up on Google hacking to dig up some Wolfram Alpha API tags. This isn’t about that, but I thought the article was an interesting read. What this is about is something I noticed in his API generation script: it was damnably slow.

Now, before I go into my bit about this, let me emphasize: This is used only as an example to learn from; it is not a personal criticism of Israel in any way. Why put that in big bold letters? Because I’ve run into too many people who think they are smug and that writing something like this would be a way to prove personal superiority to somebody else. That’s not what this is about.

What is important is recognizing places where tight loops might need something a little lower level or faster. Israel’s code suffered a few things that can easily bite somebody: poor randomness from the shell’s $RANDOM and starting a ton of processes in a tight loop. In fact, the example scripting starts a new process (/usr/bin/printf) for every two bytes printed.

From his article:

Generating a million AppIDs takes under an hour on a modern system and validating them takes even longer (about 6 times longer). Interestingly, out of 1 million generated AppIDs only about 100K are unique; generating a true 1M unique IDs would take even longer! (See Figure 13 below)

Well, let’s check out Figure 15 from there instead as that’s the code:

That didn’t feel right to me on sight, so I tried a quick bit of coding:

The results were much more favorable when using C, and on a 3 year old MacBook laptop at that:

$ time ./a.out > /dev/null

real 0m1.337s
user 0m1.323s
sys 0m0.005s

For another 30 seconds of CPU work, I could pipe it to “sort | uniq | wc -l” and verify that I had a million unique entries.

In a first for me, I actually wrote a code snippet in C… then went back to my default go-to language for a speed comparison. Quickly cutting it into Perl, the code runs in 10 seconds.

In short, think about when your scripts might be slow on a production system, or when you’re generating a lot of data in a tight loop. It’s often best to write whatever gets the job done fastest overall. For the most part, whatever you can write quickly in works just fine, but sometimes remember performance — especially if what you wrote is going to spawn a lot of processes.

While I’m talking about “gotchas,” give yourself a pat on the back if you noticed what would be a huge mistake in anything involving cryptography: I didn’t seed my random number generator. The C code will generate the same list every time.

Valuing your own time

This is not a post about performance, or things that are fast in machine time. Without doubt, I dislike inefficient systems and software. Yet, I don’t always focus on that.

A couple week ago, somebody asked, “What’s with all the infosec people using Macs?” There’s a longer answer of mine there, but if I’m going to reduce my thoughts to a few sentences, there they are:

  • My maintenance and setup vs. use ratio is low
  • It fits into my command-line world
  • If it breaks, I can probably get it fixed by somebody else in 24 hours.

Sure, I built Linux From Scratch those years ago like I talked about in an earlier post. I watched KDE take 24 hours to compile and I did it a few times over. It’s a great thing to do, and I suggest everybody who really wants to know Linux knows that

"make menuconfig"

is all about. But, if I interview you, you better not plan on deploying that on my network. Your primary machine should be running something else. Sure, it’s a great hobby and the knowledge is fantastic, but keeping on top of every package’s software update and security issues isn’t the right way to spend your time.

Cars and motorcycles… I like to work on each of them, but I didn’t buy any of them with the focus of working on them. In fact, I want my ratio of time spent maintaining the vehicle versus using it to be as low as possible. I don’t do an oil change just because I like to change oil. I take pride in the fact that I do my own work, but I don’t do my own for the pride of it. So, in the world of motorcycles where I have to open the top of the engine and adjust my valve clearances to thousands of an inch… I look at how often I have to do that as a purchasing consideration.

My computer is the same way. I didn’t buy my primary computer to spend my time tinkering on it. Sure, I tinker with it and I launch VMs inside and build virtual networks… but I do that when I want to accomplish something, even if that’s learning.

The point is: value your time. In fact, up until now, every post I’ve made has related to this concept: value your time. Find a way to keep yourself focused on the things you can’t automate. Move closer to the office. Remember that it costs more than $3 to get something that’s across town and the shipping price might be worth it.

  • I once wrote my own blogging software in 2003 using PHP. Now I use WordPress.
  • When I ordered my latest desktop (I haven’t had one hooked to a monitor in over five years), it was cheaper for the same parts through Dell than was a beige box that I was going to assemble. Hello Dell.
  • I feel like a total badass when I write something in C. Usually I’m in Perl, though because it takes about 15 lines of C to do one line of Perl and I don’t have to think about buffers.

Tales of Shmoocon 2012: Joining Labs and Building the Network

I have been going to DEFCON for three years now with a group of fellow hackers from my town. Some of them went to Shmoocon last year and reported that I should definitely come down for 2012. So, with all possible insanity in mind, four of us jumped in a car and drove 10 hours through the night to the con.

Because one of my group had signed up for this thing called “Labs,” we arrived at 6am and a day early. I found out the details that morning about how labs was a pre-registered thing that I hadn’t heard about in time and then I napped until just after 9.

Now, I’ve been to DC many times. Given the choice between wandering the city again and doing something exciting surrounding the con, I went for the con. I had made it a habit to get into guest-listed parties I didn’t know about until too late while at DEFCON and have made it a personal point of pride to keep up the habit every year. So, in a move that I’m sure you won’t be able to do next year after this is published, I strolled into the labs area at 9:30, sat down at the management network / core table, and became part of the team… which happened to include my friend and another local who I didn’t expect. Maine was very well represented.

Labs Begins

Labs is split up into several teams and I’m sure there was some consensus as to how this should be apportioned before I arrived. Each team had their own table around the edge of the room with the routing, switching, and firewall (“network”) group at a table in the middle.

At the start of the day, my new group talked about the services we wanted to roll out. We talked about monitoring, so I took a stake in deploying Nagios. We went around the table and called off IP addresses in order to assign to our machines and started hacking away.

Immediately I hit the same snag as everybody else. We didn’t have internet on our little network. We couldn’t look anything up, and even more critical we couldn’t install any software packages that weren’t on a disc already. Everything had to wait until we could get online, so I grabbed a long cable, some gaffer’s tape, and walked to the network group to ask for a VLAN to the Internet. I gave it a quick test before we plugged into the switch and my laptop suddenly pulling 100mbit to the whole world. We quickly throttled that down to the level we had paid for and with that I plugged in the the management network. It wasn’t the final solution — I knew we had to later change to a real switch and establish proper presence on the network, but it was the right-now solution that got us to work.

Building it Proper

Having spent some time preaching the ideas behind Puppet and loathing the Nagios config files, I made the decision to do all my Nagios setup with Puppet. The idea paid off very well. Machines were setup as Puppet clients and then I basically never touched them. From modifying the master configuration, a basic configuration was typed out that pushed my favorite utility packages (ntp, vim, etc) and registered the system with the Nagios server. I ate my own dog food and I loved it.

Where we orientally started tempting all our services on one server, we would deploy them to several respective machines by the end of the day. With a VM server established after lunch, machines were appropriated for different tasks. As our needs for machines changed, we found it easiest to just keep the same original starting image and use Puppet to push to them. First up was the LDAP server coming online. I dumped the configuration and certificate files from the LDAP system into Puppet and spent a few iterations testing it out, then moved it from the test machine’s config to the general template and it was live. When it caused problems on a machine that was cutoff for a while by firewall rules, I was able to carve out an if/else statement in the configuration template and exempt the system. When the internal DNS server came up, I pushed the new resolv.conf to everything.

Things broke too. They broke a lot, and sometimes we knew they’d break even before they did. It wasn’t a surprise when our team lost internet for a while when we moved to our “real” switch with the proper trunk configs. Things broke when Splunk chewed up the resources of the VM it was on and had to be moved somewhere with more power. They broke when the firewall started destroying every SSL connection after a few packets… and I mean every one on every port across every VLAN and the Internet, and only SSL — and only after negotiation. We scratched our heads when one VLAN on our DHCP server went stupid and couldn’t hear packets that were sent to it, and then we scratched our heads more when changing that machine’s routing table ended up working as a ghost fix for the problem. That was a real stumper because it was affecting inbound packets, but it was the answer that made it happen.

Almost Perfect

On the whole, things were fantastic. We broke off our own bits of the work and started in. Everybody picked off a section of work, everybody worked together helping with other people’s problems, and everybody lived the spirit of things. We could have done a better job of knocking out dependencies like the early internet connection, or getting everybody using a ticketing system right from the start to handle requests between different pieces of software. I’m surprised the firewall crew didn’t want blood by the end of the day with the number of adjustments they had to make between all the different teams and problems they encountered. We did everything verbally with them.

Yet, I think Labs shouldn’t be “quite there” any year for good reason. Labs is about experimenting and pushing the edge. Sure, we may tackle those tidbits next year, but it was about more than just a network. It was seeing 50 people in a room with only the basic managerial structure of, “You’re in this group,” do something big in a day. It was about experimenting. Our central logging was good practice, but it was also learning for at least six different folks that we pushed our logs out to for analysis and learning. It was about cracking jokes over an AirTunes box that was accidentally broadcasting the management network over open Wifi and being impressed at the wireless folks who were running the tools to detect those things.

I’ve done consulting for a while and I’ve seen a lot of networks over the years. In a days time, we shined and we built it right. I heard stories, I shared stories, I saw some impressive setups from garage leftovers and vendor diamonds, and I hacked until I was too tired to keep going.

… But Perfect!

I’ve built my own networks to play on, I’ve worked in lab setups that have their own dedicated 100 rack server rooms, I’ve built a lab network with over 125 machines, but I’ve never had as much fun or been as part of a smooth team as these 50 folks who work together only for a weekend. So, if they don’t give me grief for gaming the system to get in this year, I’ll be applying and attending next time.