Tonight, Bill Nye will be debating the validity of evolution with unreasonable Christian fundamentalist Ken Ham, founder of the Creation Museum. I will not be watching.

One of the main goals of Ken Ham and the Creation Museum is to present Creationism as a valid scientific theory. A few years ago, when I visited the Creation Museum, I was particularly struck by this one room that was built to look like an archeological dig in process. There was a looped video running, part of which you can find around 1:02 here. In it, a creationist archeologist discusses the difference between himself and another worker: they both went to the same school, took the same tests, and have the same degree, but they have different starting points. His friend believes the Earth is 4.5 billion years old; he believes that God created the world in six 24-hour days (they are always careful to say “24-hour days”) 6000 years ago. (The same YouTube video linked even shows a “Different Starting Points” sign at one point.)

False. Any argument that begins with, “I know this because the Bible says it is true” is an argument of unprovable faith. Creationists will say that because I am not a scientist, my belief in evolution and a 4.5 billion year-old Earth is also faith, but this is a false equivalence. The faith that a Christian has in the word of their Bible is not the same as my faith in the body of work presented by modern science. I can trust evolution and the age of the Earth because experts in numerous fields have agreed on processes, released studies, and signed off on data that prove these facts. In other words, I do not need to be an evolution expert because there is an established body of work that can be reviewed, pulled apart, and explained — every piece of it, every step of the way. I trust that this is true and I am right. Creationism, on the other side, ultimately leads back to, “The Bible says it’s true.” It is impossible to argue a topic with someone who will never agree with you. There can be no debate because one side is based in fact that can be tested and explained, the other is based solely on faith and nothing else.

The problem with tonight’s “debate,” then, is that it is not a debate. It is a publicity stunt by Ham and the Creation Museum with the goal of legitimizing their belief system. By agreeing to participate, Bill Nye allows them to achieve this goal by sending the message that he and Ken Ham are peers with differing perspectives, which could not be further from the truth. Bill Nye is a scientist who has committed his adult life to inspiring and educating the world through his love of science; Ken Ham is a fraud, a fear-monger, a liar who aims to derail science education in America by promoting his dogma as plausible fact. They are not peers and they have no business standing opposite a stage one another in an event sponsored by Ham’s organization.

Do you know why 9/11 Truthers and their opinions are not included in articles about the September 11 terrorist attacks? Because 9/11 Truthers are full of shit and any news source that gives them a voice outside the realm of, “Hey, listen to the bullshit these dicks are pedaling,” gets laughed at. This is important. Hearing from dissenters is important; giving voice to people with opinions that are completely unprovable is a waste of time at best and dangerous at worst.

Ken Ham, the Creation Museum, and organized religious fundamentalism are dangerous. By engaging them respectfully, Bill Nye has regrettably sent a message that Christian fundamentalism is a reasonable dissenting point of view. It is not, it will never be, and giving them the satisfaction of a conversation of peers is damaging to science, education, and progress as a whole.

I am selling a true weapon of Unholy Metal Might. A gift from below, a tool of ultimate darkness, the embodiment of all that is brutal in this world:

The Jackson Rhoads V RR1

BLACK LIKE YOUR HEART

MADE IN AMERICA cause FUCK YEAH

22 FRETS cause LOTS OF FRETS

GENUINE FLOYD ROSE TREMOLO that I HAD BLOCKED (it’s a piece of wood under the tremolo that keeps it from moving, easy to remove during a setup) CAUSE I WANTED TO BE ABLE TO BREAK STRINGS ON STAGE (as all true metal warriors do to show how furious they are) WITHOUT WORRYING ABOUT RETUNING

A COUPLE OF SMALL DINGS THAT THE AUDIENCE DON’T NOTICE cause I ROCK HARD and sometimes my guitar bumps into things

Comes with a FITTED SKB CASE cause the giant rectangular monster case is UNWIELDY AND MAKES YOU LOOK LIKE AN IDIOT.

This guitar will do the following for you*:

-Get your band signed to a label or, if you are already on a label, get signed to a bigger one

-Make your significant other increase attractiveness by 1 or 2 points

-Prove to your parents that you are serious about something: BEING A FUCKING BOSS

-Instantly make you best friends with [insert name of guitar God who thinks you’re a total bozo cause you either can’t shred or don’t have a serious guitar already]

-Allow you to forever say, “This guitar right here was once owned by [insert my name, which is very impressive and rolls right off the tongue],” and when they don’t know who I am, you can scoff at them for not being “with it.”

DON’T YOU WANT THIS GUITAR? BUY THIS GUITAR! EMAIL ME NOW! IT COSTS $2400 NEW AND I’M SELLING IT FOR $1600 WITH THE CASE! WHAT THE FUCK IS WRONG WITH ME? WHO CARES! SHUT UP AND TAKE MY GUITAR!

(*: All items listed were experiences of prior owner and may not reflect your actual experience when showing your new intense battle axe to the unworthies who gaze upon in as you clutch it in your powerful, pulsing hands.)

No gods, no masters, no wire transfers.

 

(The above is a copy/paste of my craigslist post with the same name. This guitar really is for sale. Please contact chris at subvertallmedia dot com for more info.)

Bonjour 2.0 is apparently incompatible with Windows 8 and Server 2012. Bonjour 3 does not have a public download link. OMGHELP.

Calm it down. Deep breath. Download the iTunes installer from Apple’s website and launch it. When the first dialog box pops up, browse in explorer to %userprofile%\appdata\Local\Temp\1. You will see Bonjour64.msi. Install. The end.

SonicWall remote access appliances allow you to authenticate your users a number of different mechanisms. Because most of our clients are running Active Directory, we stick with AD/LDAP when possible. I ran into an issue today that caught me a bit off guard but I was able to work around it. It’s the kind of thing that might not ever help anyone but if it does, I imagine they will be very glad this is here.

Skip to the end if you don’t want the story.

I was migrating the configuration of an older SonicWall SSL-VPN to a new SRA. The models don’t really matter but what does is that the old one was very old, the new one was brand new. I was happy to find that I export the settings from the old and import to the new without any fuss, despite jumping many firmware versions. In the process, I noticed that the ZIP spat out by the SonicWall contained a few unencrypted (by default — that can be changed) .conf files. I was happy to see that my configuration was all there and tucked that knowledge away for later.

With the new device online, I checked all the settings and everything was good. This is a company of about 40 people and they all use the appliance heavily. In particular, they rely on each user having a profile setup in the device with a custom RDP shortcut to their desktop. The import was crucial because reconfiguring each user would be extremely time-consuming and have potential for stupid mistakes to be made. The profiles were intact, all was right with the world.

Until I arrived at the area where we configure authentication for the domain… But first, let’s step back and put this in context.

In addition to bringing in a new SRA that was adequate for them, we were replacing their over-burdened, terribly-configured server. Engineering decisions had been made that were normal maybe ten years ago but very out of place in an even-kind-of-modern domain: insane VBS scripts instead of GPOs, DHCP scope far too huge, WINS configured, folder redirection handled manually on client machines instead of GPOs, home folders set directly in the users in AD… that kind of stuff. It had been a minefield but we persevered.

Snap forward to today. The page said that their old IT company configured them to use RADIUS authentication. The IP address was pointed at their old server. Why they’d use RADIUS when they could use the native LDAP auth was beyond me but there it was… and the server it was pointing at would no longer respond… and the SonicWall does not allow you to change the authentication mode. To make matters worse, I discovered that all of the user profiles were connected with the Domain as configured and deleting it (the domain) would remove all of the user profiles. It seemed all was lost.

But then I remembered the plain text conf files. I still had my backup file handy so I popped it open to see if it referenced the authentication method. Sure enough, there it was.

domain domain-name

auth-type radius

cert-verify false

delete-external-users false

user-passwords false

server 10.10.61.1

comments Welcome domain

use-otp false

secret dsdn87

radius-port 1812

radius-timeout 5

radius-retry 2

radius-backup-server

radius-backup-port 1812

radius-backup-secret

radius-filter-id true

radius-protocol PAP

portal-name domain-name

exit

!

My new SRA wasn’t in production and I hadn’t made any changes to it, so all I’d have to do is configure AD the way I wanted, export, compare the two, pop out the RADIUS-specific settings and insert AD. But there was another snag: SonicWall 7.0 firmware exports its config as JSON, a radically different configuration format. Oh no… again!

Or not. Exported the new config that had all my AD settings specified, imported the original again to bring RADIUS and my precious user profiles back, exported THAT to get a copy of it as JSON, and compared.

If you’re a network admin, you probably aren’t familiar with JSON unless you’ve done some web development. It stands for JavaScript Object Notation and it’s a lot like a friendlier XML that’s intended to be both readable and writable by humans.

tl;dr here’s how you do it

**Export your current firewall config, save it as “original-auth.zip”
Delete the offending authentication entry (in the “Domains” section of the firewall) and create a new one with the mechanism, address, and options that you want, then export this config and save it as “desired-auth.zip”
Export the full contents of each ZIP to a different folder and open settings.json.
Find the “Domains” section of each file. You will be making changes to the ORIGINAL file but you still have your ZIP, so at worst you can just restore that. There are two sections you need to change. First, find the “Domains” object and locate your target domain. It will have a domainId, domainName, and authType. Here’s part of my original: 

“domainId”: 2,
“domainName”: “domain-name”,
“authType”: 2,
“certVerify”: false,

And here’s the same section from my desired-auth.

“domainId”: 2,

“domainName”: “domain-name”,
“authType”: 4,
“certVerify”: false,

“authType” does what you think it does. Make the original match your desired settings.

Scroll down more (or CTRL + F) and find the section that has the specifics for your auth type.

Original:

“Domains_RADIUS” is blank on the new one, but “Domains_AD” is not.

Copy and paste that whole section, from the leading { to the closing } and put it in between the square brackets. Make sure to remove the original authentication method.

(Switched to screenshots because WordPress was fucking up the formatting.)

Now save the new file, ZIP up everything into a new package, and upload. It should remove the offending authentication method and add the new one. The user accounts are based on the domain, not the authentication, so they will still be there and will work perfectly as long as all the names match.

It’s been a while. I’d say “I haven’t had time” but that wouldn’t be true, it’s more that this hasn’t been a priority since other things have been going on.

Since my last post, the new Woe was released, I went on tour twice, and moved from Queens to Brooklyn, had two surgical procedures on my nose and sinuses, became what I’d like to think is more than a little competent in Ruby on Rails, and began working on a new music project. I will be 30 in May and I always remind myself that the majority of my favorite albums were recorded before the band members were 25, just to keep things in perspective.

I’ve spent a hell of a lot of time learning Rails. Woeunholy.com is now living on Heroku and Lauren and I are hard at work on both a rebuild of Phillymetal.com and another very ambitious project. Things are good, things are busy. More later, including some interesting tech tips from the past couple months.