Bringing the Duron forward

And my Duron is alive. Right now it’s an all-SCSI system, with a Plextor UltraPlex 40max and a 4.3 GB Seagate Medalist SCSI HD. It smokes. Any time I can turn on Show Window Contents While Dragging and play back full-motion video in Media Player while violently moving the window around the screen and the playback remains smooth, I’m impressed.
The floppy drives don’t work right because I somehow managed to mangle the cable, but I’ll replace it. One of these days. I’ve got a few spare floppy cables hanging around somewhere.

It’s running Windows 2000. I wanted a fast, reliable office suite, so I installed Office 95. Yes, five. It’s nice, stays out of my way, loads really fast, doesn’t crash much, and has some semblence of an idea of distinction between an OS and an application.

I dual-booted it with Mandrake 7.2 (I haven’t downloaded 8 yet). It’s nice. It’s quick. I made this post from Konqueror under Mandrake 7.2.

Look out City, Suburban Boy’s coming to visit!

St. Louis makes a huge distinction between St. Louis City and St. Louis County, much like most cities I’ve visited. One thing I’ll say for the City: Being older, it has a whole lot more character. The St. Louis suburbs are, well, for the most part pre-fab, cookie-cutter, chain-infested boroughs. An outsider would have a hard time telling the difference between Mehlville and Oakville. It takes some looking to find a building more than 50 or 60 years old, and chances are few of the buildings you do find will still be standing in 60 years. I live in the county because I work in the county, and the City taxes you if you live in the City but work in the county–the intent of that law is to punish executives who work in the City but live in ritzy suburbs like Clayton or Ladue or Town & Country, but young professionals like me who live in the city because we like it but who happen to be employed in the county take a tax hit. Really, that kind of living should be encouraged–we’re bringing suburban money into the city, and during rush hour we’re driving against traffic, lessening congestion. And young professionals tend to eat out a lot and spend lots of money. If anything, there should be a slight tax incentive to live in the city and work in the county. But, once again, there are obviously issues involved here that are beyond the capacity of my little brain.
So I now live in the suburbs. But I prefer the City because I like character, and St. Louis is an old enough city to have some character (Europeans will scoff at that, but consider our standards–and really, you can develop some character in 150-200 years).

I’m meeting two friends for lunch later today. Both of them live in the City. One asked where to meet and where to go. I didn’t suggest Burger King in Oakville. But, typical of males, none of us could decide where to go, so I piped in. “Well, aren’t we just the bastions of decisiveness. Look, I’m Suburban Boy. There are great places in both of your neighborhoods, but I don’t know what they are. I’ll defer to your better judgment.”

Well, there’s a deli within a mile or two of where one of them lives that’s supposed to be out of this world. So that’s where we’re going. I know, in this day and age Subway has totally homogenized our idea of a deli, so a good local deli, when you can find one, is a delight. Two local chains used to have locations near where I work. There was Ruma’s, in Concord Village, which was good, and there was Amighetti’s in Crestwood, which was to die for. Both locations are now a Quizno’s. Quizno’s isn’t bad but you can’t get a giant pickle there like you could at Ruma’s, and there’s nothing on Earth that compares to Amighetti’s bread–you could cook yourself up a big ol’ hunk o’ tire and put it on Amighetti’s bread and it’d taste good, if not fabulous. And it didn’t hurt that the girls who worked there were all drop-dead gorgeous. Man, I miss that place. St. Louis has a great Italian heritage, and we’re willing to sell it all out to Subway and Quizno’s.

So.. A neighborhood deli where I can eat outside and converse with two really cool people… Sounds great to me.

No, this is still the old server.

The new server works, but I got sidetracked last night. I had to take care of a weird work problem, and I ran out to a bookstore where the girls who work there seem to have this competition to see who can be the nicest, and then I came back home and had a long phone conversation with an old friend I hadn’t talked to in a couple of years. Between all that and trying to make some sense of Steve Gibson’s latest discoveries and trying to figure out what he wants and whether I agree with him, my server just kept chugging along.
I need to make my homebrew spam filter too. I’m thinking I’ll press a 486 into that duty, at least initially. I’m out of good PCs to experiment on. Once I get it working, if it’s slow, I’ll get some parts and build something better to block the onslaught of spam.

Oh, speaking of spam, for those of you who have Web pages… If you obscure certain characters in your e-mail address–sub in the raw ASCII code for the at sign and the period and one or two letters–most spam bots can’t harvest it. I need to do that for my pages. I’ve also found some cool-sounding traps for spam bots, including one that tries to dynamically figure out the spambot’s IP address, then feeds it accounts like abuse@owner.com and postmaster@owner.com. If they work, I’ll most certainly toss them your way.

We can’t give hackers anything else to work with

Thanks to David Huff for pointing this link out to me (the good Dr. Keyboard also passed it along). Steve Gibson was hacked last month, and he wasn’t very happy about it. So he set out to learn everything he could about l337 h4x0rs (elite hacker wannabes–script kiddies). What he found out bothers me a lot.
Kids these days. Let me tell you…

In my day, 13-year-old truants (those who had computers and modems) used their modems to dial 800 numbers over and over again long into the night, looking for internal-use-only numbers. Armed with a list, they then dialed every possible keycode combination looking for PINs. Then they’d use that information to call long-distance on the telco’s dime. They’d call BBSs, where they’d swap the previous night’s findings for more codez, cardz (credit card numbers), warez (pirated software), or porn.

I never did those things but I knew a lot of people who did. They’d drop off the face of the earth on a moment’s notice, and rumors would go around about FBI busts, computer equipment being confiscated, kids being hauled off to juvenile detention center… And some of them never came back. Some of them cleaned up. Others, who knows? I heard a rumor about one of them running away to Las Vegas after he got out. And some just got hold of their old contacts and went right back to business. One of my friends cleaned up–the huge phone bill he got was enough of a reality check that he stopped. Whether it was a moral reason or just fear of getting caught again, I don’t know. I knew another who got busted repeatedly, and he’d call me up and brag about how his line was tapped, throwing in the occasional snide remark to whoever else might have been listening. I remember our last conversation. He sent me some code (all of the guys I knew were at least semi-competent 6502 assembly language programmers) and we talked music. I’d been fascinated by that subculture, though I never did anything myself–I just talked to these guys (partly out of fear of getting caught, partly because I did want to have some semblence of a life, partly because I didn’t want to kiss up to a bunch of losers until I’d managed to prove I was elite enough), but at that point I was 16, I’d published once, and I realized as the conversation ended that my fascination with it was ending also. It was 1991. The scene was dying. No, it was dead and pathetic. These “elites” had become the butt of jokes–they were risking arrest so they could call Finland for free and pirate Grover’s Magic Numbers, for Pete’s sake! I guess I was growing up. And I never talked to him again. (I don’t even remember this guy’s real first name anymore–only his handle.)

I guess if I’m going to be totally honest, the only thing that’s really changed are the stakes. I want to say my generation wasn’t that bad… But I don’t know.

Essentially, some guy going by “Wicked” had zombies running on 474 Windows PCs. Some of “Wicked’s” buddies took issue with Gibson talking about script kiddies–they thought he was talking about them–so they told “Wicked” to take him down. And he did. And he bragged about it.


"we will just keep comin at you, u cant stop us 'script kiddies' because we are
better than you, plain and simple."

Now, when someone annoys me, I find out what I can about the guy. At 26, I do it to try to get some understanding. At 13 I didn’t necessarily have that motivation, but I did at least have some basic respect. And anyone claiming to be better than Steve Gibson… Gimme a break! That’s like walking up to Michael Jordan and saying you’re better on the basketball court, or walking up to Mark McGwire and saying you can hit a baseball further, or walking up to Colin Powell and telling him you can beat him in a war. And anyone who’s ever written a line of assembly language code and read any of Steve Gibson’s stuff knows it. And it’s not like the guy’s exactly living in obscurity.

Well, Gibson was diplomatic with this punk. And his reasoning and his respect softened him. He called the attacks off. Then they suddenly started again, and Gibson got this message:


is there another way i can reach you that is secure, (i just ddosed you, i aint stupid, im betting first chance ud tracert me and call fbi) you seem like an interesting person to talk to

Say what? You want to talk to someone, so you blow away every other line of communication and ask if you can talk? Now I can just picture this punk once he gets up the nerve to go talk to a girl. He knocks on the door, and the first words out of his mouth are, “I just tesla coiled your phone line so you couldn’t call the cops, but…” Then he’d toss some Kmart pickup line every girl’s heard a million times her way, and hopefully she’d smack him and run to the neighbors’ and call the cops.

For some reason people get hacked off when you do something malicious to them.

Well, Gibson reverse-engineered some Windows zombies and followed them into a l33t IRC channel where he had another interesting conversation. I won’t spoil the rest of it.

Now, I admit when I was 13, I was a mess. I was insecure, and I had trouble adjusting. My voice was cracking, my skin was oily, and I was clumsy and gawky. And I didn’t like anyone I knew when I was 13, because I was the class punching bag. Part of it was probably because I was an outsider. This was a small town, and I wasn’t born there, which was a strike against me. If you got all your schooling there you were still OK. I came in the third grade, so strike two. And I didn’t want to be a hick, so strike three. I liked computers, and in 1987 that was anything but cool, especially in a small town. And everyone thought I was gay, because I didn’t hit on girls and I didn’t have a huge porn collection–and there aren’t many worse things to be in southern Missouri, because it’s still a really bigoted place (and since girls made me stammer, it’s not like I could have proven I was straight anyway). And I had goals in life besides getting the two or three prettiest girls in the class in bed. (Yes, this was 7th grade.) So I guess I was oh-for-two with two big strikeouts. And since I was five feet tall and about 90 pounds, if that (I’m 5’9″, 140 now, and I was scrawnier then than I am now) I couldn’t exactly defend myself either. So I was an easy target with nothing to like about me.

I guess “Wicked” sees Steve Gibson as a five-foot, 90-pound outsider with a really big mouth, so he’s gonna go pick on him. Then he’s gonna go hit on the 13-year-old girl who looks 18, and he thinks taking down grc.com is going to make her swoon and tell him to take her to bed and lose her forever. But since she has a life, she doesn’t give a rat’s ass about whether grc.com is up or down, so hopefully she’ll smack him but I doubt it.

Yeah, I want to say the solution is to make things like they were in 1987 but bullies are bullies, whether it’s 2001 or 1987 or 1967. AD or BC, for that matter.

I want to say that accountability to a higher being will solve everything and make kids behave, but I know it won’t. That grade-school experience I just described to you, with 13-year-olds making South Park look tame and trying to get in girls’ pants? You know where that happened? A Lutheran grade school. Introducing the kids to God won’t fix it. Establishing a theocracy won’t fix it. In college I wrote a half-serious editorial, after a pair of 6-year-olds in Chicago murdered a four-year-old by dropping him out of a 20th-story window after he refused to steal candy for them, where I advocated the death penalty for all ages–maybe then parents would keep an eye on their kids, I reasoned. But I know that won’t fix anything either.

Steve Gibson doesn’t offer any answers. He’s not a social engineer. He’s a programmer–probably the best and most socially responsible programmer alive right now. And what Gibson wants is for Microsoft to cripple the TCP/IP code in Windows XP, so the zombies these script kiddies use don’t gain the ability to spoof come October.

Frankly, I wish such a castrated TCP/IP stack, with raw sockets capability removed, were available for Linux. My Linux boxes are a minimal threat, being behind a firewall and only having a single port exposed, but I’d cripple them just to limit their usefulness to a script kiddie just in case.

Why? Screw standards compliance. The standard for mail servers used to be to allow them to be wide open so anyone could use one, just in case their mail server was down. It was all about being a good neighbor. Then spammers trampled that good faith, so open relays are now the exception, not the rule.

Maybe there’s some legitimate use for raw sockets. I don’t know. But I know nothing I use needs them. So why can’t I run a stripped-down TCP/IP on all my boxes, so that in the event that I do get compromised, my PCs’ usefulness is limited?

If software companies want to provide a full, standards-compliant, exploitable TCP/IP stack for esotetic purposes that need them, fine. Do it. But don’t install it by default. Make it a conscious decision on the part of the systems administrator.

Let’s just get one myth out of the way. The Internet isn’t going to change the world. So when the world does stupid things, the Internet’s just going to have to change instead.

More TurboLinux

Server update: I broke it. That’s the way you learn. I’m thinking I’ll go live with it June 1 anyway.
I found a really cool feature though. TurboPkg is an RPM utility that comes with TurboLinux that queries an FTP server, compares the packages there with the packages you have installed, and highlights the packages that have been updated. Run it after installation (kind of like running Windows Update on W2K), then run it periodically to make sure you’re up to date. I thought Mandrake had something similar but I’m not positive–I have to admit I have Mandrake dual-booting with Windows on a couple of machines, but I don’t use Linux as a workstation much, and when I do use it I don’t pay much attention to the GUI–I open a console and execute just about everything from there because it’s a lot faster to just type an app’s name than it is to dig for its stupid icon. I love it as a server OS but for day-to-day work I use Windows, mostly because that’s what I make money writing about.

Blame Dubya!

Would someone please explain to me how it’s George W. Bush’s fault that people started buying gas-guzzling cars again in the mid-1990s, driving up the demand of fuel and thus the cost (though when you adjust for inflation, gas costs less today than it did in 1980, and it’s not that much more expensive than bottled water or soda), and how it’s George W. Bush’s fault that California is overpopulated? Please?
My tiny little brain just doesn’t understand, and my Mom taught me that when everyone else seems to have the problem, chances are it’s really you who has the problem. So since everyone else understands this, I must have the problem, so, please, enlighten me.

And, also, would someone please tell whether the disappearance of the Lindbergh baby had anything to do with George W. Bush? I’m starting to wonder.

Memorial Day in St. Louis

I made a big mistake at work yesterday. I let someone be unreasonable and ruin my day. No, I don’t want to talk about it. I’d rather go back to a happier time… like Monday.
On Monday, Gatermann and I went out shooting. He’s experimenting with high-contrast b&w photography and I wanted some harsh and stark pictures of myself in an urban setting, so we went driving around in the warehouse district. We found a great source of used car parts–drive around the right places, and you’ll find tires, hubs, car batteries, mufflers, and even gas tanks just sitting there, and no one complains if you take them. I even found a couple of tires mounted on hubs. They must make them in some of those old buildings or something.

But that wasn’t what we were looking for. We were looking for good shots. Well, we found a building that they’re tearing down, and one corner that’s still standing has a really big word painted on it, descending down the building: “Fresh.” Gatermann said he’d be coming back when more of the building was gone to get a shot of that. And Gatermann got a shot of a modern train running past the old, abandoned, St. Louis Southwestern Railroad (aka The Cotton Belt Route) freight depot on the riverfront.

And we found some neat-looking doorways for me to stand in while he took some shots.

We drove around some more, and Gatermann said he knew of a really neat-looking trestle nearby, so we went there. It’s been years since the trestle’s been used, but someone still mows under it. We got a few shots, then Gatermann looked over to the left. Next to a building, there were a few coal hoppers just sitting there. “Let’s get a shot of you standing between those two cars,” he said. I walked over there, then Gatermann said, “No, let’s go to the other side. With where the sun is, we’ll get backlighting there.” So we walked to the last car, stepped over a rope that was blocking our way and totally ignored the sign on the rope, and then one of us noticed a sign on the door of the building: Danger. Radioactive. Keep out. I looked at the signs on the fence next to the building: Radioactive contamination. Keep out. Gatermann and I looked at each other. “Maybe it’s not a good idea for us to be here.”

We stepped back over the rope and read the sign: Radiological buffer zone.

I looked at Gatermann. “Well, that was probably the smartest thing we’ll do all day.”

As we drove off, I noticed some more signs on that fence: Guard dog on duty. Guard dog? Isn’t radiation that’s bad for us bad for dogs too?

Chances are one of the sets of signs was lying. Maybe both of them. But that just didn’t seem to be the place to be that afternoon.

We weren’t the only ones to think that. Apparently some people think the thing to do in St. Louis on Memorial Day is to go find a warehouse, preferably with a loading dock that you can use like a porch, pack up the lawnchairs and the grill, and barbecue there with your family or a bunch of your buddies. You’ll have to ask Gatermann why that is, because I’m not a St. Louis native. I just live here. I don’t even like pork steaks.

But no one was BBQing at the House of Radioactivity. I guess no one wanted to know whether the barbecue would cook faster there. Or maybe they just didn’t want to share with the dog.

How to get mod_gzip working on your Linux/Apache server

My research yesterday found that Mandrake, in an effort to get an edge on performance, used a bunch of controversial Apache patches that originated at SGI. The enhancements didn’t work on very many Unixes (presumably they were tested on Linux and Irix) and were rejected by the Apache group. SGI has since axed the project, and it appears that only performance-oriented Mandrake is using them.
I don’t have any problem with that, of course, except that Mod_Gzip seems to be incompatible with these patches. And Mod_Gzip has a lot of appeal to people like me–what it does is intercept Apache requests, check for HTTP 1.1 compliance, then compress content for sending to browsers that can handle compressed data (which includes just about every browser made since 1999). Gzip generally compresses HTML data by about 80 percent, so suddenly a DSL line has a whole lot more bandwidth–three times as much.

Well, trying to make all of this work by recompiling Apache had no appeal to me (I didn’t install any compilers on my server), so I went looking through my pile-o’-CDs for something less exotic. But I couldn’t find a recent non-Mandrake distro, other than TurboLinux 6.0.2. So I dropped it in, and now I remember why I like Turbo. It’s a no-frills server-oriented distro. Want to make an old machine with a smallish drive into a firewall? The firewall installation goes in 98 megs. (Yes, there are single-floppy firewalls but TurboLinux will be more versatile if you’re up to its requirements.)

So I installed Apache and all the other webserver components, along with mtools and Samba for convenience (I’m behind a firewall so only Apache is exposed to the world). Total footprint: 300 megs. So I’ve got tons of room to grow on my $50 20-gig HD.

Even better, I tested Apache with the command lynx http://127.0.0.1 and I saw the Apache demo page, so I knew it was working. Very nice. Installation time: 10 minutes. Then I tarred up my site, transferred it over via HTTP, untarred it, made a couple of changes to the Apache configuration file, and was up and going, sort of.

I still like Mandrake for workstations, but I think Turbo is going to get the nod the next few times I need to make Linux servers. I can much more quickly and easily tailor Turbo to my precise requirements.

Now, speaking of Mod_Gzip… My biggest complaint about Linux is the “you figure it out” attitude of a lot of the documentation out there, and Mod_Gzip may be the worst I’ve ever seen. The program includes no documentation. If you dig on the Web site, you find this.

Sounds easy, right? Well, except that’s not all you have to do. Dig around some more, and you find the directives to turn on Mod_Gzip:

# [ mod_gzip sample configuration ]

mod_gzip_on Yes

mod_gzip_item_include file .htm$
mod_gzip_item_include file .html$
mod_gzip_item_include mime text/.*
mod_gzip_item_include mime httpd/unix-directory

mod_gzip_dechunk yes

mod_gzip_temp_dir /tmp

mod_gzip_keep_workfiles No

# [End of mod_gzip sample config]

Then, according to the documentation, you restart Apache. When you do, Apache bombs out with a nice, pleasant error message–“What’s this mod_gzip_on business? I don’t know what that means!” Now your server’s down for the count.

After a few hours of messing around, I figured out you’ve gotta add another line, at the end of the AddModule section of httpd.conf:

AddModule mod_gzip.c

After adding that line, I restarted Apache, and it didn’t complain. But I still didn’t know if Mod_Gzip was actually doing anything because the status URLs didn’t work. Finally I added the directive mod_gzip_keep_workfiles yes to httpd.conf and watched the contents of /tmp while I accessed the page. Well, now something was dumping files there. The timestamps matched entries in /var/log/httpd/access_log, so I at least had circumstantial evidence that Mod_Gzip was running.

More Like This: “/cgi-bin/search.cgi?terms=linux&case=insensitive&boolean=and”>Linux

Building up a new Linux server

I built a simple PC yesterday. The server that hosts this site is just too overloaded, and I was getting ready to order some parts when I spied a Celeron-366 board and CPU sitting in a case under my desk. I had trouble getting it working reliably, but I figured I’d give it one more shot. I’d used Hyundai memory in it previously; I slipped in a stick of Crucial, and it fired right up. Interesting.
I watched the temperature monitor in the BIOS and wasn’t too happy to see the Celeron-366 running at a nearly constant 60 degrees Centigrade. Modern CPUs typically run about 40-50, and each 10 degrees halves life expectancy. So I put a beefier CPU cooler on it, but the chip continued to run at around 60. So I looked up the Celeron at Intel’s site, and found the maximum temperature for Celerons is 85 degrees. So I was running a good 25 degrees below max, and it looked like I wouldn’t get below 60 degrees without active cooling, so I put the cheaper CPU cooler back on. Out of curiosity I overclocked the chip to 550 MHz for a while to see what would happen. The temperature rose to 65 degrees within seconds but stayed fairly constant. So it would appear that running at 550 would be safe, but I stepped back down to 366. I don’t want to overclock a system that I’m depending on for anything. For a few minutes I stepped it down to 330 MHz (using a 60 MHz bus) but it didn’t cool down any more after doing that, and running on a 60 MHz bus would give me a serious performance hit, so I stepped it back up to 366.

I scrounged around looking for parts and found enough to assemble a computer, but not a very good one. Being this close, I didn’t really want to do mail order and wait for parts to come in. So I checked CompUSA’s web site to see if they had anything competitive. Indeed they did–a 50X Delta-brand CD-ROM drive for $20 after rebate. Seeing as CompUSA always has some hard drive for $99-$109, I figured I’d make a trip over there. Sure, I could order a hard drive for $82 online, but a CD-ROM drive would cost me $40, so I’d make up the difference and have something that day.

When I got there I found another special–a 20-gig CompUSA by Maxtor hard drive for $99 with a $50 mail-in rebate. A lady was there examining the drive’s packaging. I picked one up. “4500 rpm, 128K buffer,” I read. “Where’s the speed?” she asked me. I pointed to a sticker on the side. “Wow. And I thought 5400 was slow enough.” She set the drive down and went looking at the drives on the shelf.

I was impressed. That was the first time I’ve ever met someone in person who was concerned about hard drive speed.

Now, about that speed… Yeah, it’s slow (I suspected the package actually contained a Quantum Fireball lct–Maxtor and Quantum have completed their merger) but it’s a cheap way to store a mountain of data and in an emergency it can boot an OS. At $2.50/gig, why not? So I grabbed one. I also grabbed the cheap 50X CD-ROM. I poked around the store a while, didn’t find anything else that caught my fancy, so I checked out. The cashier offered a replacement plan on the two parts. I declined–on stuff this cheap, I’ll just bank that money and take my chances.

The Fireball lct is indeed a poor performer. It would have been a middling performer in 1997, but this isn’t 1997 anymore. But I can live with it. It has one distinct advantage: It’s whisper-quiet. This PC makes very little noise. A fanless microATX box with a VIA C3 processor and a Fireball lct would be nearly silent and still fast enough to be useful. My other PCs sound like wind tunnel fans in comparison to this. And this drive will do for a testbed, if not as a production server–it’ll still be far faster than the P120 I’m using. I’d say there’s a 75 percent chance that system will end up hosting this site. The hard drive isn’t the bottleneck here–my DSL connection and CPU power are. The Celeron will solve the CPU problem, and hopefully with enough power to spare to run Mod_Gzip so that Apache can send compressed data to recent Web browsers, and thus solve the bandwidth issues too.

Anyway, I went ahead and put the 50X CD and Fireball lct in an old AT case, along with the Celeron-366 motherboard and 128 MB of RAM, a Cirrus Logic-based AGP card only a server could love, and a D-Link PCI 10/100 NIC to give myself a very basic meat-and-potatoes system. I noted the CD-ROM drive doesn’t fit as snugly as a Toshiba or an NEC and it definitely looks cheaper (but I’ve seen cheaper-looking drives still), and for 20 bucks I won’t complain. Mandrake 7.2 installed in about 15 minutes, but I found I was too aggressive–Mandrake’s hard disk optimizations and this motherboard’s chipset don’t get along. So I reinstalled with less aggressive settings. I made the mistake of doing a kitchen-sink install so it doesn’t run as well as it should. Basically at this point I need to tear it down and install, I dunno, BIND, Apache, Samba, and the kernel. That’s enough for what I want this machine to be able to do. I should probably look into building a kickstart script to do the job so I don’t have to answer any questions.

But that’s a project for another day.

More Like This: Hardware Linux

Memorial Day: Thank a vet

It’s Memorial Day. Memorial Day for many means barbecues, maybe a trip to the lake. We’re far enough removed from war that it’s mostly become another excuse for a three-day weekend. Yes, we fought a war 10 years ago, but it was so quick it didn’t really seem like war, and it was undeclared. And our previous administration involved us in plenty of skirmishes, but that wasn’t exactly war either. And I know, to many of us Vietnam seems like it was just yesterday, just like the first Bush administration seems like it was just yesterday to me, but Vietnam was long enough ago that there’s an entire generation of adults who view it exclusively as an historical event–by the time I was born, we were out of there.
One of the elders at church told me this week that 1.2 million U.S. soldiers have died in combat over the course of our history. That’s a lot of lives to gain and protect our freedom. And yes, as screwed up as our country is, we’re still a lot better off than much of the world. The dangers we face today are the dangers of our own making. There is no foreign dragon looming over our heads waiting to devour us.

So if you know any veterans, thank them the next time you see them. If you don’t, at least take a minute to thank God for their sacrifice.