Wednesday, December 31, 2008

Impression of Acer Aspire One netbook

I mentioned in an earlier post about my thought process on purchasing a netbook, that I'd follow up with my impressions and experiences. Now that I've got some legitimate use of my Acer Aspire One netbook, here it is. I wanted to write this before Christmas for those that were thinking about giving one as a gift, or buying one on sale, but I guess it's "better late than never." For the record, I'm writing most of this post on my netbook while watching college football on the couch.

Portability

Obviously, this is one of the big features of the netbooks. Even with the 6 cell battery, it's still very light and compact. I carried it around quite a bit during the holidays. It took up about the same room as a smaller O'Reilly book, and probably weighed the same or less. The battery life was up to its billing. With web surfing and email, I was getting about 5 hours per charge. The wireless card range seems a little weaker than ones built into laptops, since it would connect with "Very Good" instead of "Excellent", but overall, I didn't have problems with network speed.

Performance

The boot up time isn't much slower (if even noticeable) than my other laptop. The only web performance issue I've noticed so far is when using the standard view of Gmail. It seems to hang or is sluggish when trying to load. However, I have no problems using the basic HTML version. The built in speakers aren't very loud, but that's not that big of a deal to me. If I'm going to listen to music or need audio, I can just plug in some headphones or powered computer speakers.

Usability

The keyboard is slightly smaller than a laptop keyboard, but I don't have too much difficulty touch typing. It is definitely easier than typing on a smart phone or my iPhone. The screen real estate is noticeably smaller, but doesn't impede too much considering this is a mobile device. Again, it's much larger than a smart phone or an iPhone. I didn't get any complaints from "guest" users either; including my wife, brother-in-law, or father-in-law. My only complaint, which is very minor, is the touchpad and the positioning of the left and right click buttons. However, it's mostly because I'm used to the buttons being positioned differently. I like the "zoom" feature with the touchpad that is similar to the Macbooks or iPhone. The three USB ports seem to work fine. I've only used them one at a time to connect my iPod or iPhone.

Other Features

The built in microphone and video camera work surprisingly well. Using the video chat feature on AOL Instant Messenger v.6, the video and audio received by the recipient was decent quality. Because it works so well, I was disappointed my netbook did not come with a Mac-like "Photo Booth" program pre-installed (more on that later). I haven't used the SD card slots yet. I'm not sure why there are two of them. I haven't used the VGA-out port either.

My Modifications

The netbook does come with pre-installed software, which I'm not generally a fan of. I removed the trial versions of Microsoft Office and McAfee Anti-virus. It also came with Microsoft Works. I haven't decided if I want to uninstall that and install Open Office instead.

As for software I've added (all are freeware for personal use), here's the list and why I chose them.

AOL Instant Messenger - I'm normally a Pidgin fan, but Pidgin doesn't support video chat right now.

AVG Anti-Virus (free for personal use) - I picked this one over Avast because it was supposed to be lighter weight. It seems to work pretty well, but I don't like the browser plugin that scans all links on a web page. It really hampered my web browsing. I've disabled the plugin, but now there is an exclamation point "splat" on the icon in the system tray.

Debut Video Capture - This program is a lot like the Mac's "Photo Booth". I was happy when I found it, and best of all, it's free.

Firefox Web Browser - I personally like it better than IE7.

iTunes
- I don't plan to use my netbook to manage my music on my iPhone or iPod, but since I have over 100GB of storage, I figure I can copy my library over.

Picasa - Just in case I want to do some light photo management while travelling. My permanent photo storage will be on my desktop.

Skype - Another video chat client, just in case someone uses that instead for video chat.

If you have any questions, comments, or suggestions, feel free to leave them in the "Comments."

Tuesday, December 23, 2008

Linux Mag's Top 10 Sys Admin Articles of 2008

With 2008 coming to an end, everyone is starting to put out their "Top" lists. I saw the announcement today in my Inbox that Linux Magazine posted its Top 10 Sys Admin Articles of 2008. Unfortuantely, the links to articles requires registration, but it's free. The two articles on ZFS interest me the most, and I want to refresh myself on the "port knocking" article. I forget where I've heard about port knocking before. I'm pretty sure it was a couple years ago though.

It also made me realize I miss reading physical magazines over online copies. Then again, I rarely read the ones I get in the mail now. It's amazing how technology changes things.

On a totally unrelated note, I just wanted to share a good laugh about Matt Simmons' comment on a blog post about having multiple superusers on the VMware ESX server.

"Once, many many moons ago, probably near the peak of my danger curve, I got tired of su’ing all the time, so I just changed my uid to 0 in the passwd file. That was fun."

I can't explain why it struck me as funny as it did, but that was probably the funniest thing I've read today.

Monday, December 22, 2008

My netbook purchase thought process

I try to keep this blog relative to System Administration, but once in a while, I should be allowed to stray. It's the holidays after all, right?

My Acer Aspire One arrived on Friday. I've used it a little bit, and I wanted to give anyone interested my initial thoughts and opinions. There's quite a bit of hype about these "low cost" netbooks. For those considering a netbook, this was my criteria and rationale for buying one. Just a side note about about my link to this netbook. When I bought it, it was available directly through Amazon.com. It appears they are now selling them through other online merchants. If you buy through that link, your mileage may vary.

First of all, I wanted something small and mobile to use for casual to light web access. I used to use my Compaq laptop to surf the Internet, check email, and do other lightweight computing tasks from the living room couch or on trips. Unfortunately, it's having power problems and I was looking for a replacement for this device. We also have a desktop computer that we use for storage or to do heftier computer tasks.

Second, the replacement gadget had to be intuitive and useful enough for general users. I would not be the only user, and I try to avoid being a system admin or operating a "helpdesk" when I'm not at work. Don't get me wrong; I like helping people, but I don't want to create unnecessary issues for myself. I was sure that my wife, or other guests, would want to use this device; and potentially when I was not around to help them use it.

My third "want" was a device that had good battery life. I didn't want to be dependent on the accessibility of an electrical outlet within an hour or two of usage. I can depend on an outlet when I'm at home, but if I'm traveling or visiting, this becomes more cumbersome and intrusive.

After thinking about what I really wanted and needed for a replacement portable device, I thought about what I already owned, and if I really needed to replace my laptop. I already own an iPhone. It's small, portable, decent battery life, supports Wi-Fi for Internet access, and all-around I really like it. However, it's also my cell phone, which means I take it everywhere with me. It's also a very "personal" device for me, and I'm hesitant to allow other people to use it (maybe I'm just strange). These two reasons make it difficult for being a shared device for around the house. Someone suggested buying an iPod Touch for my wife, but she has an iPod Nano that she got last Christmas. Plus, if we had guest users of our Wi-Fi device, not everyone is going to know how to use a Touch, and I'd have to spend a few minutes here and there helping them operate it. I do think the Touch is nifty device, but in my opinion, not practical enough in this case.

"So you think you want to buy a netbook..." As mentioned in my PXE live distro post, I looked at Acer, ASUS, Dell, and HP's offerings. For the prices and features, I concentrated on Acer and ASUS.
  • Which Operating System should I use? - The geek inside me wanted Linux. My wife could probably learn how to use Linux also, but there would be a slight learning curve. I had intended to use our desktop, which runs Windows XP, for permanent storage of important files, such as photos or other documents. Having the device run Windows XP would make network drive setup and usage much easier. Plus, she's already familiar with Windows. I chose Windows XP.
  • What kind of local storage should I get? - Another tough decision. Solid stage drives (SDD) seem geekier. Without much investigation, I thought they could be potentially faster, use less electricity, and be more durable if the netbook was accidentally dropped. However, knowing how bloated XP can be and the other programs I wanted to run, I wanted more storage than what could be offered on a USB stick. I could only find netbooks in my price point with about 8GB of SDD. If I could have purchased a 32GB SDD model, I would've bought that. It was overkill, but I ended up with the 100+ GB standard hard drive.
  • What size battery do I want? - I read people complaining that the 6 cell batteries made the netbook "too heavy and bulky." However, I liked the fact that they could last about 5 hours, as opposed to the standard 3 cell that gave about 2.5 hours. It would be rare for me to have to have 5 hours of battery life, but I didn't think it was that bad of a trade off. In the end, it only added about an inch to the back of the netbook, and it wasn't that much heavier. Yes, the 6 cell battery, please.
As for the other available options, such as the integrated webcam and SD slots, they are nice but not totally necessary. Of course, Wi-Fi is a must, but all of them have that integrated. I don't have a need for Bluetooth at this time, so that didn't need to be integrated. If I do need Bluetooth, I can get a USB adapter that should be compatible with Windows XP.

I've only played with my netbook a couple of days, and I like it so far. I already had the expectations that the screen and keyboard would be small. For those that touch-type, I find the reviews of the smallness of the keyboard slightly exaggerated. I do sometimes strike wrong keys, but it is still faster than typing on a smartphone. The layout of the left and right click buttons for the touchpad makes dragging/dropping and windows resizing more difficult than a full sized laptop, but I knew I was going to be sacrificing some functionality when I bought something this small. Overall, the smallness is noticeable, but does not take away from its functionality. Once I get some more hours in, I'll post other opinions and findings.

Tuesday, December 16, 2008

"Live" distribution PXE install server idea

I've had netbooks on the brain for the past few days now. I'm thinking about buying one for couch/living room use for the wife and I, since we use my failing Compaq laptop for web access and email. Late last night, it had me thinking about OS re-installs without physical media; considering netbooks seem to only support SD cards for removable media.

I'm not sure how practical this is, but I had an idea for reinstalling netbooks if you have another PC on your home network. I don't want to dedicate a host on my network to be a server for PXE installs (ex. Jumpstart or Kickstart), but what about a Live CD (or DVD) that has these services configured? If I needed to re-install my netbook, I'd just boot my desktop PC off the Live disk and then run the PXE install on my remote host. Does anyone know if I'm re-inventing the wheel, or if this idea is practical? I did a cursory search on Google, and didn't see any projects or distributions related to this.

On the netbook front, I'm torn if I should purchase one or not. I do own an iPhone, but that doesn't help my wife with Internet access around the house. She already has a recent iPod nano, so purchasing her a Touch would be a waste of money. I'm also seeing notebook prices dropping, and wonder if I'd just be better off buying one of those instead for a couple hundred dollars more. A co-worker of mine did mention that if I wasn't happy with a netbook, there would be plenty of interest in buying one used, and that the resale value on Craigslist or eBay would probably be about a $100 loss on my part. I'm looking at the Asus Eee and Acer Aspire One models, and I'm leaning towards this one. I would normally be interested in one using Linux since they seem to have SSD, but with the wife also being a user, I don't want to have to play sysadmin/helpdesk at home.

Friday, December 12, 2008

"find" and "Permission denied"

I was trying to run "find" on a directory, looking for a perl script. Because of which user I was running it as, I was getting a bunch of "Permission denied" errors.

I thought I could just tack on "| grep -v "Permission denied" at the end of my command, but no luck. I fruitlessly checked to see if there would be something in the find man page as well.

I came across this site: http://www.hypexr.org/linux_find_help.php

The correct answer to what I was trying to accomplish was

$ find / -name foo.bar -print 2>/dev/null

Thursday, December 11, 2008

Are new releases of Slackware newsworthy?

From the Slashdot RSS feed, I saw "Slackware 12.2 Released", and it made me wonder if this is actually newsworthy. Granted, Slackware was technically the first Linux distribution I ever installed. It came with a "Linux for Dummies" book I bought in 1997, when I was starting to become more interested in doing more with computers than basic every day tasks (email, web surfing, word processing, games). However, my experience with Slackware was short lived because I was still living at home, and my parents used AOL for Internet access.

Nowadays, it seems Slackware is revered by older users, but isn't used. To me, it falls into the same area as using the Eudora mail client, or until recently, Netscape web browser. It seems Ubuntu (and its variants) and Fedora dominate the Linux desktop, with a smattering of Debian users; and CentOS, Red Hat Enterprise Linux, and Ubuntu (somewhat surprising to me), with some Gentoo diehards, leading the Linux servers. I think this may be the least used "mainstream" *NIX distribution available. Except for nostalgia, what reasons do users install Slackware for?

Not that I'm discouraging further development of Slackware, or trying to insult their users. I'm just questioning their relevance in today's IT news, unless it's just a slow news day :)

Wednesday, December 3, 2008

What's your blog's personality?

I came across this blog post (a post about a post about a site) that discusses a beta online tool, Typealyzer, that tries to determine your blog's personality. Mine came out to be "ISTJ - The Duty Fulfillers."

The responsible and hardworking type. They are especially attuned to the details of life and are careful about getting the facts right. Conservative by nature they are often reluctant to take any risks whatsoever.

The Duty Fulfillers are happy to be let alone and to be able to work int heir [sic] own pace. They know what they have to do and how to do it.

Doesn't sound too flattering, but I guess it could be worse. What personality is your blog?

Tuesday, December 2, 2008

iPhone messaging lameness

I like my iPhone, but today I discovered another behavior I'm not too thrilled about. I didn't realize that people can send email directly to your iPhone. I'm used to connecting to Gmail with the Mail client if I want to receive email. I saw in someone's post that you can email directly using someone's phone number "@txt.att.net" (ex. 5551234567@txt.att.net).

I tried it out from my Gmail account through the web browser, and sure enough, I got this SMS message.

FRM: My "From" Name
SUBJ: test
MSG: does this work?

However, all it says is that it came from some non-descript number. I was able to successfully reply to it and received it in my Gmail Inbox.

That's fine and all, but that's an odd way to get a message. Someone could change their "From" full name in their mail client and send deceiving emails, since there is no way to verify the actual sender.

Monday, December 1, 2008

TaoSecurity's thoughts on the future

REF: http://taosecurity.blogspot.com/2008/11/dont-fight-future.html

The points he raises are interesting, and some seem very probable. The ones I think are interesting are

Prediction 1: VPN connections will disappear.
"Some of you might limit the type of connection to certain protocols, but why not just expose those protocols directly to the outside world and avoid the VPN altogether?"

This may have some merits, but it makes me uncomfortable. It's quite possible I may be looking at it from a narrow point of view of performing my job remotely, and not looking at normal day-to-day work. Some internal assets such as email, collaborative web tools (ex. wikis, Microsoft Share Point), and code repositories (ex. CVS, SVN) might be able to to be exposed with proper strength of authentication and encryption. However, I would think it would be difficult to do many remote administration tasks securely. Maybe the title implies that the VPN connections dramatically decrease, but not totally disappear?

Prediction 2: Intranets will disappear.

This prediction builds off the previous one. I suppose this is a semantics argument. The assets are still going to exist, but since they are exposed to the internet, they would no longer be considered intranet?

The other predictions are definitely plausible to happen in the future. It's a fairly quick and interesting read, so I'd recommend clicking the link above. He has other good posts too, so you may want to add him to your RSS feed if you haven't already.

Tuesday, November 25, 2008

Bash debugger

This is for all of you hardcore bash scripters that sometimes want better debugging than placing "echo" statements in your scripts.

A co-worker sent this out to our internal sysadmin mail alias today.

http://www.linux.com/feature/153383

It references the bashdb project (bash debugger). I didn't know one existed.

Monday, November 24, 2008

Red Hat Satellite 5.2 released

In an earlier post, I mentioned I was unable to fit Red Hat Satellite or Fedora Spacewalk into our infrastructure. The previous version of Red Hat Satellite required Oracle 9i (we run 10g), and Spacewalk requires a derivative of RHEL/CentOS 5 (our standard is version 4). I saw this release today by Red Hat announcing Satellite version 5.2. It now supports Oracle 10g, and still runs on RHEL4 or RHEL5. Too bad everyone is hurting now and pulling the purse strings on their budgets. It would be tough for me to ask for a RHEL AS4 and a Satellite 5.2 license now.

I wonder how hard it would be to backport Spacewalk to RHEL4?

Friday, November 7, 2008

Another iPhone security problem

Reported by El Reg, it appears that the "Emergency Call" feature on PIN protected iPhones are not discriminatory to certain numbers.

http://www.theregister.co.uk/2008/11/07/iphone_passcode/

I've confirmed this on my iPhone 3G (version 2.1), and was able to dial a non-emergency number (my landline phone number). This number is also not listed as a contact in my phone either. So, word to the wise, if you lose your iPhone, people can still make unauthorized calls on it.

Monday, November 3, 2008

Should you learn vi?

There are so many arguments about which editor to use. Some people are quite passionate about their editor of choice. I came across this blog post today through Planet SysAdmin discussing why one person uses vi for system administration.

http://utcc.utoronto.ca/~cks/space/blog/sysadmin/WhyViForSysadmins

It pretty much sums up why it was stronly suggested to me to use vi at the beginning of my career. At that time, I only knew pico and a few commands in emacs; although now, I couldn't tell you how to edit a file in either. Over the years I've noticed the author's point is true. Almost any unix type system you encounter, it will have at least vi installed. It's definitely handy to have a basic proficiency with vi if you do any command line *NIX administration.

So, while you get your caffeine fix at work, this could come in handy as well.

http://www.thinkgeek.com/homeoffice/mugs/7bbe/

Friday, October 31, 2008

Howto Quickly wipe a disk in Solaris

I've had to wipe disks in Solaris because of re-installs or other reconfiguration. I was disappointed that using "format" would take hours. Obviously I'm using the wrong tool.

I came across this thread.

http://www.linuxquestions.org/questions/solaris-opensolaris-20/quick-format-a-hard-drive-496294/

It's strange, but I'm noticing people are posting Solaris questions on a Linux website. I wonder how Solaris admins would've felt 10 years ago if people were posting Linux questions on a Solaris site or Usenet group. But, I digress.

The response is to use "newfs" instead of "format", and it seems to work so far. Thankfully, I learn something new every day.

Monday, October 27, 2008

Careful where you copy/paste

I got an IM from an old coworker discussing that he was trying to answer someone's question about an in-house app and which shared libraries it was using. (NOTE: some of the info has been sanitized to protect the "innocent")

He ran the following command, and then copy/pasted the output

[root@customftp root]# ldd /nfs/customapp/bin/daemon
libkstat.so.1 => /usr/lib/libkstat.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libsched.so.1 => /usr/lib/libsched.so.1
libaio.so.1 => /usr/lib/libaio.so.1
librt.so.1 => /usr/lib/librt.so.1
libthread.so.1 => /usr/lib/libthread.so.1
libstdc++.so.6 => /usr/lib/libstdc++.so.6
libm.so.1 => /usr/lib/libm.so.1
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd5.so.1 => /usr/lib/libmd5.so.1
/usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
/usr/platform/SUNW,Sun-Fire-V210/lib/libmd5_psr.so.1


He then tried to copy paste it into an email, but didn't realize his SSH session was still the active window.

[root@customftp root]# nfs/customapp/bin/daemon
bash: nfs/customapp/bin/daemon: No such file or directory
[root@customftp root]# libkstat.so.1 => /usr/lib/libkstat.so.1
bash: libkstat.so.1: command not found
[root@customftp root]# libnsl.so.1 => /usr/lib/libnsl.so.1
bash: libnsl.so.1: command not found
Connection to customftp closed by remote host.
Connection to customftp closed.


It took me a few minutes to see why he was sending me this IM. My initial reaction was "OK, so you accidently copy/pasted into the wrong window, and somehow you got kicked out." Before reading further, take a look back to see what was so bad about it. Maybe you'll pick it up faster than I did.

Ready?

The output of ldd in a copy/paste was interpretted as piping the output of bad commands to his library files. He basically nuked files he needed in /usr/lib. I initally laughed out loud, but then realized that it was a very unfortunate situation. He said it took him about 2 hours to recover from this mistake.

Thursday, October 23, 2008

Administering Windows from the command line

I sometimes forget that you can do a lot via the command line with Windows. When Unix Admins complain about having to Windows administration, my usual response is "Come on, it's clicky-clicky. Just click around and you'll figure it out." In the past two days, I came across two blog posts that reminded me that you're not necessarily stuck with having to use GUI programs to administer Windows.

The first blog post I came across was posted today about an alternative to running programs remotely on Windows hosts.

http://standalone-sysadmin.blogspot.com/2008/10/issue-remote-commands-to-windows.html

Apparently SysInternals distributed a group of tools called PsTools, which included a utility called PsExec. PsExec allows a user to remotely execute commands on a Windows host. I'm not sure what the security implications are using these utilities. Any time someone uses "telnet" in their description of remote administration, it makes me a bit nervous.

Less than an hour later, I came across this blog post that was written yesterday that makes for a nice supplement to the Standalone Sysadmin post.

http://taosecurity.blogspot.com/2008/10/what-to-do-on-windows.html

It points to another blog discussing useful Windows commands that can be running from the DOS command prompt. I knew all about "net start", "net stop", and some other useful commands to use, but it definitely covers some I didn't know (ex. netsh).

Wednesday, October 22, 2008

Who would think adding a monitor would be so hard?

I was asked today if I'd like an LCD Monitor. I was thinking, "Why not? I could extend my laptop's desktop in Windows XP to it." It's not a bad monitor either; a NEC MultiSync LCD 1970NX. Granted, it doesn't have a flashy widescreen or anything spectacular about it.

I plugged it in to my power strip and VGA port on my Lenovo T61p, and turned it on. Screen black. Oh yeah, need to change my display output settings with a couple toggles of Fn-F7. Still screen black. Huh. Looked at the Display Properties, and XP sees the other monitor and the monitor appears to get a signal. What gives?

I go to NEC's website and see there are drivers for Windows XP. Maybe Plug-and-Play doesn't work? Strange, but okay. Installed the drivers, the LCD 1970NX is detected, etc. Screen black. OK, reboot? Screen black. Went into the menu for the monitor and set it back to factory defaults. Screen still black.

OK, so I go back into Display Properties. Try to make it my default monitor. No dice. Cycle through the display out settings (Fn-F7) so that it only uses the video out. Denied. Change the resolution to something lower, like 800x600 and 16bit color. Still no video. Muck with the screen refresh rate, and change from 60 to 75 Hertz. Starting to lose my patience.

Quick search in Google doesn't yield any known issues, so I cave and ask our local desktop guy. He starts to go through the same steps I've outlined above, without any more success than I do. Then he notices something. My monitor is plugged into the VGA port on my laptop, instead of the VGA port on my port replicator/dock. Apparently, the VGA port on my laptop won't work when it's plugged into my dock, and I have to use the VGA port on it. Makes sense, but I wish XP didn't "detect" the monitor plugged in directly to the laptop, else I would have probably determined that I have to plug the monitor into the dock a lot quicker.

Tuesday, October 14, 2008

Using fvwm2 on Solaris 10

Since I don't like CDE, and the Java Desktop runs painfully slow and looks ugly on my Ultra5; I decided to install fvwm2. I found this site that makes adding fvwm2 fairly painless.

http://www.tiem.utk.edu/~peek/solaris/

Firefox still runs in it, but looks ugly because of the lack of colors. I thought I could get 16bit colors, but I haven't figured it out yet.

I'm debating making it a lab Jumpstart server since it has a 40GB drive. You could argue that I should junk my Ultra5 and it's just a waste of time. It's definitely not worth running as a workstation, since I can easily run VMware Server on my laptop if I want a Unix OS.

Tuesday, October 7, 2008

Segmentation faults when formatting a disk in Solaris

I've had an old Sun Ultra 5 under my desk since I've started at the current job. Instead of keeping it as my footstool, I decided to fire it up and see what happens. Needless to say, this has been a timesuck. I could go into all the details and other mistakes on my part, but it isn't very interesting.

What I didn't know would be a problem was trying to install Solaris 10 after I had impatiently installed NetBSD. Apparently the Solaris installer doesn't know how to recognize the disk formatted by NetBSD. When running "format", it just segfaults and dumps core.

After some Google searches, I came up on this thread.

http://groups.google.com/group/comp.unix.solaris/browse_thread/thread/8107078ff8e2174d?pli=1

after running

dd if=/dev/zero of=/dev/rdsk/c0t0d0s0 bs=512 count=4

I was able to run format on the disk, and run the Solaris 10 install.

Friday, October 3, 2008

Confused by an SSL related blog post

I subscribe to the Planet SysAdmin, an aggregation of Sys Admin related blogs via RSS (http://planetsysadmin.com/). Today, I came across a post that really confused me on what the author was trying to accomplish or explain.

http://utcc.utoronto.ca/~cks/space/blog/web/RevocableSSLNames

I'm hoping that one of you that is smarter than me gets it and maybe can explain it to me. Using his example of online banking, I look at my bank and it looks like the cert is probably handled by a load balancer; or maybe explained in his second case, an HTTPS Proxy server. He discusses revoking the cert by changing the host name.

A) How would that help when I have a bookmark to https://onlinebanking.example.com?
B) and wouldn't you revoke the compromised cert with the certificate issuer anyways?

The only thing I could think of is he's discussing SSL on both ends of his proxy (web client to proxy, proxy to application server). But in that scenario, the only thing that is apparent to the end user is the SSL cert to the proxy which would have to be revoked by the certificate issuer if compromised.

Or, I'm missing something entirely...

Wednesday, October 1, 2008

Solaris Jumpstart server interference

I've been working on trying to install Solaris 10 via DVD and "boot cdrom" on a host in the lab. I've been wondering why the install keeps assigning it an IP address and hostname without me supplying one. Even after running "sys-unconfig", I was never prompted to put in a new IP address or hostname.

The problem was our Jumpstart server. We had jumpstarted this host in the past, testing some automation installs, and the server still had an entry in the ethers file. Apparently when the server starts up, it tries to be slick and configure its interfaces for you when it boots. It looks like the Jumpstart server was picking up the requests and saw it had a matching MAC address in its configuration. The Jumpstart server then passed the hostname and IP address to the server I was trying to install. After we shut down the Jumpstart server, the sys-unconfig worked as expected. I wish the "discovery of network card settings" was not the default behavior.

Wednesday, September 24, 2008

Sudo not included in default Solaris 10 installs

To my surprise, my "default installation" of Solaris 10 that seems to install every known package in the world (who needs Firefox on a server?!?!) does not include "sudo." Apparently, it's on the Companion DVD or available for download from

http://www.sun.com/software/solaris/freeware/

There are also a couple interesting twists with the default package install. One is that the package is installed in /opt/sfw. This includes the sudoers file, which is located and read from /opt/sfw/etc/. In my opinion, this is a pain, because it doesn't put sudo or visudo in the normal default $PATH=/usr/bin:/usr/sbin:/bin:/sbin. I ended up creating symlinks for /etc/sudoers, /usr/bin/sudo, and /usr/sbin/visudo to the appropriate locations in /opt/sfw.

Another strange twist is that after the install, you need to chmod the sudo command with "chmod 4111 sudo" because Solaris doesn't inherently trust the package and it's files. This is another annoyance, since obviously anyone installing sudo had to take extra steps to do so in the first place and obviously already trusts its integrity.

Chalk up another reason why I like Linux over Solaris.

Wednesday, September 10, 2008

VMware startup problems (511 error)

I've been struggling over a day trying to get VMware Server to successfully install on my Windows XP Pro SP3 laptop. Every time I tried to open the console and connect to local host, I would get the error

"511 Error connecting to "C:\Program Files\VMware\VMware Server\vmserverdWin32.exe" process"

I also would see errors in the Event Log (Application and Security) as well. The Application log would complain about vmauthd, and "Failed to impersonate vmware user".

Searching through Google, I'd see some issues that didn't exactly pertain to mine. One post said "if this doesn't work, you're going to have to reinstall Windows." I noticed some posts mentioned having to start the Net Logon service, and noticed I didn't have that in my Services. Searching about "Net Logon" missing, it says that the Client for Microsoft Networks needs to be installed with your network interface. I look at my network interface properties, and there was no Client for Microsoft Networks!

After adding the client to my network interface, my VMware console now starts up. I'm not sure if it's worth replying my solution to the VMware Community thread, since the last update was March 2007. However, I'll post this to the blog and hopefully Google will index it for the next poor admin that is banging his head over this.

Adding FeedBurner support

Out of curiousity of what it actually does and what additional benefits it provides, I've set up "The Bungling Sys Admin" in FeedBurner. I haven't figured out why people use this service, but curiosity killed the cat. Hopefully it won't "break" my blog. Feel free to comment about your experiences with FeedBurner, why you use it or don't use it, and if it made anything go awry with this blog.

Wednesday, September 3, 2008

Mounting Mac formatted drives from Windows

I unfortunately no longer have a Mac, since it was owned by my previous employer. Shortsightedly, I had bought music from iTunes on the Mac and formatted my iPod for Mac as well. When I plug my iPod in now, iTunes for Windows wants to reformat my iPod, and of course I don't have a backup of my purchased music.

I've found this free utility called HFSExplorer that lets you mount Mac formatted drives via Windows XP and maybe other Windows OS's. Right now, I'm copying my music from my iPod to my Windows XP laptop at home. I do notice that iPods format their drives differently and the naming convention doesn't allow me to know what I'm copying over. I'm hoping my music is still ID tagged so that iTunes will rename it and sort it correctly. I'll post a comment to this post if it's fully successful.

Friday, August 29, 2008

Update on useful UNIX tools for Win32

A co-worker sent out this link that has ways to "turbocharge" PuTTY.

Finally looks like I can get my tabbed SSH/terminal sessions. It also mentions puttycyg (affirmation, baby!).

UPDATE (8/29/2008 10:33 EDT):
My comments so far trying out tabbed putty/ssh sessions.
- It doesn't look like PuttyCM supports Puttycyg, which is disappointing. If you use the original putty.exe, it does seem to work how I'd want it to.
- The Putty sessions aren't rolled up into the Putty Tabs program (they still show individually in my taskbar). This doesn't improve my workspace much.

Thursday, August 28, 2008

Unhappy with Red Hat

Right now, I'm not happy with Red Hat. At least not with their sales department.

My group is interested in the capabilities of Red Hat Satellite Server, so I was going to try to obtain a trial license and download it. As far as I know, we don't have any RHEL licenses in our department. I'm sure somewhere in the company we do, since we have thousands of employees, but I sincerely doubt I'll be able to track that account down, and even then, doubt I can use it for access to the Red Hat Network. So, I applied for a trial license of RHEL and was hoping through that entry into RHN, I could also get a trial of Satellite Server. I still couldn't find that as a download, so I've made a couple of attempts to submit requests through their website on how I could evaluate their Satellite Server. No response. I would think sales people would jump at the chance to talk to a warm body that offered up their contact information.

I know there's Spacewalk, and I am interested in that. Unfortunately, it's only supported on RHEL5 compatible OS's. Our standard hasn't included RHEL5 yet; and they aren't open to "exceptions".

Any suggestions? Are there other resale vendors I could talk to that would let me have a 30 day evaluation to download and run Satellite for RHEL4?

Thursday, August 21, 2008

Cron entry mistakes

This mistake came at the expense of one of my old co-workers, who decided to share this with me over Instant Messenger. I got a good laugh at his misfortune. He wanted to set up a cron job that would restart a poorly performing service every 6 hours. This is the cron entry he added.

* */6 * * * service_restart.sh

The lead developer, whose app depends on that service, came up to him wondering why his app was having outages. What my colleague should have configured was

0 */6 * * * service_restart.sh

His cron entry was restarting the service every 6 hours, and then restarting it every minute for an hour during that sixth hour. Brilliant! Although I guess I shouldn't throw stones in glass houses.

Monday, August 11, 2008

Useful UNIX tools for Win32

OK, it's been a while since I've posted. Being laid off and unemployed kind of hurts writing about work experiences. However, don't worry. I'm now at a new job in a new town.

Obtaining work responsibilities have been slow, so I've been reading and playing with software that I hope will help me in making my job easier later. One area I've been reading and trying to increase my knowledge in is remote access, predominantly SSH. I've found the following to be useful.

SSH Agent

I've known about shared-key authentication with SSH for a while, but I've been lame and not applied a passphrase to my key. Honestly, I wanted a quick way to log in, and skip the password. However, I finally was exposed to ssh-agent, which allows you to cache your key's passphrase so you only have to enter it once. After that, when you ssh into a host, ssh-agent will take care of your passphrase for you.

I'm using Cygwin for my shell on my PC, so I'm using the ssh-agent that comes with Cygwin. I hear you can use a program called Pageant to perform this for you PuTTY users.
Puttycyg
I hate the command window that Cygwin defaults to. The copy/paste is terrible, as I think it borrows from cmd.exe. So, I found Puttycyg that gives the Cygwin command prompt a better look and feel. Now I actually get a copy/paste behavior that I like.

Poderosa
I've been spoiled with Mac OSX's iTerm for having tabbed terminal windows. Unfortunately, PuTTY and Cygwin spawn new windows, and their management gets cluttered. Right now, I'm trying Poderosa, mainly because it appears to be open source and managed by the Apache license. It tabs your Cygwin sessions, and apparently other SSH/Telnet sessions as well (but I haven't tried the latter). I found another alternative in Wintabber, but I haven't tried it yet. It appears to be free and have more features I'd be interested in, but I believe is closed source.

I'd be interested in your experiences with tabbed command/shell windows and other useful remote access tricks.

Monday, May 5, 2008

Problem with slave BIND server

After one of the sysadmins at work patched our RHEL4 DNS servers, I noticed our slave server was not successfully receiving updated zone files from the master.

Looking at the logs, I kept seeing the following error

named[5182]: dumping master file: tmp-XXXXTCPn1l: open: permission denied

I installed strace on the server and tried to find where it was trying to write to and see if somehow the directory permissions were incorrect. Unfortunately, strace just showed the "tmp-XXXXX" file failing, but not the directory location.

After some investigation on Google, I found this site. It explained that an updated version of BIND required changes to the named.conf file for slave DNS servers. I then modified our named.conf so that the setting for the zone file was

file "slaves/example.com.zone";

instead of the

file "example.com.zone";

I'm not sure how it worked in the past. Perhaps Red Hat backported an update in BIND that was not initially in RHEL4? I don't know what the Update version was before the patching, else I could probably dig through release notes. However, if you're seeing strangeness with your slave BIND servers, I'd check to make sure your named.conf isn't out of date.

Tuesday, February 5, 2008

What We Should Strive Toward In Operations

I generally keep up with the O'Reilly Sysadmin blog (http://www.oreillynet.com/sysadmin/blog/), although I sometimes find the content and the frequency of updates disappointing. To be fair, you would probably say the same thing about this blog . However, today, they had a blog entry that pointed to another blog entry about "Operations Mantras" that I found interesting.

O'Reilly Link:
http://www.oreillynet.com/sysadmin/blog/2008/02/operations_mantras.html

Operations Mantra Link:
http://dormando.livejournal.com/484577.html

It's a long read, and I'm not totally finished with it, but I found some useful thoughts and some points that give me self-affirmation that I'm not a total screw-up when it comes to system administration.

Some examples of points that I'm interested in following up on are

- In "Understand your data storage and databases", it suggests to investigate starling and Gearman
- The topics brought up in "Asynchronous Jobs"
- In "Use source control", avoid SVN and use Git or Mercurial instead (I'm assuming because these use distributed repositories for version control instead of a central one)

There are also some interesting technical and non-technical theories, practices, and procedures mentioned as well.

Thursday, January 31, 2008

Dell Server OMSA Reporting

I used to think that Dell OpenManage Server Administrator (OMSA) was worthless. I was wrong. I apologize.

I've found for me it's the best way to do actual hardware monitoring. Although there are probably "Official Dell Best Practices" on using and implementing OMSA, I've just gone and installed it and then accessed the machine via my web browser (https://hostname:1311). However, today I found you can actually get some good stuff via the command line using "omreport". Dell's command line documentation for it is located at

http://support.dell.com/support/edocs/software/svradmin/5.2/en/cli/html/report.htm#wp1068065

For instance, I can find out really quick what the status is of my hardware, except for disk/storage related hardware.

# /opt/dell/srvadmin/oma/bin/omreport chassis
Health

Main System Chassis

SEVERITY : COMPONENT
Ok : Fans
Ok : Intrusion
Ok : Memory
Ok : Power Supplies
Ok : Processors
Ok : Temperatures
Ok : Voltages
Ok : Hardware Log

Also, someone wrote a nagios plugin that executes this as well.

http://www.nagiosexchange.org/DELL_Server.61.0.html?&tx_netnagext_pi1%5Bp_view%5D=432

To check storage related, you can run the following command.

# /opt/dell/srvadmin/oma/bin/omreport storage pdisk controller=0
List of Physical Disks on Controller PERC 4e/Di (Embedded)

Controller PERC 4e/Di (Embedded)
ID : 0:0
Status : Ok
Name : Physical Disk 0:0
State : Online
Failure Predicted : No
Progress : Not Applicable
Type : SCSI
Capacity : 68.24 GB (73274490880 bytes)
Used RAID Disk Space : 68.24 GB (73274490880 bytes)
Available RAID Disk Space : 0.00 GB (0 bytes)
Hot Spare : No
Vendor ID : FUJITSU
Product ID : MAW3073NC
Revision : 5803
Serial No. : DAL3P6200PR8
Negotiated Speed : 320
Capable Speed : 320
Manufacture Day : Not Available
Manufacture Week : Not Available
Manufacture Year : Not Available
SAS Address : Not Available

ID : 0:1
Status : Ok
Name : Physical Disk 0:1
State : Online
Failure Predicted : No
Progress : Not Applicable
Type : SCSI
Capacity : 68.24 GB (73274490880 bytes)
Used RAID Disk Space : 68.24 GB (73274490880 bytes)
Available RAID Disk Space : 0.00 GB (0 bytes)
Hot Spare : No
Vendor ID : FUJITSU
Product ID : MAW3073NC
Revision : 5803
Serial No. : DAL3P6200PK3
Negotiated Speed : Not Available
Capable Speed : Not Available
Manufacture Day : Not Available
Manufacture Week : Not Available
Manufacture Year : Not Available
SAS Address : Not Available

My Controller ID is 0. This can be found by running "omreport storage controller". Storage commands can be found on

http://support.dell.com/support/edocs/software/svradmin/5.2/en/cli/html/storage.htm#wp1082304


Friday, January 25, 2008

Clean cabling in the datacenter

Often, clean cabling in the datacenter is neglected; especially by yours truly. It's a hassle, it takes time, and usually you cut corners because you're trying to get other tasks done. However, I was sent this blog post that shows good cabling. I may have re-think about investing the time to do cabling right.

http://royal.pingdom.com/?p=240

Monday, January 14, 2008

RE: iPhone MAC address post

I ran into this post today from TUAW, and there is now an iPhone app that can switch your MAC address.

http://www.tuaw.com/2008/01/14/tuaw-responds-mac-addresses-on-the-iphone/

I guess that would make it more difficult to keep users from using the corporate wireless network with iPhones, unless you can implement a 802.1 solution.

What I've done at work is only allow wireless into our Guest VLAN. If they need to access corporate assets (printers, shared drives, etc.), then they need to use VPN after connecting to the
wireless network.