20 posts tagged “geek”
Here's a list off a whiteboard at work. It's the "Carter list of Planning Firmness" - from Dan Carter the awesome PM.
1. Prayer (hopeless wish)
2. Sand (known but not firm)
2a. dry
2b. wet
3. Swamp (disappears when you look away)
4. [ elided due to argument ]
5. Tarmac (firm until things heat up)
6. Concrete (lasts for eons unless attacked by acid)
I got his permission to publish this on the interwebs cause I think it's perfect.
Here's the natural recourse of the sysadmin when the bike gear gets soaking wet on the commute in to work...
Note the big heat producers are the database heads, Sun T1000 servers. Everything is toasty warm and dry as a bone now. (Sorry for the weird 'halo' around the edge of the image, my phone's camera is misbehaving)
On a related note, since the Cannondale foul weather tights I had xmas-listed became completely unobtainable around christmastime, j3n was on the lookout and found a pair of these Sugoi Subzero Zap tights on clearance at REI yesterday. Wow, they are awesome. Great fit, good construction, and materials that keep me warm without getting clammy and kept the rain on the outside for the whole hour-long trip this morning. A+++ would buy again.
I started using LVM2 on Linux a couple of weeks ago, and so far I'm really impressed. I've installed 4 or 5 servers so far with a part-automated, part-manual process that sets up the root partition via kickstart and then lets me finish the extra bits after install-time. Even when things have gone wrong, I've been able to recover without much pain and fumbling, which I cannot say for the previous iterations of meta-disk tools under linux (starting with the early 'raidtool' stuff and including the more recent 'mdadm'). Here's how it works:
Inside ks.cfg:
There's more but these are the relevant commands for the disk-related stuff. The main thing this does is set up the root volume group with a 'pv.01' partition that contains the non-boot, non-swap parts of the first drive.
# Partition clearing information
clearpart --all
# ignore sdb
ignoredisk --drives=sdb
# zero mbr, don't prompt about uninitialized drives
zerombr yes
# Disk partitioning information
part /boot --asprimary --bytes-per-inode=4096 --fstype="ext2" --size=1000 --ondisk=sda
part swap --bytes-per-inode=4096 --fstype="swap" --size=2000 --ondisk=sda
part pv.01 --size=1 --grow --ondisk=sda
volgroup vg_root pv.01
logvol / --vgname=vg_root --size=60000 --name=lv_root
Then after we're up and running on the newly installed machine, I add the remaining disks to LVM and create a 100G /space partition:
## in fdisk: create a partition that spans the whole
## drive and set its hex code type to '8e' (linux lvm)
# fdisk /dev/sdb
# fdisk /dev/sdc # if it exists
# fdisk /dev/sdd # if it exists
## in pvcreate: make a physical volume that imports the
## whole partition you created under LVM control
# pvcreate /dev/sdb1
# pvcreate /dev/sdc1
# pvcreate /dev/sdd1
## add these disks to the vg_root group, if they exist
# vgextend -v vg_root /dev/sdb1
# vgextend -v vg_root /dev/sdc1
# vgextend -v vg_root /dev/sdd1
## then create a logical volume that's 100G
# lvcreate --size 100G -v --name lv_space vg_root
## or, if you have two disks you can stripe this for performance
# lvcreate -i 2 --size 100G -v --name lv_space vg_root
## Then do the normal things: make a filesystem, add to fstab, mount
# mke2fs -j /dev/mapper/vg_root-lv_space
# vi /etc/fstab
# mount /space
The problem I ran into with it was pretty odd. I added a disk without a valid partition created on it (don't ask) and had to roll back the volume group metadata. Turns out LVM2 stores the metadata in human-readable text files, and saves the state out to a new file before any changes are made, so it's very easy to roll back a botched config. This "cool solution" for corrupted metadata got me back up and running. Under mdadm, this would probably have been a "nuke from orbit" situation.
Even though this is a pretty simple use case, I like the consistency of the command line tools and the fact that things seem to work without a great deal of hair-pulling. I look forward to trying it out in more complex storage situations.
I was trying to find a way in Postfix to do a lookup on sender "MAIL FROM" address, as a cheap method of implementing SPF lookups for a few specific domains: "If the sender claims to be from such-and-such domains, look his IP address up against these addresses and reject the mail if it doesn't match". There's not a way in normal maps to do this sort of two-way lookup so I started casting about for a solution, like using rbldnsd with a zonefile that had entries for everything except the few authorized IPs... yuk. But then with his usual élan and mastery of all things postfix, Mike D pointed out the Restriction class README, which describes how to implement one's own right-hand-side access(5) map actions, which, fortunately for me, can optionally result in a second map lookup. I ended up with this config snippet:
### in main.cf
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access
# this sort of 'declares' the new restriction class' availability
smtpd_restriction_classes = checkthis_access_list
# and then we define what to do when it's used, with a fallthrough 'reject'
checkthis_access_list = check_client_access cidr:/etc/postfix/checkthis.com_access_table, reject
### end of main.cf
### then, sender_access contains:
checkthis.com checkthis_access_list
### and cidr:hotmail_access_list is all of their IPs, perhaps pulled from a SPF record, like
65.152.102.2/24 OK
This turned out to be a very tidy solution and ought to scale up reasonably well. The only caveat is that their list of allowed IPs might change up occasionally and so I ought to script a weekly check for differences in the records. But this is quite good for the purpose at hand (getting us unblocked from a major email service) without having the high overhead of doing full SPF checks on all incoming mail.
Here are a couple of great dialog boxes I've come across.
First, from the "It's All Text" Firefox addon - why would you ever NOT check the bottom checkbox? And why doesn't every application have such a thoughtful option?
Ethereal--err, Wireshark -- has made some significant improvements since last I spent time with it. The conversations summary will make a nice CSV-exported list of all the talkers in a capture, and I just found this little gadget:
You can stack up to five graphs of your data, with a display filter expression to determine what each graph shows. But it wasn't quite what I was after -- I was trying to troubleshoot potential DNS drops and I need to see what the numbers are for requests vs responses to see what's falling on the floor. After some fumbling about, I got some preliminary numbers with the magic '-z' flag to tethereal:
tethereal -n -q -z io,stat,15,dns.flags.response==0,dns.flags.response==1 -r da10-fxp0-1min.pcap
===================================================================
IO Statistics
Interval: 15.000 secs
Column #0: dns.flags.response==0
Column #1: dns.flags.response==1
| Column #0 | Column #1
Time |frames| bytes |frames| bytes
000.000-015.000 7540 642469 2221 422036
015.000-030.000 10159 881052 4309 743040
030.000-045.000 8731 761880 3255 609383
045.000-060.000 8583 749780 3010 541306
060.000-075.000 4287 373267 1318 256260
===================================================================
First thought: hey I didn't even know ethereal could do that! Second thought: Umm, that is pretty poor! The first column is queries, the second column is responses. Given a reasonable world, they ought to be about equal; maybe a few more queries than responses allowing for some timeouts and bogons, but not 70% going unanswered.
Turns out the box was supposed to be a forwarder but did not have 'forward only' on its named configuration. This caused it to try to recurse to the root servers if its upstream didn't respond in time... but it was firewalled off from the outside world. It's much happier now.
DNS performance is like the internet's "suck knob".
UPDATE: Here's the same output after the change... Much, much better. CPU usage dropped from 98% to 3%.
===================================================================
IO Statistics
Interval: 15.000 secs
Column #0: dns.flags.response==0
Column #1: dns.flags.response==1
| Column #0 | Column #1
Time |frames| bytes |frames| bytes
000.000-015.000 2168 178373 2239 480066
015.000-030.000 2430 202403 2459 543439
030.000-045.000 2441 198495 2352 507860
045.000-060.000 2221 180372 2124 441709
060.000-075.000 2696 217967 2575 503873
075.000-090.000 1752 142381 1704 338970
090.000-105.000 220 18114 224 48481
===================================================================
Thank you, open source community. - just when i thought i had stumbeld on some useful software to fix my linux md problem, you rescued me! I thought I was gong to have to give up my cynical posture and be genuinely happy about something you produced. Fortunately, I get to hang on to it like a comfortable but worn pair of shoes with brand-new resoles. Lo, from the FAQ:
| Q. | I have a RAID-5 region, and My system was running fine but got shut down uncleanly. Now EVMS says my RAID-5 is corrupted and no longer activates it. How do I recover my region? |
| A. | Answer coming soon. |
Hahhahahhhhahhhhhhhh (insane gibbering laughter trailing off down the tiled, sterile, unlit corridors)
After some initial struggles getting the upload working, I have gotten very pleasantly comfortable with my new Polar CS300 heart rate monitor that I got for X-mas (Thanks Dad!). I picked this one because it has a cycling sensor but it's a watch, not a cyclocomputer, so I can use it for jogging too. I like being able to target specific percentages of max effort. The beeping warning above 85% saved my butt on a bike climb two weeks ago by reminding me to take it easy instead of blasting off and then dying half-way up. But even more than that, I like the stats! I've transfered my odometer obsession over to HRM, made all the more wonderful because it's all online. Here's my last week from the Polar Personal Trainer upload site:
The morning and day/evening Cycling events are my commute, which is a pretty consistent 32 minutes. The 'Other' are either runs or commutes on my fixed-gear bike, which doesn't have a HRM sensor strapped to it. The 1-hour 22-minute run for today (Sunday) was a very nice 8 miler with Laswell, who was well-muddied and happy by the end of it.
So here are the main good and bad points about the CS300:
Likes:
- Reasonably sized wristwatch form factor
- Can upload own bitmap for logo display! 1-bit grayscale, and numberTheDraw rides again.
- Aforementioned cycling/non-cycling event tracking
- SonicLink 110-baud audio upload annoyingly unreliable
- Upload software Windows-only (though it works fine under Parallels, yay)
- OwnZone limits cryptic and wrong IMO
here's my awesome gamercard tag from xbox live
Get your own Gamercard Sig.
Yes, I had to pick the cute wolfie!
Well, sort of. I sent my beloved MacBook Pro in for repair last week and it's been somewhat traumatic. Nice not to have to load up the panniers on the bike to work, but I know Jen's getting annoyed with my usurpation of her Mini and I miss my oh-so-lovingly tweaked quicksilver-powered desktop.
