Re: What Language for a kid

[Kenny Lussier]

She did do a little with the Hour of Code thing last year, and I had
thought that her interest had dropped off after that. Come to find out, she
is very much still interested, just discouraged by the lack of exposure in
school.

I have to say, I have never heard of Scratch. There are a lot of people
suggesting it, so I should probably look into it ;-) It looks like a good
fundamentals

I'm not a coder, so a lot of this is new to me. I'm a scripter. I do bash,
some perl, some python... a little bit of LOLCode (no, really, you *CAN*
haz VAR!!).  I miss Logo. And Basic.

Thanks for all of the advice. I think I'll probably point her at Scratch.
and see where she goes with it. If she really does enjoy it, then maybe a
Kano is in her future, or possibly a Pi



Thanks,
Kenny


On Wed, Dec 23, 2015 at 12:49 PM, Matt Minuti  wrote:

> Also, did she do any hour of code stuff? That just happened recently, so
> perhaps that served as inspiration and could help guide the quest. Or maybe
> she just heard the rhetoric around it and thought it would be neat?
> On Dec 23, 2015 11:25 AM, "Kenny Lussier"  wrote:
>
>> Hi All,
>>
>> My daughter has expressed an interest in learning to code. It's a
>> non-specific, very general interest. She doesn't have a specific area of
>> interest that she wants to learn (UI, game development, HPC, etc.), she
>> just want to learn how to code.
>>
>> What do people think is the best language for a 12yr old to learn? What
>> is most flexible to use for different purposes? What tools are out there to
>> teach a kid to code? Code Academy and the like seem to be a little dry and
>> never yielded wonderful results for most of the adults I know, so other
>> ideas would be welcome.
>>
>> Thanks,
>> Kenny
>>
>>
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>
>>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: What Language for a kid

[Kenny Lussier]

OK, three people in a matter of 10 minutes have suggested Kano to me. For
the benefit of others, The Kano is a raspberry Pi that kids build
themselves, and learn to code using examples from Minecraft and others.
It's a really cool system: http://us.kano.me/

On Wed, Dec 23, 2015 at 11:24 AM, Kenny Lussier  wrote:

> Hi All,
>
> My daughter has expressed an interest in learning to code. It's a
> non-specific, very general interest. She doesn't have a specific area of
> interest that she wants to learn (UI, game development, HPC, etc.), she
> just want to learn how to code.
>
> What do people think is the best language for a 12yr old to learn? What is
> most flexible to use for different purposes? What tools are out there to
> teach a kid to code? Code Academy and the like seem to be a little dry and
> never yielded wonderful results for most of the adults I know, so other
> ideas would be welcome.
>
> Thanks,
> Kenny
>
>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

What Language for a kid

[Kenny Lussier]

Hi All,

My daughter has expressed an interest in learning to code. It's a
non-specific, very general interest. She doesn't have a specific area of
interest that she wants to learn (UI, game development, HPC, etc.), she
just want to learn how to code.

What do people think is the best language for a 12yr old to learn? What is
most flexible to use for different purposes? What tools are out there to
teach a kid to code? Code Academy and the like seem to be a little dry and
never yielded wonderful results for most of the adults I know, so other
ideas would be welcome.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Nagios External Commands

[Kenny Lussier]

Hi All,

I find myself back to working with Nagios after a long hiatus of using much
friendlier monitoring systems

I'm trying to set up snmp trap monitoring, which I've dome in the past, but
I'm missing something that I just can't seem get. I can send a trap from a
system, the trap is received by the trap catcher, it's handed off to snmptt
for translation, which uses the EXEC line to put an external command in the
nagios.cmd file. That all works. But notifications aren't sent, and the
status of the service never changes.

So:

snmptrap -v 2c -c public util1 '' .1.3.6.1.6.3.1.1.5.5 ## runs on util2


Fri Oct 30 17:42:03 2015 .1.3.6.1.6.3.1.1.5.5 Normal "Status Events" util2
- An authenticationFailure trap signifies that the SNMP  ## Shows up on
util1 in snmptt.log

[1446226923] PROCESS_SERVICE_CHECK_RESULT;util2;TRAP;1;An
authenticationFailure trap signifies that the SNMP  ## Shows up in
nagios.cmd

So, it appears that everything is set up correctly, but Nagios isn't
processing the external service check command and setting the status to
warning and sending me an email.


Any ideas?

TIA,
Kenny



My configs look like this:

define service {
nameTRAP
service_description TRAP
active_checks_enabled   0   ; Active service checks are enabled
passive_checks_enabled  1   ; Passive service checks are
enabled/accepted
process_perf_data   0
obsess_over_service 0   ; We should obsess over this
service (if necessary)
check_freshness 1   ; Default is to NOT check service
'freshness'
freshness_threshold 93600
notifications_enabled   1   ; Service notifications are enabled
event_handler_enabled   1   ; Service event handler is enabled
flap_detection_enabled  0   ; Flap detection is enabled
process_perf_data   1   ; Process performance data
retain_status_information   1   ; Retain status information across
program restarts
retain_nonstatus_information1   ; Retain non-status information
across program restarts
check_command   check-host-alive  ; This will be used
to reset the service to "OK"
is_volatile 1
check_period24x7
max_check_attempts  1
normal_check_interval   1
retry_check_interval100
notification_interval   1
notification_period 24x7
notification_optionsw,u,c,r
contact_groups  klussier   ; Modify this to match your
Nagios contact group definitions
register0
}

define contact{
contact_nameklussier
alias   klussier
service_notification_period 24x7
host_notification_period24x7
service_notification_optionsw,u,c,r
host_notification_options   d,u,r
service_notification_commands   notify-by-email
host_notification_commands  host-notify-by-email
email   klussier@
}

define contactgroup{
contactgroup_name   klussier
alias   klussier
members klussier
}


define service{
   host_name   util2
   use TRAP
   contact_groups  klussier
}
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Crowdfunding an Ubuntu smartphone (right now)

[Kenny Lussier]

Sprint is a mix of both CDMA and PCS. In not sure what their Nextel phones
are using these days.

But the use of LTE has nothing to do with the telephony transport. There is
also TD-LTE, but that is mostly APAC.
On Jul 30, 2013 10:30 AM, "Thomas Charron"  wrote:

> On Tue, Jul 30, 2013 at 8:31 AM, Kenny Lussier  wrote:
> > But LTE is the data network, not the telephony network. VzW is still a
> > CDMA network, AT&T and T-Mo are still GSM, and Sprint is still
> > PCS/GSM. So, unless the phone is data-only, and uses no telephony
> > protocol, it needs to have a CDMA, TDMA, GSM/UMTS, or PCS radio.
>
>   Not correct.  Most importantly, Sprint is CDMA.  All providers are
> rolling out LTE.  VoLTE exists, and Verizon is pushing heavily to
> moving to an all LTE network capability starting next year.
>
>   And TDMA doesn't really exist in the US anymore.
>
> --
> -- Thomas
>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Crowdfunding an Ubuntu smartphone (right now)

[Kenny Lussier]

On Tue, Jul 30, 2013 at 7:54 AM, Kyle Smith  wrote:
> It's LTE only, that's part of their "future phone" strategy.  I believe LTE
> only works on Verizon and AT&T these days (others?).

LTE is used on all major networks - VzW, AT&T, T-Mo, and Sprint. Also,
Sprint was just bought out and the new company has said that they plan
to extend their LTE network beyond AT&T and catch up to VzW over the
next year with a $16B investment in LTE rollout alone.

But LTE is the data network, not the telephony network. VzW is still a
CDMA network, AT&T and T-Mo are still GSM, and Sprint is still
PCS/GSM. So, unless the phone is data-only, and uses no telephony
protocol, it needs to have a CDMA, TDMA, GSM/UMTS, or PCS radio.

-KL
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Resume length and history

[Kenny Lussier]

Hi All,

Not specifically Linux-related, but I was wondering what other people are
seeing/doing with resumes these days. I have seen everything from a 2-page
resume for someone with 20 years of experience to a 15-page resume for
someone with 2 jobs over 3 years (it looked like the output of cat
~/.bash_history). How far back should a resume go? How long should it be
before you stop reading it? I'm seeing absolutely no consistency in
resumes, and the ones that come from recruiters seem to be the worst
formats.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Tablet recommendations?

[Kenny Lussier]

On Wed, Mar 21, 2012 at 9:42 PM, Ben Scott  wrote:

> On Wed, Mar 21, 2012 at 8:15 PM, Jeffry Smith  wrote:
> > Just got our tax return back, and looking to buy a tablet, preferably
> > Android.  Something in the 9-10 inch range, 32-64GB of memory.  Anyone
> > have recommendations?  If so, why those?
>
>
>  So, I'd suggest trying things hands-on before you commit to a purchase.


 I second the "try one before you buy it" suggestion. It's the same with
phones. Never buy something that you haven't held and used. Google will be
releasing a Nexus tablet in the next few months, and the rumors are that
the price will be in the $150-$250 range.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: replicated file system?

[Kenny Lussier]

On Tue, Feb 28, 2012 at 3:36 PM, Michael ODonnell <
michael.odonn...@comcast.net> wrote:

>
>
>
> > (DRBD>LVM>iSCSI>Heartbeat)
>
> Heh.  I suspect that will somehow look familiar to Mr. Lussier... ;->
>
> He did indicate a wish to have an Active/Active rig but I believe
> that approach only allows Active/Standby, yes?
>
>
I think I have seen that somewhere before :-)

The issue with DRBD is that is is exactly like a network-based RAID 1. The
data written to the second server is not accessible unless there is a
failure on the first system. What I would really like to do is have two (or
more) servers share their local  file systems with each other and load
balance FTP and sFTP. If one server goes down, the files that were written
to it should still be available from other nodes. Something like a K-safe
file system. This would all be a lot easier if there were a shared storage
device in the background, or even an NFS server.

I was looking at ceph/btrFS, but it doesn't look to be mature enough.
Gluster may be the way to go. I played with GFS2 a few years ago when it
was in it's infancy, and it required a shared back end. I haven't looked at
it recently. Has this changed? Can I create a storage cluster using local
storage from each server?

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

replicated file system?

[Kenny Lussier]

Hi All,

I am looking for new ideas on how to replicate file systems. I have a need
for redundant ftp servers, which could either be active/standby or
active/active, as there is a load balancer in front of them. Currently, we
periodically rsync the directory over to the standby system. What I would
like to do is have a mirrored/replicated/clustered file system so that both
systems can be active at the same time, and the data is automagically
available on either, even in the event that one server fails. The catch is
that there is no back-end shared storage (no SAN, NFS, etc.). I thought
about drbd, but that is active/backup only. Most other systems required
shared storage. I'm looking at using incron/inotify or Unison, but I was
curious to see how other people would creatively solve this problem. Ideas?


TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Junior to mid-level Sysadmin

[Kenny Lussier]

Hi All,

My company, Litle & Co. is looking for a junior to mid-level sysadmin. If
you or anyone you know is interested, please feel free to send them my way.

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: [OT] Adding recruiters to LinkedIn connection list?

[Kenny Lussier]

On Thu, Jul 14, 2011 at 10:58 AM, Jefferson Kirkland
 wrote:
> That is quite the point you have made, Kenny.  I had a couple recruiters in
> my LinkedIn until this morning and after reading your post, i have removed
> them.  They were only in there because back in 2009 when I was unemployed,
> they were in contact with me every other day.  Seeing as how I have been
> re-employed for a while, its time for them to swim on their own.

I have 2 recruiters in my network, but both are good friends of mine.
And they both know that if they start contacting people from my list,
I'll kill them :-)

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: [OT] Adding recruiters to LinkedIn connection list?

[Kenny Lussier]

On Thu, Jul 14, 2011 at 9:32 AM, Michael ODonnell
 wrote:
>
> Over time, several recruiters (none of whom have ever actually
> found work for me) have asked to be added to my LinkedIn
> connections list.  I have so far not added them because my
> involvement with them has been superficial and I generally try
> to mention people on my connections list only if I've actually
> interacted with them in some professional capacity.
>
> It seems likely that there is (possibly substantial!) value to
> a recruiter in being able to see my connections, but is there
> value (or harm) to me?

The harm to you, in my opinion, is that the recruiters will use your
network to spider. They will begin spamming all of your connections,
and using your reputation to get them in the door with other people.

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ssh + svn - pam

[Kenny Lussier]

On Fri, Jul 8, 2011 at 7:38 AM, Cole Tuininga  wrote:
> On 7/7/11 5:04 PM, Kenny Lussier wrote:
>> What I need to do is make it so that certain users can check in and
>> out, but the server that the repositories resides on needs to be
>> locked down, and these users can't have accounts on it. I was
>> contemplating having local accounts with a shell of /dev/null, but I
>> wanted to ask the group what peoples thoughts on the best practices
>> are for this sort of scenario.
>
> This kinda goes against what you've specified (doing it over ssh), but
> is webdav an option for you?  Going that route, I believe it can be set
> up without requiring user accounts...

I really don't know if webdav is an option. The whole story is that
the SVN repo is going to be the back end for a puppet setup. People
will check files into the svn repo, then puppet will check them out
and push them. We need people to be able to check files in, but we
don't want to give them to have local accounts. It's like a roach
motel for configurations.

There are several ways to give them local accounts and disallow
logins, I know, but I would rather have the box be an island, and of
course, encrypt the transport.

Thanks,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

ssh + svn - pam

[Kenny Lussier]

Hi all,

Many many (many) moons ago, I had set up an svn server at a company. I
remember setting it up so that it was svn+ssh, but it didn't require
local accounts in /etc/passwd, it just used accounts out of the
repositories passwd-db. I can't seem to remember how I did this, and I
can't seem to find a way to do it now. This leads me to believe that
my memory is failing.

What I need to do is make it so that certain users can check in and
out, but the server that the repositories resides on needs to be
locked down, and these users can't have accounts on it. I was
contemplating having local accounts with a shell of /dev/null, but I
wanted to ask the group what peoples thoughts on the best practices
are for this sort of scenario.

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

nproc

[Kenny Lussier]

Hi all,

I have some questions about kernel calculations and number of
processes. First, the specs: Rhel 5 running 2.6.18-238.el5

My first question is, does anyone know how nproc is calculated?  I
have seen some issues lately where the limits.conf hard limit is
imposed, but the user hasn't exceeded the number of processes. The
number of processes on the box is also reported as being abnormally
high in newer kernels because every kernel processes is run on a
per-core basis:

root   669  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/0]
root   670  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/1]
root   671  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/2]
root   672  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/3]
root   673  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/4]
root   674  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/5]
root   675  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/6]
root   676  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/7]
root   677  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/8]
root   678  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/9]
root   679  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/10]
root   680  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/11]
root   681  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/12]
root   682  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/13]
root   683  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/14]
root   684  0.0  0.0  0 0 ?S<   07:28   0:00 [kblockd/15]


Second, why can't I set a per user limit in limits.conf that is higher
than the default (*) limit value?

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: syncing music between computer and smart phone

[Kenny Lussier]

Ah... Sorry, I assumed you were doing that. When you connect to usb, you
should have the option to turn on usb mass-storage.
On Oct 18, 2010 9:28 PM, "Stephanie Kvam"  wrote:
> So I gave up on finding a useful bit of software to help me. I did a
> manual transfer from my computer to my phone instead. I spoke to
> someone at Verizon, and it turns out my phone had to be set to "USB
> Storage device" (or something like that) so that the SD on my phone
> would be able to receive files from my computer. I added a folder to
> my phone called "music" using Nautilus, and dragged and dropped my
> music files into my new "music" folder on my phone.
>
> Success!
>
> On 10/16/10, Kenny Lussier  wrote:
>> You may need to do some set up on the phone. This article may help:
>>
>> http://www.ghacks.net/2009/10/22/sync-your-android-phone-with-banshee/
>>
>> On Sat, Oct 16, 2010 at 9:50 PM, Stephanie Kvam  wrote:
>>> We download Banshee 1.8, but do not see any way to export or sync my
>>> library with my Droid X phone. The help file states the following (see
>>> below). But it doesn't seem to detect my device. The USB connection
>>> works because I can see the disk drive and an F-Spot prompt pops up
>>> looking for photos. I am currently running Ubuntu 9.10 (Karmic).
>>>
>>> Thanks,
>>> Stephanie
>>>
>>> Choose your device from the Banshee menu and then choose how you want
>>> to sync your media, including:
>>> * Music
>>> * Audiobooks
>>> * Videos
>>> * Podcast
>>>
>>> From the dropdown menu next to each of the media, choose from:
>>> * Manage manually
>>> * Sync entire library
>>>
>>> On 10/13/10, Kenny Lussier  wrote:
>>>> You can take a look at Banshee (http://banshee.fm/).
>>>>
>>>> C-Ya,
>>>> Kenny
>>>>
>>>
>>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: syncing music between computer and smart phone

[Kenny Lussier]

You can take a look at Banshee (http://banshee.fm/).

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: OT: CDMA Repeaters/Booster

[Kenny Lussier]

On Wed, Sep 15, 2010 at 11:02 AM, mark  wrote:
> On Wed, Sep 15, 2010 at 10:55 AM, Mark Komarinski  
> wrote:
>> Sorry for the OT, but this seems to be the best group to ask this
>> question of.  Well, I guess if I do get an answer, then I can *mumble*
>> firefox and *grumble* Ubuntu and *cough* ssh
>>
>> My in-laws have a place in Central NY that gets you one bar on most
>> Verizon phones if you hold your arm out just..right..in one corner of
>> the house.  There's no Internet service there, so a pico/femtocell is out.
>>
>> Anyone have experience with repeaters or boosters over a small area to
>> improve the signal, preferably something that can be mounted outside?
>
>
> Give this a shot:
>
> http://www.ehow.com/how_4686145_improve-signal-strength-verizon-customers.html
>
> However, depending on the cell phone plan, you may incur roaming costs
> above your minutes consumption.

My last company had issues with cell reception. Given that we were
developing software for cell phones, it was a bit of a problem ;-) We
got a Wilson multi-band amlifier. There was an antennae that was
mounted on the roof of the building, connected by coax to the
repeater, and a broadcast antennae coming out the other side. It cost
about $300 at the time. We went from no signal to 4 bars instantly.
The roof-mounted antennae needs to have decent signal, though. In our
case, from the roof, there was line of sight to a tower.

HOWEVER This was for GSM (AT&T phones), and it was
900/1800/1900/2100. I'm not sure what it out there for CDMA. YMMV.

C-Ya,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Zabbix Distributed Monitoring

[Kenny Lussier]

Hi All,

Is anyone using Zabbix in a distributed monitoring configuration? I am
trying to set up alerts based on the trigger results of three child
nodes, and not getting anywhere. I'll expound upon request, but if no
one is doing it, I'll keep searching The Googles ;-)

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Froyo on Droid?

[Kenny Lussier]

On Mon, Aug 16, 2010 at 6:03 PM, Shawn O'Shea  wrote:
>
>> have no interest in upgrading just yet. Unless, of course, VzW scores
>> a Samsung Galaxy S model (like the Captivate that AT&T has).
>>
>
> They did. It's called the Verizon Fascinate. No release date yet, but the
> announcement that Samsung did a month or so ago confirmed that VzW will
> carry the Galaxy S. My guess is that they wanted to get the Droid X and
> Droid 2 out the door first.
>
> http://www.engadget.com/2010/06/28/verizon-ropes-in-samsung-fascinate-us-cellular-gets-a-galaxy-s/
> http://www.engadget.com/2010/06/29/samsungs-american-galaxy-s-phones-pose-for-family-portrait/

VzW ill probably hold off until the rest of the phones are running
FroYo. Releasing a 2.1-based phone at this point is useless.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Froyo on Droid?

[Kenny Lussier]

On Mon, Aug 16, 2010 at 1:12 PM, Mark Komarinski  wrote:
> On 08/16/2010 12:18 PM, Kenny Lussier wrote:
>>
>> (VzW is offering early upgrades to D1
>> users to get them to either the Dx or the D2).
>
> The only reference to early upgrades I see is if your contract is up by
> 12/31/10.  Given that most people get a new phone every two years, there's
> no way that anyone that got a Droid (unless they paid full price or were on
> a 1 year plan) will be able to upgrade.
>
> Do you have any other information on this plan?  I'd love to upgrade.

I was told that I could upgrade to a Droid X at "New Customer
Pricing", which just means that I would pay the $200 that everyone
else pays instead of the full no contract price. Other than that, I
can't really tell you much. I was only half listening to the guy. I
have no interest in upgrading just yet. Unless, of course, VzW scores
a Samsung Galaxy S model (like the Captivate that AT&T has).

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Froyo on Droid?

[Kenny Lussier]

On Mon, Aug 16, 2010 at 12:16 PM, Tyson Sawyer  wrote:
> On Mon, Aug 16, 2010 at 11:59 AM, Mark Komarinski  
> wrote:
>> I just got Froyo for my Droid on Saturday.  I'm not sure what I'm
>> missing, so I guess ignorance is bliss.  I know that tethering requires
>> an extra charge,
>
> That is my primary complaint.  I don't use much data and feel that I
> already pay plenty for it.  I would VERY much prefer to pay for the
> bandwidth that I use and be permitted to use it the way I want/need
> to.  But I'm not aware of such a plan being available.
>
> I have to admit that I'm as concerned about being subject to arbitrary
> restrictions and choices made by Verizon.  All the "super special
> custom" UI's that replace the stock one do nothing for me and I'd
> rather not be subjected to them.  One reason I chose the Droid was the
> "Stock" UI/Android 2.0/2.1 install with a big promotion of an openness
> and "Droid Does".  I fear that with 2.2 they have stepped back from
> that.
>
> I'm also interested in being able to install packages that may require
> rooting.  The Android Scripting Environment (or what ever the name is
> these days) is more limited if run on a non-rooted phone.  I don't
> know if 2.2 will be rooted on the Droid, thus locking me out of these
> options.
>
> It is worth noting that my phone is currently stock and not rooted.  I
> have never installed the scripting environment or anything else that
> might enjoy a rooted phone.  I do care about paying obscene prices for
> a small amount of data and I just have a reaction (an irrational
> reaction?) to being locked out and treated like an Apple customer.
>
>> As for benefits, voice actions is really nice, and moving applications
>> to SD lets me free up a lot of space.  Applications seem snappier and
>> having the two additional home screens lets me drop in more widgets.
>
> These I am looking forward to! :-)
>
> Thanks!
> Ty

You can replace the stock Moto launcher with ADW.launcher, Helix (or
Helix2), LauncherPro, or a whole host of other launchers that give you
up to 7 home screens, and change the behavior  of the drawer. I am
personally partial to ADW, as it allows me to have a scrollable icon
tray at the bottom of the screen.

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Froyo on Droid?

[Kenny Lussier]

On Mon, Aug 16, 2010 at 11:59 AM, Mark Komarinski  wrote:
> On 08/16/2010 09:58 AM, Tyson Sawyer wrote:
>> I've read that Android 2.2 is making its way to the original Motorola
>> Droid from Verizon.  I've also read that it doesn't support a few key
>> features that I was looking for and are reported to be present in the
>> "after market" builds.
>>
>> I've done a bunch of searching of the 'net and can't find any clear
>> statements/reviews covering what is missing if I go "after market".  I
>> also can't find any information stating if I can return to the herd if
>> I find problems with the alternate path.
>>
>> Is there anyone in this group that has personal experience with an
>> after market build of Froyo on the original Droid?  ...or does anyone
>> know of a site/link/post that I've missed that gives a more complete
>> picture of what life is like on the outside?
>
> I just got Froyo for my Droid on Saturday.  I'm not sure what I'm
> missing, so I guess ignorance is bliss.  I know that tethering requires
> an extra charge, and Flash support will be available in another update
> due in a few weeks from Verizon.
>
> The biggest problem I have is connecting to my WPA2 OpenWRT install.  I
> had to back it down to WPA instead and is working fine.
>
> As for benefits, voice actions is really nice, and moving applications
> to SD lets me free up a lot of space.  Applications seem snappier and
> having the two additional home screens lets me drop in more widgets.

VzW has stripped out tethering and the mobile hotspot features of
FroYo. The two major ROMs out there for the Droid, Sapphire and
Cyanogen, both re-enable the tethering. Mobile HotSpot has been added
and removed from both ROMs at various points for a multitude of
reasons. The "Official" FroYo from VzW/Moto also includes Motorola's
theme, un-removable apps (Amazon MP3 store, etc.), removes some
configuration options, and a lot of other minor details.

The main reason that I have found for rooting a Droid is to extend
it's life. VzW and/or Moto will most likely not push out any future
updates to the D1. It has officially been EOL'd, Assurion (the cell
phone insurance people) can't replace a D1 with another D1 (they are
offering alternatives), and there are several newer Moto phones that
they would prefer you to buy (VzW is offering early upgrades to D1
users to get them to either the Dx or the D2). So, if there is a
release of Android 2.5 or 3.0, for example, chances are that VzW/Moto
will not push it out to D1 customers. Those who have rooted their
phones will be able to upgrade. This is the case with the G1 from
T-Mobile. That was an Android 1.6 phone that was not supposed to get
any upgrades. There are a lot of people running FroYo on it, and
thanks to the better processing, memory management, etc., it has
breathed new life into their phone.

Check out http://www.droid-life.com.

C-Ya,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Really old /proc weirdness?

[Kenny Lussier]

On Thu, Mar 11, 2010 at 9:31 PM, Kenny Lussier  wrote:

>> Install glibc-headers if you are going to develop programs which will
>> use the standard C libraries.
>>
>> There may be something under the /proc/sys subdirectories that may have a
>> direct or indirect influence on this too.
>>
>> I'd also diff the /etc/sysctl.conf files, 'cause I'm paranoid like that.
>
> I've done diffs of /etc on them, and the only differences are things
> that have to be different (ip address, etc.). sysctl, /etc/security/*
> and /boot/config-* were the first things I checked.  The mystery has
> gotten stranger, too. There is apparently a 2nd server that is now
> displaying the same behavior. The system works, and almost everything
> seems to be functioning fine. The only problem that I have seen so far
> is that Tripwire scans are failing due to java memory issues. I'm not
> sure if it's related or not yet.
>
> I'll be doing some experimenting tomorrow (and probably all weekend)
> to find out what went wrong.

Mystery solved. Jr. sysadmin tried to "help" and forgot to mention
it. Trying to make systems package-for-package identical, he did
downloaded all of the packages that were on the old system and did rpm
--force --nodeps -Uvh *. This included all of the glibc*
packages..

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Really old /proc weirdness?

[Kenny Lussier]

On Thu, Mar 11, 2010 at 2:59 PM, mark  wrote:
> On Thu, Mar 11, 2010 at 9:25 AM, Kenny Lussier  wrote:
>>
>> Hi all,
>>
>> I have the unfortunate need to reproduce a server that was built 6
>> years ago, and make them identical. The server is RHEL3 i386. I have
>> managed to get the boxes to an identical state at the OS and package
>> level, and everything seems to work. However, there is one thing that
>> has me puzzled. On the original box, when a child process is forked,
>> it is hidden from `ps`. In one case, if I do a `ps auxww | grep
>> splunk`, I get:
>>
>> I have read up on this, and I understand group leaders, and group
>> member non-leaders. The weirdness comes in on the new system. Exact
>> same kernel, package-for-package identical to the first. The
>> difference is that there are no .pid files in /proc, and ps shows
>> every child:
>>
>
> The hidden files in /proc are threads that have gotten forked, see man 2
> clone for more on that.  You can see these in ps using the -m option:  ps
> -efm to get the listing; and ps-efm|sort -n -k2 to see them sorted by PID,
> which may be more helpful to see what spawned what.
>
> Look at the libc and glibc rpms on both systems to see if they are
> identical. To be certain, check the --info data for each and see if the
> build date, build host, and signature are all identical; e.g.:
>
>  rpm -q glibc-headers-2.3.2-95.33 --info
> Name    : glibc-headers    Relocations: (not relocatable)
> Version : 2.3.2 Vendor: Red Hat, Inc.
> Release : 95.33 Build Date: Wed 23 Feb 2005
> 08:01:07 AM EST
> Install Date: Tue 28 Jun 2005 01:05:53 PM EDT  Build Host:
> porky.build.redhat.com
> Group   : Development/Libraries Source RPM:
> glibc-2.3.2-95.33.src.rpm
> Size    : 1915921  License: LGPL
> Signature   : DSA/SHA1, Tue 29 Mar 2005 01:28:25 PM EST, Key ID
> 219180cddb42a60e
> Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> Summary : Header files for development using standard C libraries.
> Description :
> The glibc-headers package contains the header files necessary for
> developing programs which use the standard C libraries.  If you are
> developing programs which will use the standard C libraries, your system
> needs to have these standard header files available in order to create the
> executables.
>
> Install glibc-headers if you are going to develop programs which will
> use the standard C libraries.
>
> There may be something under the /proc/sys subdirectories that may have a
> direct or indirect influence on this too.
>
> I'd also diff the /etc/sysctl.conf files, 'cause I'm paranoid like that.

I've done diffs of /etc on them, and the only differences are things
that have to be different (ip address, etc.). sysctl, /etc/security/*
and /boot/config-* were the first things I checked.  The mystery has
gotten stranger, too. There is apparently a 2nd server that is now
displaying the same behavior. The system works, and almost everything
seems to be functioning fine. The only problem that I have seen so far
is that Tripwire scans are failing due to java memory issues. I'm not
sure if it's related or not yet.

I'll be doing some experimenting tomorrow (and probably all weekend)
to find out what went wrong.

Thanks,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Really old /proc weirdness?

[Kenny Lussier]

Hi all,

I have the unfortunate need to reproduce a server that was built 6
years ago, and make them identical. The server is RHEL3 i386. I have
managed to get the boxes to an identical state at the OS and package
level, and everything seems to work. However, there is one thing that
has me puzzled. On the original box, when a child process is forked,
it is hidden from `ps`. In one case, if I do a `ps auxww | grep
splunk`, I get:

root  2933  0.2  0.3 70656 29692 ?   SMar10   2:25 splunkd
-p 9998 start
root  2934  0.0  0.0 17756 6216 ?SMar10   0:01 splunkd
-p 9998 start
root  2161  0.0  0.0  3696  672 pts/0S09:05   0:00 grep splunk

But if I look in `top`, I see:

 2933 root  15   0 29692  28M  8444 S 0.0  0.3   0:01   1 splunkd
 2934 root  15   0  6216 6216  5492 S 0.0  0.0   0:01   2 splunkd
 2935 root  15   0 29692  28M  8444 S 0.0  0.3   0:00   2 splunkd
 2936 root  23   0 29692  28M  8444 S 0.0  0.3   0:00   2 splunkd
 2937 root  15   0 29692  28M  8444 S 0.0  0.3   0:04   0 splunkd
 2938 root  15   0 29692  28M  8444 S 0.0  0.3   0:27   2 splunkd
 2939 root  25   0 29692  28M  8444 S 0.0  0.3   0:00   0 splunkd
 2940 root  25   0 29692  28M  8444 S 0.0  0.3   0:00   0 splunkd
 2941 root  15   0 29692  28M  8444 S 0.0  0.3   0:01   1 splunkd
 2942 root  15   0 29692  28M  8444 S 0.0  0.3   0:01   3 splunkd
 2944 root  15   0 29692  28M  8444 S 0.0  0.3   0:02   2 splunkd
 2951 root  15   0 29692  28M  8444 S 0.0  0.3   0:00   0 splunkd
 2952 root  15   0 29692  28M  8444 S 0.0  0.3   0:00   1 splunkd
 2953 root  25   0 29692  28M  8444 S 0.0  0.3   0:00   0 splunkd
 2956 root  15   0 29692  28M  8444 S 0.0  0.3   1:38   2 splunkd
 2957 root  15   0 29692  28M  8444 S 0.0  0.3   0:02   0 splunkd
 2958 root  15   0 29692  28M  8444 S 0.0  0.3   0:00   0 splunkd
 2959 root  15   0 29692  28M  8444 S 0.0  0.3   0:00   1 splunkd
 2961 root  15   0 29692  28M  8444 S 0.0  0.3   0:00   0 splunkd
 2962 root  15   0 29692  28M  8444 S 0.0  0.3   0:01   0 splunkd

In /proc, all of the pids except for 2933 and 2934 exist, but they are . files:


.2935/
.2936/
.2937/
.2938/
.2939/
.2940/
.2941/
.2942/
.2941/
etc

I have read up on this, and I understand group leaders, and group
member non-leaders. The weirdness comes in on the new system. Exact
same kernel, package-for-package identical to the first. The
difference is that there are no .pid files in /proc, and ps shows
every child:

[root@ root]# ps auxww | grep splunk
root  4271  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4272  0.0  0.0 17904 6196 ?S08:00   0:00 splunkd
-p 9998 start
root  4273  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4274  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4275  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4276  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4277  0.0  0.3 62352 30912 ?   S08:00   0:01 splunkd
-p 9998 start
root  4278  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4279  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4280  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4281  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4283  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4284  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4285  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4286  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4289  0.1  0.3 62352 30912 ?   S08:00   0:08 splunkd
-p 9998 start
root  4296  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4297  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4298  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4300  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start
root  4301  0.0  0.3 62352 30912 ?   S08:00   0:00 splunkd
-p 9998 start

Does anyone with a better understanding of the 2.4 ( Linux
2.4.21-47.ELsmp #1 SMP Wed Jul 5 20:38:41 EDT 2006 i686 i686 i386
GNU/Linux) kernel understand why there is a difference on two
seemingly identical systems?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: External Monitoring and Alerting (follow-up)

[Kenny Lussier]

On Thu, Mar 4, 2010 at 2:36 PM, Alan Johnson  wrote:
> On Thu, Mar 4, 2010 at 1:56 PM, Kenny Lussier  wrote:

I talked to several third-party monitoring companies (including, but
not limited to Alertsite, Keynote, Keynote/Redalert, and Gomez).
Unfortunately, none of them could meet our security needs. In the end,
I will be building my own network of external monitoring  systems.

Someone on the list has mentioned Zabbix several times, so I have
begun playing with it. It is a very feature-rich monitoring system. It
seems to follow in the footsteps of so many other powerful, flexible,
highly configurable open source applications. The documentation it
severely lacking, and the forums are full of "me too" :-)

Thanks for all of the suggestions.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Interesting

[Kenny Lussier]

On Sun, Mar 7, 2010 at 2:56 PM, Jon 'maddog' Hall  wrote:
> While working on my paper about Linux and "Cloud Computing" (and thanks
> to all the people who sent me input), I went to the VirtualBox site:
>
> http://www.virtualbox.org/

Oracle has acquired a few virtualization products as of late. They
bought Virtual Iron last year (and promptly shut them down), they
acquired VirtualBox through Sun, and they bought a smaller
virtualization company two years ago that they are using as the base
of their VM product. They also tried buying VMWare out from under EMC.

Oracle and EMC have been amassing a lot of technologies outside of
their realm the last few years. Makes me wonder if we are seeing the
same consolidation in the tech world that the telco and ISP worlds
have been seeing.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: External Monitoring and Alerting

[Kenny Lussier]

On Thu, Mar 4, 2010 at 9:40 AM, Alan Johnson  wrote:
> On Thu, Mar 4, 2010 at 8:52 AM, Kenny Lussier  wrote:
>>
>> I have looked at Keynote/RedAlert, Gomez, and a few other third parties.
>> However, I can't help but think that I am better off doing it myself. My
>> thought was to get virtual servers from various hosting companies (Linode,
>> Vereo, GoDaddy, etc.) so that they are geographically and network
>> diversified, and deploy something like ZenOSS, Zabbix, or GroundworkIT on
>> each to do the testing and centralize the reporting. Does anyone have any
>> thoghts on this? Has anyone done it before (I'm sure someone has)?
>> Discussion anybody?
>
> I expect 3 VMs to cost you more than a third party service for basic HTTP
> uptime based on pattern matches.  We use alertsite.com for such things, but
> the cost depends on the number of servers you want to monitor and the
> complexity of the monitors.  We just have alertsite check a single URL for
> a single pattern, and that is pretty cheap (<$20/m? maybe?).  It quickly
> gets more expense as you add URLs, but it does 5 minute frequency from 3
> location with configurable excalation and black outs for expected down
> time.  I get emailed for any hiccup from any location and paged if all 3
> fail a couple of times in a row.  They also do automatic traceroutes on a
> failure and email daily uptime and response time stats.  You can run adhoc
> reports on their site with a good amount of flexibility.
>
> Probably they do a lot more, but this is just how we have it setup.

HTTPS POST is the method that we need to use to test our systems
availability. However, what we are testing is more than just web site
availability or performance. It would actually be testing into an
application, gauging response times and response content. We also need
the ability to identify the IP addresses that the tests are coming
from for security reasons.

Also, I have noticed that everyone seems to offer either a 15-minute
or a 5-minute test interval. Is that really the most that is needed? I
would think that a higher frequency would be better, seeing as how 5
minutes is beyond the "five 9's"  uptime that everyone strives for.
With a home-grown system on VMs, you could test every 30 seconds or
so.

Thanks,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

External Monitoring and Alerting

[Kenny Lussier]

Hi all,

I am embarking upon a project to monitor our network from external sources.
I am looking to test the availability of our system from multiple locations,
report on route health, endpoint connectivity, etc. Most of this will be
done via HTTP POST connections (for reasons that I cannot detail, but that
is how our customer-facing systems work).

I have looked at Keynote/RedAlert, Gomez, and a few other third parties.
However, I can't help but think that I am better off doing it myself. My
thought was to get virtual servers from various hosting companies (Linode,
Vereo, GoDaddy, etc.) so that they are geographically and network
diversified, and deploy something like ZenOSS, Zabbix, or GroundworkIT on
each to do the testing and centralize the reporting. Does anyone have any
thoghts on this? Has anyone done it before (I'm sure someone has)?
Discussion anybody?

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: How Apple makes more profit on their systems...

[Kenny Lussier]

On Mon, Oct 5, 2009 at 9:40 AM, Ben Scott  wrote:

> On Sun, Oct 4, 2009 at 10:33 PM, Kenny Lussier  wrote:
> > I just spent about 30 seconds on their site, and found the Mac Mini tech
> > specs. You need this:
> >
> http://store.apple.com/us/product/MB570Z/A?fnode=MTY1NDA5OQ&mco=MTA4NTYxMDQ
>
>   Alex mentioned VGA.  That adapter provides DVI.
>
>  Perhaps you should have spent more than 30 seconds.  ;-)
>
>  FYI, "Mini DisplayPort" is apparently Yet Another Apple Proprietary
> Connector.  Apple does love making goofy connectors.  I guess it's
> somewhat forgivable in this case, given the small form factor of the
> Mini.  And at least it actually gives you all the pins of the original
> connector.  (Apple has introduced at least two SCSI connectors which
> sacrifice signal lines.)
>
> -- Ben
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>

Actually, he said "my existing monitor, keyboard, and mouse" without
specifying. Here you go:
http://store.apple.com/us/product/MB572Z/A?fnode=MTY1NDA5OQ&mco=MTA4MzU1NDg

:-)

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: How Apple makes more profit on their systems...

[Kenny Lussier]

On Mon, Oct 5, 2009 at 8:57 AM, Tom Buskey  wrote:

>
>
> I bought a mini in March to use as a media center.  I bought the Apple
> remote which "just works".  I had USB keyboards.  I bought a bluetooth
> keyboard and mouse - they just worked.  I bought a mini dvi to VGA adapter
> that just worked with my display.
>
> I have a standard TV with svideo input.  I got a mini displayport to
> composite adapter.  *bzzt*.  The mini is digital only output.  I had to get
> a vga to composite converter to get analog output to my TV.  That was about
> $30 and not available from apple.
>
> I've since gotten an HDTV and a cheap 3rd party mini displayport to hdmi
> adapter.  It just works.
>
> I could've built a low power PC as a media center, but the mini just works
> for everything I want to do.  I didn't have to spend lots of time
> researching compatible parts.  It's one of the lowest power desktops
> availble.   And it looks pretty good next to the TV, Wii, etc.
>
> Now, if I wanted a server or general use system that didn't run MacOSX,
> then I'd choose something else.
>
>
I can't agree with this more. A Mac Mini can't be compared with a full-sized
desktop. It does not have the expansion slots, or full-sized video ports,
etc. If you want those things, and you want to run OSX, then you need to get
a MacPro. The Mini is an all-in-one low-powered, decent performance system.
It does what it does, and it does it well. If you want a server, buy an
Xserve. If you want a small footprint desktop, get an iMac. If you don't
want to run OSX, then don't buy any of the above. I have never had a problem
finding any information on Apple hardware, and in the store, the emplyees
have always been extremely knowlegable.

I am failing to understand what the issue here is.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: How Apple makes more profit on their systems...

[Kenny Lussier]

On Sun, Oct 4, 2009 at 10:03 PM, Hewitt_Tech wrote:

>
>
>   What bugged me about the way Apple sells the Mini is their deliberate
> withholding of information from the customer so that the customer would
> feel obligated to buy much more expensive gear from them. Check out
> their web site and see if you can figure out what would be necessary to
> get the Mini setup using an existing monitor, keyboard and mouse.
>
> -Alex
>
> P.S. There's "making money" and then there's "screwing the customer".


I just spent about 30 seconds on their site, and found the Mac Mini tech
specs. You need this:
http://store.apple.com/us/product/MB570Z/A?fnode=MTY1NDA5OQ&mco=MTA4NTYxMDQ.
As for a mouse and keyboard, since it has 5 USB ports, you don't need
anything.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Facebook-like apps?

[Kenny Lussier]

On Fri, Aug 28, 2009 at 10:53 PM, Paul Lussier wrote:
>
>
> Drupal does some of this, but not all, as does Joomla.  Bascially, I
> want a mash-up of LinkedIN and Facebook, with a little bit of Flikr and
> a side of YouTube! :)
>
>
Facebook already does everything that you want. You could just use the FB
platform which is already OSS: http://developers.facebook.com/opensource.php.
There is also a a clone that was completely developed with Drupal:
http://drupal.org/node/339148
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Facebook-like apps?

[Kenny Lussier]

On Fri, Aug 28, 2009 at 9:12 PM, Kenny Lussier  wrote:

>
>
> On Fri, Aug 28, 2009 at 8:44 PM, mark  wrote:
>
>> On Fri, Aug 28, 2009 at 8:02 PM, Paul Lussier wrote:
>>
>>>
>>> Hi folks,
>>>
>>> Does anyone know of anything 'Facebook' like in the OSS world ?  I'm
>>> thinking of setting up a community site for my wife's quite extended
>>> family. We really want it restricted to only family, which is why the
>>> real facebook won't do :)
>>>
>>> Thanks,
>>> Paul
>>>
>>
>>
>> The code behind slashdot is open source:
>> http://slashdot.org/faq/code.shtml
>>
>
> There are also things that would normally be used in a company for
> collaboration software like Kablink: http://www.kablink.org/ (this was
> formerly known as IceCore and was part of the SiteScape suite).
>

Oh, and there are a ton of Twitter knock-off, too:
http://www.openparenthesis.org/2008/07/14/open-source-microblogging
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Facebook-like apps?

[Kenny Lussier]

On Fri, Aug 28, 2009 at 8:44 PM, mark  wrote:

> On Fri, Aug 28, 2009 at 8:02 PM, Paul Lussier wrote:
>
>>
>> Hi folks,
>>
>> Does anyone know of anything 'Facebook' like in the OSS world ?  I'm
>> thinking of setting up a community site for my wife's quite extended
>> family. We really want it restricted to only family, which is why the
>> real facebook won't do :)
>>
>> Thanks,
>> Paul
>>
>
>
> The code behind slashdot is open source:
> http://slashdot.org/faq/code.shtml
>

There are also things that would normally be used in a company for
collaboration software like Kablink: http://www.kablink.org/ (this was
formerly known as IceCore and was part of the SiteScape suite).

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Facebook-like apps?

[Kenny Lussier]

On Fri, Aug 28, 2009 at 8:02 PM, Paul Lussier  wrote:

>
> Hi folks,
>
> Does anyone know of anything 'Facebook' like in the OSS world ?  I'm
> thinking of setting up a community site for my wife's quite extended
> family. We really want it restricted to only family, which is why the
> real facebook won't do :)
>

With such vague requirements, I would suggest looking at Drupal:
http://drupal.org.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Simple email list setup

[Kenny Lussier]

On Fri, Aug 28, 2009 at 8:56 AM, Larry Cook  wrote:

> I am looking for suggestions on setting up a simple announcement email
> list with about 50 static members (no self-subscribe/unsubscribe), of
> which only 4 members can send to the list.  Currently the list is
> managed by one member from her email account.  The two reasons for
> making a change are:
>
> 1) The list maintainer doesn't always remember to use bcc to hide
> members addresses.
>
> 2) In her absence email cannot be sent to members.
>
> I've used majordomo many years ago and currently use Dada Mail for
> another organization.  I've also looked at Mailman, phplist, poMMo, etc.
>  All of these provide a lot of nice features but they all seem to be
> overkill for our minimal requirements.
>
> Are there any open source packages that just provide the basics we need
> and would be easier to setup and use?
>
> It seems like email aliases with a way to restrict the sender should be
> sufficient.  Are there easy ways to implement this, or something like it?
>

ObtuseSMTPd (http://c0re.23.nu/c0de/osmtpd/) might do the trick. You can set
up your alias in sendmail the way you normally would, and then use smtpfwdd
from obtuse to only allow certain people to sent do the alias. It is an
extremely easy configuration, and simple to set up.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Network/System Monitors

[Kenny Lussier]

Hi All,

We are currently using Nagios for monitoring systems and some network gear.
However, we have found that it is a little lacking in a few areas:

Predictive threshold
SFlow tracking
Monitoring several sites from a single data collector.


Does anyone have any experience with network/system monitors that combine
the functionality of Nagios, Cacti, SFlow, etc.? We are looking into
products from Solar Winds and ManageEngines right now, but I would like to
hear from others what they think? I am open to OSS and commercial products.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Linux Engineer

[Kenny Lussier]

Hi All,

I'm cross-posting to discuss and -jobs. Please send all resumes to
hr_resu...@litle.com. We are a self-recruiting company, so this is for
direct applicants only. Feel free to e-mail me with any questions.

Thanks,
Kenny



Linux Engineer

Job Description:

We are seeking a Linux Systems Engineer to join Litle & Co.’s Infrastructure
team. Litle has many exciting projects planned for the future, driving a
requirement to add to our services team.

The projects identified for 2009 and beyond underscore Litle’s commitment to
continuous technology upgrades in support of an infrastructure that requires
unprecedented scalability. Systems availability and a focus on security are
cornerstone ideals that Litle excels at. This allows Litle to provide a
range of high quality services that not only meet, but exceed our customers’
expectations.

Responsibilities include Linux system design, builds, and maintenance, as
well as network and application-level troubleshooting.  You will also be
responsible for system and network level performance monitoring / tuning and
other tasks associated with comprehensive systems support for the Linux
server environments supporting RDBMS applications.

The ideal candidate will rely on extensive experience and judgment to
maintain a robust and stable environment for development, testing and
production servers.

Responsibilities:

•Work with team members and the Director of Network & System Services to
develop strategic technical solutions.
•Design, install, configure, and maintain Linux servers and desktop
systems.
•Upgrade and apply patches to Linux systems.
•Document processes and system configurations.
•Utilize defined processes and policies, including change management
controls.
•Install and configure servers and desktops for specific application
needs.
•Apply best practices in the application of systems and network security
to all deployments.
•Coordinate with technical staff members to diagnose system and network
related failures.
•Develop tools to automate administrative or other tasks and offer
efficient and scalable solutions to meet the demands of administering
servers and applications in an enterprise environment.
•Support personnel in user set-up or system related issues and problems.
•Perform other related duties and responsibilities as requested by the
Director of Network & System Services.
Qualifications:

•Must have at least 6 years of experience administering Linux systems in
a production capacity.
•Proven experience with RedHat Enterprise environments.
•Proven skills in architecting Linux systems including design,
deployment and maintenance.
•Proven experience in tuning kernel parameters to support application
and systems needs to optimize performance.
•Experience with configuring and supporting Linux systems, supporting
RDBMS software.
•Experience with an RDBMS, preferably DB2.
•Excellent scripting skills with an administrative language required.
•Working knowledge of backup software, backup and recovery strategies
and best practices.
•Strong knowledge of IP networking protocols and systems, including
routing and switching products and system interactions.
•Deep understanding of best-practices for systems and network security.
•Expertise with clustering or high-availability solutions.
•Strong problem solving and analytical skills.
•Excellent verbal and written communication skills.
•Proven ability to work in a team environment.
•Ability to effectively prioritize and execute tasks within a dynamic
environment.
•Keen attention to detail.
•High levels of self-motivation and self-directedness.
•Availability for after-hours work on a periodic basis.
•Willingness to share required 24/7 on-call rotation responsibilities.
•Continued awareness of developing and emerging technologies with a
willingness and ability to learn new technologies.
•BS in Engineering or Computer Science or equivalent experience.
•RedHat RHCE certification preferred.
•Experience in virtualization technologies and solutions a plus.
•SAN, NAS and DAS experience including FCAL.
•Experience with HTML, PERL, CGI, database application integration, and
security (Intranet, authentication, authorization, etc.) preferred.
•Working knowledge of Apache and Tomcat.
•Experience with firewall systems, network and server security.
•Database administration experience.
•Application and system integration within cross-platform environments.
•Previous usage of monitoring and trending systems.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Mucking with a mounted filesystem?

[Kenny Lussier]

On Thu, Jul 9, 2009 at 4:45 PM, Bill McGonigle wrote:
> On 07/09/2009 04:14 PM, Kenny Lussier wrote:
>> I am running into a disk space issue on an older server. I'd like to
>> do a tune2fs -m 1 (or maybe 0) to get rid of most, if not all of the
>> reserved block space on the partition that is close to full. The disk
>> is actually an iSCSI volume mounted from an EqualLogic array, and then
>> exported via NFS to 6 other servers.
>
> I think that kind of superblock info is only consulted at mount time, so
> probably nothing will notice if you do it, but you won't get any benefit
> until you mount again.
>
> Does '-o remount' consult the superblock or only process things that can
> be expressed as mount options?  The man page only says:
>
>  "all ext2fs-specific parameters, except sb,
>  are changeable with a remount"
>
> but 'sb' is one that has -o semantics.

It will work, and space gained without a remount (I was prompted to
try it on an unimportant system):


[r...@l-kluss ~]# df -h /dev/sda1
FilesystemSize  Used Avail Use% Mounted on
/dev/sda1  99M   80M   15M  85% /boot

[r...@l-kluss ~]# tune2fs -m 0 /dev/sda1
tune2fs 1.35 (28-Feb-2004)
Setting reserved blocks percentage to 0 (0 blocks)

[r...@l-kluss ~]# df -h /dev/sda1
FilesystemSize  Used Avail Use% Mounted on
/dev/sda1  99M   80M   20M  81% /boot

I suppose the real question is whether it is safe to do it on a
filesystem that is exported. I'll look for another box and set up NFS,
I guess.

Thanks,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Mucking with a mounted filesystem?

[Kenny Lussier]

On Thu, Jul 9, 2009 at 4:26 PM, Michael
ODonnell wrote:
>
>
>> I am running into a disk space issue on an older server.  I'd like
>> to do a tune2fs -m 1 (or maybe 0) to get rid of most, if not all of
>> the reserved block space on the partition that is close to full.
>> The disk is actually an iSCSI volume mounted from an EqualLogic
>> array, and then exported via NFS to 6 other servers.
>>
>> Has anyone ever run tune2fs on a mounted/in-use filesystem?
>> Is this safe to do?
>
> I don't know specifically whether that's safe to do with a mounted
> filesystem but if your situation allows you might be able to
> accomplish it by first doing an on-the-fly remount such that your
> filesystem is temporarily ReadOnly, then do your tune2fs thing,
> then restore ReadWrite mode with another on-the-fly remount:
>
>   mount -oremount,ro /your/filesystem
>   tune2fs -whatever /dev/yourDevice
>   mount -oremount,rw /your/filesystem

Going ReadOnly isn't an option, unfortunately. There are several apps
that are constantly reading and writing to this file system which
would die a horrible, unnatural, painful death if they suddenly
couldn't write.

Thanks,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Mucking with a mounted filesystem?

[Kenny Lussier]

Hi All,

I am running into a disk space issue on an older server. I'd like to
do a tune2fs -m 1 (or maybe 0) to get rid of most, if not all of the
reserved block space on the partition that is close to full. The disk
is actually an iSCSI volume mounted from an EqualLogic array, and then
exported via NFS to 6 other servers.

Has anyone ever run tune2fs on a mounted/in-use filesystem? Is this safe to do?

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Rootkit signatures?

[Kenny Lussier]

On Thu, Jun 25, 2009 at 9:26 AM, Ted Roche wrote:

> Kenny:
>
> You might want to check out http://www.chkrootkit.org/ - the software is
> simple to install and run from cron (see the FAQs) and the site has "Related
> Links" to some good resources.

Ted,

I probably should have listed the rootkit detection systems that I
have looked at. chkrootkit is one of them. The last release was Dec.
2007. I have also looked at OSSEC, rkhunter, and about 40 others that
all suffer from age and incompleteness. Another problem with all of
these is that they run locally and report locally. If I were to write
a rootkit, the first thing that I would do is check for rootkit
detectors and neutralize it if I found it. With Tripwire, or any other
remote scanner, the ability to modify the check is eliminated.


Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Rootkit signatures?

[Kenny Lussier]

On Thu, Jun 25, 2009 at 9:05 AM, Alex Hewitt wrote:
>>
>
> Kenny, if you have a mandate to install anti-virus/anti-malware does that
> mean that whoever mandated this wants to scan all files on the servers for
> PC infections? Although these things typically have no effect on Linux
> systems they might be a problem for Windows boxes that are reading/writing
> files on the servers. If that is the case, ClamAV would be a good
> solution...

Alex,

The mandate actually isn't that intelligent. It was a broad statement
of "You have to have anti-virus and anti-malware software on all of
your servers", and when we wrote a compensating control that stated
"This is not needed on Linux servers", someone Googled Linux +virus
and found "rootkit". Thus, the mandate for "Anti-rootkit software"
(and yes, that is what the audit sheet calls it.. )

None of the Windows servers or workstations in the company have any
access to the servers that are in question. The servers are extremely
isolated in their own firewalled island, with no sharing allowed :-)
Windows systems can read/write to anything on that network. I could
probably install ClamAV on every box and call it a day, and they would
be perfectly happy. However, I would like to go beyond the letter of
the mandate and do something that is at least useful. If I can compile
a list of known rootkits and their properties, I can write Tripwire
recipes and add that to our tool chain.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Rootkit signatures?

[Kenny Lussier]

Hi All,

I have a mandate to install "anti-virus and anti-malware software on
all servers". Since all of our servers are Linux, this was further
clarified to mean "rootkit detection software". I have looked at
several rootkit detectors, and they all appear to be fairly old. My
guess is, it isn't really worth it, since a rootkit is going to be
personalized and customized to the system being attacked (but hey,
what do I know... :-) ). I have found a few apps that are essentially
just a list of files and directories that are common to some older
rootkits, and if anything in the list is found, it sets off the alert.

I can do the same thing with Tripwire, which is already on every
system. What I am trying to do is either compile an extensive list of
rootkit properties, or subscribe to a rootkit signature feed (like a
Nessus feed). Does anyone know of the existence of either of these
things?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Network Engineer w/ Linux Knowledge

[Kenny Lussier]

All,

I sent this to gnhlug-jobs this morning, but I haven't seen it go
through yet. I wanted to cross-post it just in case.


My company is looking for a network engineer to handle both internal
and external-facing network design, implementation, and maintenance.
It is not specifically a Linux-sentric position, but all of our
routers and switches connect to Linux systems, so Linux knowledge is a
must.  The official job posting can be found here:

http://www.litle.com/about-us/careers-1/IT-network-engineer .

If you are interested, please send your resume to hr_resu...@litle.com. We
are self-recruiting, so no recruiters, please.


Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Limit CPUs

[Kenny Lussier]

All,

I have systems that had dual quad-core CPUs. For test purposes, I want
to turn off one of the CPU's so that I can benchmark and diff the
performance change against dual CPUs. Does anyone remember the kernel
parameter that I need to feed grub at boot time for this (yes, I am
feeling too lazy to google at the moment).

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

inode settings are gone??

[Kenny Lussier]

Hi All,

The last time I had to do file system testing, I could adjust the
number of inodes available by echoing values into
/proc/sys/kernel/inode-max. Now, that was quite some time ago... At
the request of our QA group, I looked at a system so that I could
adjust the number of inodes down. However, max-inodes has apparently
gone away... Does anyone know off the top of their head what can be
manipulated to lower the number of inodes on a system with a 2.6
kernel? These are RHEL5 systems, if that helps. Google seems to think
that this is dynamic and cannot be pinned down.

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Shifty Shell Prompts

[Kenny Lussier]

So, using shell commands is now a sign of illegal activity...


http://www.eff.org/deeplinks/2009/04/boston-college-prompt-commands-are-suspicious

“…uses two different operating systems to hide his illegal activities.
One is a regular B.C operating system and the other is a black screen
with white font which he uses prompt commands on.”

C-Ya,
Kenny

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: apache?

[Kenny Lussier]

On Tue, Apr 7, 2009 at 6:31 PM, Kevin D. Clark wrote:

>
> [you sent this on Saturday, and I just received this on Tuesday]
>
>
>
> Kenny Lussier writes:
>
> > A few days ago, we upgraded the front-end apache servers from RHEL3
> running
> > httpd-2.0.47 to RHEL5, httpd-2.2.3-22. Since then, we have been
> experiencing
> > strange intermittant outages. We see connections to our firewall on port
> > 443, and we see SOME traffic on the apache servers, but most people
> trying
> > to connect are timing out. This lasts for about 5 minutes. There are no
> > errors logged in messages or in apache's error_log. However, seconds
> AFTER
> > the problem clears up, I see:
>
> Can you provide a tcpdump log that (1) isn't gigantic (2) includes an
> example of a session that is affected by this problem (3) (optional,
> but nice to have) a flow that seems to work just fine.


It looks like the problem was before the Apache server, either at one of the
firewalls or the external router. Traffic was being queued, then slamming
the Apache proxy.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Distro War Humor

[Kenny Lussier]

Just a side note on distro-wars :-)

http://ars.userfriendly.org/cartoons/?id=20090405


C-Ya,
Kenny


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: apache?

[Kenny Lussier]

On Sat, Apr 4, 2009 at 8:43 PM, Alan Johnson  wrote:

> On Sat, Apr 4, 2009 at 1:15 PM, Kenny Lussier  wrote:
>
>> Hi All,
>>
>> I am seeing an interesting problem with what I think is apache, but could
>> be tcp related as well. Our firewall blocks all connections to 443 except
>> for specific hosts. When someone connects to apache on 443, we proxy the
>> connection to a load balancer, which sprays the connections across several
>> tomcat servers.
>>
>> A few days ago, we upgraded the front-end apache servers from RHEL3
>> running httpd-2.0.47 to RHEL5, httpd-2.2.3-22.
>
>
> Did anything else related to Tomcat or your web service change with this
> upgrade?  Different versions of Tomcat or JVM?  I get the feeling those are
> running on different machines and have not been touched, but I wanted to
> confirm.
>
> Also, are you using mod_jk to connect to Tomcat?  This was the default in
> Apache 2.0, but 2.2 switched to something else for default (mod_proxy, I
> think?).  I switched back to mod_jk, but it took some fancy stepping,
> especially since we were upgrading to 64-bit at the same time.  but
> anyway...
>
>
>> One thing that I noticed is that in RHEL3, tcp_syncookies is set to 0
>> (off) by default, and on RHEL5 it is set to 1 (on). Could syncookies be
>> causing this?
>
>
> Could be.  I don't really know.  Any reason you don't want to flip the bit
> and see if it helps?


Oh, we flipped it, alright We're just waiting to see if it happens
again. We are also mirroring all of the traffic on both sides of the
firewall, on the inside of the proxy, etc. We aren't leaving anything to
chance. I'm just trying to understand how syncookies could cause this sort
of an issue.


>
> Also, why not ask RedHat?  That's what you are paying for.  Otherwise, you
> may as well switch to CentOS.  I have some very simple scripts to convert
> from RH to CentOS if you like.  They work great for 3 and 4, but I have not
> made any for 5 as I have no RH 5 to worry about.  It should be fairly easy
> to make some 5 scripts using what I have as a guide.  I expect the steps to
> be the same with perhaps a few different package and file names.  That's the
> differecne between my 3 and 4 scripts anyway.


I haven't engaged RedHat yet because the first thing that they want is a
reboot. I swear that they are learning from Microsoft more every day...
These are mission-critical production systems, and they will want too much
experimentation. That, and I really just hate calling tech support :-)
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

apache?

[Kenny Lussier]

Hi All,

I am seeing an interesting problem with what I think is apache, but could be
tcp related as well. Our firewall blocks all connections to 443 except for
specific hosts. When someone connects to apache on 443, we proxy the
connection to a load balancer, which sprays the connections across several
tomcat servers.

A few days ago, we upgraded the front-end apache servers from RHEL3 running
httpd-2.0.47 to RHEL5, httpd-2.2.3-22. Since then, we have been experiencing
strange intermittant outages. We see connections to our firewall on port
443, and we see SOME traffic on the apache servers, but most people trying
to connect are timing out. This lasts for about 5 minutes. There are no
errors logged in messages or in apache's error_log. However, seconds AFTER
the problem clears up, I see:

[Fri Apr 03 21:37:42 2009] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning 8 children, there
are 0 idle, and 107 total children
[Fri Apr 03 21:37:43 2009] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning 16 children, there
are 3 idle, and 115 total children
[Fri Apr 03 21:37:44 2009] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning 32 children, there
are 11 idle, and 131 total children
[Fri Apr 03 21:37:45 2009] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning 32 children, there
are 42 idle, and 163 total children
[Fri Apr 03 21:57:35 2009] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning 8 children, there
are 46 idle, and 128 total children
[Fri Apr 03 21:57:43 2009] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning 8 children, there
are 48 idle, and 146 total children


There is no change in traffic volume, there have been no network changes,
either. One thing that I noticed is that in RHEL3, tcp_syncookies is set to
0 (off) by default, and on RHEL5 it is set to 1 (on). Could syncookies be
causing this? Has anyone else ever experienced anything like this?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Labeling Multipath drives

[Kenny Lussier]

On Wed, Mar 18, 2009 at 9:54 AM, Jeffrey O'brien
wrote:
>
>
> Kenny, you will need to install/configure the multipathing software.  Linux
> does have native mpath drivers which will create a virtual device from the
> mutliple devices shown so /dev/mpath/mpath0p1 would consist of /dev/sdc1,
> /dev/sdd1, etc...  look up "dm-multipath" for configuration setups for your
> environment.  The type of SAN you have too will play a role in configuration
> if the SAN has Active/Active or Active/Passive controllers, you may want to
> have an active/passive multipath configuration in the OS or an active/active
> setup.
>
> If you are using EMC FC SANs, you could always pay for powerpath as long as
> your wallet is deep ;)
>
> Also in your cluster have you looked at using a clustered filesystem so
> both systems have an active mount so you dont have to worry about mounting?
>  Generally a clustered filesystem is required for clusters, GFS, OCFS2,
> VxFS.
>
> Jeff
>

Jeff,

I'm using GFS on several systems. This particular filesystem, however,
cannot be mounted on more then one server at a time (long story, but it's a
security requirement). This is an HA cluster (pure failover) rather then a
distributed system.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Labeling Multipath drives

[Kenny Lussier]

On Wed, Mar 18, 2009 at 10:18 AM, Jeffrey O'brien
wrote:

>
>
> >>>
> From:   Kenny Lussier 
> To: mark 
> CC: 
> Date:   3/18/2009 9:40 AM
> Subject:Re: Labeling Multipath drives
>
> This is true. For example, in /dev/mapper there is a device called
> 350002ac00092072a1. I can label the device, but that also creates labels on
> what the OS sees as /dev/sdc, /dev/sdd, /dev/sde, /dev/sdf, /dev/sdg,
> /dev/sdh, /dev/sdi, and /dev/sdj, so a mount fails. The SAN doesn't come
> with client-side multipathing software. That is really up to the OS vendor.
> In this case, I am using device-mapper-multipath on RHEL5.3AP (w/ their
> clustering suite) with a 3Par SAN. The SAN is presenting all of the paths to
> both systems simultaneously. That isn't a problem. And, if I wanted to use
> GFS to have the disk mounted to both servers simultaneously, then that would
> work just fine. But, I can't have the disk mounted on more then one system
> at any given time.
>
>
> >>>
>
>
> http://www.scribd.com/doc/2673197/Using-DeviceMapper-Multipath-Configuration-and-Administration-for-Red-Hat-Enterprise-Linux-51
>
> Here is a redhat doc on 5.1, it should be relevant still.  You have to
> reference and format the mpath device instead of the individual device.
>  Also make sure the dm-multipath kernel module is loaded and the daemons are
> running.  Do you have the /etc/multipath.conf configured?
>
> Cheers,
> Jeff
>


Yup, multipath is configured correctly, and it all works. I can yank the
fiber out of one HBA and watch 4 paths fail, and continue to read/write to
the device, plug the fiber back in, and watch the 4 paths recover, etc. I
may need to do some more experiments to get this all to work. I think that
there may be an issue in the way that the QLogic driver is behaving.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Labeling Multipath drives

[Kenny Lussier]

2009/3/18 mark 

> 2009/3/18 Kenny Lussier 
>
> Hi All,
>>
>>
>> I currently have a failover cluster  with a shared  iSCSI disk. It is just
>> an ext3 partition that has a disk label. If the primary box drops, the
>> backup box (through the magic of clustering), knows that it needs to mount
>> the disk where "LABEL=HA_DISK". However, I am soon going to be moving the
>> storage to a fiber channel SAN. The boxes will each have two FC HBA's in
>> them, giving them each eight total paths to the SAN volume. The problem that
>> I have is that if I use e2label on the partition that ends up in
>> /dev/mapper, I can't mount by label. I get an error saying "Multiple drives
>> found with identical label". Does anyone know how to work around this?
>>
>> TIA,
>> Kenny
>>
>
> Your SAN should have multi-pathing software that presents the paths on each
> box as a single virtual device to the OS.  The SAN should also be cluster
> aware and present all the paths to the disk to both systems
> simultaneously.   What OS, brand of SAN and clustering software are you
> using?
>

This is true. For example, in /dev/mapper there is a device called
350002ac00092072a1.  I can label the device, but that also creates labels on
what the OS sees as /dev/sdc, /dev/sdd, /dev/sde, /dev/sdf, /dev/sdg,
/dev/sdh, /dev/sdi, and /dev/sdj, so a mount fails.  The SAN doesn't come
with client-side multipathing software. That is really up to the OS vendor.
In this case, I am using device-mapper-multipath on RHEL5.3AP (w/ their
clustering suite) with a 3Par SAN. The SAN is presenting all of the paths to
both systems simultaneously. That isn't a problem. And, if I wanted to use
GFS to have the disk mounted to both servers simultaneously, then that would
work just fine. But, I can't have the disk mounted on more then one system
at any given time.


Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Labeling Multipath drives

[Kenny Lussier]

Hi All,


I currently have a failover cluster  with a shared  iSCSI disk. It is just
an ext3 partition that has a disk label. If the primary box drops, the
backup box (through the magic of clustering), knows that it needs to mount
the disk where "LABEL=HA_DISK". However, I am soon going to be moving the
storage to a fiber channel SAN. The boxes will each have two FC HBA's in
them, giving them each eight total paths to the SAN volume. The problem that
I have is that if I use e2label on the partition that ends up in
/dev/mapper, I can't mount by label. I get an error saying "Multiple drives
found with identical label". Does anyone know how to work around this?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Tuning ext3 for a FC SAN?

[Kenny Lussier]

On Tue, Dec 9, 2008 at 10:35 AM, mark <[EMAIL PROTECTED]> wrote:
> The problem is more likely with the RAID group and LUN layout than with the
> Linux file system.  You should also verify that you have the latest Qlogic
> drivers for the fiber cards and that they have been certified by both the
> SAN vendor and Brocade to work with the versions of those products you are
> using.

Done that. I have the latest drivers for the QLogic cards, and I have
verified that the cards and the driver version is supported by Brocade
and the SAN vendor. I have also checked with Brocade and the SAN
vendor to make sure that they are fully compatible and supported by
each other. I have also made sure that my multi-path setup is optimal
and I am using the latest dev-mapper-multipath available from RedHat
for RHEL 4.

> However, if there is a database involved (particularly if it is
> Oracle), all bets are off and you need to first test IO transfer rates
> outside of the db.

We are testing the I/O outside of the DB now. We haven't seen the
performance from raw testing yet to give us any indication that the
database will perform up to our requirements. Currently, I am seeing
better performance from an iSCSI volume on an Equallogic then I am
from the SAN. The database performance is another set of tests that
someone else will be doing, but we are holding that off until we see
devent raw performance.  The database isn't Oracle, it's worse...DB2
.
> Also, do you have software on the SAN to measure IO transfer rates that you
> can compare with the iostat output on the Linux box?

We are using their CLI and their system stats collector.

Thanks,
Kenny

> mark
>
> On Tue, Dec 9, 2008 at 10:27 AM, Kenny Lussier <[EMAIL PROTECTED]> wrote:
>>
>> Hi All,
>>
>> I am not a filesystem/performance expert by any means, so I am hoping
>> that I can pick up some tips and pointers here. We are currently
>> evaluating a SAN, and the performance is less then stellar. We have
>> simulated our production environment, which is:
>>
>> RHEL 4 (x86_64) u7 running the 2.6.9-67.ELsmp kernel
>> Dual quad-core Xeon 3.16GHz CPUs
>> 16GB of RAM.
>> 15K SAS internal drives RAID1
>> Two single port FC QLogic HBA's (4G/s model)
>> Two Brocade FC SAN switches
>> SAN from   with 96 400GB 10K drives
>>
>> The problem that we are seeing is that the descrepancy in I/O
>> performance between local disk and the SAN throughput seems way too
>> high. Using IOZone, we are getting 80MB/sec throughput for rewrites of
>> 16-32MB files, with a 4K block size on the local disks. When running
>> the exact same tests against the SAN, we are seeing 14MB/sec
>> throughput. I expect to see a difference between local and remote
>> storage, but that seems to be outside the realm of normalcy.
>>
>> So, my question is, is there something that I need to do to tune the
>> ext3 filesystem? Are there options that I should use when I create the
>> file system to optimize it, or mount options that should be in fstab
>> to increase performance? Are there any pointers anyone may have for
>> optimizing a system for use as a database server connected to a FC
>> SAN?
>>
>> TIA,
>> Kenny
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Tuning ext3 for a FC SAN?

[Kenny Lussier]

Hi All,

I am not a filesystem/performance expert by any means, so I am hoping
that I can pick up some tips and pointers here. We are currently
evaluating a SAN, and the performance is less then stellar. We have
simulated our production environment, which is:

RHEL 4 (x86_64) u7 running the 2.6.9-67.ELsmp kernel
Dual quad-core Xeon 3.16GHz CPUs
16GB of RAM.
15K SAS internal drives RAID1
Two single port FC QLogic HBA's (4G/s model)
Two Brocade FC SAN switches
SAN from   with 96 400GB 10K drives

The problem that we are seeing is that the descrepancy in I/O
performance between local disk and the SAN throughput seems way too
high. Using IOZone, we are getting 80MB/sec throughput for rewrites of
16-32MB files, with a 4K block size on the local disks. When running
the exact same tests against the SAN, we are seeing 14MB/sec
throughput. I expect to see a difference between local and remote
storage, but that seems to be outside the realm of normalcy.

So, my question is, is there something that I need to do to tune the
ext3 filesystem? Are there options that I should use when I create the
file system to optimize it, or mount options that should be in fstab
to increase performance? Are there any pointers anyone may have for
optimizing a system for use as a database server connected to a FC
SAN?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Logging the client cipher in Apache?

[Kenny Lussier]

On Tue, Oct 14, 2008 at 5:20 PM, Ted Roche <[EMAIL PROTECTED]> wrote:
> Kenny Lussier wrote:
>> Hi All,
>>
>> Does anyone know what LogFormat entry is needed to log the client
>> cipher used when a browser connects to Apache using mod_ssl?
>>
>
> Perhaps: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
>
> under "Custom Log Formats?"

Yeah I found it about 2 minutes after sending the e-mail Who
would have guessed %{SSL_CIPHER} ? :-)

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Logging the client cipher in Apache?

[Kenny Lussier]

Hi All,

Does anyone know what LogFormat entry is needed to log the client
cipher used when a browser connects to Apache using mod_ssl?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: LAN/WAN fault simulation

[Kenny Lussier]

On Wed, Sep 24, 2008 at 9:51 AM, Michael ODonnell <
[EMAIL PROTECTED]> wrote:

>
> We may want to characterize some client/server systems and
> applications (destined to be geographically distant from each
> other) in the face of various LAN/WAN faults/conditions like
> dropped/duplicate packets and varyious end-to-end throughput
> rates, so I'm wondering if anybody here has a pointer to
> something that might help us simulate/tweak such conditions
> for in-house testing.  We're thinking a Linux box rigged as
> a switch might be the heart of such a test bed but would love
> not to have to reinvent any wheels...
>

It sounds like you are looking for a network impairment generator. There are
a multitude of commercial appliances out there that will do this. Shunra is
one that I have used in the past. If you are looking for F/OSS running on
Linux, then take a look at NISTNet (  http://snad.ncsl.nist.gov/nistnet/).
It is beta, and has been for a very long time, but it works. I have used it
in various areas of network testing and pro-active troubleshooting.

HTH,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: nslookup alpine-usa.com

[Kenny Lussier]

On Wed, Sep 10, 2008 at 7:39 AM, Frank DiPrete <[EMAIL PROTECTED]> wrote:

>
> I am not getting a response while trying to lookup alpine-usa.com
>
> Trying to figure out if the problem is my dns server, comcast network,
> or alpine.
>
> I'm running bind 9.5
>
> Can you guys get to alpine-usa.com ?
>  


It looks like you don't have the line that gives an address for the domain
itself, such as:

@   IN  A   72.3.185.216


 [EMAIL PROTECTED] ~]$ nslookup alpine-usa.com
Server: 10.1.4.77
Address:10.1.4.77#53

Non-authoritative answer:
*** Can't find alpine-usa.com: No answer

[EMAIL PROTECTED] ~]$ nslookup www.alpine-usa.com
Server: 10.1.4.77
Address:10.1.4.77#53

Non-authoritative answer:
Name:   www.alpine-usa.com
Address: 72.3.185.216
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Phones for Asterisk and single-pair old phone wiring?

[Kenny Lussier]

On Wed, Sep 3, 2008 at 12:31 PM, Ben Scott <[EMAIL PROTECTED]> wrote:
> On Wed, Sep 3, 2008 at 12:09 PM, Kenny Lussier <[EMAIL PROTECTED]> wrote:
>> That all depends on what you want to do... You can leave all of your
>> phones connected to the Merridian/Norstar/whatever, then connect that
>> PBX to an asterisk box for external and internal connectivity.
>
>  Hmmm.  I hadn't thought of that.  Use Asterisk as a PBX in front of
> the Norstar.  Configuration would be a bear, like you say, but once it
> got figured out, it would stay figured out.  We'd loose out on having
> an integrated system, though.  With one system, everything
> functions... well, as a system.  Lots of little things, but they add
> up.  Lke extension naming and calling station ID, internal call
> forwarding, voice message forwarding, busy station indicators, call
> pickup groups, internal hunt groups, integrated directory, etc.  So
> the user experience would not be anywhere near as smooth.  Something
> to think about, though.  H...

You wouldn't necessarily lose these functions. Since they are all
functions of the current PBX, they would continue to work. If you put
the Asterisk box between the POTS lines coming in and the Nortel, then
when a call comes in, it hits Asterisk, which answers the call, and
runs the auto-attendant. From there, Asterisk accepts the extension
from the caller, then passes that to the dial plan as an argument. The
dial plan is set up to pick up a channel on the PBX and dial the
extension it was given as an argument. The rest is up to the Nortel
system. There is even a way for Asterisk to that the incoming CID and
pass that off to the Nortel, but I can't remember exactly how to do
that at the moment.

All calls within the Nortel system never touch asterisk, and all
Nortel features remain the same. When a caller wants to dial an
outside line, the Nortel picks up an open line, which in this case, is
the asterisk box, and the asterisk box passes the call on to the POTS
lines. So really, there isn't much difference to the end user.

Many people are looking at this and thinking "Well, what is the point
of the Asterisk box then?!?!". The point, in my case when I had to do
this a few years back, was that it gave us an expandability that was
otherwise impossible. When we had a second site, we could pick up the
phone, dial a 4-digit extension, and a phone would ring in the other
office. We had an asterisk box on the other end of our T1/private-line
that was set up the same way. The Norstar/Meridian systems that we had
weren't capable of multi-site, so it solved our problem. Eventually,
we took the Nortels out of the picture, replaced all of the phones,
and went PRI into the Asterisk boxes (bought Cisco 7960's to replace
the Nortel phones). So, having an Asterisk box can give you a lot more
flexibility, especially if you are going to be bringing up a new site.
You can build out the new site to be completely VoIP, but maintain
compatibility with the older proprietary system.

>> Also, keep in mind that with Asterisk, you are not limited to SIP.
>
>  Right; I was simplifying for rhetorical convenience.  The VoIP side
> of things isn't really my issue.  That's a solved problem.  :)

A solved problem is the best kind :-)

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Phones for Asterisk and single-pair old phone wiring?

[Kenny Lussier]

On Wed, Sep 3, 2008 at 11:45 AM, Ben Scott <[EMAIL PROTECTED]> wrote:
> On Wed, Sep 3, 2008 at 11:25 AM, Kenny Lussier <[EMAIL PROTECTED]> wrote:
>>> Enhanced telephone set = Something more than a plain old telephone
>>> set.
>>
>> You can use pretty much any kind of phone that you want ...
>
>  I assume by "any kind of phone", you mean "any kind of
> SIP-capable-VoIP or analog-POTS phone".  Because I'm pretty sure I
> can't use any of the legions of proprietary telephones with Asterisk
> (or anything else other than the system they were designed for).  In
> other words, I can't plug a Nortel Norstar or Panaonic DBS or Toshiba
> DK digital telephone into a Asterisk system, can I?  :)

That all depends on what you want to do... You can leave all of your
phones connected to the Merridian/Norstar/whatever, then connect that
PBX to an asterisk box for external and internal connectivity. That
way, the user experience doesn't change at all. The POTS lones come
into the Asterisk box, which routes calls to the Nortel system, which
deals with the phones. You will, of course, have an extremely messy
configuration to deal with all of that, but it can be (and, sadly, has
been) done. Take a look at
http://www.voip-info.org/wiki-Asterisk+Nortel or really, just search
voip-info.org for Nortel, and you will find a lot of information about
dealing with the two types of systems together.

Also, keep in mind that with Asterisk, you are not limited to SIP.
Several of the larger PBX vendors use what they call proprietary
protocals, but really amount to nothing more then h323. Unless your
talking about cisco's SCCP, but all of their phones can be flashed
with a SIP image :-)


C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Phones for Asterisk and single-pair old phone wiring?

[Kenny Lussier]

On Wed, Sep 3, 2008 at 10:34 AM, Ben Scott <[EMAIL PROTECTED]> wrote:
> Hi all,
>
>  Anyone know of any kind of enhanced telephone set that can be
> connected to an Asterisk-based system using plain old telephone phone
> wiring?
>
> Enhanced telephone set = Something more than a plain old telephone
> set.  Programmable buttons for hold, line selection, special features,
> etc.  Option for an LCD.  Like the proprietary digital telephone sets
> used with Avaya, Nortel, NEC, and other "key" and "PBX" premises
> telephone systems.

You can use pretty much any kind of phone that you want, but most of
the proprietary phones aren't just 2-wire analog. They are usually an
ISDN hybrid. You would need to manually configure the buttons on the
phones. You could also create entries in the dial plan on the Asterisk
box to intercept certain key sequences to do whatever you want (i.e.
configure the voicemail button to dial *xxx (xxx=extension number) and
configure the dial plan to go to the mailbox).

> Plain old telephone wiring = A single pair of copper wires, guaranteed
> to conduct electricity and nothing more.  Not Category 3 compliant,
> let alone Category 5.  Forget Ethernet for VoIP.

Any phone can be connected to an Asterisk box, but you will need FXO
cards in the system to plug them into. Usually they are 4 ports to a
card, but you can also get an FXO channel bank. What I have done in
the past is have all of the analog phones go into an FXO channel bank,
then use the T1 interface on the channel bank to go into a T1 card in
the asterisk server. The config on the asterisk card can get a little
messy, but it works.

>  I've got a building full of 50 year old telephone wiring, which
> works fine for our Norstar system.  I'm looking at upgrading to a
> VoIP-capable system, and would love to be able to switch to Asterisk.
> But rewiring the building with 4-pair Cat 5 to support
> Ethernet-connected, PoE-powered telephone sets is infeasible.  (And
> there are a non-trivial number of phones without convenient existing
> LAN jacks nearby.)  So whatever I go with has to have a way to support
> old wiring.

If what you are describing is each cube/office has one LAN and one
Phone jack, you could use VoIP phones that have either a pass-through
port or a switch. In that case, you can plug the phone into the LAN
jack, and plug the PC into the phone. It isn't an optimal solution,
but again, it does work. Most of the Cisco/Linksys (formerly Sipura
SPA-9xx) phones have this feature.

>  I'm looking at Nortel's BCM (basically a hybrid Norstar/VoIP box),
> but it's expensive, doesn't do SIP, and Nortel is not overly customer
> friendly.  I'd love to use something like Asterisk instead.
>
>  I'm envisioning a semi-proprietary solution that uses Asterisk and
> VoIP, but also offers equipment suitable for old wiring. Maybe some
> kind of PCI line card, or Ethernet-connected expansion module, which
> connects proprietary digital sets to the Asterisk architecture.

What you are talking about is an FXO Channel bank like this:
http://www.voipsupply.com/product_info.php?products_id=921&searchid=864995
or these: http://www.voip-info.org/wiki/view/Asterisk+Channel+Bank

>  Connecting plain old telephones to analog adapters isn't an
> acceptable solution.  All the desk sets on old wiring would either (1)
> loose features beyond making telephone calls, or (2) require hook
> flash and dialing feature codes to do anything (too cumbersome for the
> users).
>
>  I suspect no such thing exists, but I figure I'd ask.

No harm in asking. The nice thing about Asterisk is that you can
pretty much do anything with it :-)

HTH,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ps line buffer

[Kenny Lussier]

On Thu, Jul 17, 2008 at 12:19 PM, Michael ODonnell <
[EMAIL PROTECTED]> wrote:

>
>
> >> If they know the PID in question this might work:
> >>
> >>   xargs -0 < /proc/$PID/cmdline
> >>
> >
> > Apparently /proc/$PID/cmdline only holds 4096 characters as well
> > (on RHEL5 at least).
>
> Now that you mention it I think that might be a hard
> system limit.  Can you demonstrate that the command line
> as presented to the app hasn't been truncated to 4096 by
> the kernel's exec code?  I suspect not.
>
> (and a 4k command line seems heinous, anyway...)
>  
>

4k is obscenely  heinous. These are java apps that call and exec other jar
files, etc., so the ps output is extremely long. I did manage to get
everything by doing ps eaufww. It shows the exec tree, and gave them exactly
what they needed (I guess).

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ps line buffer

[Kenny Lussier]

On Thu, Jul 17, 2008 at 11:50 AM, Michael ODonnell <
[EMAIL PROTECTED]> wrote:

>
> > ps auxww truncates command at 4096 characters,
> > [developers] want to see the entire thing...
>
> If they know the PID in question this might work:
>
>   xargs -0 < /proc/$PID/cmdline
>

Apparently  /proc/$PID/cmdline only holds 4096 characters as well (on RHEL5
at least).

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

ps line buffer

[Kenny Lussier]

Hi All,

Does anyone know how I can circumvent to 4096 character buffer limit in the
ps command? We have an extremely long java command and when they developers
do a ps auxww, it truncates the command at 4096 characters. They want to see
the entire thing...

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: How do you determine the amount of system memory?

[Kenny Lussier]

On Wed, Jul 16, 2008 at 11:16 PM, Paul Lussier <[EMAIL PROTECTED]>
wrote:

> "Kenny Lussier" <[EMAIL PROTECTED]> writes:
>
> > What kind of systems are these? Most systems today have some sort of
> > IPMI-based interface that is independent of the OS and can give you a
> > physical hardware inventory (and usually a whole lot more).
>
> Yes, there's an IPMI interface, but no IPMI module...  So, no IPMI :(
>
> These are basically white (black?) box units from some vendor (name
> escapes me) but they're a fairly well known company which makes a
> variety of "custome" chassis for whomever wants to buy them and
> re-brand.  The IPMI module is an option available to us, but one which
> until now, we've had no need for at the current cost.
>

Ah  We swear by the add-on cards (of course, half our servers are on the
other side of the country). If for no other reason, the ability to
power-cycle a box from my desk it's worth it :-) We also use them to do
system/asset inventory management.

>
> Of course, this might change :)
>
>
Where you have 400+ servers, it's well worth the investment. If the module
has the ability to uniquely identify the system (asset tag, serial number,
whatever) and spit out a hardware inventory, then you can easily convince
finance-types that it is part of the asset/inventory control system to
protect their investment :-)

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: How do you determine the amount of system memory?

[Kenny Lussier]

On Wed, Jul 16, 2008 at 3:20 PM, Paul Lussier <[EMAIL PROTECTED]> wrote:

>
> Hi all,
>
> Recent Linux kernels have had a minor bug in that the amount of memory
> reported in /proc/meminfo is incorrect.  I'm trying to find a way to
> determine whether the amount reported is correct or not.
>
> I need some means of reliably knowing whether this value is accurate
> or not.  Does anyone have any ideas?  "Physically looking" is
> insufficient, given that I a) need to test 400+ systems, and b) I may
> need to run this test on boxes to which I have no physical access.
>

What kind of systems are these? Most systems today have some sort of
IPMI-based interface that is independent of the OS and can give you a
physical hardware inventory (and usually a whole lot more). Dell has DRAC
and OpenManage, Intel has Intel ServerManager, IBM has ServerMon (and Sun
has LOM). They usually run on a daughter card that vampires off of the power
supply and sits between the power and the motherboard so that it is
accessable when the system is powered off. Some have an independent ethernet
interface, and others use in-band signaling on the on-board ethernet. You
could probably look into the command interface for the IPMI interface and
write a script that checks all of your systems.

There is also an IPMI interface for Linux to access the hardware interface,
but I don't know much about it.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Redhat 5 Cluster suite

[Kenny Lussier]

On Mon, Jul 7, 2008 at 8:59 AM, Tom Buskey <[EMAIL PROTECTED]> wrote:

>
>
> On Mon, Jul 7, 2008 at 7:38 AM, H. Kurth Bemis <[EMAIL PROTECTED]>
> wrote:
>
>> As for keeping httpd and vsftpd running, have you looked at DJB's daemon
>> tools?
>>
>> http://cr.yp.to/daemontools.html
>>
>> ~k
>
>
> I've used it before & it works well.
>
> If you're not tied to Linux, have you looked at Solaris?  They've recently
> open sourced their clustering and HA stuff.
>
> SMF is built in for restarting services like daemontools.
>
> They are working on open sourcing the QFS and Lustre shared file systems.
> Both of those will work on Linux as well.
>
> FWIW, you can run your Linux specific bits in a branded zone.
>
> Of course, it's another OS to learn if you're a linux shop..
>

We are a 100% Linux shop. Although the thought of Solaris has crossed our
minds more then once. However, we are an "Enterprise Linux" shop (i.e. We
only allow it in production if there is vendor support behind it). This is
one of the reasons that I am looking at the RHEL5 cluster suite. I need to
do away with the OSS LinuxHA that is currently used. I am also going to look
into other commercial Linux clustering systems, but the project time is
pretty short.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Redhat 5 Cluster suite

[Kenny Lussier]

On Sat, Jul 5, 2008 at 7:42 PM, Frank DiPrete <[EMAIL PROTECTED]> wrote:

>
>
> I like linux-ha + mon. wonderful in it's simplicity and since it just runs
> scripts on events you can make it do anything (like restart rinetd )
>
> and there's watchdog for ftp and http to kick the box if they die.
>
> much more info in the lvs howto also.
>
>
Interestingly, the heartbeat packages, etc. are not readily available for
RHEL5 , and compiling the needed pieces isn't as straight forward as it
should be. The thing that I like about the cluster suite is the power
fencing. I think that the answer here is to accept the fact that if httpd or
vsftpd dies, I will need to manually move rinetd. It's not like either of
those services die very often, so the likelyhood of one of them dropping
without the system itself going down s slim. Also, by accepting the
limitations in the short term, it will allow me to define a more long-term
project of investigating more robust clustering solutions, and some of these
things at the network layer with load balencer.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Redhat 5 Cluster suite

[Kenny Lussier]

On Sat, Jul 5, 2008 at 8:16 PM, Michael ODonnell <
[EMAIL PROTECTED]> wrote:

>
>
> >> I have been tasked with some clustering work, and I have run into a
> >> few snags. Is anyone familiar with the RHEL 5 clustering suite?
> >
> > You should find someone who used to work for MCLX whooh, wait.
> > Never mind.  ;)
>
> Yah, one might reasonably wonder if he isn't thinking that the
> software in question is somehow, um, strangely familiar...
>

Yeah.. I have to say, though, that 8 years later, the requirement of
shared storage makes a lot more sense :-)

I must admit that it works well, and it does things nicely, as long as they
are simple and standard.  As soon as you stray a little bit outside of what
the packaged product considers the norm, you are on your own So this is
what would happen if Microsoft were Posix compliant, eh? :-)

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Redhat 5 Cluster suite

[Kenny Lussier]

On Sat, Jul 5, 2008 at 2:23 PM, Bruce Labitt <[EMAIL PROTECTED]>
wrote:

>
> Kenny Lussier wrote:
>
>> Hi All,
>>
>> Sorry if this is a re-post, but I sent it yesterday, and I haven't seen it
>> come through yet
>>
>> I have been tasked with some clustering work, and I have run into a few
>> snags. Is anyone familiar with the RHEL 5 clustering suite? The situation
>> that I have is that I have a system that needs to be set up as a failover
>> cluster. There are two services running (http and ftp) that are essential
>> services, so if either of them die, the system needs to fail over to the
>> other system. The snag is that I have a third service (rinetd) that isn't
>> important, and I just want to have it re-started if it dies. I can set it up
>> so that rinetd is re-started, but then if the box fails over, rinetd isn't
>> started on the other system. If I tie rinetd to the the IP address resource
>> or to one of the essential resources, then the whole system fails over if
>> rinetd dies (when the cluster manager detects a failure in rinetd, it
>> re-starts the service, but fails over the box anyway).
>> Has anyone dealt with anything similar to this?
>>
>> TIA,
>> Kenny
>> 
>>
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>
>>
> Yes, it was a repost.  Did you read this?
>
>
> http://www.redhat.com/docs/manuals/csgfs/browse/4.6/Cluster_Suite_Overview/s1-service-management-overview-CSO.html
>
> It sounds like you want high availability.  There is a description of the
> fail over service in the above link.  I am sorry I have no experience in
> this.  I was recently looking into clusters for massively parallel
> computation.
>
> Regards,
> Bruce
>

I have read all of the RH docs for the cluster suite and GFS. Unfortunately,
they only cover vanilla failover. In my case, I have two services that need
to fail over the whole box, and one that just needs to be re-started. We
have RH support, but the cluster suite is only covered with the "Advanced
Platform" support, and the decision was made that we would get the support
for it if it does what we need (except that we can't get it to do what we
need without the support).

Oddly, I never got either of the e-mails that I sent to gnhlug-discuss, but
I got the replies to it.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Redhat 5 Cluster suite

[Kenny Lussier]

Hi All,

Sorry if this is a re-post, but I sent it yesterday, and I haven't seen it
come through yet

I have been tasked with some clustering work, and I have run into a few
snags. Is anyone familiar with the RHEL 5 clustering suite? The situation
that I have is that I have a system that needs to be set up as a failover
cluster. There are two services running (http and ftp) that are essential
services, so if either of them die, the system needs to fail over to the
other system. The snag is that I have a third service (rinetd) that isn't
important, and I just want to have it re-started if it dies. I can set it up
so that rinetd is re-started, but then if the box fails over, rinetd isn't
started on the other system. If I tie rinetd to the the IP address resource
or to one of the essential resources, then the whole system fails over if
rinetd dies (when the cluster manager detects a failure in rinetd, it
re-starts the service, but fails over the box anyway).

Has anyone dealt with anything similar to this?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

RedHat Clustering

[Kenny Lussier]

Hi All,

I have been tasked with some clustering work, and I have run into a few
snags. Is anyone familiar with the RHEL 5 clustering suite? The situation
that I have is that I have a system that needs to be set up as a failover
cluster. There are two services running (http and ftp) that are essential
services, so if either of them die, the system needs to fail over to the
other system. The snag is that I have a third service (rinetd) that isn't
important, and I just want to have it re-started if it dies. I can set it up
so that rinetd is re-started, but then if the box fails over, rinetd isn't
started on the other system. If I tie rinetd to the the IP address resource
or to one of the essential resources, then the whole system fails over if
rinetd dies (when the cluster manager detects a failure in rinetd, it
re-starts the service, but fails over the box anyway).

Has anyone dealt with anything similar to this?

TIA,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: DRBD (was: MerriLUG Nashua ...)

[Kenny Lussier]

On Mon, Jun 23, 2008 at 5:53 PM, Ben Scott <[EMAIL PROTECTED]> wrote:

> On Mon, Jun 23, 2008 at 5:31 PM, Flaherty, Patrick <[EMAIL PROTECTED]>
> wrote:
> > I didn't go to the meeting, but I saw the slides mentioned DRBD ...
>
>  What's DRBD?
>
>  (Yes, I can use Google.  This is actually a cleverly disguised ploy
> intended to foster discussion on the list.  (Oh, drat, now it's not
> cleverly disguised anymore!))
>

DRBD is a way of doing network-based block devices. It's used to do network
RAID 1 in HA clusters. You set two system up and dedicate a particular block
device to be the drbd block device. Then, when you write to one, it goes
over a private network and writes to the other. It keeps the data in the
cluster synchronized. I used it a few years back in conjunction  with Linux
HA to build an HA NFS server. It was fairly simple to set up and get going.
I would say that it has been surpassed by GFS these days, though.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Disable environment settings

[Kenny Lussier]

On Tue, Jun 3, 2008 at 1:38 PM, <[EMAIL PROTECTED]> wrote:

> > Date: Tue, 3 Jun 2008 12:36:08 -0400
> > From: "Kenny Lussier" <[EMAIL PROTECTED]>
> > Cc: GNHLUG 
>
> > cover all of the odd cases that we seem to be running into. I like sudo.
> > Unfortunately, people get tired of typing it when they need to run 100+
> > commands as another user to diagnose a problem. The option that they have
>
> cat > /usr/local/bin/do-as-other-user.sh << "EOF"
> COMMANDS="ln df ls fdisk foo bar" # list your commands here
> for COMMAND in $COMMANDS; do
>  BIN=`which $COMMAND` && alias $COMMAND="sudo $BIN"
> done
> EOF
>
> then . /usr/loca/bin/do-as-other-user.sh
>
> Would that work?
>

If the commands were predictable, then that would work just fine.
Unfortunately, most of the time the users log in as themselves then su - to,
for example, the database user to do database work, or to go through the
logs, etc., or to the user that a particular (in house custom) app runs as
to test certain things. There is no way to predict what they are going to be
doing on any given day/hour/minute/second. I am tempted to tell them to deal
with it and just make them enter tickets multiple times, but that will
quickly come back to haunt me :-)

So far, the best that I have come up with is at the begining of the login
script, get the pts, and create a file named ptsX.tkt, then test 1) if the
file exists and 2) if it contains a valid ticket.  On the first login, the
file won't exist, so it will be created, and it won't contain a valid ticket
until the end of the script. On an `su -`, the file will exist with a valid
ticket, so the prompts will be skipped and the environment variable will be
set. I need to do some garbage collection to remove the temp files so that
there isn't and overlap, preferably at logout, or at the time the pts is
freed up Some sort of global script that is executed automatically on
logout/exit that is not under the users control (i.e. not .bash_logout).
Again, my wishes tend to exceed the bounds of reality, and what I have to
work with was never really meant to do this sort of thing :-)

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Disable environment settings

[Kenny Lussier]

On Tue, Jun 3, 2008 at 12:11 PM, Bill McGonigle <[EMAIL PROTECTED]>
wrote:

>
> On Jun 3, 2008, at 12:01, Kenny Lussier wrote:
>
>  The problem that I am running into now is how to
>> maintain that variable when they `su - user`.
>>
>
> The question doesn't really make sense.  the '-' means, 'replace the
> current environment'.  So, to rephrase your question, "How can I get it to
> keep the current environment when I tell it to replace the current
> environment?" :)


EXACTLY!! :) They use `su -` because it replaces their regular user
environment with a special environment for "special"  users. Unfortunately,
using `su -` re-reads /etc/profile which will re-source the login script,
and prompt them for their ticket number again. This is when they get annoyed
:-) What I'd like to do is have the login script check to see if the login
is an `su -` , and if so, get the environment variable from the parent shell
and set it according for the child shell, and bypass the prompts. Of course,
what "I'd like" and what is realistically possible are usually completely at
odds with one another :-)


>
> So,  'su user' might work, but really this kind of job is what sudo is for.


> You might need to add users into groups, defined stuff in sudoers, and even
> fix some old software with hardcoded assumptions, but I'm pretty sure you'll
> think it's worth doing right.
>


A plain su works fine, as it doesn't replace the environment and it isn't a
login shell. su - is a login shell. Sudo is in extensive use, but it doesn't
cover all of the odd cases that we seem to be running into. I like sudo.
Unfortunately, people get tired of typing it when they need to run 100+
commands as another user to diagnose a problem. The option that they have
choosing until now is to simply ssh in as the "special" users, which is not
acceptable. Making them log in as themselves is fine, as long as we can
provide them with the same functionality and not impose any new annoyances.
And yes, I know that it is contradictory (security is inversely proportional
to productivity and all), but it is the reality of the situation...


C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Disable environment settings

[Kenny Lussier]

On Thu, May 29, 2008 at 4:55 PM, Bill McGonigle <[EMAIL PROTECTED]>
wrote:

>
> On May 29, 2008, at 15:57, Kenny Lussier wrote:
>
>  Is there a way
>> to prevent them from being able to manually change certain environment
>> variables while still allowing them to change others?
>>
>
> Can you arrange to filter everything through sudo?  env_keep  and env_check
> would be things to look at.
>
> -Bill
>

Mostly, everything is filtered through sudo. I think that we have decided
that we are going to trust people not to change the variable (if they even
notice that it exists). The problem that I am running into now is how to
maintain that variable when they `su - user`. The login script runs a second
time, prompting them a second time for a ticket number, which is quite
annoying...

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Disable environment settings

[Kenny Lussier]

Hi All,

I have a login script that  gets sourced by /etc/profile when a user logs
in. The script sets some of the users environment variables. Is there a way
to prevent them from being able to manually change certain environment
variables while still allowing them to change others?

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Alternatives to Comcast

[Kenny Lussier]

On Tue, May 20, 2008 at 9:18 PM, Dan Miller <[EMAIL PROTECTED]> wrote:

> I'm in Southern Nashua. Right at the border, so I think that mv.com is
> out. I will look into fairpoint though. I know I can't get fiber (that
> would be ideal), I've never done DSL before, but I know its different
> setup with PPoE and such.
>
> Dan


Years ago, I used Speakeasy (http://www.speakeasy.net). Their pricing was
decent, they have static IP's by default, and there was none of that PPPoE
garbage... Of course, that was 6 years ago. I have no idea what they are
like now.

HTH,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: RHEL Kernel Versions

[Kenny Lussier]

On Tue, May 13, 2008 at 11:28 PM, Michael ODonnell <
[EMAIL PROTECTED]> wrote:

>
>
> > With RHEL, you eliminate support when you put in a kernel that
> > isn't one of theirs.
>
> Well, it's true that RHAT will not support just any random
> kernel that you've overlaid on top of an RHEL distribution,
> but even as a Debian devotee I respect their reasons for
> adopting that stance - they're reknowned for patching their
> kernels to smithereens in an ongoing effort to fix bugs and
> back-port selected enhancements, so the RHAT kernels can end
> up being quite different from the kernel.org kernel a given
> distribution is based on.


I'm not questioning reasons for doing so. I completely understand them, and
I agree with them doing so for business reasons. You can't agree to support
something, and then have the basis for it changed, and still support it
effectively. I have no problems with that. The predicament that I have is
that I have developers telling me that they need features that are in a
certain kernel (in this case 2.6.20), and I have no real way of knowing what
2.6.9-67 equates to. I will have to find out the exact features of the
kernel they are looking for, and go through the changelogs to see if those
features are included.


Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: RHEL Kernel Versions

[Kenny Lussier]

On Tue, May 13, 2008 at 5:55 PM, Bill McGonigle <[EMAIL PROTECTED]>
wrote:

> On May 13, 2008, at 17:42, Kenny Lussier wrote:
>
>   Is there any way to tell what the
> > kernel patch level is and what the patches are in the RH kernels?
> >
>
> If the changelog isn't enough, get the SRPM (yumdownloader --source works
> sometimes) and look at the SPECS/kernel.spec file for a full list of
> patches.
>
> Yes, the kernel is that old, RHEL is for 5-year stability, not tracking
> current work (with the occasional backported exceptions).  Fedora gets you
> the current stuff, but you're bound to be upgrading every year.
>
> -Bill


I think that this is why I've always used kernel.org kernels in the past.
When someone comes to me and says "I need kernel x.y.z because it has
", I can get that kernel for
them. With RHEL, you eliminate support when you put in a kernel that isn't
one of theirs. I guess I'll start pouring through the changelogs..

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

RHEL Kernel Versions

[Kenny Lussier]

Hi All,

How do RedHat kernel version numbers correlate to actual
kernel.orgreleases? The latest RH kernel is 2.6.9-67, but the
kernel.org latest stable is 2.6.25.3? Is there any way to tell what the
kernel patch level is and what the patches are in the RH kernels?

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Performance Tuning

[Kenny Lussier]

Hi All,

This should be a fairly easy one for someone out there I have made
some modifications to a system for performance reasons. One of the
changes that I made was setting the read_ahead_kb value to 1024 (up
from 128). I used the blockdev command to do this (blockdev --setra
2048 /dev/sdb). My question is, how do I make this persistent across
reboots??

TIA<
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Wed, Apr 2, 2008 at 1:56 PM, Paul Lussier <[EMAIL PROTECTED]> wrote:
> "Kenny Lussier" <[EMAIL PROTECTED]> writes:
>
>
> > I may have over-simplified the situation in that statement. We are
>  > dealing with PCI (Payment Card Industry) compliance.
>
>
>  Ha ha ha ha! Stop it, you're killing me!
>
>  Hannaford was "PCI" Compliant too.  You might as well say your
>  striving for "Los Alamos" level security ;)

Yeah. I'm trying to wrap my head around PCI. I miss the good old
days of the "Orange Book". Life was simple back then :-)
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Wed, Apr 2, 2008 at 9:57 AM, Paul Lussier <[EMAIL PROTECTED]> wrote:
> "Kenny Lussier" <[EMAIL PROTECTED]> writes:
>
>
> > Unfortunately, is isn't 100% reliable. As you pointed out, there are
>  > a lot of ways around these things, such as executing a script that
>  > executes a bunch of commands. The only thing that will be logged is
>  > the execution of the script, not commands that the script
>  > calls.  This is where process accounting comes in.
>
>  You could always have bash run with -x turned on.  But that's likely
>  to be *really* ugly :)

That was one of the first things that was suggested. And summarily dismissed :-)

There is a very fine line between "gathering as much information as
possible" and "getting hammered with too much crap to process". We
don't want to go too far with this, since that can easily cause
important information to be lost in the noise.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Wed, Apr 2, 2008 at 10:15 AM, Paul Lussier <[EMAIL PROTECTED]> wrote:
> "Kenny Lussier" <[EMAIL PROTECTED]> writes:
>
>
> > The point isn't to limit what they can do on the system (that is a
>  > completely different issue). The problem is to account for what they
>  > do, and to go to the logs and say that User X issued command Y at n
>  > time. The truth is, we don't care what shell they do it in. The
>  > decision to limit people to a single shell was a development decision,
>  > not a security decision.
>
>  Right, but you've ultimately gone to that end where you have, in fact,
>  limited people to a single shell.  And, if that's the case, why not
>  also go further and restrict them to not being able to edit the shell
>  config files.  It's still a 'developmental' decision in how you carry
>  out your security policy.
>
>  If you, for "developmental" reasons, have limited them to a single
>  shell, and, your policy calls for controlling the PS* prompts and
>  other environmental variables in order to carry out that policy, it's
>  a simple (if not required) extension to restrict them from altering
>  those environmental conditions (upto and including global warming ;)
>
>  If you don't, and they do, how can you prove they did when they say
>  they didn't? After all they were able to when you allowed them the
>  possibility without restricting them in the first place!
>
>  Got it?

Compared to the specs that I'm currently reading, that made perfect
sense!! :-) I believe that the "developmental reason" for limiting
people to one shell was that the people that developed the apps that
run on these systems didn't want to deal with people writing scripts
in other shells. I admit that I am not entirely sure, as I am still
getting to know the environment. However, I agree that controlling as
much of the environment as possible is the road to go down. We are
even looking at writing our own CLI for these systems in order to
granularly control everything.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Wed, Apr 2, 2008 at 11:32 AM, Michael ODonnell
<[EMAIL PROTECTED]> wrote:
>
>
>  >> Many of the suggestions made so far seem to assume that the users
>  >> are cooperative and will not try to defeat any of the suggested
>  >> "auditing" mechanisms.  Is that assumption correct?
>  >
>  > That is a safe assumption.  The users are the ones that have asked
>  > for better monitoring then what is done now.  It is as much for
>  > their protection as it is for the company and legal compliance.
>
>  Hrr.  Well, if your users just want an informal reminder of
>  What Happened When, then fine - you may very well end up with a
>  workable solution using some or all of the measures suggested here.
>
>  But I'd be amazed (depressed, also) if any of the "audit logs" so
>  generated meet the requirements for complying with any existing,
>  enforceable law, since many of the knobs and levers are manipulable
>  by the processes that are supposedly being audited.  Would you
>  care to mention the law(s) in question?

I may have over-simplified the situation in that statement. We are
dealing with PCI (Payment Card Industry) compliance. The reason that
the users of the systems in question want better audit trails is
because they are the same people that need to deal with the auditors.
We are currently working on a "more is better" theory, and trying to
capture everything possible in a usable manner, then scale it back
from there. We already have a home-grown system in place that meets
the (current) standards, but it is not very flexible, and moving
forward to meet the constantly changing specs is becoming extremely
difficult. This is all a top-layer of logging in addition to all of
the other security systems that we have in place to do various pieces.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Wed, Apr 2, 2008 at 10:27 AM, Michael ODonnell
<[EMAIL PROTECTED]> wrote:
>
>
>  Many of the suggestions made so far seem to assume that the
>  users are cooperative and will not try to defeat any of the
>  suggested "auditing" mechanisms.  Is that assumption correct?

That is a safe assumption. The users are the ones that have asked for
better monitoring then what is done now. It is as much for their
protection as it is for the company and legal compliance.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Greetings!

[Kenny Lussier]

On Tue, Apr 1, 2008 at 10:00 PM, David Hardy <[EMAIL PROTECTED]> wrote:
> I'm up late, kind of, and welcome you to this mailing list, Joshua.  And to
> New England and the great Granite State of New Hampshire! Compared to
> Buffalo, though, you are now in the tropics.
>
> I've belonged to his list for a few years now, and while still a comparative
> n00b, I have learned a ton of good stuff from these folks.  They are simply
> amazing.  Every conceivable question or issue comes up with regard to Linux
> and open source and networks and so forth, and within minutes, literally,
> there are often several excellent answers and solutions.
>
> I don't often contribute, being in awe, mainly, and only ask questions in
> utter desperation sometimes.  But they do their best to get back with
> something accurate right away and they, well, almost all of them, have a
> sense of humor.  Sometimes wicked humor.
>
> Anyway, welcome!
>
> Dave Hardy

That highlights one of the great aspects of this group. You don't need
to refrain from contributing just because you don't have anything to
add. It's never stopped me!! :-)

But seriously, welcome. Feel free to jump in at any time, either to
ask a question, answer a question, or to strike up a general
conversation. We're always looking for food for thought, something to
debate, or any general topic to offer unsolicited advice on.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Mon, Mar 31, 2008 at 7:44 PM,  <[EMAIL PROTECTED]> wrote:

>  I said it would "probably" not do what was intended.  I was "probably"
>  wrong, as well. :)

Well, now that we have that cleared up. :-)


>   [EMAIL PROTECTED] shopt -s promptvars
>   [EMAIL PROTECTED] PS1='[ `date` ] $ '
>   [ Mon Mar 31 19:34:51 EDT 2008 ] $
>   [ Mon Mar 31 19:34:52 EDT 2008 ] $
>   [ Mon Mar 31 19:34:53 EDT 2008 ] $

This method is actually quite elegant in it's simplicity. By tagging
the prompt with a time stamp, it solves a major problem of using
`script`. It gives me a time stamp!! :-) I can add a small snippit to
bash_logout that closes the script log, then echos each line through
logger so that it goes into syslog (and then on to the central logging
system, and into our log analyzer, etc...).

It also has me thinking about different ways of manipulating the
command prompt to add unique identifiers. I might cobble all f this
together and make something useful after all! :-)

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Mon, Mar 31, 2008 at 5:36 PM,  <[EMAIL PROTECTED]> wrote:
> > From: Paul Lussier <[EMAIL PROTECTED]>
>  > Date: Mon, 31 Mar 2008 12:03:21 -0500
>  > Cc: Greater NH Linux User Group 
>
>
>  > > file would need to be writable by the user, which defeats the point of
>  > > all the logging :-)
>  > >
>  > Wow, the lack of creativity here is astounding! :)
>  >
>  > /etc/bashrc:
>  > ...
>  >  export PS1='[ `date` ]'
>  > ...
>  >
>
>  Note: That will probably not do what you intended...  Each time a
>  prompt is issued, the same exact prompt will be issued, namely
>  "[ Mon Mar 31 17:32:54 UTC 2008]".  "date" will not be rerun
>  before each prompt.  To do that, you need to use $PROMPT_COMMAND.

Oddly enough, it seems to do exactly what I wanted it to do. I did
nothing but hit enter, it the time increments.

[ Mon Mar 31 18:00:09 EDT 2008 ]
[ Mon Mar 31 18:00:12 EDT 2008 ]
[ Mon Mar 31 18:00:13 EDT 2008 ]
[ Mon Mar 31 18:00:14 EDT 2008 ]
[ Mon Mar 31 18:00:16 EDT 2008 ]
[ Mon Mar 31 18:00:17 EDT 2008 ]
[ Mon Mar 31 18:00:18 EDT 2008 ]
[ Mon Mar 31 18:00:18 EDT 2008 ]
[ Mon Mar 31 18:00:19 EDT 2008 ]
[ Mon Mar 31 18:00:20 EDT 2008 ]

Now, if I can just pipe script through logger, I'll be all set :-)

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Mon, Mar 31, 2008 at 12:52 PM, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Bill McGonigle <[EMAIL PROTECTED]> writes:
>
>  > I see you've already found lastcomm and friends, but it would be great
>  > to know what you come up with for a correlation mechanism.
>
>  Can't you log everything possible via syslog, then write wrappers
>  around lastcomm, sa, sar, et al to dump that data to file, and point
>  splunk at the whole mess and let it do the time-event correlation for
>  you?

That is a really good question I don't know. I'm not sure if I can
just point splunk at the output of script and have it correlate it to
syslog events. I suppose that it's worth a try.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Mon, Mar 31, 2008 at 1:03 PM, Paul Lussier <[EMAIL PROTECTED]> wrote:
> "Kenny Lussier" <[EMAIL PROTECTED]> writes:
>
>  > The control characters aren't the only reason that script doesn't work
>  > for us. Script will write out to a file, but the lines aren't time
>  > stamped, so it's impossible to know when a command was run. Also, the
>  > file would need to be writable by the user, which defeats the point of
>  > all the logging :-)
>  >
>  Wow, the lack of creativity here is astounding! :)
>
>  /etc/bashrc:
>  ...
>   export PS1='[ `date` ]'
>  ...
>
>
>  If you're going to the extent of limiting them to a single shell, you
>  might as well restrict them further by not allowing them to customize
>  their own environment and disregarding any ~/.*rc files.

The point isn't to limit what they can do on the system (that is a
completely different issue). The problem is to account for what they
do, and to go to the logs and say that User X issued command Y at n
time. The truth is, we don't care what shell they do it in. The
decision to limit people to a single shell was a development decision,
not a security decision.

C-Ya,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Session recording

[Kenny Lussier]

On Mon, Mar 31, 2008 at 2:43 PM, Ben Scott <[EMAIL PROTECTED]> wrote:
> On Mon, Mar 31, 2008 at 1:16 PM, Tom Buskey <[EMAIL PROTECTED]> wrote:
>  > I concluded it was lots of work to provide security that was not auditable.
>
>   Trying to achive a secure audit trail using the usual Unix shells is
>  (IMO) not a good idea.  The shell isn't designed for it, and there's
>  too many ways around it.  Implement security in the kernel, or in
>  processes outside user control.  Again, process accounting, SELinux,
>  etc.

Well, there are certain things that you can implement using the shell
that are a piece of the puzzle. For example, bash-paranoia gives you a
time-stamped accounting of every command that a user executed, who
they executed it as, on what pty, and the ip address that they were
logged in from. This is all valuable information. Unfortunately, is
isn't 100% reliable. As you pointed out, there are a lot of ways
around these things, such as executing a script that executes a bunch
of commands. The only thing that will be logged is the execution of
the script, not commands that the script calls. This is where process
accounting comes in. I'm not sure about SELinux yet. I am still
reading up on all of the nifty things that it provides :-)

>  > I think some kind of chroot jail would be more secure.
>
>   "Security is a process, not a product."  It sounds like the primary
>  goal in this discussion is not access control (although that always
>  plays a part), but audit/accounting.  They don't want to keep people
>  from doing stuff, just have a record of what they did.  A chroot
>  wouldn't provide a record of what was done in the jail, and the users
>  likely need access to the sensitive stuff anyway (otherwise they
>  wouldn't care so much about the audit trail).

This is exactly the case. We have already limited what people can do
on these systems using standard permissions, sudo, etc. What we need
now is to log everything that is done so that when the systems are
audited, we can provide the details of what has been done on the
system. It's not about limiting functions, it's about audit and
accountability.

Thanks,
Kenny
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/