March 31, 2004
Day of Catastrophes
Had a few things happen yesterday, but didn't get the time to write. Wasn't until today that I realized the extent of my reactive day. I started to put the events into one post, which quickly became too long so am posting them separate. But they still all added up to more distractions than I'd prefer in any single day.
Posted by mike at 3:47 PM
March 30, 2004
PowerBook Account Screwed by FileVault
During today's server scare I reset my passwords everywhere, including my laptop. Unfortunately I used the command-line, not the "Accounts" tool. When I rebooted the laptop the password used to login couldn't unlock my FileVault home directory. Instead of prompting me, OS X created a locked disk image from my home directory and created a new home directory with all new folders, preferences etc.
Changing my password in "Accounts" didn't help, and I can't just copy the files from the old home directory into the new one because some of the files are being used.
I decide to create a new account, with admin permissions which I can use to get logged in without using my home directory to move back over the files. As I'm doing that I try to add a user to the admin group in NetInfo Manager and screw up the admin user group, rendering my account useless.
I find myself in single-user mode (never been there before on my Mac) and using visudo to get myself into a position to reset the root password (which I don't believe had ever been set before). With ability to run things as root I can boot normal, run NetInfo Manager as root and fix the admin group. With that out of the way I log in as the other admin user and copy everything from the locked disk image back into my account. Actually, to do that I had to log in as myself and mount the disk image and then switch to the other admin user.
With that I got pretty close to where I was before password reset. Lesson learned, either don't reset my password or remember that OS X really isn't as close to the other flavors of unix I'm used to.
Posted by mike at 11:20 PM
Server Compromise Scare
While I was working on today's first catastrophe I was informed that an account on two of our machines had a .ssh/known_hosts file filled with entries not made by the account owner.
Three (all) of us immediately started the process of scouring the system for evidence of damage, changed binaries etc. Tripwire hadn't reported anything unusual, but tripwire is also easy to manipulate. We spent a good portion of the afternoon and I continued during the evening scouring for any signs and haven't seen any evidence of malice. The fact that the user didn't clean up the known_hosts entries . . .
Back in late January another department at Tufts had some compromised machines where passwords were being collected, which led to access to additional machines. Looks like ours was one of them, the account on our machine was accessed from the other department's compromised machine.
The machines are scheduled to be rebuilt soon, am anxious to have that happen because I know until they are rebuilt there will be a nagging question about their state.
Posted by mike at 11:10 PM
RAID Hard Drive Failure Hangs Machine
Came out of a meeting and sat down at my desk to the sound of a screeching hard. Turns out it's in the only Windows box we're required to maintain, used for a PowerPoint to XML/JPG conversion utility. Even though the disks are on a Promise FastTrak-100 TX2 hardware raid card the failure froze up the machine. Spent an hour or so becoming familiar with the raid configuration and was able to get the machine back up on the one drive.
I have to say I'm impressed with Western Digital's RMA process, very easy to get a new drive on the way.
Posted by mike at 11:00 PM
March 29, 2004
No Longer an Infrequent Flyer?
I don't consider myself someone who travels often. I do like to get out/away, but most often to someplace close enough to ride the train or drive. In the past I've thought that one or two trips by plane were about right for any given year.
I'm looking at my calendar and realize that in the span of a few months I'm oscilating wildly across the country, with one trip overseas. A drop in the bucket for some folks, but it does have me thinking about how this might change the way I look at going places (typically some level of excitement). Also has me making sure frequent flyer accounts are in order.
For the curious the cities are: Tampa, FL, Orlando, FL, London, Denver, CO, Portland, OR, Boise, ID and Salt Lake City, UT.
Posted by mike at 11:00 PM
March 26, 2004
Impressed with iLife Suite, Issues with iDVD
After carefully creating a album of photos of our recent trip to Florida in iPhoto and using the slide show feature to let everyone enjoy a review of the trip along to music, I decided to explore creating a DVD with iDVD (and include some small movie clips from the s400).
I am impressed with the interchange of information between the iLife apps. In iPhoto I can choose music from iTunes, in iMovie can get at iTunes and iPhoto and in iDVD I can easily drag and drop from iTunes, iMovie and iPhoto.
Building a DVD in iDVD is really easy, at the expense of having almost no configuration options. I was impressed all the way until the DVD came out of the superdrive. I put it in my home DVD player (purchased in the last 6 months, so I would hope it would play most DVDs). There is no sound on the DVD. I stick it back into the PowerBook and after spinning for awhile I am given the "You've inserted a blank DVD, what do you want to do with it" box.
I decide that maybe burning DVDs at with the "in 1 hour" option as opposed to "highest quality" might be the issue so I change that and burn again (took ~90 minutes). Same problem, no sound and unable to mount on Mac.
I stick the DVD in my Playstation 2 to get a third opinion, lo and behold there is sound. It's really loud and distorted, but it's there.
Now what? I want to send the DVD to some folks but how do I know if it will work? Try another DVD player? Is it the DVD media I'm using? I guess I'll send it with a disclaimer. I have access to another DVD burner on a Windows box, should I try that first? Not as easy as Apple makes this out to be.
Posted by mike at 10:21 PM
March 25, 2004
Presentation: Intro to CVS
Gave a presentation to a group of Tufts webmasters today on version control, with an introduction to CVS installation, configuration and commands.
The one person who I knew was really excited to get CVS running wasn't able to attend, but seemed to be of interest to the other attendees.
Posted by mike at 9:12 PM
March 23, 2004
Find MAC Address on Solaris
Here's a tip to solve an annoying little problem, run ifconfig as root on Solaris to find MAC addresses. If you run it as someone else it will show you everything but the MAC address.
Fortunatly I didn't spend a lot of time figuring this out, would be even more annoyed. Every search about how to find MAC addresses on Solaris says to run "ifconfig -a" and it will show you the MAC address. I was getting pretty annoyed with all the resources that were saying this because it just wasn't true on the particular machine I was on. Then I stumbled into a note on a forum stating that on Solaris ifconfig only gives the MAC address if run as root.
What's the point of that? Are we to believe that the MAC address is something secret that only root should be able to see?
In the past I've also used arp, but in this case the interface wasn't actually being used yet, I needed the MAC address before getting it connected.
Posted by mike at 7:44 AM
March 22, 2004
Routine 4am Visit to Data Center Turns into Short Nightmare
Went to the data center at 4am to take down a machine to add a network card. Should have been a piece of cake, but when the machine started up the A1000 raid array (with all critical data for the site) was unavailable. It was starting to look like the same situation a year ago when the controller in our A1000 got hosed. After a little work I got the machine up without the data and called Sun. We did a bunch of looking around, trying diifferent options. With their help we discovered that it wasn't the A1000 controller, but 75% of the disks were failing, which caused the array to report a critical error.
My grey hair count had doubled in one hour.
It was a huge relief when the Sun support person pointed me to the "revive" option in the raid manager and we were able to revive all the disks and be back online in 30 minutes (as opposed to having to get new disks and restore from backup which can take up to 12 hours).
I'd like to see the "revive" option available more often. In fact, it would be nice if all hardware had a revive button which will execute a self-repair and bring itself to good-as-new state. In some cases companies may also want to provide a "resuscitate" option for pulling something back from near death. In those cases "revive" might not be enough to do the trick. ;)
Posted by mike at 8:01 AM
March 21, 2004
Shibboleth at NERCOMP 2004
NERCOMP 2004 starts today for preconference seminar. No offense to other NERCOMP presenters, was primarily interested in the Shibboleth topics so am only here in bits and pieces.
Today's preconference seminar is Shibboleth: Architecture and Implementation Requirements by Daniel Arrasjid of University at Buffalo and Steven Carmody of Brown University.
Was thinking I'd weblog about it real-time but it appears to be taboo at this conference.
First half of the presentation dug into identity management, which is an important precursor to Shibboleth. Daniel says "Long term, you're in a much better place to have identity management in place to drive Shibboleth." If you're going to attempt to authenticate and provide authorization attributes about a person to another institution it's a good thing to have the identity management to drive shib done right.
After a short break we got into Shibboleth. I've read a good chunk of the shib documentation in setting up a test environement but hadn't got to the point of configuring it to actually communicate with another organization. I had a number of questions regarding how to configure and how shib would interact with our existing authentication and authorization. The presentation and q-a session gave me more than enough information to work with. One slide titled Installation Process provided a nice summary of the steps to becoming a shib target.
- join a Federation
- configure Apache
- configure Shibboleth
- error handling
- Federation metadata
- key generation and certificate installation
- define attributes and attribute acceptance policies
- protect resources - create access control policy
The other pressing question was how to integrate into our existing system. A discussion about Buffalo's use of Shibboleth with Blackboard helped. At Buffalo when a user is authenticated via Shibboleth the attributes are used to dynamically provision a Blackboard account. We'd most likely do something similar, on an incoming, authoenticated shib request we'd take the attributes and verify the account status, creating a limited-use account. Right now the user account information is stored in a user table, but have thought a few times that it might be a good idea to be capable of creating user objects as a part of the session and only keep them around as long as the session is active. Something for the future.
The presentation was valuable and worth my time, have a clear sense of our path to being shibbified or shibbolized.
Posted by mike at 1:03 PM
March 14, 2004
Vacation Technology Plan and VAN (Vacation Area Network)
Five years ago, after three years of combined family vacations, Pete and I decided it was important to have a technology plan for family vacations. At the time there was talk of doing nightly photo uploads and playing with streaming video or a webcam. The plan died the same week it was conceptualized, but one thing has remained constant . . . the establishment of a VAN (Vacation Area Network).
As vacation plans come together Pete and I keep our eye on connectivity options, trying to vote for destinations and housing that might accomodate our technology needs. Sometimes it looks pretty bleak, but something usually presents itself.
Once we're on location, and had a chance to do some vacationing we turn to the options for establishing the VAN. Last year it was dialup via a PowerBook which used the 802.11g to share the connection. This year there's no phone line in the vacation house so it's Verizon 1XRTT CDMA broadband on Pete's Sony VIO and a crossover cable to the PowerBook.
The worse conditions I can remember is a trip to Winnipeg, Canada where we stayed in cabins on a remote lake and the only connectivity was from a phone booth at the Winnipeg airport (it took some hunting to find one with a working data jack). Still have a mental image of Pete sitting on a chair in front of the phone booth and having to take turns in the booth. Very little time spent online that trip.
There is debate amongst the family members about the importance of having the VAN, or even laptops, on vacation. The most valid I have now is to get photos from the camera. It's also handy to have a DVD player on flights to keep kids calm. No matter how much bad-mouthing it gets, invariably everyone benefits from finding directions, getting weather updates, looking up additional information about attractions and answering vacation-related questions (today's two were "Does a palm tree shed it's bark naturally or is it pruned?" and "What makes the ocean salty?").
Posted by mike at 9:13 PM
March 13, 2004
Weather: MA vs FL
In Johns Pass, Florida for a week of relaxation (and an evening or two of hacking). Took a photo in Boston a few hours before our flight left and one after we got to our vacation house, thought it made for an interesting contrast.
It was ~30 degrees when the photo was taken in Boston, ~80 degrees in Florida, well-worth a few hour flight to gain 50 degrees.
Posted by mike at 10:05 PM
March 9, 2004
Bush Administration Job Predictions vs Reality
I did get a good laugh out of this one, it's just so funny that each year the predictions continue to get more agressive, giving the graph a sense of desparation in attempting to reach the right numbers.
Posted by mike at 4:19 PM
This Chair is Comfortable (Aeron by HermanMiller)
Walked into the office today and found new chairs had been delivered for some new employees. The new folks haven't actually been hired yet, so we took the opportunity to evaluate the new chairs to determine if they were worth swapping with our existing chairs.
The new chair at my desk is a Herman Miller Aeron. The difference between my old chair (which I thought was pretty good) and the Aeron reminds me of the difference I experienced when first riding my Gary Fisher Kaitai after having beaten a Giant Iguana into the ground for 8 years. Sorry if that makes no sense, but it's what comes to mind.
Sorry new employee #2 (Paul got new employee #1's chair), hope that doesn't deter you from taking the job.
Posted by mike at 3:16 PM
March 5, 2004
Digital Photo Printing
I'm looking into options for printing digital photos. Looks like there's a wide array of choices. The one's I had heard of via word-of-mouth:
And a few others google turned up:
Once I have a selection of images we want printed I'm thinking about submitting a few of the same images to a few companies that offer the first x prints free and see what comes back. Even if the quality is the same will give us a sense of usability and turnaround.
Posted by mike at 12:46 PM
It's a few weeks old now, but just noticed today that Subversion 1.0 is out. It will be interesting to see if and how long it takes us to start using it. CVS does pretty good for us, very comfortable with it.
Posted by mike at 11:49 AM
March 4, 2004
More on Piracy from Larry Lessig
Wired is running a bit by Larry Lessig, excerpted from his book Free Culture: How Big Media Uses Technology and the Law to Lock Down Culture and Control Creativity.
The Hollywood film industry was built by fleeing pirates. Creators and directors migrated from the East Coast to California in the early 20th century in part to escape controls that film patents granted the inventor Thomas Edison. These controls were exercised through the Motion Pictures Patents Company, a monopoly "trust" based on Edison's creative property and formed to vigorously protect his patent rights.Will have to see if I can squeeze at least one of Larry's books into my book queue this year.
California was remote enough from Edison's reach that filmmakers like Fox and Paramount could move there and, without fear of the law, pirate his inventions.
I thought Larry's speech at OSCON 2002 was incredible and moving, the best keynote speach I've seen at OSCON (although Larry Wall's State of the Onion that year was quite good too). I'm not terribly alert about the political front and find Larry's work a good source of information and inspiration.
Posted by mike at 1:25 PM
March 3, 2004
OSCON 2004 Presentation Accepted
Got this notification today:
Congratulations! You have been accepted as a presenter for the O'Reilly Open Source Convention 2004Last year I was suprised to be accepted because I just wasn't sure if I met the presenter criteria. This year when submitting I was more curious if my talk would be of interest to others.
Topic: Using MySQL for Binary Storage
Length: 45 minutes
The proposal abstract:
Four years ago the Tufts University Sciences Knowledgebase (TUSK) moved it's collection of images from a filesystem into a MySQL database. TUSK, a content management system, has since grown to include a half million images. This presentation digs into the details of using MySQL for storing binary data and serving that data over the web.I'm excited for OSCON 2004, hopefully will be chalk-full of good information. I've made a promise to some of the folks here that I'll actually take notes and bring information back to share, we'll have to see how good I am about that.
Reasons For and Against MySQL Binary Storage
Passionate debate continues over whether to store binary data as BLOBs in MySQL or to keep it in files on the filesystem. There are good arguments for both sides, which must be weighed when choosing a method of storage.
How-To: Store and Deliver Binary Data
Focus on details in designing the data model and programming to serve the images is key to getting the highest performance.
The biggest question at TUSK is: How well does it perform? Measuring the performance of image delivery is critical in determining the viability of storing binary data in MySQL.
Kruckenberg will begin with a review of the arguments for and against binary storage in a database, and how the arguments weighed into TUSK�s decision. He�ll then get under the hood and look at the data model and Apache handler used to store and serve the images. The grand finale will be a show of performance statistics to answer the question �How well will it perform?� Kruckenberg will end with a few thoughts on TUSK�s future plans for MySQL binary storage.
Posted by mike at 3:09 PM
March 2, 2004
Build Script for Perl Modules
Today I completed a build script which creates a slew of Solaris packages, one for every Perl module needed to run our application. The count right now is 45. This is a huge relief, building packages can take anywhere from 1-2 hours . . . each.
There were two items that made this more interesting than just another shell script. First, I wanted to install the perl modules in a clean, local directory to make packaging easy and enable a non-root user to build the packages. For the most part the modules respect the make install PREFIX option so I could have the installation directed to a local dir.
Second, once I had the install location worked out there was the question of making the current installing module available to the remaining modules. What I ended up doing is pointing PERL5LIB at another local directory and doing a cp -r from the install directory to PERL5LIB which would allow me to wipe the install dir for the next module but keep a copy of the module available.
The script has two hashes, the key for both is the package name (ie. xmlparser). One hash is the CPAN name (ie. XML::Parser) and the other a dependencies array, consisting of package names needed before installing.
Essentially the script goes through this process for each of the packages, which are defined in a specific order to ensure dependencies are met:
1 - install directory cleaned out
2 - get, configure, make, make test and make install module using programmers interface to CPAN (packages installed in ~/build/perl_modules/perl)
3 - installed files copied to PERL5LIB (~/build/perl_modules/lib)
4 - prototype file created from files in ~/build/perl_modules/perl
5 - dependencies calculated from hash and put into depend file
6 - name and version (from CPAN) used to create pkginfo file
7 - pkgmk creates package, pkgtrans moves it to datastream file
There are two packages that can't be beaten into working with the script, HTML::Embperl and Net::SSLeay. I moved HTML::Embperl over to our apache package (it needs the apache source to install). Net::SSLeay won't install in the local dir, so I added a small section before the package loop which uses CPAN to get the latest version but then does the configure and install in a separate shell where I can manually specify the Makefile.PL args and install it into the local dir. Then continue with steps 3-7 to get the package.
There are a few places in the script where I'm required to give some input (path to apache binary). I thought of several different ways to avoid this, but in the end decided I can watch the script and give it what it wants.
The great thing about this is at any point I can easily add and remove modules from the list and easily generate a completely up to date set of perl module packages. Is good both for convenience and for assurance that things are being built the same way over time.
Posted by mike at 4:45 PM
March 1, 2004
Digital Camera on the Way
It was a pretty close race with the Optio S4. The images taken with the s400 seemed to be cleaner and more vibrant, in a slight way. Probably the most influencing factor (tie-breaker) was our video camera and SLR both being Canon brand. They've performed well over the past few years. If I went on previous brand experience alone I'd be forced to get a Nikon something or other because of the years (1989-2000) I spent with my trusty Nikon FG-20
Will be here on Thursday, just in time for next week's trip.
Posted by mike at 8:20 PM