I beat my head against Firehol/iptables and KVM for several hours today. To spare others the pain, here is an example Firehol rule that does work (for my setup):

router vm_network inface eth0 dst 1.2.3/24
   policy accept

Where:

• eth0 is the network interface that the KVM guests are using
• 1.2.3 is the public ip addresses of the KVM guests
• no outface is used, because it's hidden (?) from the host OS and thus firehol

We are presuming that the KVM guests will all have their own firewall settings here. If firewalling is desired on the KVM host instead, the above example would need more rules.

responses: 0

I didn't like any of the existing iTunes-based alarm clocks out there, so I made my own. The features:

• Hit the "pause" button in itunes to "snooze" the alarm; many apple keyboards have a "pause" button on them which works for the same purpose, without having to get past your screen saver.
• "Mute" to turn off the alarm; many apple keyboards have a "mute" button on them which works for the same purpose, without having to get past your screen saver.

To use it, you will need to:

• download itunes_wakeup.scpt
• open it with the apple script editor
• change the playlist name to one of your iTunes playlists
• schedule an iCal event
• set the iCal event alarm to "run applescript" (see a more thorough explanation)
• choose itunes_wakeup.scpt

responses: 0

Won't someone invent a threadless garden hose coupler? It is such a pain to unscrew threaded garden hose ends. I'd like to see something compression based, so all you need to do is pull a lever to separate the two ends, and then push the lever down to re-connect them. That would be great, mm-kay?

responses: 0

Of the various ticketing systems I've used (RT, Mantis, custom-built), they all had two significant flaws:

• They set up some kind of arbitrary "priority" scale. That is, some priority number or set of incremental values to allow tickets to be sorted "most urgent" first. The problem with this is that numbers or scaling values don't make sense. I only care about how urgent tickets are in relation to other tickets. So, every ticket should instead be relatable to its neighbors. If it's more urgent, I should just be able to drag it above the less-urgent ones. Vice versa for less-urgent tickets. Devs, please toss these silly categorization numbers onto the scrap-heap.
• They don't allow tickets to temporarily "disappear" so they don't steal attention from other tickets. That is, I inevitably end up with things I can't work on since I am waiting on some externality. For instance, someone else may need to take action first, or some upcoming event has to take place first. So, I should be able to say "hide this until date X". That way, I don't need to mentally filter out stalled tickets while looking for tickets that need attention right now!

responses: 0

Recently my internet connection has become increasingly erratic. Lately I've been seeing dropped internet connections every 10-30 minutes. Very annoying. Verizon is sending out a replacement router; good on 'em!

Meanwhile, I was thinking about setting up my old SMC to tide me over. Just one problem: I need the PPOE user name and password. I don't know what they're supposed to be. So while I was talking to tech support about the router, I also asked about the PPOE user name and password. It turns out you can put anything in these fields that you want!

So if you have a Verizon router, and are futzing with it, and it is using PPOE with a user name and password, just put whatever you want in those fields. Note that I haven't actually tried this yet.

responses: 0

Crush! Kill! Munch! Oom the troll strikes again with his child-killing club. Sadly, he is as wont to kill the indispensable SSH children as the true gluttons. Telling Oom not to touch SSH doesn't seem to work. Perhaps he is hard of hearing? Or maybe just dense. Sigh. Time to reboot.

responses: 0

This is just funny: if you have a Gmail account, go to your Spam folder. Look in the advertisements section at the top of the message list. I am seeing various recipes containing spam in this section. Classic non sequitur.

responses: 0

At the Library we transfer large numbers of files in "batches" to different servers using rsync. The machines we do this on sometimes suffer from interrupted network connections, which causes the rsync to give up and fail. No problem, just retry the rsync, right?

Well, there are a few annoying problems with this approach: since the batches contain thousands of files, rsync has to go through each existing file and re-verify it. Also, the rsync has to be manually restarted. Others have asked about this multiple times, but I found no solutions to both problems.

It would be nice if rsync supported various graceful resolution options for these types of failures. Since it doesn't, and I don't want to wade through the rsync code to patch it, I wrote a simple perl wrapper script around rsync instead. It does the following:

• retry rsync if it exits with non-zero
• skip any previously-completed rsync transfers

I have posted the rsync retry script here in the hope that it will be useful for someone else encountering the same problems. It is invoked thus:

rsync_retry.pl rsync --log-file=rsync.log --exclude-from=rsync_exclude.txt <rest of rsync command>

Some notes:

1. It will *fail* if there are no --log-file and --exclude-from parameters
2. It assumes default formatting of the rsync log file

Hacks/comments welcomed!

responses: 0

Many years ago the hosting scam known as 1 and 1 had a deal where you would get free web hosting for 3 years. Not knowing any better at the time, I bit on their hook. Their service was actually not terrible, but little did I then know about their billing practices.

Fast forward to last August or September. I started receiving mysterious pre-recorded messages on my telephone answering machine from NCO Financial sayig "this is an attempt to collect a debt". Then the message gave a number I was supposed to call. At the time, I thought it must be some kind of scam, as of course I had no un-paid debt. So I ignored the (numerous) messages.

Then late last year I received two ominous-looking letters stating more about this supposed amount that I owed, and finally tying it into 1and1.com. So I logged in to 1and1, and noticed nothing untoward. At the time, it looked as though I were paid up (my domains worked, and my billing page showed no outstanding bills). So, I figured it was an extension of the scam, and decided to once again do nothing.

Finally, last week my domain names stopped working. I wasn't sure what was going on, so I looked at my 1and1 admin page, and saw that I had been billed, the billing had failed due to a changed credit card number, and the bill had unceremoniously been sent to collections.

I called 1and1 to see why they hadn't sent me a notice. Their response? "We emailed you, it bounced, so we sent it to collections". Email?? For official correspondence? Who ever heard of such a thing? I asked them why they don't send paper mail or call, and their response was a simple "We don't do that". Completely unsatisfactory.

So now I'm going to have to pay this collections company the original amout, PLUS 1and1's penalty, PLUS whatever the collections company wants to charge me. Of course I looked around the net for suggestions, and found MANY other people with the exact same experience as me!

Some select pages talking about this:

• http://alex.halavais.net/1-and-1-hosting-sucks/ (lots of links to other 1and1 complaint pages)
• http://bankraid.com/ (seem not to be talking about 1and1 anymore; what happened?)
• http://www.wolf-howl.com/reviews/1and1com-web-hosting-sucks/ (lots of links to other 1and1 complaint pages)

Strangely, a lot of sites critical of 1and1 seem to be disappearing (shady practices at work here? Am I next?):

• http://www.aribwk.com/?p=277
• http://www.1and1classaction.com/?p=1 (up in November 2008, what happened? I would so love to give information for a class action suit)

So, I was most interested in the class action url above, but it seems to be dead. If anyone else knows of such a thing in the making, please contact me!

In closing:
1 and 1 Internet hosting are a bunch of clueless, arrogant *!@#%*%'s!
Avoid 1 and 1 Internet service; you will get ripped off!
If you are unfortunately being hosted by them now, cancel your account as soon as possible, or you will get ripped off!
If you manage to cancel, make sure they don't add any other fees to your account, otherwise you will assume the matter has been resolved, but instead you will be hearing from their attack dogs: NCO Financial.
1 and 1 will waste your time.
1 and 1 will waste your money.
1 and 1 will cause you untold frustration.

responses: 0

So, I see this in my logs recently:
"Device: /dev/sdb, 2 Offline uncorrectable sectors"
Apparently Smartd notices something amiss with the drive.

Point 1: Why doesn't Smartd consider this an error condition? And if not, why should it even notify me? Should I be worried? No authoritative answers to be found on Google. Could you Smartd people please make a FAQ?

Point 2: OK, so I guess I'll consider this an error worthy of fixing. So how do I fix it? Google gives some possible answers (again, FAQ, O Smartd uber-geniuses?), such as the Bad Block HowTo. But... 3 pages of tests/mitigations? Come on guys, make it easy for me. Most of this stuff is scriptable, so please, can you make a script/utility for me?

responses: 0

If there's one thing I love about Ubuntu (and Debian, to a certain degree), it is the packaging system, which "just works". Having used Windows, OS X, FreeBSD, Solaris, Red Hat Linux, Gentoo Linux, Suse Linux, etc, it is the one thing that coddles sysadmins the most. Only in Ubuntu/Debian can I set up a server, install what I want from the packaging system, and then easily ensure all the installed software has the latest security patches. I have seen no other system that does all of this from one, easily-scriptable place.

I have been able to use this to my advantage at the Library to:

1. Monitor each machine with Nagios, and tell me what security updates it needs.
2. Push out immediate updates via Puppet.
3. For "disruptive" updates (eg MySQL service restart), schedule an update for the future via Puppet, and email a notification to anyone who can log in to the machine. The packaging system takes care of service restart.
4. For kernel updates, schedule an update and send a notification as above. Then reboot the machine (the packaging system won't do this automatically).

I have thus automated many tedious steps and saved loads of time. The only thing I as an admin have to do, is choose which updates to apply, whether they should be applied now or in the future, and then update a text file. No other available OS can do all of these things in such a simple, non-interactive way.

responses: 0

So I just heard the news that DC Metro is going to be doing random bag searches at entrances to Rail/Bus facilities. Surreal. What part of the 4th amendment do they not understand: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

No probable cause, unreasonable search of effects. I am astounded by how far we in the US have strayed from the constitution.

I submitted a complaint at the Metro feedback page. If you care about your liberty, I suggest you do the same.

responses: 0

Geez, this is depressing: http://www.earthclinic.com/CURES/sinus_infections_and_ice_cream.html. Moral of the story: know what's in your food, and if you don't know, don't buy it. Oh, and chemistry sets belong in the lab, not the kitchen.

responses: 0

So, what about 32-bit-only hardware? How will this work on large NFS exports? I can't exactly upgrade to a 64-bit OS, since the hardware doesn't support it. I'm a bit worried about this. We'll see how it goes once I start generating file checksums.

responses: 0

64-bit NFS servers do not work happily with 32-bit NFS clients. Hint: 64-bit inodes have a much larger address space, leading to duplicates on 32-bit nfs clients.

responses: 0

My iBook broke 6 months ago, so I've been plodding along on the old G4 for a while. My wife and kids were also using the G4, via fast-user switching. This made for a very slow computer-using experience. What with my new job, I needed a laptop, so earlier this week I sprung for a MacBook 2.4 GHz machine.

This thing is pretty cool. It's responsive and runs the apps I want: Google Sketchup, etc. While playing around with it (PhotoBooth: hours of pointless fun), I realized again what I like most about OS X: feeling like I'm in control.

In Windows, OEM's load up all kinds of garbage to up-sell you to their latest partner promotions, plus there are pointless animations and notices popping up all over the place. To be fair, I'm an un-MS fan-boy.

So let's look at Linux, which would thus be a better comparison. Sorry, OS X still gives me the feeling of being in control. No weird driver breakage, no hour-long forays into obscure service setup. I love Debian (and recently Ubuntu), but from an everyday desktop experience I'd definitely choose a Mac with OS X.

responses: 0

Recently I needed to pull out various bits of data about some XServes I am admin'ing. I found a pre-made script for doing this, but it didn't break out the various bits of information, and wasn't consistently working for me. So I wrote my own, which shall henceforth be a downloadable XServe query script for your querying enjoyment. Download, chmod 755, then see what arguments can be passed with "xserve_query.pl -h".

responses: 0

I was looking for decent architecture software for over a year, and eventually stumbled upon Google's Sketchup. It works on Mac/Win-doze. I really like this piece of software!

I've been talking to a contractor about expanding my house, and after using Sketchup I was able to skip the whole architect step, saving considerable time and money. I'll still need a structural engineer and drafter of course.

Benefits:

• regular version is free (as in beer)
• completely 3D
• uses real-world measurements (metric/imperial)
• easy to learn (they have on-line video and text tutorials on how to use all the functionality)
• supports layers
• allows you to import 3D models from the internet that other Sketchup users have created (I've imported couches, beds, tables, cabinets, models of people, and shelves to allow me to see what my house would look with my planned addition)
• integrates with Google Earth
• positions buildings in their correct latitude/longitude so you can see the effect of shadows and sunlight
• works on older hardware (I can use it on an 8 year old Mac G4 with a 3D card)
• plugins for terrain modeling, construction cost calculation, etc
• walk-through mode
• transparency so you can look out your windows
• textures
• user-importable textures

Drawbacks:

• unfree (as in speech)
• pro version is 500$ (I have not encountered the parts that require the pro version after having used this to create my whole house)
• no Linux version

With that said, here's my house plan. This will change as I update it.

responses: 0

So how about this one: "CSS writers do it with style".

responses: 0

When I first started trying to code web pages using CSS, I had quite a bit of trouble figuring out "the basics". Since I'm now pretty comfortable with CSS, I'll share some beginner's tips that I wish I'd known when I started. These pertain to positioning boxes in various spots on the page, since this is what I had the most trouble grasping.

To start with, all your boxes should appear in divs, like this:

   <div>This is a box</div>
   <div>This is a box appearing underneath it</div> 

To make the boxes line up side-by-side instead of following each other vertically, apply a "float" to them, like this:

   <div style="float: left;">This is a box</div>
   <div style="float: left;">This is a box appearing to its right</div> 

This makes the boxes follow each other from left to right; to go right-to-left, do "float: right".

To make the boxes have a fixed width instead of expanding as wide as they want, apply a "width" to them, like this:

   <div style="float: left; width: 100px">This is a box</div>
   <div style="float: left; width: 100px">This is a box appearing to its right</div> 

The "100px" forces the div's contents to wrap and/or expand so that the box is always 100 pixels wide.

To reset the left-to-right progression so that the following page elements appear underneath the last div instead of next to it, add another div with a "clear" on it. Technically, any block-level element can be used for this, but I'm using a div in the example to keep it simple.

   <div style="float: left; width: 100px">This is a box</div>
   <div style="float: left; width: 100px">This is a box appearing to its right</div> 
   <div style="clear: left"><!-- --></div>

The "clear: left" can also be "clear: both" or "clear: right" if you have other divs floated right. The html comment in the otherwise-empty div fixes a bug where Internet Explorer 6 ignores the clear div because it's empty.

So, that should be enough to explain basic box placement. In my experience, most of the other CSS that a beginner would encounter has to do with text formatting and spacing, and is pretty easy to grasp.

responses: 0