Sleep Is For The Weak

Over the weekend I acquired a new netbook.  The Acer Aspire One 751h.  It has an 11.6″ screen that does 1366×768 resolution.  The keyboard is a good 95% full size with all the keys in the right places.  The Wifi is an Atheros card so it’s well supported on operating systems not developed in Redmond, WA.  And in general, while not a barn burner, it’s sufficiently fast for how I’ll use it.

It came with Windows XP installed on it.  The very first thing I did was replaced that with a more proper operating system.  Specifically Linux Mint 7.  I’ve been awfully hard on Linux Mint in the past.  Primarily because they use a monolithic start menu product similar to the SLAB in OpenSuse linux, one of the things I hate most about Suse actually.  With the advent of gnome-do I don’t hardly have to use the start menu, so this has become less of an issue.  What Mint does for me is provides the latest Ubuntu release in something other than Poo Brown, with a lot of the “freedom hating” customizations I typically add via the ubuntu-restricted package as a first step.  Generally I could have used Ubuntu, and been quite happy with it on this machine as well, but I wanted a change.

Installing the graphics driver was a bit of a chore.  I had to go to a launchpad site and add their two repos to my sources.  Then add a handful of packages.  When I rebooted I was informed that the driver requires DRM.  A quick Google search later and I found the solution.  Apparently I needed to install Kernel Sources, which the previous instructions appeared to have left out.  Took care of that from the console, restarted and I’ve got XOrg in all it’s 1366×768 glory.  I made a couple of tweaks to the /etc/X11/xorg.conf for stability, restarted one final time, and now the system is stable too.

I plan on using this netbook for a couple of different tasks.  First I intend to use it as my primary Ham Radio computer for FLDIGI and Logging.  Neither of those tasks requires a real high horsepower machine, and this one will do the trick quite nicely.  Second I have an HF station in the car, with a second digital interface.  It might be fun to do a little PSK-31 Mobile on trips while Pami is driving, or while waiting in a parking lot.  It’ll also be nice to have my station log book in an easy to tote around format.  The Netbook is small enough I anticipate taking it with me most places, which means if I make any voice contacts while in the car I should have easy access to my logs there as well.  Finally I am on call about one out of every three weeks.  Work issues us a Dell Vostro A90 (think Mini-9 in all black) along with a Sprint MiFi.  This is a great combination for quick and dirty tasks, but the keyboard is small enough that any amount of real work becomes pretty frustrating quickly.  The larger keyboard on the AA1 is actually a joy to type on.  I’ve typed this entire post using it and don’t feel like an EMACS user yet.

All in all I have high hopes for this little machine.  As I get a few more miles on it I’ll check back and let you know how the extended road test is going.  73!

It’s been a long time coming.  In fact the radio has been sitting since Field Day 2008 waiting to be repaired and I’m finally ready to just pay Icom to do it.  You see the ALC Meter, Forward Power Meter, and SWR Meter are not working.  This likely means a single diode is bad.  Unfortunately in a radio the size of a shoebox for a pair of work boots there are a LOT of circuit boards, with almost exclusively surface mount components.  I lack the ability to actually track down the failing part, and the skill to actually replace it.

In any case I’ve heard Icom America has a great service department.  I’m about to find out.  Can’t wait to get my station put back together this fall for some operating over the cold months on PSK-31 again.

I mentioned earlier that the company I work for is firmly rooted in Open Source software.  Almost all of our servers are running FreeBSD with a couple, read three, CentOS Linux servers for Xen thrown in.  All of the sites we develop use exclusively  Open Source software as well, nginx, varnish, pound and zope for example.  The exception to our commitment to Open Source is on our desktop.  We all have Mac Notebooks, running OS X.  While parts of OS X are Open Source, the vast majority of the OS is not.

Our lead developer mentioned an interest in moving onto something else due to some performance problems in OS X.  Today he explained he had downloaded PC-BSD to run as a Virtual Machine.  I’ve been using PC-BSD on and off since version 1.2 was in beta and really like it.  The recent move to KDE4 is a bit of a turn off for me, but it can obviously be worked around.  So, as I’m writing this I am actively backing up my Mac in preparation of installing PC-BSD on a 30 GB partition.  I’ll be sure to report back after I play with it on the Mac hardware for a week or so, and will do my due diligence and report any bugs I encounter to the PC-BSD bug trackers.

Thanks for reading, and be sure to pop back for a review of PC-BSD on my Mac Book Pro.

Thanks to: relax7d(2) for the image.

This last weekend I finally removed Fedora Linux from my work computer. I have reached the point I spent very little time not booted into OS X. I have also realized that switching between the Mac and PC keybord shortcuts is annoying. I has only taken me eight months to get to this point. I previously mentioned som pieces of software oj the mac I am rather fond of. I can actually say that for the most part OS X can now be included in that list.  Finally no matter how much “better” it might be, I’m not a fan of the system Apple decided to replace /etc/rc.conf with. OS X isn’t without it’s flaws.  Java performance is abysmal.  Which wouldn’t be so bad if I wasn’t an Open Office user.  Next OS X 10.5.7 isn’t exactly the fastest operating system in the world.  Applications I use regularly take noticeably longer to start than the same software on Linux using the same hardware.  And I’m not going to stop complaining about the fact a touch typist from any other operating system has to re-train his/her fingers to type on a Mac. Things I do like.  Suspend / Restore works flawlessly, close the lid it goes to sleep.  Open the lid, and in seconds you’re working again.  The battery life is fantastic considering the hardware.  The User Interface isn’t bad.  Especially after a few minor changes.  Things like getting rid of the bouncing dock icons, and making apps that are hidden go transparent on the dock.  iTerm is actually a pretty solid application, and an improvement over the default Apple terminal, which also isn’t awful.  Mac Ports, while not identical to the Ports system on FreeBSD is similar enough to keep me happy. I recently made a decision in my life.  I am done buying “Technically superior, less supported hardware.”  Examples from my past would be, for instance, a Creative Labs Zen Vision:M media player.  I evaluated that, the iPod Video 30gb, and the first generation Microsoft Zune.  Of the three the Zen was the superior device.  Unfortunately like many Superior devices, Betamax anyone? It is the less popular, and therefore less supported.  I also own a Sprint Mogul phone.  It’s a pretty solid PDA.  What it’s not is a good phone.  It’s also not a terribly good anything else. I don’t know that I’d say I’m excited about becoming an Apple convert.  But I am excited about a hopefully improved computing experience going forward. Thanks to: Midnightglory for the image

After having a discussion with another admin in the Indianapolis area, and thinking about who my target audience likely is, I’ve decided to scrap talking about various encrypted tunnels.  Instead I’m going to talk about best practices, and the dos and don’ts of surfing on a public WiFi access point.

Earlier I talked about Email and how not using encryption gives anyone who’s listening access to your username, password, and server address.  Most good mail providers allow for the use of SSL to encrypt communications between your client and the server.  If yours does, you likely only need to check a single check box inside the configuration, and you are golden.  Check with your provider to see if they support encryption, and if they do, ask them to help you configure your client.  If you use gmail, you’re already using encryption as you are automatically forwarded to the https:// site.  I have mail on two or three servers that don’t support the use of encryption.  I set all of these accounts up to forward to a gmail account so that I can easily and securely read my mail from anywhere.

While taking about web based technologies, any financial site worth its salt is going to support, or better still, force you to use the SSL encrypted version of its site.  Look for https:// at the beginning of the URL in your address bar.  Sites like Facebook, Flickr, Meetup, etc., may or may not support the use of SSL.  I recommend trying it.  If the site you want to use does not support SSL and wants you to log in, you might reconsider your visit if you’re on a public network.  The last thing you want is some tool at a coffee shop logging into your Linked-In page spamming all your co-workers about how they need E.D. medicines.

I welcome comments from the community of readers I have, all three or four of you, on other best practices you can use to help protect you while surfing on untrusted networks.

Thanks to: Villoks for the image.

I’d just like to toss a link in the direction of a pretty good resource for hams looking to get involved in the world of Linux.  These guys [Linux In the HAM Shack] run a pretty regular podcast you can download via the iTunes Music Store.  It’s not bad actually.  I’m primarily a BSD user personally, but everything they are talking about applies to most modern Unix like operating systems.

Past topics have included: Rig Control, Digital Modes, Logging Software, and all other forms of computer related ham radio topics.  K5TUX, KB5JBV thank you for the resource.  I look forward to future pod casts.

It’s no secret that Free WiFi connections are everywhere.  It’s easy today if you have a laptop or smart phone to get online virtually everywhere.  It’s convenient, too.  What could be better than being able to get a little work done or checking your e-mail while drinking a redeye at your favorite coffee shop?  However this free access comes at a pretty hefty expense to the security unconscious.  I wouldn’t go so far as to say I’m paranoid, although I’m pretty sure they’re watching me right now……  Ok, seriously I’m not exactly paranoid.  I’ve just been working in this industry long enough to know what is and what is not safe.

I’m going to start with a brief lesson in technology.  When you are at home, connecting your laptop to your personal WiFi connection, chances are you are using, at a bare minimum, WEP, possibly WPA, and if you’re using a new computer on a new access point, WPA2.   These links require you know some code in order to access them and establish encryption between your wireless device and the access point.  This prevents your neighbors from seeing what exactly it is your laptop is accessing on the internet and prevents them from stealing your internet connection to download their pirated warez.  (If you’re not using some form of encryption, go find the manual that came with your router and fix it right now.  This article will be here when you get back.)  So, WEP, WPA, and WPA2 all provide encryption between your device and the router.  Very rarely are your Free WiFi links going to be running any form of encryption though.  This means anyone with a laptop within range of where you are, who would like to, can see everything you’re doing on the net.  If you log into your mail using standard POP or IMAP they can capture your username, password, and mail server information.  This doesn’t require anything terribly special on their end either as you are transmitting it for the world to see.  The other concern you should have is the owner of the Free WiFi.  If I set up an access point in my home and configure its SSID as “Free Public WiFi,” what is to prevent me from using packet capturing techniques on the router itself?  Do you trust the hotel you’re staying in to value your privacy?  How about the guy running the trendy coffee shop?  I sure don’t, and I don’t think you should either.

So what do you do about it?  There are a few ways to mitigate the risks associated with public internet access.  In the next series of articles I will try to present them in more detail.  In brief you can use a VPN, SSH Tunneling, or the Tor Onion Router.  These aren’t the only solutions, however they are all supported on all three major platforms, Windows, OS X, and Linux.

Thanks to: Tim D for the image

In my day job I administer roughly 50 servers.  Most of these are running FreeBSD between versions 6.0-Release and 7.2-Release.  Three or Four of them run CentOS 5.x, and one runs OS X Server.  We have had a single Windows XP virtual Machine on the network since before I started running QuickBooks, and as you might expect it’s one of the most problematic “servers” on our network.

One project we have running in the background is relocating servers from our west coast datacenter to our Indianapolis datacenter.  The first round of machines made the trip a few weeks ago and have been sitting on a shelf waiting for their new tasks.

One of the machines is old enough that we were unlikely to put it in production as a customer server.  This machine, a 2.4ghz NetBurst Xeon with 4gb of ram and two 75gb hard disks, is a perfect candidate for replacing our QuickBooks VM.

In a previous life I was a Windows Administrator.  I’m not proud to say it, but it’s true.  While doing that job I went to a few events hosted by Microsoft.  At one of these events Microsoft gave away Windows Small Business Server 2003 Premium Edition with 10 user CALs.  Since I have no intent of ever running this software at home, I decided to donate it to the office.

SBS 2K3 is a long way away from what we would normally run in the office, but it is an actual server OS that will support more than 1 user accessing it via Remote Desktop at a time.  This coupled with real hardware over a VM leaves us with what I hope will be a much more stable platform for our accounting folks to do their work.

I can’t help but feel a little dirty installing and configuring it though.

Thanks to: Martain Eian for the image

After troubleshooting with our customer and determining there appears to be a problem with the bge driver in FreeBSD 7.0-Release on this specific class of server we decided to upgrade the customer’s server to FreeBSD 7.2-Release.  We scheduled the work for 23:00 one evening during the week, and expected up to an hour or so of downtime.  The process for upgrading FreeBSD versions is well documented and I won’t go into the details here.  Feel free to consult the fine documentation located on the FreeBSD website.

We completed the upgrade at about 01:00 the following morning and confirmed that all the network services came up clean and the hosting environment was in good shape.  We have never been able to reproduce the problems our customer had seen so we sent an e-mail off to him letting him know the upgrade was done, and we would like him to contact the affected people and have them test connectivity to his server.  I received the following couple of messages a few hours into the following day.

Hey, I just got a report from one of the affected people. They’re connecting!!

——

Just heard from 2 others that they can now connect.
A third person reported that she fixed the problem some weeks ago by changing
ISPs.
There are 4 that haven’t reported in yet but I feel confident the issue is
truly resolved.

Well done!

I’m sure we could have figured out exactly what Windows was doing differently than Linux by putting a breakout hub between the laptop and the cable modem at the customer’s end, as well as between the server and router.  Then run something like Wireshark on each end to capture what things look like on each side of the link.  However that sounds like a lot of work, would have required a somewhat more technically savvy person at the customers site, and a trip to the Colo….  All in all upgrading to the latest release version of the OS is something we need to do anyway, and it had the added benefit of solving our problem.

I’m all for suggesting customers use proper operating systems on their computers.  However we all know that’s not going to be a valid response.  73!

Thanks to: krtower for the image

Continuing where we left off with Difficult Diagnosis – Part 1, when our customer attempts to connect to the website tcpdump on the server shows zero traffic incoming from his IP address.  He can ping the server, but cannot access the server with telnet, ssh, http, or ftp.

To eliminate the server’s IP as the problem a new IP address is aliased on the server.  It shows the same result.  We move this newly aliased IP address to another similar server.  Surprisingly it also fails to show any traffic from your customer when he attempts to connect.  We move the IP address again to a third server which has different hardware than the first two.  Now when the customer attempts to access the server he’s successful.  Finally we move the IP address to a fourth server which is the same hardware as the first two, but running FreeBSD 7.1-Release a slight upgrade over FreeBSD 7.0-Release which is on the first two servers.  He is also able to access this server.

This class of machine previously caused similar problems.  We disabled all of the TCP offload engine features suspecting the driver is buggy on FreeBSD.  These features were already disabled on all of the servers we were testing with.  Our working theory is that the driver in FreeBSD 7.1-Release has been improved slightly over the previous version.  We are planning on upgrading our customers server to the newer operating system.  If that fails to solve the problem, our next step is to add a NIC to the server, most likely an Intel Pro1000 (em0) NIC.

How would you have handled this scenario?  What troubleshooting steps would you have taken differently or in addition to steps that were taken?

Thanks to: Qfamily for the image