Sean Reifschneider's Journal Recent Entries

Seems like every time you turn around there's a story about whether "Linux is ready for the desktop". As someone who has been using a Linux desktop for over a decade, I just ignore them and keep typing. As an aside, I would like to say that we recently had an administrative assistant join the company and she was able to transition from Windows to Linux quickly and with no problems at all.

Anyway, tonight at the NCLUG meeting, I'm going to be one of a few people who are demonstrating our "desktop habits" -- how we get things done. Read on for a list of the things I do to help me get work done.
(read more | 0 Comments)

Putting together the last few posts I made, I've written up an article with detailed information about the hardware and software configuration for a 6TB encrypted Linux-based ZFS file storage system.
(go to article | 2 Comments)

As was pointed out by Daniel Webb in a comment to my previous post, under Linux you have to use FUSE to use ZFS. He just replied before I had a chance to get the next post in this series out. :-)

We've been using ZFS under Open Solaris for the last year or two in our hosting business for backup servers. It has some really compelling features (beyond what I mentioned in my last post) when used for backups. While it has worked well, it hasn't been entirely trouble-free. For a home backup/storage server I wanted to use ZFS but I absolutely have to keep the data encrypted.

ZFS under OpenSolaris doesn't currently support on disc encryption, though they are working on it. Linux has very mature disc encryption support, it's in the stock kernels and many installers support it now. That plus me being very familiar with Linux prompted me to look at ZFS under Linux again. Read on for my user report.
(read more | 5 Comments)

The data on computer systems is what makes them valuable. Most file-systems and RAID designs will go through all sorts of work to make sure that their own meta-data are correct, but very little about the user data that they contain. ZFS, in contrast, checksums everything that's written to disc -- meta-data as well as file contents. It can detect if the disc has silently been corrected, and recover from it. Read on for more of the benefits of ZFS.
(read more | 1 Comment)

I've been curious about SATA Port Multipliers because of my home storage server. SATA is great stuff, and not that bad even when dealing with 10 drives in a single relatively small case. However when you outgrow that case, or just as likely the power supply, you need to start adding drives externally. But do I really want 5 or 10 normal SATA cables routing out of my case? While it's easy to get 8 internal SATA ports, 8 eSATA ports is quite unusual.

I recently found that SATA II supports Port Multipliers, allowing multiple drives to be connected to a single SATA port. Sounds like just the trick, but how is support for them? Read on for more information.
(read more | 0 Comments)

I've been reading Cory Doctorow's book Little Brother. In it, our hero gets illegally detained and he wishes he had set up a second password for his phone which decrypted an empty partition, so he could give away that password instead of the real data password.

You can do this under Linux by creating two partitions, and setting up LVM on both, and hacking the cryptsetup code so that it tries to decrypt one partition, and if that fails tries the other. Then the boot could continue normally with scanning for an LVM, finding which ever one is active, and using that. However, you don't have to look very hard to see that this laptop with a 200GB drive only has 10GB of usable space on it.

So I started thinking about how you would create a partition that could have multiple data-sets on it, without it being obvious to someone with access to the hardware that it was there. Read on for my thoughts on it.
(read more | 3 Comments)

I've recently been trying Gnome because it seemed like Compiz worked better under it than under KDE. Compiz has some nice features, like zooming (not resizing) a window to be full screen, that I really have been wanting to try. But Gnome has these icons on the root window which I don't need or want. I mentioned this to Mike and he gave me the recipe to disable it:

• Run gconf-editor (Applications -> System Tools -> Configuration Editor).
• Apps
• Nautilus
• Preferences
• Uncheck "show_desktop"

We've been recommending gandi.net as a domain registration provider for our clients needing registration service. FYI: If you are using gandi.net for your DNS (registration seems fine, it's just DNS that seems impacted), it looks like they're having serious issues. Read on for more details.
(read more | 1 Comment)

I'd never run a "grow" on a Linux software RAID array before, but my storage server needed some more space. The manual page for mdadm is not really obvious about how exactly you add drives to a RAID-5 array, but everything went smoothly once I figured out that you first have to add the drives as a hot-spare. Read below for more details.
(read more | 0 Comments)

I've written up a bit of a report about the networking this year at PyCon. I wasn't nearly as involved in the network this year, for reasons I go into some in the article. If you're interested in the networking for handling 1100 people, follow the link
(go to article | 1 Comment)

I'm sure everyone who is interested has already been to the PyCon web site, and so you probably already know that tummy.com is sponsoring it again. But did you know that I'll be presenting with a talk titled Python in System Administration: How, When, and Why one SysAdmin uses Python. Hope to see you there.
(go to article | 2 Comments)

Nielsen Ratings haven't traditionally been particularly accurate, in that you can't tell how involved someone is in the viewing, whether they're in the room or paying attention, or have friends over also watching the content (and therefore advertisements).

However, if you can post something showing the number of people who "died in a blogging accident", and have the google hits for that term go from 2 to 50,000 practically over-night, that's some important "viewership" information.

The Internet is dramatically changing the information we can gather, sometimes even in useful ways. ;-)
(go to article | 0 Comments)

A few weeks ago, Slashdot had a story about a music executive speaking at a Cellular Phone conference. He was admitting that the music industry was wrong to stand still while their customers were switching to P2P. Of course, he was saying that the mobile industry needed to make sure that they were delivering music to their customers.

However, I think the "mobile operators" are much worse off than just needing to deliver music to their customers. In a very similar way to how the music industry, wireline phone companies, and newspapers are already in trouble. It's all about where the value is: seeing it and being willing to react to it.

Read on for more...
(read more | 1 Comment)

I was having problems earlier with connecting to PostgreSQL via PgAdminIII, and google was no help. The problem was that connecting from the "psql" CLI remotely was fast, and the initial connect via PgAdminIII was fast, but opening a particular database hung PgAdminIII for several minutes.

For future reference, a postmaster process was taking up 100% CPU time on the server, and a "vacuum analyze pg_trigger" resolved the problem.

A tcpdump of the wire showed that there was this nasty query being sent referencing the pg_trigger table, which took 2 minutes to complete on a very fast CPU.
(go to article | 0 Comments)

I've just finished testing a new mechanism for setting up an encrypted root partition which is much easier than my previous mechanism. This allows for encrypted swap, root, and other partitions, via an encrypted LVM physical volume, so only one pass-phrase is required for access to all the partitions.

Read more in my article titled Encrypted root With LVM on Fedora 8.
(go to article | 0 Comments)

Recently I ran across a blog post from Titus titled What are the 5 best "hidden gem" stdlib modules in Python?. Here are mine.
(read more | 0 Comments)

Evelyn and I have been speaking about project management mechanisms. There are so many of those, so why not have another one? Many of the project management mechanisms are geared towards software development, where tasks are around 10 times larger than what we normally deal with. Usually the items are unrelated, so you can't rely on the natural ordering of tasks (I can't do this until I do this). So, it's a very real worry that a task stagnates on a task list because other tasks are selected instead of it.

Another contributing factor to this is that I often will select more tasks for my daily task list than I can reasonably do in a day. Even days where I'm not so optimistic, urgent items that come in during that day can contribute to stagnating tasks.

After thinking about this problem, I came up with the idea that it would be nice if tasks grew in size as they sat on my list. In other words, the tasks started coming towards me, becoming bigger and bigger in my vision, to use a physical metaphor. Perhaps displacing other tasks until I just can't ignore it. So an hour long task that's sat on my list for a while could start looking like a 2 or 4 hour task...

This reminded me of the South Park episode where they go hunting. Any animals are in season, as long as you yell "It's Comin' Right At Me"! So, I started calling it ICRAM.
(read more | 2 Comments)

Tonight Scott was having problems with mutt suddenly having a garbled display. One of the things we wanted to do was to display packages by installed date to see what had changed recently. This is always annoying to find because I can never remember how to get the installed time or the list of available tags. Here's how...
(read more | 1 Comment)

I know I shouldn't be surprised, because it seems like every time I try to use one of the Heartbeat STONITH plug-ins I find it just doesn't work. Of course, with the exception of the "external" plug-in which I designed, and Scott Kleihege largely implemented. The problem is that STONITH plug-ins are fairly complicated to implement because of the way they're designed. So, getting in and fixing one tends to be pretty hard work. Implementing a new one even harder.

Anyway, the short answer is that the AP7900 just doesn't work with either the apcmastersnmp or the apcmaster STONITH modules. Read on for some more information.
(read more | 0 Comments)

A client recently purchased a couple of new systems with PCI-E instead of PCI-X (AKA 64-bit PCI, the old standard PCI but in a longer slot). The 3Ware PCI-E board is the new 9650SX. However, this board is only supported by the drivers in the 2.6.19 and later kernels. Read on for more information about using this board with Linux and especially Debian Etch.
(read more | 2 Comments)

The Fedora "mkinitrd" can read certain defaults from "/etc/sysconfig/mkinitrd", but this file is not really documented in the basic setup. If your normal mkinitrd is missing certain modules, you can use the following syntax to cause them to be created as part of the initrd.

MODULES: This environment variable can be set to a space-separated list of modules to load into the initrd. For example: MODULES="aes sha256 cbc". This is like specifying "--with", so see the man page for mkinitrd for more information.

PROBE: If set to "yes", mkinitrd will try to auto-detect certain settings including: rootfs, rootopts, rootdev, devname, majmin, dev, swsuspdev, and additionally will detect root on NFS, swap on LVM, and modular root file-systems.

PREMODS: Modules to be loaded as if the command-line --preload had been specified. See the "--preload" section of the mkinitrd manual page.

DMDEVS: This is listed in the same section as being able to be configured, but even by looking at the code and searching the web I wasn't able to figure out what this was supposed to be used for.
(go to article | 1 Comment)

With all the stories about laptops being lost or computers being stolen, and sensitive data being lost, there's a good reason to encrypt data on systems. I've written up an article on setting up an encrypted root partition on Fedora 7
(go to article | 0 Comments)

Domain name records include a TTL (Time To Live) value, which allows the domain publisher to give hints about how frequently domain data may change. It's common to set this value to several hours normally, but to push it down 5 minutes when changes to DNS are expected. The longer TTL means faster resolution times because of caching, but also means the data may be stale for longer.

However, it's common knowledge that places like AOL ignore this TTL value and instead force TTLs to be fairly large values such as 1 week. As with much common knowledge, however, this seems to largely be an urban legend...
(read more | 0 Comments)

I spent most of the day today trying to get IPMI STONITH working with Heartbeat. IPMI is a system management protocol, usually implemented via an auxiliary controller, for doing various management functions including getting sensor data (fan speed, temp) and turning a server on and off. The IPMI controller is on even if the system is otherwise powered off. However, the ipmilan STONITH plugin is in pretty rough shape.
(read more | 6 Comments)

I recently had a system that is quite a long distance from me that I needed to reduce the root file-system size on. To make matters worse, the IP KVM is having more than a few issues, so booting into rescue mode was not really an option. I wanted to just put "e2fsck" and "resize2fs" into the init scripts, but the system init scripts are called after the partition is mounted. Here's what I did...
(read more | 4 Comments)