Week Off – Objective Completed

By | | ,
Comments Off on Week Off – Objective Completed

Well, I got a fair bit done, and some reading, and learned a bit about Puppet, too! I also got the fence sealed:

Left Side

Left Side

Right side

Right side

They’re coated in Olympic Maximum stain/sealer, “Natural Cedar Tone.” From this vantage, it looks a bit like spray-on suntan, but I’m sure it’ll weather in well. I’ll probably recoat in the spring.

There’s more of course. I finished reading The Hydrogen Sonata. I wish Banks were with us still – there are plenty more tales in Culture Space. I also got through John Arundel’s Puppet 3 Beginner’s Guide. I’ve been wanting to get into Configuration Management for a long time, and haven’t had the cycles to address the issue. Very cool stuff. Overall, a good week. I’ll be doing another one, starting next Saturday, after a “3-on, 1-off, 1-on” work week. Then it’s the death-march to the end of the year, with a brand new project and short timeline deliverables attendant thereupon.

*      *      *

Our condolences to the family and friends of Staff Sgt. Alex A. Viola, 29, of Keller, Texas, who died Nov. 17, in Kandahar, Afghanistan, of wounds suffered when his unit was attacked with an improvised explosive device while on dismounted patrol.

 

 

Holiday Week

By | | ,
Comments Off on Holiday Week

I’m burning off a couple of weeks of leave between now and the end of the year. As usual in such times, I start one of those weeks off with a stint of physical labor to kick off the front end.  Yup, it’s time to finish up the fence. Last month I did the left fence sections. Yesterday, I started by cutting the fence sections away from the posts, and setting them aside nearby:

Starting more fence work - fence sections set aside to left

Starting more fence work

The two free-standing posts are problematic. One of them has a 45° twist in it, the other has a serious lean. So they’re coming out. How difficult that’s going to be is a crap shoot. Doing fence sections at the bottom of the yard a few years ago, I had rotting posts set into concrete, and it was a long painful process clearing out the debris. These two? No concrete at all. A bit of waggling, then I screwed a crossbar to each and lifted them clear of the ground:

Post removed in a single lift

Post removed in a single lift

That was followed by stringing a mason’s line from the two end posts, measuring to the place on the line where each new post goes, and using a plumb bob to locate the center of the new holes in the ground. A long, slightly exhausting stint with the post hole digger (pictured above) netted me two 14″ diameter holes, each 42 inches deep. I poured a couple of inches of crusher rock in the bottom of each hole for drainage, and placed, measured, cut, and replaced the posts. After plumbing and securing the posts, more rock went in to secure the bottoms of the posts, then a sack of mixed concrete each for longer term stability:

Posts in place, with concrete.

Posts in place, with concrete.

By this time, the light was starting to fade, but I got all of the 2×4 rails (aka stringers) installed before the day was gone, and then moved the old fence sections back roughly into place and screwed them in to close off the yard for the night.

This morning, after shopping, I hauled the compressor out, and attached all of the pickets. I then marked and cut the arches in the three sections:

Right front fence section nearly done

Right front fence section nearly done

What’s left is to pressure wash the old front facing components, let everything dry for a couple of weeks, then apply a cedar natural tone stain/sealer. But the difficult parts of this job are now done.

*      *      *

Our condolences to the family and friends of Staff Sgt. Richard L. Vazquez, 28, of Seguin, Texas, who died Nov. 13, in Kandahar, Afghanistan, of wounds suffered when his unit was attacked with an improvised explosive device while on dismounted patrol in Panjwai, Afghanistan.

Choresday

By | | ,
Comments Off on Choresday

That’s my new name for the `day formerly known as Sunday`. Today was full of shopping, laundry, car washing and paint maintenance, coffee roasting, and computer rebuilding.

Only the latter was really interesting. I had a new motherboard/CPU/RAM combo, courtesy of work, to be able to do more VM work here at home. Now the processor is faster and hyperthreaded, and the RAM is faster, and more (32G). I took advantage of the rebuild occasion to remove the old Linux MD device, and installed the ZFSonLinux module and tools. Now my data store is a ZFS raidz1 pool, built from three 1TB drives. Snapshots are better and easier, etc, etc. This makes me very happy.

Moving lots of data at once appears to make ZFSonLinux a little unhappy … freezing the system unhappy. More to explore there.

*      *      *

Our condolences to the family, friends, and unit of Sgt. 1st Class Forrest W. Robertson, 35, of Westmoreland, Kansas, who died Nov. 3, in Pul-E-Alam, Afghanistan, of wounds sustained when enemy forces attacked his unit with small arms fire.

Six Days of LISA ’13

By | | , , ,
1 Comment

Howdy. My name’s Brian, and I’m a tired SysAdmin…

So, six days of tutorials and talks at the USENIX LISA ’13 conference are done. And it was good. My behind is, however, glad to be shut of those hotel conference chairs.

Sunday, 3 November

Sunday’s full day tutorial was called Securing Linux Servers, and was taught by Rik Farrow, a talented bloke who does security for a living, and is Editor of the USENIX ;login: magazine on the side. We covered the goals of running systems (access to properly executing services) and the attacks that accessibility (physical, network) enable. As always, the more you know, the more frightening running systems connected to networks becomes. We explicitly deconstructed several public exploits of high-value targets, and discussed mitigations that might have made them less likely. User account minimization and root account lockdowns through effective use of the `sudo` command were prominently featured. Proactive patching is highly recommended, too! Passwords, password security, hashing algorithms, and helping users select strong passwords that can be remembered also were a prime topic. Things that Rik wished were better documented online are PAM (Pluggable Authentication Modules) and simple, accessible starter documentation for SELinux.

Monday, 4 November

Hands-on Security for Systems Administrators was the full-day tutorial I attended on Monday. It was taught by Branson Matheson, a consultant and computer security wonk. Branson is an extremely energetic and engaging trainer who held my attention the whole day. We looked at security from the perspective of (informally, in the class) auditing our physical, social, and network vulnerabilities. In the context of the latter, we used a customized virtual build of Kali Linux , a Debian-based pen testing distro. I learned a lot of stuff, and for those things that I “knew”, the refresher was welcome and timely.

Tuesday, 5 November

Tuesday, I took two half-day tutorials.

The first was presented by Ted Ts’o, of Linux kernel and filesystem fame. Our tutorial topic was “Recovering from Linux Hard Drive Disasters.” We spent a couple of hours covering disk drive fundamentals and Linux file systems. The final hour was given over to the stated topic of recovering from assorted disk-based catastrophes. My take-away from this tutorial was two-fold. I think the presentation be better named “Disks, Linux Filesystems, and Disk Disaster Recovery,” which would be more reflective of the distribution of the material. Additionally, it’s worth stating that any single disk disaster is generally mitigated by multi-disk configurations (mirroring, RAID), and accidental data loss is often best covered by frequently taken and tested backups.

The second tutorial I attended, on Tuesday afternoon, was on the topic of “Disaster Recovery Plans: Design, Implementation and Maintenance Using the ITIL Framework.” Seems a bit dry, eh? A bit … boring? Not at all! Jeanne Schock brought the subject material to life, walking us through setting goals and running a project to effectively plan for Disaster Recovery. IMO, it’s documentation, planning, and process that turns the craft of System Administration into a true profession, and these sorts of activities are crucial. Jeanne’s presentation style and methods of engaging the audience are superb. This was my personal favorite of all the tutorials I attended. But … Thanks, Jeanne, for making more work for me!

Wednesday, 6 November

Whew. I was starting to reach brain-full state as the fourth day of tutorials began. I got to spend a full day with Ted Ts’o this time, and it was an excellent full day of training on Linux Performance Tuning. Some stuff I knew, since I’ve been doing this for a while. But the methods that Ted discussed for triaging system and software behaviour, then using the resulting data to prioritize diagnostic activities was very useful. This is a recurring topic at LISA ’13 – go for the low-hanging fruit and obvious stuff: check for CPU, disk, and network bottlenecks with quick commands before delving into one path more deeply. The seemingly obvious culprit may be a red herring. I plan on using the slide deck to construct a performance triage TWiki page at work.

I was in this tutorial when Bruce Schneier spoke (via Skype!) on “Surveillance, the NSA, and Everything.” Bummer.

This was also my last day of Tutorials. In the evening I attended the annual LOPSA meeting. Lots of interesting stuff there, follow the link to learn more about this useful and supportive organization. Yep, I’m a member.

Thursday, 7 November

Yay, today started with track problems on Metro, and an extra 45 minutes standing cheek-to-jowl with a bunch of random folks on a Red Line train.

This was a Technical Sessions and Invited Talks day for me. In the morning, Brendan Gregg presented Blazing Performance with Flame Graphs. Here’s a useful summary on Brendan’s blog. This was followed in the morning by Jon Masters of Red Hat talking about Hyperscale Computing with ARM Servers (which looks to be a cool and not unlikely path), and Ben Rockwood of Joyent discussing Lean Operations. Ben has strong opinions on the profession, and I always learn something from him.

In the afternoon, Brendan Gregg was in front of me again, pitching systems performance issues (and his new book of the same name). I continue to find Brendan’s presentation style a bit over the top, but his technical chops and writing skills are excellent. This was followed by Branson Matheson (who was training me earlier in the week) on the subject of “Hacking your Mind and Emotions” – much about social engineering. Sigh, too easy to do. But Branson is so enthusiastic and excited about his work  that … well, that’s alright, then, eh?

The late afternoon pair of talks were on Enterprise Architecture Beyond the Perimeter (presented by a pair of talented Google Engineers), and Drifting into Fragility, by Matt Provost of Weta Digital. The former was all about authentication and authorization without the classical corporate perimeter – no firewall or VPN between clients and resources. Is it a legitimate client machine, properly secured and patched? With a properly authenticated user? Good, we’re cool. How much secured, authenticated, patched is required is dependent on the resource to be accessed. This seems a bit like a Google-scale problem… The latter talk, on fragility, was a poignant reminder of unintended dependencies and consequences in complex systems and network.

The conference reception was on Thursday evening, but I took a pass, headed home, and went to bed early. I was getting pretty tired by this time.

Friday, 8 November

My early morning session had George Wilson of Delphix talking about ZFS for Everyone, followed by Mark Cavage of Joyent discussing Manta Storage System Internals. I use ZFS, so the first talk held particular interest for me, especially the information about how the disparate ZFS implementations are working to prevent fragmentation by utilizing Feature Flags. OpenZFS.org was also discussed. I didn’t know much about Manta except that it exists, but I know a bit more now, and … it’s cool. I don’t have a use, today, but it’s definitely cool.

The late morning session I attended was a two-fer on the topic of Macs at Google. They have tens of thousands of Macs, and the effective image, deployment, and patching management was the first topic of the day, presented by Clay Caviness and Edward Eigerman. Some interesting tools and possibilities, but scale far beyond my needs. The second talk, by Greg Castle, on Hardening Macs, was pertinent and useful for me.

After lunch, the two talks I attended were on “Managing Access using SSH Keys” by the original author of SSH, Tatu Ylönen, and “Secure Linux Containers” by Dan Walsh of Red Hat (and SELinux fame). Tatu pretty much read text-dense slides aloud to us, and confirmed that managing SSH key proliferation and dependency paths is hard. Secure Linux Containers remind me strongly of sparse Solaris Zones, so that’s how I’m fitting them into my mental framework. Dan also talked to us about Docker … a container framework that Red Hat is “merging” (?) with Secure Linux Containers … and said we (sysadmins) wouldn’t like Docker at all. Mmmmmm.

The closing Plenary session, at about an hour and 45 minutes, was a caffeine-fueled odyssey by Todd Underwood, a Google Site Reliability Manager, on the topic of PostOps: A Non-Surgical Tale of Software, Fragility, and Reliability. Todd’s a fun, if hyper, speaker. He’s motivated and knows his stuff. But like some others in the audience, what happens at the scale of a GOOG-size organization may not apply so cleanly in the SMB space. The fact is that DevOps and NoOps may not work so well for us … though certainly the principles of coordinated work and automation strongly apply.

Brian’s Summary

At any given time, for every room I sat in, for every speaker or trainer I listened to, there were three other things that I would have also learned much from. This was my path through LISA ’13. There are many like it, but this one is mine. This conference was a net win for me in many ways – I learned a lot, I ran across some old friends (Hi, Heather and Marc), made some new ones, and had a good time.

The folks I can recommend without reservation that you take a class from, or attend a talk that they’re presenting: Jeanne Schock, Branson Matheson, Rik Farrow, and Ted Ts’o. These are the four people I learned the most from in the course of six days, and you’d learn from them, too!

My hat’s off to the fine staff at USENIX, who worked their asses off to make the conference work. Kudos!

LISA ’13

By | |
Comments Off on LISA ’13

Today was the first of a six day run at LISA ’13 for me. I had a full day training class with Rik Farrow on Securing Linux Servers. I learned a few new tricks to add to the layers of defense that we apply to slow attackers, and passed some of my own on, hopefully for the benefit of my classmates. I have three more days of training, followed by two days of talks and presentations. I expect to take a lot of useful info back to work with me.

*      *      *

Last night, Marcia and I went out to celebrate our decade in this house. Yup, Hallowe’en was the actual anniversary of the contract closing, but we started moving in on the first and second of November, 2003. Pretty darn amazing, you ask me. We *really* like our life here, y’know.

*      *      *

Gladly, there are no US casualties that have been reported by DoD in the last week. Let’s see if we can keep that trend going, while we work on getting everyone home… Ciao!

Winter inbound

By | |
Comments Off on Winter inbound

We’ve had frost on the ground the last three days running. It’s not been much below freezing, since the hanging baskets and roses on the front porch are all still alive … but Winter is coming.

A productive weekend: remote work and chores ate almost all of it. All standard stuff I’ve talked about a dozen times. Boring, but productive.

Tonight I had a nice chat with my oldest friend (not elderly: but I’ve known him since I was four). Highlight of the weekend, really.

*      *      *

Our condolences to the family, friends, and unit of Lance Cpl. Christopher O. Grant, 20, of Richwood, Louisiana, who died on Oct. 20 while conducting combat operations in Helmand Province, Afghanistan.

Pi tricks

By | | , ,
Comments Off on Pi tricks

But first, 0630 EDT on Saturday the 26th day of October, 2013, was brought to you by the word “Fahrenheit” and the number ’28’. Brrrrrr!

*      *      *

I got home from work yesterday evening, and found Marcia watching something that probably first appeared on an obtangular Philco Predicta television in the late 1940’s. I threw an ENOTINTERESTED exception, then I came upstairs and started mucking about with the Raspberry Pi.  The little credit-card sized computer, named Dortmunder (for REASONS), has languished in a corner for quite a while. I first discovered that my phone life-extension battery (acquired at VMworld, thanks VMUG) also happily powers the Pi:

Pi, fully mobile with battery pack

Pi, fully mobile with battery pack

It’s worth pointing out that the 2200 mAh pack will probably only run the Pi for around 3 hours, since a 10 Ah battery’s been tested out to 15 hours. So, not a LOT of value there, but certainly a momentarily fun test. You can also see the size of the wireless adapter from Edimax, lit blue out of the USB housing at the top of the Pi.

More about Dortmunder: I’d considered buying a case for it pretty much from the day it arrived. I was an early Pi adopter, and at the time of purchase there were only one-off prototype cases spun up on someone’s 3D printer. While that’s cool and all, I didn’t have THAT much of a need for a case. After all, for months Dortmunder hung on a hook in my wiring closet, wired to the switch there.

With the recent addition of that Edimax miniature wireless adapter (see last Sunday’s post), the Pi can now sit comfortably with just a power connection anywhere I want. But the camera, hanging out there at the end of a 14cm ribbon cable, is not trivially stable. Nor is it easy to handle the Pi without risking static damage. So instead of going to Element 14, or Adafruit, or one of the many other Raspberry Pi resources online, I headed down to the woodshop, and noodled for a couple of hours with hand tools and scraps. I came up with this:

Dortmunder's hobby horse

Dortmunder’s hobby horse

There’s a couple of tweaks to adjust the operation and positioning of the camera on the “head”. I’d like to be able to get a good angle up (or down) to aim the camera properly. I have to think about that. But the circuit board body is quite firmly stable in the hand-cut grooves in the three wooden uprights. Fun little project, and the inexpensive accessory camera takes really sharp pictures:

Brian snapped by Pi camera

Brian snapped by Pi camera

Let’s just assume that’s NOT a halo, mmm’kay? It’s almost certainly the light that sits on top of that cabinet over my right shoulder.

Fencing, continued.

By | | , ,
1 Comment

Yesterday, I got all of the left side front fencing replaced. Today, I executed the decorative arches on those sections:

Arching the fence sections.

Arching the fence sections.

I set a horizontal string line across the sections, and measured down, sinking a screw at each bottom end of each arch. I then used a quarter-inch thick, 7′ long cutoff from a piece of cherry, braced against the screws and pressed upwards in the middle to describe each parabolic arch. A quick swipe with a pencil marked each arch. I cut them with the circular saw, first plunging in the middle, then working along the curve to each end. The final bits I completed with a jig saw. That side of the fence now awaits stain/sealer.

I’ll also pressure-wash the gate and posts on this side, and the posts on the other side, to get a better match with the stain/sealer when that’s applied.

*       *       *

Today’s Solaris patching went off without any hitches. The best answer for the task is Martin Paul’s Patch Check Advanced. I can audit my systems for needed patches, apply them to snapshots of the root filesystem (these are called Boot Environments, and I can patch the copy while the system is still running, yay), and then make the patched copy the next Boot target. This makes Solaris patching a much less impactful event, compared to the days when a patch set was downloaded and staged, then the system was brought down to single user mode (no services running) for the entirety of the patch cycle. Much better service uptime this way.

*       *       *

Also this week, I picked up an Edimax EW-7811Un USB wireless adapter from Amazon, for use with the Raspberry Pi. An excellent, miniscule little product, works like a champ for my purpose. It’s also worth noting that setting up wireless on Linux distros these days is shed-loads easier than it used to be. I added two lines configuring the WPA settings to the /etc/network/interfaces file, and on reboot the network came right up. It makes the Raspberry Pi a much easier thing to work with, since I don’t have to tether it to a wired LAN connection.

*       *       *

Our condolences to the families, friends, and units of these fallen warriors:

  • Staff Sgt. Patrick H. Quinn, 26, of Quarryville, Pennsylvania, died Oct. 13, in Paktika Province, Afghanistan, of injuries sustained when the enemy attacked his base with small arms fire.
  • Sgt. Lyle D. Turnbull, 31, of Norfolk, Virginia, died Oct. 18, in Camp Arifjan, Kuwait, from a medical emergency.

Fencing

By | |
1 Comment

At 1100 this morning:

Front left fence, before work started

Front left fence, before work started

The gates are staying. The four fence sections, two to each side, they’re toast.

I cut them off the posts. The posts are in fine shape on this side of the house. So I measured and cut and clamped and screwed new horizontal 2×4 PT lumber onto the posts, then nailed PT fence boards up. Fortunately, I’m using a nail gun, instead of a hammer. Otherwise I might still be out there now. Instead, at 1530 EDT:

New fencing installed

New fencing installed

I might have kept working, but it was starting to rain, so I hauled all the tools inside the shed, instead. I’ve still got to get the top detail done, arching the tops to roughly match the gates. In a couple of weeks, if the lumber’s dried out a bit, I’ll coat them with an Olympic Maximum stain/sealer in a natural cedar tone tint. Also, there’s the entire left right front fence still to do, and I know I’m replacing at least one post on that side.

Tomorrow’s weather looks sane, so I may give it a go. Ciao!

Edit: Whoops, no I won’t be working on the fence tomorrow. Tomorrow is a Solaris patching day for me. And it’s the front fence on the RIGHT side of the house that still needs doing…