Recently in Network Category

After recently installing Ubuntu 8.04 on one of my boxes, I have only two complaints.

1) The laptop I have apparently has the only unsupported Atheros wireless chipset in history (AR242X).

2) Every two or three minutes, an error shows up in /var/log/auth.log (username removed):

May 13 21:26:03 neon sudo: username_removed : TTY=pts/3 ; PWD=/etc/pam.d ; USER=root ; COMMAND=/usr/bin/vi common-password
May 13 21:26:03 neon sudo: PAM unable to dlopen(/lib/security/pam_smbpass.so)
May 13 21:26:03 neon sudo: PAM [error: /lib/security/pam_smbpass.so: cannot open shared object file: No such file or directory]
May 13 21:26:03 neon sudo: PAM adding faulty module: /lib/security/pam_smbpass.so
May 13 21:26:03 neon sudo: pam_unix(sudo:session): session opened for user root by username_removed(uid=0)
May 13 21:26:03 neon sudo: pam_unix(sudo:session): session closed for user root

This message also appears whenever you sudo anything, filling up the auth log and making it virtually impossible to quickly skim through it and see meaningful messages. The error appears to be related to an auth mechanism that comes pre-enabled for SAMBA. Why that would come pre-enabled is beyond me, but the fix appears to be relatively simple.

In /etc/pam.d/common-password, find the line that says:

password optional pam_smbpass.so nullok use_authtok use_first_pass

...and comment it out. Next, find

auth optional pam_smbpass.so migrate

...in /etc/pam.d/common-auth and comment that out as well.

Done and done. Enjoy your minty-fresh auth log.

I'm studying for my CCNA and while reading a section dealing with how switches learn MAC addresses, a thought occured. The left 24 bits of a MAC is a code unique to each manufacturer while the right 24 bits is a series of bits that manufacturer has never used before (in theory - in large enough runs, you'll get some dups).

I had always assumed that if you connect two NICs with the same MAC to a port security-disabled switch the first one to be learned would be the one to receive all the traffic. My logic was that when the switch was checking it's lookup table to see to which port MAC "X" was connected, it would see the first entry, stop looking, and send it the data - X' I thought would never actually be seen in the lookup table, since presumably the switch would stop looking when it found X.

Which brings me to a tangential subject: I propose that people who use the phrase "It was in the last place I look" should be deported. It's yet another phrase with no actual meaning behind it; most people stop looking when they find something, so naturally it's going to be in the last place you look ("Honey, I found the keys but I'm going to check the couch and the front porch and make sure they're not there!"). Anyway...

The effect, I presumed, would be a 'ghost sender' throwing frames at the switch but never receiving a response. As it turns out, the switch is smarter than that (I didn't REALLY think the people at Cisco hadn't thought of that, it was just an idea).

Each time a frame is received by the switch, it apparently re-learns the MAC. When X sends something via port Fa0/1 the switch says 'Oh okay, you're on Fa0/1 - let me write that down'. Then when X' sends a frame via port Fa0/2 the switch snidely quips 'Wow, you get around, you port-hungry devil, you!' and re-learns the MAC. This is of course, assuming that switches are capable of 'quipping' (the latest research suggests they are - I know they can be snidely).

After that happens, let's assume that the traffic in response to the request X sent earlier shows up. The switch (being worried that the traffic was out that late) says "Where were you, Series Of Bits?! This is not a hotel! Go to your room it's right..." - the switch examines the lookup table - "...THERE!" and gestures angrily at port Fa0/2.

Series Of Bits, obediently goes to port Fa0/2 to find a very surprised X'. X' looks at Series Of Bits with a visage similar to when you haven't ordered a pizza and one shows up anyway. "Anybody order a series of bits??" it hollers. "Yeah, says Thomas J. Program, peaking head through the NIC's door. "But not THAT series of bits."

Meanwhile, poor, poor X is waiting for a Series Of Bits that never comes. We can only assume it begins to cry. The point of all that (other than that I'm CLEARLY single if I had the time to write all that) is that when two identical MACs are connected to the same switch bot experience seemingly abruptly random traffic as the switch learns and re-learns the MAC. Why the hell didn't I just SAY that? Because I was bored. But now I'm not.

Note: I was tempted to give the NICs a Brooklyn accent and make a "New York NICs" joke, but decided against it. You can thank me in US Dollars.

Alright - it turns out the RocketRAID is both a snare and a delusion.

• The claims of hardware RAID are simply false - all processing is pawned off onto the system CPU.


• The 'open-source drivers' are actually open-source wrappers for closed-source drivers. In either event, they're impossible to slip stream during OS installation.


• Supports every major linux distro my ass.

Now of course the OS install disk we're using is informing us that we don't have a valid CD drive attached. Keep in mind that this is coming from a program loaded off a CD. A problem for tomorrow.

On May 9th, I'm leaving the IS department at Rackspace. I like doing dev work on my own, but there is not the place to do it for me. I'm a single Ruby coder surrounded by Python guys and the end result is that I just have nothing to do. I'm looking for something internally, so we'll see how that goes.

It seems that 64-bit Heron has some trouble recognizing RAID arrays. The machine booted and the RAID controller's configuration screen came up. After tweaking the necessary settings, we bounced the box and prayed that Heron would see it - which it didn't.

When we got to the installation section where we were going to do the partitioning, we were given prompted to choose between the twin 250GB Western Digital drives. Thinking that perhaps, somehow, someway the installed OS would see it we continued through the installation only to hit repeated checksum verification errors during the base system install.

Desperately hoping that this was a fluke, we shut off the machine, coated ourselves in honey, and sacrificed our entire apartment complex to the gods of data integrity and MD5 hashing. No luck (which means the install disk was probably corrupt - I'm having a chat with my LightScribe drive once I finish here). Once the honey had been removed and the police had left, we decided that we'd give Fedora a shot instead - the RAID controller specifically says that it plays nicely with it.

So that's where we stand now - even though Fedora 9 is coming out in about two weeks, we can't wait that long. If there are any hardware issues, we have less than two weeks to find them and get the equipment returned. At least for the time being, a Fedora machine is being added to the rack. I used Fedora at the last place I worked and while I didn't have anything specific against it, I didn't feel particularly attached to it.

As long as we're at it, we might as well trade bash in for tcsh - it's about time I learned some C and from what I understand The C SHell is a good place to learn as a lot of the syntax is similar. I don't have any first had experience though so we'll see.

Switching gears, I've found that a good way to gain some basic day-to-day experience with a language is to use it for any shell scripting needs I have. Erlang being my most recent language of study, that's what I'm going to do. If you'd like to give it a shot, Erlang programs can be run outside of the erl VM by typing:

pratzsch@carbon:/home/pratzsch/shell$erl -compile timely_message.erl
pratzsch@carbon:/home/pratzsch/shell$erl -noshell -s timely_message message -s init stop
Excuse me, your forehead's on fire
pratzsch@carbon:/home/pratzsch/shell$

...while it works, I'll probably end up aliasing that set of commands minus the program name to a bash script (oh, the irony) so I don't have to type that novella every time I want to run an Erlang program from the command line.

These are the insides of 'neon', (not quite fully assembled) the latest web server. This is the first machine I've ever had that has hardware RAID. The chip is an 3.0GHz Intel Core 2 Duo of the 45nm variety, also a first.

The motherboard supports both DDR2 and DDR3 RAM, but it was decided that we'd rather have 4GB of DDR2 than 2GB of DDR3. Naturally, having 4GB mandates a 64-bit OS. We figured we'd give Heron a shot and see how that goes.

Taken from the man page for syslogd (yes, another wild Saturday night):

There are a number of methods of protecting a machine:

1. Implement kernel firewalling to limit which hosts or networks have access to the 514/UDP socket.

2. Logging can be directed to an isolated or non-root filesystem which, if filled, will not impair the machine.

3. The ext2 filesystem can be used which can be configured to limit a certain percentage of a filesystem to usage by root only. NOTE that
this will require syslogd to be run as a non-root process. ALSO NOTE that this will prevent usage of remote logging since syslogd will be
unable to bind to the 514/UDP socket.

4. Disabling inet domain sockets will limit risk to the local machine.

5. Use step 4 and if the problem persists and is not secondary to a rogue program/daemon, get a 3.5 ft (approx. 1 meter) length of sucker rod*
and have a chat with the user in question.

Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male threaded on each end. Primary use in the oil industry in Western North Dakota
and other locations to pump 'suck' oil from oil wells. Secondary uses are for the construction of cattle feed lots and for dealing with
the occasional recalcitrant or belligerent individual.

Finally got all the zones configured properly and transferred to my DNS server. In celebration, here are some additions to the Vector class. Enjoy.

require 'matrix'

class Vector
 
  def include?(search_term)
    self.to_a.include?(search_term)
  end
   
  def to_float
    new_elements = []
    self.to_a.each do |element|
        element = element.to_f if element.class == Fixnum
        new_elements << element
      end
          
      Vector.elements(new_elements)
  end

  def pretty  
    counter = 0 
    self.map do |element|
      puts "[#{counter}] = #{element}"
      counter += 1
    end
  end

  def empty?
    return true if self.nil?  
    empty = true
    self.map do |element|
      if case(element)
           when Fixnum
             element == 0
           when nil
             true
           when String
             element.empty? or element == ' '
           when Float
             element == 0.0
           end
        next
      else
        empty = false
        break
      end
    end

    empty
  end

  def self.random(size, max_value = 50)
    elements = []
    (1..size).each do |i|
      elements << rand(max_value) + 1
    end

    Vector.elements(elements)
  end

end

Taken from http://whois.domaintools.com/wordpress.com

Server Type: nginx/0.6.29

So it appears that Wordpress, which gets about 4 million hits a day has switched to an Nginx front-end! I really wish that tomorrow someone at work would say that no high-traffic sites uses Nginx. Of course I'd settle for an ignorant quip about how no there are no enterprise-level uses for Ruby or Rails.

It appears that the project I was on at work which was killed has risen from the proverbial ashes and is once again active.

I've been having DNS troubles since yesterday. First the serials weren't getting updated, then a full zone transfer wouldn't complete without an error, and now I've FINALLY eliminated all the errors in the DNS side of things. Not that it's working, of course. Now the trouble is that the external IPs of two of my boxes have been switched. So while it's resolving the domain names to the correct IP, that IP is tied to the wrong box. I should have it fixed by morning.