I know that vampires (especially the sparkling ones) are the big s**t right now but I never really cared about them.
Until now! Searching for english books on the german Amazon site (selecting the category "Englische Bücher" and entering no search term) turned up a list of books with about 50% of them having a vampire theme. Ranging from the unreadable horror of "Twilight" to "Vampire Diaries" and so on.
I think I better start searching for good old Issac Asimov again. I'm pretty sure none of his characters is going to sparkle in any way.
Photo by jaredYesterday I set up three similar KVM machines running Debian unstable/experimental in order to have a testbed for an OpenAIS cluster.
Following these two articles I managed to get my three node cluster up and running in no time:
Though there are some minor show-stoppers at the moment, for example clvm does not support OpenAIS at the moment but there is already a patch available for the Debian package.
It's now almost a month since I enabled IPv6 throughout all my devices which are connected to the internet in any way.
Time to shout out proud: My own services are running smoothly over IPv6 and almost 50% of the services I regularly use are accessed through IPv6.
The last two were the IRC networks I lurk frequently:
Next on the schedule is Google over IPv6 but this one requires my ISP to take part in this program and it's clear that this will take some time and effort on their side. But I'm in no hurry ...
In other news, some interesting statistics on European IPv6 traffic:
Photo by StéfanJust a short help for people using the gw6c package to establish a tunnel to get their IPv6 connectivity, who want to use Googles services over IPv6 and finally, who run their own instance of Bind9 to resolve DNS queries.
Add this snippet to your Bind configuration to redirect all queries for google.com domains towards the gogo6 DNS resolvers which are actually white-listed in the Google-over-IPv6 program:
zone "google.com" { type forward; forwarders { 2001:5c0:1000:11::2; 2001:5c0:1001::194; }; };
This will only work if the Bind9 resolver has IPv6 connectivity and is part of the subnet (or on the same host) as the tunnel endpoint (the machine running gw6c).
A simple query for the AAAA record of www.google.com should now turn up the IPv6 addresses:
$ dig www.google.com aaaa www.google.com. 176256 IN CNAME www.l.google.com. www.l.google.com. 239 IN AAAA 2001:4860:800e::63 www.l.google.com. 239 IN AAAA 2001:4860:800e::67 www.l.google.com. 239 IN AAAA 2001:4860:800e::68 www.l.google.com. 239 IN AAAA 2001:4860:800e::69 www.l.google.com. 239 IN AAAA 2001:4860:800e::6a www.l.google.com. 239 IN AAAA 2001:4860:800e::93
There is now also a very informative article about IPv6 services online at Debian Administration.
Wohooo, I got my first three listeners connected over IPv6. Maybe there is more widespread IPv6 usage than I would believe.
Had some spare time at the office this morning and I filled it by downloading Haiku and running it inside KVM on my desktop machine. This really brought back sweet memories of one of first operating systems from which i actually learned something about the internals of modern OS: BeOS, the predecessor of Haiku.
To my surprise it worked out of the box and the installer recognized every part of the KVM environment necessary to setup a permanent installation e.g. CD drive and HDD.
Maybe I'll use it for a while as a secondary desktop, just for the fun of it and the nostalgic feeling 
![The postman always rings twice [10/365]](http://farm3.static.flickr.com/2227/2183166508_3cb8975665_m.jpg)
Photo by FarruskaThe German Deutsche Post is planning on deploying it's so called "DE Mail" service. In basic it's nothing more then regular email but with the addition that it is legally treated like snail mail i.e. it can be used for trusted communication with public authorities.
The funny fact about it is that each mail costs 20 cent ... an approach I can not agree with. Once set up, the upkeep of this system will depend on the scale of it's usage. Thus charging such an amount for something that can be fully automated: routing an email through the system, a system which is by purpose enclosed in it self with no links to the outside world, is something every sysadmin dreams of. No need for compatibility tests, no unforeseen behavior of neighboring systems.
The upkeep of this system should really be minimal. On he other side, all the effects desired by "DE Mail" can be achieved if we would have more widespread GPG/PGP coverage among the users of email and their clients of choice.
And now for the funny side:
$ telnet uni.fladi.at 25 Trying 2001:5c0:1400:b::4779... Connected to uni.fladi.at. Escape character is '^]'. 220 uni.fladi.at ESMTP - Courier Mail Server !!! CHARGING 20 CENT PER MAIL !!! QUIT 221 Bye. Connection closed by foreign host.
This was done by modifying /etc/courier/esmtpgreeting file for the Courier mail server.
Mal wieder auf Deutsch, weil ich das ganz einfach nicht so auf Englisch hin bekomme. Folgende Meldung aus dem Iran hat mich dazu inspiriert:
Wenn das einer unserer Politiker aufgreift wird das dann wohl so oder so ähnlich ablaufen:
"In einer nächtlichen Marathonsitzung beschloss heute das Österreichische Wahrheitsministerium, den Dienst AT-Mail aus der Taufe zu heben. Auf die Nachfrage eines Journalisten ob dies nicht die staatliche Zensur und Überwachung fördern würde, antwortete der Minister für Angewandte Abwehr von Unruhen im urbanen Raum (AAvUiuR): Auf keinen Fall, wir wollen nur das beste für unsere Bürger, sowieso sollten Sie sich über solche Fragen keine Gedanken machen sondern sich besser um ihre krebskranke Mutter kümmern und ihre Steuerbescheide der letzten beiden Jahre endlich ausfüllen! Von den schmutzigen Funmails an ihre Kollegin reden wir ja besser nicht?"
Over the last few days I was busy working at Custos, my own approach on the field of network and system monitoring. Using Python to write this piece of software I heavily relied on external modules, especially Celery, which itself has a lot of dependencies on other Python modules. To simplify the deployment of those modules I decided to start creating Debian packages for every Python package that I use in the process of development.
Namely the packages are:
- APScheduler
- billiard
- celery
- django-apps
- django-attachments
- django-auth-ldap
- django-autoslug
- django-avatar
- django-freeperms
- django-future
- django-maintenancemode
- django-openid-auth
- django-pagination
- django-picklefield
- django-robots
- django-smartif (will be incorporated in Django 1.2)
- django-staticfiles
- django-storages
- importlib (backport from Python 2.7)
- wadofstuff-django-serializers
- workerpool
Debian packages (.deb) of these Python modules can be found at my repository available at http://debian.fladi.at/. I will keep maintaining them there and I will look for Debian sponsorship for each package that is in actual production use by myself. Currently this would be the ones related to celery because it's one of the main packages for my Custos project. Instructions on how to use my repository can be found here: http://debian.fladi.at/README.html
A developer over at Microsoft Developer Network is ranting about the Many-Eyeballs principle often attributed to FOSS projects, basically claiming that is does not work. I would agree with him if he wasn't making generalizations. It is very likely, that most of the users of FOSS don't care about the code that powers their applications, neither do developers from unrelated projects.
Photo by SifterBut here is the flaw in his argumentation: People are free to decide IF they join the development effort and contribute their two eyeballs to a project or not. And if they join, chances are higher that they will actually find something bogus (maybe it's just because they experienced some errors as a user) while with closed source they can only report problems, not directly contributing to resolve them.
Another flaw: The author indirectly assumes that people developing FOSS are doing this entirely on a whim of one moment. He misses that a whole industry is employing people to develop, maintain and improve various FOSS projects. One of these improvements those employees are going after is in the fields of code quality and security, in no way different than Microsoft or any other closed source company does.
So both approaches would be equal, wouldn't there be the option for people from outside the project to take a look at the code. If nobody takes this option: Fine, nothing gained. But if only one person takes the opportunity, out of a whim, to skim through only a particular part of the open source code, the FOSS project is one point ahead of any closed source one.
FOSS is not so much about methods and bureaucracy but about opportunities and it's up to anyone for them self if they take them or not. For me that's the most important thing why I prefer open source over closed source at any time. Plus, I'm getting paid for contributing to FOSS
The Qualcomm Gobi chipset built into my HP EliteBook 8530w finally works with GNU/Debian Unstable.
It requires a 2.6.31 Kernel and a separate firmware loader plus the appropriate firmware.
ATTENTION: The qcserial driver is currently broken in Linux 2.6.32 and later! Follow my advices only if you are using a Linux kernel version of 2.6.31! You can check your currently running kernel with:
uname -a
I've packaged the loader (gobi_loader-0.4) for Debian/Unstable amd64 and i386 (untested) architecture and it's available at my private repository:
For direct access to the .deb files:
- http://debian.fladi.at/pool/main/g/gobi-loader/gobi-loader_0.4-2_amd64.deb
- http://debian.fladi.at/pool/main/g/gobi-loader/gobi-loader_0.4-2_i386.deb
Install the package according to you architecture and make sure there was no error.
Now for the firmware: Sadly, I'm not allowed to distribute the firmware files due to copyright issues but they can be downloaded from HP:
Qualcomm Mobile Broadband Drivers - Gobi1000 (aka un2400)
Download the "sp45888.exe" file there and extract it to e.g. /tmp/un2400 with cabextract:
mkdir /tmp/un2400 cabextract -d /tmp/un2400 sp45888.exe
You can now find both firmware files at /tmp/un2400/Qualcomm/QCImages/Source/Packages/0/:
- amss.mbn
- apps.mbn
Copy both of them to /lib/firmware/gobi:
cp /tmp/un2400/Qualcomm/QCImages/Source/Packages/0/*.mbn /lib/firmware/gobi/
That's it, now reboot and once your system is back up take a look at your USB devices with lsusb. You should see the un2400 device there. NetworkManager picked it up automatically as a modem and I was able to configure my 3G connection with a nice and fancy GUI
Running some statistical analysis on the Apache2 logs from the past year (2009) I noticed something frightening:
Number 6 was the most used version of Internet Explorer during the whole year. 18.7 % of all requests originated from IE6 while IE7 was at 13.8 % and IE8 reached 6.1 %.
The good news is that only 40.2 % of the traffic was caused by Internet Explorer browsers. The various versions of Firefox accumulated 36.6 % with version 3.0.10 being the most commonly used (4.9 %).
Hopefully there will be one day soon when Microsoft stops support for IE6. I really dare to hope so.
The dataset contained almost 500.000 records (hits) and analysis was carried out with AWStats.
Using Celery in one of my projects I always found it a bit uncomfortable to start the worker processes by hand. Today someone else came up with the same problem on ServerFault. It motivated me to investigate a bit further on other options to accomplish this task.
Looking inside the contrib folder of the celery distribution led me to a project called Supervisor. It's purpose is to control project related tasks in addition to the usual Sys-V-Init process running at boot. Actually it starts one management process through Sys-V and then starts tasks or daemons configured for various projects like celery worker processes.
Debian/Unstable already has a package for Supervisor which offers the directory /etc/supervisor/conf.d/ as a drop-in-location for project-related configurations.
aptitude install supervisor
I took the sample configuration from my python-celery Debian package and placed it at /etc/supervisor/conf.d/project.conf, modifying it to fit my needs:
; ======================================= ; celeryd supervisor for Django project ; ======================================= [program:celery.project] command=django-admin celeryd --settings=setting --pythonpath=/path/to/project/ directory=/path/to/project/ user=nobody numprocs=1 stdout_logfile=/var/log/celery/project.log stderr_logfile=/var/log/celery/project.log autostart=true autorestart=true startsecs=10 ; if rabbitmq is supervised, set its priority higher ; so it starts first priority=998
Oh, the joys of administrating Novell systems. In SLES 10 they are still using rug to manage the package repositories. Investigating a deadlock while upgrading from SLES 10 SP2 to SP3 I discovered this error message, written in fancy engrish:
# rug refresh ERROR: A Refresh request already Running. This Refresh is Ignored. Please Try After Sometime.
I think this is maybe related to Novell's strategy to change their remote package downloader every month or so (you,rug,yum,zypper,...) while still maintaining their high level of crappiness.
In the end i had to "kill -9" the zmd process to advance with the update. One day, I swear to you Novell, I'm gonna replace all this immanently broken SLES installations with Debian!
I've been using monit to monitor the processes on my servers for several years now. During this time I've written test-cases for several daemon processes, especially tailored for Debian GNU/Linux (Unstable/Squeeze):
- apache2
- apt-cacher-ng
- atd
- avahi
- bind
- clamav
- couchdb
- courier-auth
- courier-imap
- courier-mta
- cron
- dhcpd
- dovecot
- ejabberd
- gnump3d
- slapd
- memcached
- mysql
- nagios3
- nscd
- ntp
- postgresql-8.4
- puppet
- samba
- smartd
- snmpd
- spamassassin
- squid3
- ssh
- supervisor
- syslog
- tomcat6
- tryton
All of them are now available at this location: http://storage.fladi.at/~FladischerMichael/monit/
Feel free to use them in your own envirnoment or just an example on how to monitor a service. Feedback and improvements are always welcome.