I’m just finishing up Linux Server Hacks. Even with a few years of Linux experience under my belt, I found several handy hacks.

O’Reilly’s Hacks Series bill themselves as “Clever solutions to interesting problems”, which I’ll agree with. The topics presented in the book aren’t generally introductory topics, instead they’re solutions to specific problems that a systems administrator runs into. For the most part, the hacks are designed to make a complex and common task quicker or easier to do.

One item of note is that the book is devoted to server functions, so you’ll find few mentions of anything GUIsh.

Linux Server Hacks has 100 hacks, divided into 8 distinct topic areas. The first is “Server Basics”, covering common administrative tasks a server admin runs into. Examples here are “Finding Disk Hogs”, and the best explanation of bash filehandle redirection (ie 2>&1) I’ve come across.

Chapter 2, Revision Control, covers both RCS and CVS, with an eye to keeping version history of system files. While there is very little “clever hacking” going on here, this chapter does exemplify the specific, problem driven nature of the book, ie this isn’t a man page, it’s a concise list of instructions to accomplish a task.

Chapter 3, Backups, has some interesting hacks to make copies of data, such as how to keep web clusters in sync, quick and dirty network backups, and CD burning techniques (including copying a web site directly to CD, which isn’t recommended).

As a network guy, the next chapter, Networking, was of particular interest. The first couple of hacks on iptables are nothing new, but the rest of the chapter investigates various techniques for building tunnels between machine, and port forwarding techniques.

An important task to any administrator, Monitoring, is way more than simply running “top” (though there is a hack for that). There are several scripts and programs to watch logs, processes, network traffic, and web server usage. There is also a brilliant hack called “Cheap IP Takeover”, which lets you cluster two machines together with one taking over the ip address of another in the event of a failure.

Chapter 6, SSH, shows off some advanced features of the tool, from securing passwordless logins across multiple machines, to forwarding ports and X-Windows. Even after using SSH for years, I found some ways to be more efficient after reading these six short hacks.

I must admit that the Scripting chapter is nothing to write home about, but the next chapter, “Information servers”, has lots of handy hacks for BIND, MySQL, and Apache. Apache hacks in particular are abundant.

All told, this book contains a significant number of tips and tricks that will make an experienced administrator’s work all the more efficient. The wroting style is easy to follow, and the organization of the book makes it easy to find what you want.

One minor point of irritation, though. While there are many examples of code (shell and Perl), they are displayed completely left justified with no indentation. People reading the code to analyze it will become quickly frustrated trying to track down the ending brackets, especially in the multi-page samples.

“Linux Server Hacks” is an excellent book for the experienced admin looking to increase efficiency. There are lots of helpful pieces of information in here. This book is definately not for the newbie, however!

Check out the home page for the book for the table of contents and a handful of sample hacks.

My wonderful wife got me Gear for your Kitchen by Alton Brown. If you enjoy cooking, it’s got great advice on how to shop for the right gear, not to mention great recipes. The only downside is that now I have the desire for more kitchen stuff (KitchenAid Stand Mixer cough cough!)

If you haven’t checked out his show, “Good Eats”, I recommend that you do. If I didn’t know better, I’d swear Alton was an Engineer before he was a TV Chef, his show (and books) combine science with cooking, and is pretty entertaining to boot.

I got a couple of 2x24 LCDs on eBay a few weeks ago, and have been trying to put a simple “Hello, world!” onto them from a PIC. Not sure what the heck I’ve been doing wrong up until now, but I finally did it. Small victories :)

Using the code here

I’d like to keep track of a few pages and be notified when they are changed. Since they aren’t news sites themselves, nor do they offer RSS, I figured it would be pretty easy to build an RSS feed myself. Code here.

Create a file called “checknewpages.cfg” with a list of sites and point the script to it (it’ll take it on the command line or edit the script). It writes to ~/public_html/new.xml (again, edit as needed). Point your RSS aggregator to the url of the output.

Fairly rough, I wanted to get If-Modified-Since working to save the site’s bandwidth, but I ended settling for a hash method instead.

Run it from cron with something like

12 */3 * * * /export/home/sean/bin/checknewpages.pl > /dev/null 2>&1

Updated: Follow the link above for the code

I’ve been running SpamAssassin for a while, ever since I wrote this article. Last week, I enabled a couple new features such as Bayesian filtering and auto whitelist.

Auto whitelist was easy enough to set up, I simply added ‘-a’ to the procmail command in my .procmailrc. This FAQ entry explains the feature well, but the summary is that the AWL records the normal score of a certain sender, and if the score of a particular message deviates greatly, it uses an average to bring it closer to the normal. That is, if you normally converse with someone, and they send you a joke perhaps that trips the filters, the AWL might bring the message lower so that it passes.

Bayesian filtering was also pretty easy. I already had my spam-free inbox in /var/spool/mail/sean, and a collection of spam in ~/mail/caughtspam. I then gave my Bayesian filter an initial training session:

1
2

sa-learn --mbox --spam ~/mail/caughtspam
sa-learn --mbox --ham $MAIL

After that, spamassassin will auto-learn on messages that are filtered. It only picks messages with high or low scores, which helps it to re-enforce itself. If a message gets incorrectly categorized, you have to correct the filter by piping the message through sa-learn –spam (or –ham) to tell the filters what the message really was. From pine, it’s pretty easy to pipe the current message through sa-learn.

Since I’ve implemented these two functions, I’ve noticed a reduction in miscategorized spam. Well worth the time to research, set up, and maintain, the Bayesian filtering and auto-whitelist.

Updated: Apparently, what happened is that someone registered bell-nexxia.net (as opposed to bellnexxia.net) and then had ARIN change the reverse pointers to the new machines.

1
2
3
4
5
6
7
8
9
10
11
12
13

$ /usr/sbin/traceroute bell.ca
traceroute: Warning: bell.ca has multiple addresses; using 198.235.69.11
traceroute to bell.ca (198.235.69.11), 30 hops max, 38 byte packets
 1  24.76.8.1 (24.76.8.1)  18.182 ms  24.737 ms  29.504 ms
 2  rc2nr-ge3-0-1.wp.shawcable.net (64.59.179.3)  13.917 ms  11.477 ms  9.825 ms
 3  rc1so-pos13-0.cg.shawcable.net (66.163.76.85)  24.159 ms  28.756 ms  28.183 ms
 4  64.230.231.137 (64.230.231.137)  43.666 ms  96.202 ms  31.247 ms
 5  bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia. (206.108.101.137)  26.419 ms  41.213 ms  57.043 ms
 6  bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia. (206.108.97.97)  77.389 ms  152.741 ms  72.578 ms
 7  64.230.242.194 (64.230.242.194)  262.986 ms  147.784 ms  82.894 ms
 8  bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia. (206.108.97.2)  163.480 ms  81.812 ms  83.038 ms
 9  bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia. (206.108.98.246)  91.211 ms  120.517 ms  82.995 ms
10  bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia. (206.108.104.30)  91.331 ms  90.077 ms  105.208 ms

Checking out their name servers:

1
2
3

$ host -t ns 104.108.206.in-addr.arpa
104.108.206.in-addr.arpa name server taz.bell-nexxia.net.
104.108.206.in-addr.arpa name server pluto.bell-nexxia.net.

Taz accepts telnet from anywhere

1
2
3
4
5
6
7
8

$ telnet taz.bell-nexxia.net
Trying 216.113.193.252...
Connected to taz.bell-nexxia.net.
Escape character is '^]'.
^M
FreeBSD/i386 (rotting.deadmime.com) (ttyp2)
login: login:
telnet> close

It appears they are doing web hosting on the same box, too. http requests to the box get prompted for authentication for an admin screen. My money is on someone with a stupid password opened up the box to attack.

Trust a telco to do things the Wrong Way. Just another of the many reasons I don’t trust my provider with my mail or DNS.

Red Hat has some assessment tests available, designed to see what courses you should take on your way to the RHCE. Entertaining, and a bit on the educational side. Good luck!

Here is the Perl Advent Calendar, a tutorial on a perl module for every day. The first one is on CGI::Untaint, which helps you to process form input in a CGI. There is also a series of RSS feeds.

Before my current job, I worked at Health Sciences Centre, a large hospital. It was quasi-government, the running joke was that you’d have to kill someone to get fired. I’ve since come to realize that’s not true.

Update: They seemed to have found someone to take the new position.

I worked with all kinds of people, those that worked hard, and those that did nothing but collect a paycheque. One of the big reasons I left was that there was no motivation by the latter group to do anything, while I was looking for somewhere where people shared a common goal. There were also people who were outright malicious. Because of unions, bureaucracy, and poor management, nothing stopped them from trying to run down the rest of us.

I’ve been gone from HSC for well over a year now, and I just found out that last week, a former co-worker was let go. Apparently he was called into the boss’ office, told he was no longer employed, and escorted out.

This man did not fall into any of the bad categories I mentioned above. He is a competent tech, above average for an environment such as HSC. The group that handled NT administration was him and another guy, so it’s not as if there wasn’t enough work to keep him employed. His job was also reposted shortly after. Of course his coworkers are in shock, this appears basically as either a random firing, or a politically motivated action. He was not a yes-man, which is why the latter is the prevailing theory.

So, I write this for a couple of reasons. One is to simply point out the absurdity of some places, especially health care. I’ve always been glad I left because of the opportunities I’ve found, but this makes me even more so because of the management system that I left.

The second is that if you are in Winnipeg, and know of a need for a competent Windows support person, who is a good worker and enjoys a challenge, let me know. If you are also looking for some high calibre networking (switches, routers, infrastructure) people, I know of a couple that might be more easily convinced to leave their current positions in light of their employers recent actions.

This has gone too far. Political correctness has gone too far.