Utah Open Source Planet

Last week I went to the Apple store and looked at the new Macbook Pro (MBP). I liked the keyboard and think the one-piece construction makes the overall design really slick. I especially like the fact that you can change out the hard drive without unbolting the case. I'm always changing out hard drives on my MBPs and after a while the cases don't quite fit together like they should.

But what I really noticed was that it was fast. But my MBP should be almost as fast. I determined that I was suffering from OS rot and that a complete fresh reload was in order. I noticed that @jessestay and @qwade were doing the same thing this weekend.

I like to not reload the applications from my old disk since I usually end up with a lot I don't use. But that means a week of finding an app I need and don't have loaded yet and them hunting down the disks or downloading it. Not this time. I discovered AppFresh.

AppFresh is an application updater like the built in Software Updater, but for all your apps. Before I wiped my MBP clean, I installed AppFresh. But AppFresh's secret weapon is i use this, a handy Web site that let's you mark applications as something you use.

After I'd wiped the disk and reloaded the OS, I did the following:

• Load the User info from my Time Machine backup
• Load XCode tools
• Perform a standard OS X software update
• Start AppFresh and use the "Used but not installed" function to find all the applications I use and install them.

That's it. I quickly found and loaded all the apps I use regularly. AppFresh needs help with the download or installation process. For example sometimes, the dowload or update site needs manual intervention or the download happens, but the install needs to be run manually. Even so AppFresh makes the entire thing nearly painless. Highly recommended.

And finally, a note about Time Machine: I always use CarbonCopy Cloner to make a clone of the original disk for use later after the reload. In the past, I've reloaded User data from that disk. This time I used my Time Machine backup since it's on a RAID 0 disk with a Frewire 800 interface. It worked fine and was very fast.

Tags: osx macbook+pro sysadmin

I was reloading my Macbook Pro tonight and something when wrong with the installation of Adobe Air. When I tried to use it, it failed. I tried to reinstall the application, but that didn't work because the installer says "This version of Adobe Air is already installed." But, of course it was corrupted. There was no uninstaller in the /Applications director like there should have been because the application wasn't really installed.

Turns out you can run the installer from the command line with the -uninstall switch and it uninstalls nicely. Do this:

cd /Volumes/Adobe AIR/Adobe AIR Installer.app/Contents/MacOS
sudo ./Adobe\ AIR\ Installer -uninstall

And the rerun the installation. Air now works.

Tags: osx adobe air sysadmin

After reading all the details about the “new” DNS exploit I feel quite annoyed. These types of attacks have always been possible. This isn’t new. Cache Poisoning has always been on every DNS server administrator’s check list of things to carefully plan to prevent. I compare it to Firewalls: Every firewall administrator knows that best practice is to block everything by default and only make exceptions for what should be allowed.

This idea has been around for well over a decade. Maintaining a discrete list of what is allowed which can be completely enumerated with a great level of confidence and block the rest. Badness cannot be enumerated completely. Blacklists will always be missing important aspects. Expecting that all people are good and don’t do bad things will always turn bad.

Patches released for DNS services that are vulnerable do not fix the root cause. It can’t be fixed because it is part of the original specification and migrating away from it will be equally as painful as the migration to IPv6 is. These patches only implement other kinds of mitigation for the exploit. The best form of mitigation comes in the form of implementing standard best practices that have been around for many years.

DNS servers should carefully control who is allowed to ask questions about non-authoritative zones (recursion). DNS servers at ISPs should limit recursion to customers only. Corporations should run internal recursive DNS servers with access restricted to internal users only. This will severely isolate any damage caused by cache poisoning.

I am not saying nobody needs to patch their servers. In fact the patches should be applied quickly because it does help quite a bit. I am just saying that if you have already implemented best practices you shouldn’t have to worry very badly. And if you haven’t implemented them, do it now!

I've been trying to use Capistrano for application deployment over the last few days, writing rules to do some common tasks, figuring out how it works, etc. One problem I ran into is that I have a private CPAN bundle that I use to ensure a machine has all the right Perl libraries when I deploy to it.

The problem is that CPAN is often run interactively and so module writers often assume the user will be present. That means that it stops in the middle and asks questions about skipping tests, etc. I searched for a while to figure out how to get a default answer to questions. It's not Capistrano's job and CPAN didn't seem to have a configuration option that worked. Turns out it's in MakeMaker.

MakeMaker is the Perl library that the CPAN modules use to automate the build process. There's an environment variable called PERL_MM_USE_DEFAULT that when true causes the MakeMaker prompt function to assume the default answer.

So, here's the task from the capfile I came up with.

task :load_bundle, roles => :local do
     run "cd /web/lib/perl/etc/kynetx-private-bundle; 
          sudo perl -MCPAN -e 
             '$ENV{PERL_MM_USE_DEFAULT}=1;
              install Bundle::kobj_modules'"
end

This works fine. Of course, you also need to make sure the account you're using for installs can sudo without a password or this will fail as well. Maybe there's a better way to do sudo inside Capistrano? I'd like to know about it.

Tags: kynetx sysadmin ruby perl

Have you ever had a process that dies on occasion? For me, I hate that situation and prefer to fix the software as opposed to have a monitor that restarts the process when it dies. I’ve run into a case lately however, that has defied me for a solution to my dying process. [...]

During my experiments with WP-Super-cache, I noticed a strange thing happen to my Adsense ads. A short while after getting gzip compression to work properly, all my ad content had foreign characters and strange seemingly unrelated content. Having changed nothing on my blog except for installing WP-super-cache, I decided to add an additional check to [...]

While working as a SysAdmin (System Administrator) there are many tasks of different types. Any good sysadmin knows that there is always room for improvement. Some actually go so far as to script and/or automate everything. These types often end up spending weeks or months developing automation systems while the rest of their duties suffer as do their users.

I once saw an article describing this dilemma. Basically all tasks can be broken into categories based on the difficulty of the task and the frequency of the task. Steps to reduce the time and effort to do these tasks should be prioritized by category. Tasks that are easy to do, that you do frequently, should have shortcuts applied when possible. An example might be using your shell’s alias feature. Tasks that are easy, that you do rarely, don’t bother over complicating it yet. Hard stuff that you do frequently should be automated as much as possible. Perhaps you could try your hand at Shell or Perl scripting. Those rare tasks that take some time on your part should be clearly documented to take out the guess work, perhaps even include copy/paste’able code fragments as well.

I highly suggest these two books by Thomas Limoncelli. The Practice of System and Network Administration, and Time Management for System Administrators. The first book covers a lot of general theory of system administration, not necessarily platform specific but there is lost of unix information. The second book offers excellent ideas and tips on managing your time better, reducing distractions, and getting rid random people interrupting you to ask why their email is slow.

We are having Sysadmin and WCM training for Alfresco in Santa Clara, CA, at the end of the month. If you are interested, register soon. Seats will go quickly. (This is probably the last chance for training on the west coast for the year.)

Sysadmin training is being taught by Luis Sala, Senior Director of Solution Engineering. WCM training will be taught the Peter Monks, Director of Services.

System Administration

This is an introductory course for customers and partners who need to deploy a production-ready system. It is a pre-requisite to most other Alfresco Training courses.
Full course information »

Web Content Management for Developers

This developer-oriented course focuses around an installation of Alfresco 2.1E with lab exercises for form development, template development, and deployment.
Full course information »

I posted a while back on getting Heartbeat set up to add reliability to websites. After a few weeks of experience with the system, I thought I’d add a few additional tips on making the setup more reliable. There are already a few good guides on getting heartbeat set up. You could [...]

According to the documentation for svndumpfilter, you can include one subcommand when filtering a dumped repository. Suppose you have a repository that has a path “/some/path” that you’d like to separate out into its own new repository. From the documentation, you simply pipe the original dumped repository through the svndumpfilter command. Example: cat [...]