First-Rate Geeky Command Line Head-Smackage

BASH - in the flesh.
WARNING: GEEKY CONTENT AHEAD
If you have no desire to read about login shells, Linux, source code management or other similarly geeky content, you’d best be skipping this one. -ed.
Have you ever allowed a nuisance to go on for literally years simply because you couldn’t be bothered to do enough research to effectively nip it in the bud? I personally had two such nuisances (of a particularly geeky variety) come crashing down this past week.

BASHing My Head In

I, like many UNIX users that spend a good deal of time in a command line environment, prefer to customize my environment so that I can save myself keystrokes, work and headaches. Through judicious use of environment variables, aliases and custom shell prompts, I have made it easy for me to be able to determine where in a filesystem I am at a glance, run commands from any number of frequently-accessed binary directories, ssh to my various and sundry boxes, etc. I have done this on every UNIX box that I have spent any considerable amount of time on since at least my early days in college and, as I am a dyed-in-the-wool BASH user, I have always stored my preferences in a file called .bashrc that sits in the root of my home directory. While at Lehigh, having a .bashrc was sufficient to automatically customize my environment every time I logged in. However, ever since joining my current firm, I have been unable to get any of the UNIX boxes at work to recognize my configuration file automatically. Instead, I have had to type bash each time I logged in in order to obtain the customizations.
Two days ago, I had a brainstorm – I realized that some users were known to squirrel their preferences away in a file called .bash_profile and, in a fit of pique, I symbollically-linked my .bashrc to ~/.bash_profile, then logged in to a random UNIX box. Lo and behold, I was immediately presented with my fully-customized shell. I was at once elated and furious – I have, over the past six years or so, typed “bash” countless times, meaning that I could have saved myself and my fingers 4 x countless keystrokes, wear and tear and keyboard mileage. Grrrr.

Subversive Behavior

I update all of the installations of WordPress that I maintain via Subversion and have largely automated the process via a shell script, although I have left a few of them out of the script so that I can update them more and/or less frequently as situations require. In both real-time and in my scripts, I traverse into the base directory of each blog and run a Subversion update; in other words, `cd [blog directory];svn up`. I was goofing around a couple of days ago and decided to actually pass the directory as an argument to the Subversion update, so I ran a test `svn update [blog directory]` from the base of my Dreamhost home directory. Et voila!, it worked like a charm. To date I have thus effectively wasted thousands of both keystrokes and CPU cycles traversing my directory tree instead of simply running a single command.
I share these insights in the hopes that they will save someone, somewhere some measure of blood, sweat, tears, effort and tedious manpage reading.

Burnination, The Follow-Up

With apologies to Trogdor: Shortly after I posted my review of Toast, I stumbled across a comparison review of a few of the top Mac burning software packages. Toast makes an appearance, as do Burn and two others, as well as a 5th one that was suggested in the reviews’ comments (LiquidCD) which got me to thinking about other media-related downloads worth your time.
First up, Windows users looking to convert their media over to handheld-appropriate formats ought to look into Videora which handles the conversion tasks for the Microsoft-addled. Next up is Democracy, an incredible video aggregator with support for RSS “channels” and BitTorrent downloads. It’s available for Mac, Linux and Windows, so platform concerns should be nil. Mac users looking to correctly tag their iPod-ready videos so that they show up correctly in iTunes should look into Lostify, your one-stop-shop for all your video tagging needs.
Last of all, those of you looking to get caught up on TV shows you missed should check out ShareTV, a site that looks to centralize torrents for a lot of the top-flight shows currently on TV in one easily-accessible website. Be sure to give it a look.

Computing News And Notes

A few small compuer-related things have popped up over the last few days and I thought I’d take a second or two to jot down my observations for the benefit of all you fellow Intertron users out there.

  1. Apple’s recently-released 10.4.8 update to Mac OS X added a nifty “zoom using scroll wheel feature, allowing users to use their mouse wheel (or, in my case, a two-fingered scroll on the touchpad of my MBP) to zoom in on the area of the screen directly below the mouse cursor. Very nice for on-the-fly graphic design and handy for those with poor eyesight too, I’d imagine.
  2. On a second Apple note, I spent around 6 hours of my work day yesterday cursing Apple’s very name, as a firmware update for the newly-arrived Mac Pro (which will function as an OpenDirectory server until we are able to get our hands on some new Intel Xserves, at which point the Pro will most likely become my primary workstation. W00t!) adamantly refused to apply. I followed Apple’s instructions exactly time and again and was ultimately frustrated in my attempts to apply the EFI update. I had nearly exhausted my Google Fu when I happened across a random comment on a blog entry (I’ve since misplaced the actual search result) stating that the EFI update won’t run from a RAID array, as Mac OS X doesn’t actually support booting from a RAID setup on Intel boxes. Nice for Apple to tell me this, as I had (you guessed it) been attempting this update process from a nice 500GB RAID 0 array. Crikey. I threw a 250GB disk I had lying about into the box, installed the non-server OS X 10.4.7 from the DVDs that came with the Pro, ran Software Update and managed to update the firmware a mere 5 minutes after finishing the install. Arrrgh!
  3. If you’re a Red Hat Enterprise Linux user and you’re considering obtaining an Alienware Aurora desktop on which to use your chosen operating system, I have one simple piece of advice: Don’t. Buy. An Alienware. ‘Least not an AMD64-based one. I bought an Aurora SLI for work with the notion that it would be a screamer; instead, it has been a nigh-unending pain in the butt. The sky2 driver apparently freaks out every once in a while, bringing the machine to its knees and forcing a hard reboot, the onboard soundcard is really not an option, and NVIDIA’s Linux SLI drivers are prone to occasional lockups. This, combined with the fact that Alienware’s customer support stinks would suggest to me that RHEL users (and perhaps Whitebox/CentOS users, by extension) would be wise to avoid the Aurora. I make no claims for Mandriva, Fedora, Ubuntu, Gentoo, etc. users. Caveat emptor is the moral, I guess. I look forward to moving to the Mac Pro as my full-time workstation soon.

U.N.helpful

Jules Crittenden of the Boston Herald really took it to the French in re: their hypocricy in Lebanon in recent days. To wit:

In recent weeks, France stepped forward to act as a broker of peace in Lebanon. “Act” is the key verb in that last sentence, as it now would seem that the only other verifiable part of the sentence is “in recent weeks.”
To correctly parse that sentence, one must understand that when France suggested it wanted to broker peace in Lebanon, it did not necessarily mean “broker” or “peace” or “Lebanon” in the way we might understand those words. The same is true when France further suggested it wanted to “lead” a “strong” “multinational” “force” there.

Heh. Go and read the whole thing – it’s a biting take on the folly of “international” “action” in the Middle East.

Fun In The Sun (Microsystems Server)

Or: RedHat Enterprise Linux’s `ypbind` Is Functionally Brain-Dead

WARNING/WARNUNG/ADVERTENCIA/AVERTISSEMENT: Geeky rant follows. If you don’t give a hoot about UNIX and/or Linux, you may just want to give this post a pass. -ed.
First, a little background: like many shops with a core infrastructure consisting of UNIX/*NIX servers of varying ages and configurations, we have run our network directory services using the venerable NIS directory technology provided by Sun Microsystems and implemented on nearly every single POSIX-compliant operating system on the planet. It is fast, well-understood, well-tested and generally easy to use (if set up properly). Our UNIX systems and desktops hum merrily along 99.9% of the time, blissfully confident in NIS’s ability to keep them happy and informed of the goings-on on the network. Our network is architected so that our primary (“master”) NIS server is supplemented by a lower-powered backup NIS “slave” server so that, in the event of a failure on our main server, the “slave” can take over and keep our NIS clients happy.
However, our secondary server has been having heartaches recently – apparently a patch from Sun that is supposed to prevent users from being able to overload the NIS server and cause it to

[…]prevent the ypserv(1M) NIS server process from answering NIS name service requests. A Denial of Service (DoS) may occur as clients currently bound to the NIS server may experience hangs or slow performance. Users may no longer be able to log in on affected NIS clients.

…is actually causing the server to die on its own. That’s right: we traded a potential DoS, instigated by users, for one that apparently triggers itself.
Now, this doesn’t cause an issue for Solaris clients; their NIS client software is intelligent enough to detect whether an NIS server process is running on a certain server and fail over to an alternate if said NIS server ever dies. RedHat’s (and perhaps other Linuxes’ – I don’t know because I haven’t tested other distros) NIS client isn’t this intelligent. Apparently, RH’s NIS setup uses `ping` to determine whether a server is still alive, which means that an NIS server process could die and, as long as the server hardware stayed active, Linux clients would continue to try to bind to a non-functional server, thus triggering a DoS on multiple systems. RH’s NIS client also uses `ping` to determine which NIS server to bind to; it functionally ignores the order set by DHCP servers and/or /etc/yp.conf and binds to whichever server provides the lowest latency.
All of this would be immaterial, but for one critical point: our primary server is connected into our network via a fiber optic gigabit link, while our secondary server runs on a gigabit copper link. To this point, copper networking equipment tends to have lower latencies than its fiber equivalents, which means that, you guessed it, our Linux clients were all persistently binding to the “slave” NIS server, regardless of its actual ability to serve up directory information. Thus, when the NIS processes would die on the “slave”, all of our stupid RedHat boxes would freeze, waiting for directory service on the part of a non-funcional box whose only claim to fame at the time was a functioning NIC.
Needless to say, we backed that patch out and, of course, everything’s happy again in Linux Land. Hooray for cascading failures!

Friday Link Dump

Okay, time to toss out all the nifty links that I stumbled over in the past week but never really made it to “full post” status. Enjoy.
Vids

  1. Kinetic destruction visited upon an old Toyota, rubber band-style.
  2. Robin Williams guest-starred on “Who’s Line Is It, Anyway?”. Witness the hilarity.
  3. Do not, under any circumstances, take these guys on in Beiruit/Beer Pong.
  4. You’ve got to hand it to the Japanese people – a prank show involving sauna ejector seats on a ski hill would get sued into oblivion here in the U.S.

Pix

  1. This week’s Something Awful Photoshop Phriday – Computers in Movies – resulted in some hilarious entries, in particular “Memento” and “The Color #9900FF;”. I laughed so hard that I shed a few tears, but then again, I’m a huge geek, so YMMV.
  2. The Top 10 Places to Find Free Images for Your Blog from About.com (I wonder, have they looked at acquiring aboot.ca for all their readers from Canadia?)
  3. Literal translations of old sayings – a Fark photoshop “new classic”.

Tunes

  1. The Mac and Linux versions of Songbird have been released. Play music in your browser.
  2. Re: Your Brains. An ode to officeplace zombies with a distinctively They Might Be Giants flair to it. Heh. (World of Warcraft machinima video here, for those that are interested.)
  3. Birdy Nam Nam is a quartet of DJs from France that construct their music (almost) entirely using turntables. Their performance of their song “Absesses” was enough to win them a global DJing contest. Wickedly good stuff – their entire album is worth a listen if you can snag a copy.

Why I Love The Internet, Part 308,456

…It makes me laugh. An interesting discussion popped up over at Slashdot regarding the lack of female applicants to, and therefore, lack of females being sponsored by the GNOME project’s “Summer of Code” (sponsored by Google). The conversation revolved around the general lack of females in tech fields and spawned the following comment:

There’re no women on the internet! Everyone knows that! It’s the place where men are men, women are men, and children are fbi agents.

Now that’s comedy. Heh.

A Virtual Cornucopia Of Cool Software

Google has been on a “pro-Doug” tear recently as far as I can see, releasing first Picasa, then Google Earth for Linux, along with the cool-in-concept Google Browser Sync plugin for Firefox. The Google Sync extension only ranks cool in concept because, well, in order for it to work to its capacity, you have to store all your bookmarks, history, cookies, tabs and, most importantly, passwords on Google’s servers. The data is encrypted prior to being sent to Google, but it’s only done with a PIN as the encryption salt, meaning that Google has access to both the algorithm used to encrypt the data and the encrypted data itself. The PINs, they can guess. The “Oh wow!” factor is probably mitigated by how much one trusts Google to not be evil with personal data.
The Picasa port was accomplished using Winelib, meaning that it’s not a true native port, but I’ll take what I can get in terms of being able to run the best image management software out there. The Google Earth port is apparently native code, as it’s based off of QT. Now, we just need a SketchUp port for Linux and a Picasa port for Macs and the awesomeness will be complete.
*grin*

Network Gremlins

I don’t know if it’s a universal I.T. thing or not, but at my place of employment we sysadmins have taken to blaming any freak accident/unexplainable computer phenomenon/Series of Unfortunate Events on “gremlins”. A person couldn’t log on five minutes ago and all of a sudden, they can? Gremlins. USB sticks now mounting when, previously, they weren’t? Gremlins. You get the picture.
Gremlins!Well, last Friday and today have been some of the most gremlin-filled days in recent memory, bar none. We’ve all tried to be sanguine about the whole affair and just shrug our shoulders and mutter “Gremlins!”, but that only takes one so far. Perhaps we bought a cursed Cisco box with a time-delayed Curse Activation Feature without knowing it.
I came in to work on Friday to discover that no one could receive any mail, a condition that was causing no little consternation amongst the throngs shackled to their cubes and, after a careful bit of investigation by myself and the team lead, we determined What Apparently Went Wrong:

  1. We back up all of our DNS, DHCP and NIS server maps using CVS in order to keep ourselves from getting into a bad state with no easy way to back out damaging configuration changes. Somehow, our master DNS configuration file was partially overwritten so that any reference to a shared key (I’ll get to that) was removed.
  2. Our DNS tables are generated (mostly) on-the-fly by our DHCP server, which relieves us of a great deal of administrative burden. However, one can’t just have DHCP servers overwriting our DNS maps willy-nilly, a condition which we avoid by requiring access to a shared key that both DHCP and DNS can trust, thus allowing clients that are authorized in our NIS setup to request an IP from the DHCP server and have one assigned as well as have the DNS server updated.
  3. The DHCP server must be restarted/reloaded in order to read new ethers addresses from the NIS tables, which we accomplish thrice-hourly with a simple cronjob.
  4. Since the reference to the shared key was overwritten, the DHCP server was no longer able to force DNS updates, meaning that individual hosts began dropping from the DNS radar like flies.
  5. At around the same time that DNS began to fail, our primary mail server had a minor NIS hiccup that caused it to fail over to our secondary NIS server.
  6. All email addresses are fed through the NIS aliases map in order to tell the mail server who the intended recipient[s] are.
  7. Our secondary NIS server had recently been replaced with a newer, beefier box that was receiving all NIS map updates from the master server except aliases for causes not quite clear at this time, although much finger pointing was aimed in the direction of a faulty Makefile.
  8. Our mail server, unable to determine where to deliver mail, threw up its hands, spewed a whole bunch of “aliases: no such map” messages into the syslogs and contentedly queued up mail for the better part of a morning.
  9. All of which translated into: no mail for anyone until we figured this out.

This email fun was followed by a raging wave of thunderstorms that swept through the area, knocking out building power first (our compute center is UPS’d and generator-backed, so no worries there) and then knocking a transformer and some Verizon telcomm equipment offline, effectively nuking our external link and a sizable portion of our surrounding area, meaning no web access to end the day, followed by some incorrectly-configured Macs sitting on admins desks giving us heartburn for a goodly portion of the day as well. Wheee!
There's... something.  On. The wing!While Friday was fun, I came in to work fully expecting an easy day, as HGCDs (High Gremlin Count Days) are normally few and far between. However, ’twas not to be. I arrived to find my voicemail blinking and my boss standing in my office saying “Our web is down”. After running this statement through my Management-to-IT filters, I realized he was saying that no one could get to any external websites. I and the team lead poked around a bit before realizing that there is a bug in the newest version of RedHat Enterprise (the version our web proxy just happens to run) that ignores the specified default route when being run on machines with multiple NICs, such as proxy servers. This bug was triggered when our proxy, sensing a Disturbance In The DNS Force on Friday had run dhclient and thus begun ignoring the default route, resulting in our poor proxy having no idea how to get to the content that people were requesting of it. We manually added the default route and things once again moved to Status: Hunky Dory. Problem solved, at least for now.
As for me, I’m avoiding ladders, black cats and mirrors for the rest of the week, just to be safe.