Ramble On

It's International System Administrator Day

Here's to you, you poor, down-trodden, fellow System Administrators all over the world!

(and for the rest of you, don't let your babies grow up to be tech staff)

Apple has several job descriptions posted for an Apple Retail Store at Crabtree Valley Mall in Raleigh.

Interesting…. very interesting….

(of course, they were all posted in December 2004, but one can hope right?)

So, the University of Colorado at Boulder got hacked.

Again, just like the University of Connecticut Colorado seems to have a need to blame their peers.

From the FAQ:

Has this happened at other universities?
Over the past few years, there has been a notable increase in hacking activity aimed at colleges and universities, institutions that are known for their culture of openness and the sharing of information. Also, because of their high bandwidth, university networks are attractive to those engaged in file sharing. Computer systems storing personal student and employee information have been breached recently at numerous universities, including University of Texas at Austin, New York University, University of California at San Diego, University of California at Berkeley, and Purdue University.

Hey, but at least the PR department spelled "Berkeley" correctly.


Jason Young: some things about subversion are a serious pain in the ass
[peer-who-shares-the-pain]: heh, like what?
Jason Young: like the whole svn:keywords thing
Jason Young: [censored] - I want keyword expansion automatically - I don't want to set it on every file, and then I don't want some bailing wire and duct tape [auto-props] client side setup where every developer has to share those [censored] settings with each other to make sure everyone's happy
[peer-who-shares-the-pain]: why not do a post-commit hook
[peer-who-shares-the-pain]: ?
Jason Young: because I haven't learned how to do that yet
Jason Young: and I'm the only developer for the project (ewe) that I'm learning how to deal with subversion at the moment
Jason Young: let a man bitch about something, why don't you?
[peer-who-shares-the-pain]: lol
[peer-who-shares-the-pain]: sorry man
[peer-who-shares-the-pain]: continue


I absolutely love NetNewsWire.

(for the record, I really think Pulp Fiction is great too, but I already owned NetNewsWire, starting early on).

What I don't love is NetNewsWire syncing - I have never gotten it to work right. And I've never had/made time to troubleshoot all the problems (lockups while syncing, .Mac errors, unread items not being marked correctly, and most likely my own expectations of it) I've had with it to properly report those problems to Brent Simmons, the developer of NetNewsWire (syncing is a non-trivial feature to get right, so I have no significant expectations of it that it should do what I think it should do).

However, I have an even better synchronization method. My largely unused 2nd-generation iPod. I don't use the iPod, because it's a little too bulky for me and while I love music, I don't find myself able to really listen to it much if I'm not already on the computer where my music collection is anyway. I've basically killed the battery because I never used it much.

But it turns out that the iPod is a fantastic 10GB portable firewire hard drive.

So my synchronization method consists of initially copying my ~/Library/Application Support/NetNewsWire folder to a folder on my iPod and then doing a:

ln -s /Volumes/walkingtunes/ApplicationData/NetNewsWire ~/Library/Application\ Support/NetNewsWire

to create a symlink in /Library/Application Support/ to the NetNewsWire directory on the iPod.

This works absolutely beautifully carrying my NetNewsWire data between my home and work machine (with an occasional copy of the data to either machine as a backup). The iPod is fast enough to perform adequately in direct access mode (unlike most USB keys), and it's easy to copy to the laptop in the event that I want to browse my subscriptions there.

…and Crazy Apple Rumors has it

Based on some conversations with the NC State "NAG" (network administrators group) this week about problems I was having using our NC State outgoing mail server from home and whether or not Earthlink was blocking Port 25 access - it seems that they are, for most domains at least, and at least for their DSL customers (or maybe just me, there is a ongoing running joke about the "Jason filter")

I had the chance to test this a few nights ago. One of the ways to test SMTP connectivity is to use the tried and true "telnet" command to try and connect to Port 25 on a host.

e.g.

jason-mac:~ jayoung$ telnet smtp.ncsu.edu 25
Trying 152.1.1.164…
Connected to smtp.ncsu.edu.
Escape character is '^]'.
220 uni01mr.unity.ncsu.edu ESMTP Sendmail 8.13.4/8.13.3/N.20050331.02; Fri, 22 Jul 2005 16:21:26 -0400 (EDT)

well, from Earthlink, this results in a "connection refused" for all of the hosts that smtp.ncsu.edu resolves too (hint: try a "nslookup smtp.ncsu.edu"). Watching communication using tcpdump showed a:

IP user-#######.dsl.mindspring.com > 10.0.1.2: icmp 36: host uni01mr.unity.ncsu.edu unreachable - admin prohibited filter

message coming back. That, in addition to this knowledge base article and this other kb article, pretty much leads me to believe that Earthlink is blocking port 25. The article seems oriented to dialup customers, but I'm betting that the DSL customers are similar.

This went back and forth on the nag a bit, because Earthlink doesn't apparently block the RTP cable customers and most of the NAG folks are cable users, so they weren't having any problems with (authenticated) SMTP to smtp.ncsu.edu.

Interestingly, Earthlink doesn't block port 25 access to smtp.mac.com (thankfully).

(I haven't emailed earthlink customer support about it, I'm likely to get told to reboot my DSL "modem" or the computer, and I'm not sure I'll reach someone who actually knows which sets of customers they do or don't block.)

This all led me to writing up instructions for using SSH tunnels (oriented to the Macintosh users, but the concepts are the same) - and also writing up instructions for using SSHKeychain to do SSH key-based access (which may only work for a subset of the NCSU population that manage their own local accounts on their work systems).

Wake up, what you been dreaming about
I ain’t got a lot to say, but I could talk to you for hours

Country music fans will recognize the stanza as the opening to Pat Green’s “Three Days” which I’m not sure that it has any direct relevance, other than it’s the title song to an album that also contains these lyrics:

If I am truly crazy don’t you know I like my life that way
and if I’m really going on out of my mind won’t you hop on board and make your getaway

Which might be a bit more relevant.

Three days is also the amount of time I’ve spent on my new job so far. Monday I started my new job with the National eXtension Initiative. After a few moments of sheer panic (”oh my, what have I done?!?” and “I must be a complete and total ignoramous or fraud or both“), it seems to coming together okay. So far I’ve spent a fair amount of money getting servers to replace our existing borrowed-server-that’s-running-way-too-much, most of the eventual service is going to get farmed out to someone or someones to do all the hosting, but we’ll still need some internal servers for development, testing, and technology exploration.

The sheer panic highlight came in the form of a contract developer we have putting together a prototype for entering FAQ questions, who was having trouble getting their jsp/db code to do what it was supposed to do, mostly it seems because Tomcat was holding on to an old class file it seems.

I’m a Linux admin ignoramus - I’ve delegated all the Linux system administration for the last few years. I’ll get to do that again, but in the short run, there’ll be a few things I need to do, mostly consisting of begging others for help ;-). Add to that I only have the faintest of clues about tomcat and jsp. To be fair, I know how apache and mysql and php work, so I’ll work my way through it, but whew. I’ve been doing this stuff for now on 13 years or so but boy, become a pointy-haired boss, and watch the terror ensue ;-).

It was kind of fun though, my first instinct (thanks Google) was that it might be a code issue, and it was. And I know where more of the “stuff” is on the server in question.

That might be one of Jay’s Golden Rules for System Administration - always know where your stuff is, even if you don’t know how it works (yet).