Please Pass This Along

Just doing my duty.

to the Internet.

And the World

(or something)


If you ever have forwarded along an email from anyone - please forward thisone along to all your friends, family, pets, and even any inanimate objectsthat you personally know and/or are acquainted with that have an emailaddress.    For every group of 10 you send this email too - you will get fantasticriches and a lifetime of carefree opportunity!!!!!!!!!!! (*)    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=    From the Earthlink Corporate Security/Protection "Weblog":    [http://www.protectionblog.net/earthlink_protection_blog/2005/01/internet_hoaxes.html][1]    Internet Hoaxes    I'm sure everyone has received one of those emails that tell some fantasticstory that is almost too incredible to believe. Recently, I've seen a lotof claims of Tsunami photographs, or maybe you've received an email aboutsome new virus that has been circulating. Before you blindly forward theseemails to 10 of your friends, it's a good idea to check if it's actually ahoax. One of the best ways to do this is to check Snopes,[www.snopes.com][2]. Snopes is a great web site that explains anddocuments well-known hoaxes on the Internet. It explains which UrbanLegends are true vs. which are, well... Urban Legends.    Although forwarding these types of email may not be considered spam by mostpeople, (I'll talk about spam definitions later) it's good netiquette tocheck the veracity of a story before forwarding it on. Plus, it can be funto write back, "Nice email, but not true. See Snopes."    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=    (* -- Well not really, but you might just "Save the Internet" (**) )    (** -- okay, you probably won't do that either - but you'll save someone,       anyone from falling victim to Internet Hoaxes, and if you save       one person, JUST ONE PERSON from an Internet Hoax, they'll be       indebted to you forever(***) )    (*** -- okay, so they won't be indebted to you forever,        but just do it - okay?  please? PLEASE?!?)    Jason    --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Jason Young                        NC STATE UNIVERSITYITECS Systems Group Manager         COLLEGE OF ENGINEERINGhttp://people.engr.ncsu.edu/jayoung ____________________________________________________________

Command Line access to Keychain

rambleon:~ jayoung$ which security /usr/bin/security rambleon:~ jayoung$ man security

security(1)               BSD General Commands Manual              security(1)    NAME     security - Command line interface to keychains and Security.framework

Excellent.

Wrangling Text

So I’m giving TextWrangler a spin this morning while working on EWE.

I had been using jEdit for the last year or so – and was happy with it – jEdit is pretty fast for a java application, but a native app is still usually just “snappier” – and textwrangler is. I think I’m on the path to switching

I usually stay with editor defaults – largely because I change enough that I never really become profficient with them – but certain things had to change from the very beginning:

  • Default font for editing changed from Monaco,10pt to BitStream Vera Mono, 12pt (12pt. == I must be getting old)
  • Set the “save backup files” setting (I wish it had an autosave, I haven’t really found one yet – but I haven’t looked closely either)
  • TextWrangler can save an file’s “state” (window positions, font settings, etc.) – I turned off the “honor font settings” part – because it was driving me nuts that the Monaco font setting was sticking for certain files (there really should be a “strip the current state” option, I couldn’t find one)
  • I checked the “Balance while Typing” option – because I’m always leaving off a ‘)’ or a ‘}’ while coding in PHP and Perl. Interestingly, the “unmatched }’ notifications from textwrangler seem to be shipped off to QuickSilver
  • I checked the “Show Line numbers” option (a must), and the show cursor position, and show current function options

Right now, I only wish it would remember that I did a multi-file search last, and would automatically enter the highlighted term in the serach field. I also want to dock the search windows. I’ll get used to that though.

Kudos to BareBones. (now watch TextWrangler become a pay-for application again two years from now).

On Troubleshooting

I’ve spent a lot of time over the last several years wondering how one can teach troubleshooting. That is, how does one develop the set of skills necessary to recognize computing problems, quickly coming to an idea of what likely root cause is (and what is not), testing that assumption, and then reaching a solution or returning back to square zero based on that test (or even evaluating the validity of the test).

I’m not sure if troubleshooting skills are gifts, some function of IQ level, learned, developed, sharpened, I don’t know. Some people seem to have them and some don’t.

But the ever-hopeful educator in me would like to think they can be tuned and developed over time, or in some way, the fundamentals could be taught – much like the fundamentals in baseball or other endeavors.

One of those fundamentals is making observations about system events and learning to recognize “out of the ordinary” events or errors. Some errors are normal (or expected) and some aren’t. Figuring out the root causes of these is one of the keys to troubleshooting

Case in point:

I make it a habit to check my system log often looking for anomalies, software errors, failed login attempts (like the 2820 login attempts as ‘root’ today from some IP address in Japan – stop it already, will ya?).

Last week I had a bunch of errors that looked like this:

rambleon kernel: arplookup 152.1.68.245 failed: host is not on local network

Which is a little out of the ordinary. Looking a little closer showed the messages to be occurring about every hour. So there are two questions here:

  1. Why are the messages appearing in the first place?
  2. Why are they appearing every hour?

The second question is what trips up a lot of folks. They either focus solely on the second issue – “how does this error keep occurring?” And solving that, they never progress to really getting to the “why” of the error – they’ll just stop whatever is causing the display of the error. Or they discount it as immaterial to the matter at hand “who cares how many times the error occurs, it is still an error”

The second question is really the key for discovering more information – it gives us the glimpse that the problem is repeatable – that is, if we can discover what is causing the error to display, we then can control its display ourselves, and set up a test to get to the root cause

152.1.68.245 is the IP address of one of our webservers. In fact, it’s the address for the www.itecs.ncsu.edu “virtual host.” It’s plausible that my desktop machine could be talking any of our servers every hour, but most web traffic is “bursty” – you read some pages, do some things, read some more pages, do some other things. It’s not really periodic – unless my desktop machine was running some kind of status check every hour for some reason. This is when it helps one to know exactly what is running on one’s desktop as much as possible. In this case, it was my copy of NetNewsWire – checking the RSS feeds for the ITECS/Systems home page. To test that, I’d get the error every time I forced NetNewsWire to check the NCSU feeds

So now, I had a tested source of the repeating errors – but why are they occurring? That’s the part of troubleshooting where experience and knowledge does come back in. I do know what an ARP is and the basics of IP networking and address resolution. But not having that knowledge wouldn’t have prevented me from solving the problem. If I didn’t know what ARP was, I could have easily looked it up and keyed on what the difference was between a local and non-local network host/address. The biggest part of troubleshooting is that I recognized the patterns and knew something was up – “every time my computer checks the webserver’s feed – it prints this error”. And probably the only reason I know anything about ARP and Subnets is the fact that something like this has come up in the 10+ years that I’ve been doing System Administration.

My “gut instinct” was to immediately check the network configuration on my desktop. For some reason, like an incorrect subnet mask – my computer thought that 152.1.68.245 was local – and not actually on the other side of the default router from my desktop computer. Sure enough I had a typo in my subnet mask. Correcting that has happily made all the messages go away.

Last week in the Jabber chatroom

I think I’m a little, well, anal sometimes.

But there’s probably a silver lining to that. Being investigatively anal makes one a bit better troubleshooter. I’ve been stressing that repeatedly with the staff lately.

e.g. a server goes down: what do you do first? fix the problem? well, yeah, but what if the problem is going to take longer than say, 5 minutes, to fix? keep fixing it?

well, there’s a point in there that you have to stop long enough to ask yourself “who needs to know about this? what does XYZ server failing affect? what’s my recovery strategy?” I think most people just want to fix the problem immediately. But if no one knows what’s going on – that usually causes more problems than its worth, we waste a great deal of time on this campus because computing staff start troubleshooting problems that folks are having because they don’t know that the problem is being caused somewhere upstream.

Asking those questions sometimes highlights other projects: i.e. building something to facilitate quick access to the information of “what is afffected” or “who do I need to tell” The best system admins are lazy ones – they build things to help them answer those questions more easily (and learn new skills in the process).

But none of this is yet about me being anal.

Well, our illustrious jabber chat room became pretty noisy (and informative) last week – at one point, Josh took advantage of the chatbot’s built in dice rolling program to help decide a discussion between three of us.

But two of us tied, and Josh mentioned he didn’t expect that.

Well, should Josh have expected it? Part of that is a social question, but I’m not a sociologist, I’m a ex-Computer Scientist. So that’s a math problem, so “Should Josh have expected a tie?” becomes “What’s the probability of two dice having a tie when you roll three dice?”

And for the life of me, I can’t answer that question. Nor could any of my peers (but I really was the only one that cared).

I still can’t answer that question mathematically. So much for the A in my Probability and Statistics course. (to be fair, I took that course 11 years ago this spring).

So I finally wrote a Perl Script to solve it:

4:41:26 jayoung@jabber.eos.ncsu.edu: this is why I'm a CSC major4:41:28 jayoung@jabber.eos.ncsu.edu: for($d=1; $d<=6; $d++) {    for($c=1; $c<=6; $c++) {        for($y=1; $y<=6; $y++) {            $roll++;            print "$d,$c,$y";            if(($d==$c) or ($d==$y) or ($y==$c)) {                print "(tie)n";                $tie++;            }            else {                print "n";            }        }    }}print "Rolls = $rolln";print "Ties = $tien";4:41:40 jayoung@jabber.eos.ncsu.edu: 96/2164:42:01 jayoung@jabber.eos.ncsu.edu: or 4 in 94:43:31 jayoung@jabber.eos.ncsu.edu: more descriptive:4:43:32 jayoung@jabber.eos.ncsu.edu: for($d=1; $d<=6; $d++) {    for($c=1; $c<=6; $c++) {        for($y=1; $y<=6; $y++) {            $outcome++;            print "$d,$c,$y";            if(($d==$c) or ($d==$y) or ($y==$c)) {                print "(tie)n";                $tie++;            }            else {                print "n";            }        }    }}print "Outcomes = $outcomen";print "Ties = $tien";4:44:25 jayoung@jabber.eos.ncsu.edu: 1,1,1(tie)1,1,2(tie)1,1,3(tie)1,1,4(tie)1,1,5(tie)1,1,6(tie)1,2,1(tie)1,2,2(tie)1,2,31,2,41,2,51,2,61,3,1(tie)...

I’m not sure if it’s more anal that I did that in the first place, or that I changed the script to say “Outcomes”

This of course resulted in:

4:48:51 Billy: Back away from the keyboard.

(and this is why our internal jabber project is one of my favorite initiatives for the whole year)

What a Long Strange Trip It’s been

So it’s been a while since I’ve posted. Maybe I should resolve – after all the New Year’s resolutions have passed – to write more here. After a day’s worth of emails though, somehow the words just don’t quite come as easily.

School started back today, thankfully we are bit isolated from that in my group at the University. The pressure on others around us goes up a bit, which means our pressure goes up a bit, but other than that, things seem to be moving along well.

I have a lot of things relevant to post in BinaryPage – so maybe we’ll get to them over the next several days. This includes some commentary on Norton Antivirus for the Macintosh (some not very nice commentary), happenings in storage around the University and how it affects us, comments on new and updated recommended applications for Macintosh OS X, I really want to follow up with the campus paper that came out of the academic side of IT at NC State (called Layer 8) with my own little treatise on the matter called “Layer 10” – which talks about how you build innovation into an organization, and why really successful business plans have innovation at their core, and why most people don’t seem to get that.

A little Perl, a little PHP, a lot Macintosh, and a whole lot of communication and cat herding. Such is 2005 in the land of a University System Admin.

Happy New (School) Year.