We automatically pay for next-business-day onsite support for all our machines. I have had cause recently to access this twice, with two different companies.
Company 1 (machine has what I suspect is a dodgy fan): will only send out an engineer after they have got you to run diagnostic tests of various sorts. Then they will know what to send the engineer along with. I kind of see where they’re coming from, but tbh what I really want is for me to make the phone call*, and for an engineer to appear the next day with a boot full of Relevant Hardware, diagnose, and fix.
Company 2 (machine losing time, motherboard being replaced): phone not working, send email. Response to email pretty fast, we agree that the losing of time in itself isn’t disastrous but may signify something more serious, so they’ll replace the chassis. Radio silence for the next 2 days (apparently someone phoned on my day out of the office, but since I warned them that I would be out of the office, they should really have emailed). It transpires that in this instance, NBD means “we will ship the replacement parts & then send an engineer the NBD after they arrive”. So that’s minimum 2 BDs. Again, my expectation is that the engineer should bring the parts with them. (And the lack of information on this annoys me rather more.)
My assumption is that this is to do with centralised this-and-that: that engineers are based in Place A and parts in Place B (where Place B may in fact be out of the country, or even the continent in extreme cases). But it doesn’t actually meet what I want from NBD, though I expect it meets the contract. Am I expecting too much?
(I feel I should note that once I actually get an engineer onsite, they are invariably extremely competent, fast, and hardworking. My complaint is not with any of them!)
* Ideally, for me to send an email, but I will settle for phone.
Well here we go with book #2, the Linux Networking Cookbook. Hot off the presses, fresh from the oven, the baby is born!
Linux comes with a powerhouse networking stack and bales of great troubleshooting and monitoring tools. This book covers most of the fundamental Linux networking chores- firewalls, secure remote access, routing, building a Linux wireless access point (my personal favorite), serial console administration, network monitoring, hands-free installations, some OpenLDAP, running an Asterisk VoIP server, and using your specialized network administrator laptop for diagnosis and repairs.
No endless windy theorizing, just nice step-by-step recipes for getting things done. Bon appetit!
Things to look for if kerberos-enabled SSH isn’t working:
This week’s (unconnected) observation: it’s still possible to get caddies for IDE drives, for very little money. This comes in handy when an elderly motherboard expires, at an unfortunate stage of the backup cycle, and the disk is still good (and has several days of non-backed-up data: see above re backup cycle). £10 = one happy user.
Happy Thanksgiving to US readers! Enjoy the holiday. I am, as I type this, listening to Alice’s Restaurant in honour of it.
Linux Planet has my 3-part series on simple backups for both single PCs and small networks, using portable USB storage devices. Learn how to nail down your device names in udev, attach your backup command to a menu icon, and schedule regular unattended backups.
Linux Backups For Real People, Part 1
Linux Backups For Real People, Part 2
Linux Backups For Real People, Part 3
My webserver has been playing up of late - tending to hang.
top showed some
blosxom.cgi processes that had been running for some time and were using up large chunks of CPU (up to 100% occasionally). Killing these didn’t resolve the problem permanently, so I looked further.
Apparently there was (at least at some point) a problem with the Calendar plugin. I edited in this fix which resolved things. (It also showed up in the logs, so it does seem that that was the issue.)
In fact, when I contacted the
blosxom-using user, it transpired that he was in fact no longer a
blosxom-using user (it was a leftover from an earlier experiment), so we deleted the lot. It would appear that the hammering the webserver was taking was from some Russian machine - possibly looking for an exploit?
A while back the good folks behind Freespire, the free version of Linspire, sent me a CD with version 2.0 for me to review. I was very happy to look at it as Linspire has been a leader in getting preloaded Linux systems into retail and online outlets, something I believe is critical for mainstream Linux adoption.
I knew going in that Freespire was “free as in free beer”, not an OS that would be considered free by The Free Software Foundation or most free software advocates. For those of us who are not free software purists Freespire does have one compelling feature: Linspire’s settlement with Microsoft allows them to offer Win32 codecs for playing DVDs, MP3s, etc… at no cost to the end user. For those of us who use our Linux systems for both home and business, who use laptops in front of consulting customers, who simply wish to comply with the law of the land here in the U.S., namely DMCA, whether we agree with it or not, Freespire offers a real option.
Having said all that one of the first things you see when you boot a Freespire CD is their End User License Agreement (EULA), a mass of legalese reminiscent of the Windows EULA. I tried to read through it and it seems to me (and I may well be wrong about this) that if I use my system for both home and business then Freespire is NOT free for me as I can’t fall under both the “family license” or the “business license”. I can’t freely copy or redistribute the OS as a business user. I’m limited to “solely up to the number of Seats you have.” The EULA also says that I, as a business user:
“You may not (and shall not allow any member of Your Business or any other third party to): (i) copy, reproduce, distribute, relicense, sublicense, rent, lease or otherwise make available the Software or any portion or element thereof except as and to the extent expressly authorized herein by Licensor; (ii) translate, adapt, enhance, create derivative works of or otherwise modify the Software or any portion or element thereof; (iii) decompile, disassemble or reverse engineer (except as and to the extent permitted by applicable local law), or extract ideas, algorithms, procedures, workflows or hierarchies from, the Software or any portion or element thereof;…”
It is possible to use
ssh-add -l to list the ssh keys which
ssh-agent is currently handling. (I love
ssh-agent.) Is there an easier way of doing this from the command line or within bash than just getting the output of
`ssh-add -l` (and then searching it for a particular key)?
Investigating this has led me to discover the perl module Net::SSH::Perl::Agent (there’s also Net::SSH::Perl::Auth), so possibly I should rewrite the relevant scripts in perl instead. I haven’t been able to play with that yet as the CPAN mirror I use seems to be on a go-slow.
In The Optimistic Contributor’s
review of Parted Magic on LWN, Robert R
Boerner Jr mentions the disheartening fact that Parted Magic’s developer has decided to
discontinue the project.
Yes, the source code is open and available, but that in and of itself is not always sufficient for success:
I can only wonder how many other projects in the free software world have met the same fate. What great application or idea is lying dormant in Google’s cache or the Internet Archive? I know what you are thinking, if we are dealing with open source software, why doesn’t someone else just pick up where the original developer left off? The simple answer may be that people with the time, skills or inclination to scratch the same itch that brought a project to fruition are few and far between. Quite frankly, why would someone want to, knowing that they might meet the same fate as Patrick Verner?
Boerner’s solution is, ultimately, the only solution that makes
community-driven software work:
When I advocate the use of free software such as Linux, I always
tend to think of the freedom to make changes, the freedom not to be locked in.
What I forgot is the old adage that freedom is not free. Along with that
freedom comes the responsibility of the community at large to do what they can
This help can come in any form, whether it is writing documentation, helping
to moderate a web forum, or just simply sending a thank you email to the
There are no requirements in an OSD-compliant license to do any of these
things to use the software. Nor are these requirements to redistribute or
modify or modify and redistribute the software.
Yet if your business or work or privacy or freedom relies on such software,
please do consider helping keep the ecosystem of free, community-developed
software healthy and vibrant.
Recently the people running our centralised email server decided to increase its security. Among other things, this meant that if the From: header of an email didn’t match a registered user, it would be bounced back. I have a couple of pieces of software (RT and Hobbit, notably), that run as a particular userid and send mail as that ID, so since those weren’t “real” users, the mails started bouncing.
I have found two ways of dealing with this, using
- More complicated. Use
sendmail -f firstname.lastname@example.org as the mail command within the program (this works for RT but not for Hobbit). The
-f flag rewrites the envelope-from — you will also need to put the line
update-exim4.conf, and restart exim. This allows any user to rewrite the envelope-from. This does have security implications if you mistrust your users (in this particular instance, these are servers without user access so I’m not too worried).
- Rather easier. Edit
/etc/email-addresses to include a line:
You don’t need the
dc_untrusted_set_server line. You probably don’t even need to restart exim. (I did because I’m like that.)
I worked out the more complicated one first, obviously. Oh well.