Rudolph the Bastard Reindeer

2009-12-27 21:52:43 by jdixon

I'm probably not treading into undiscovered territory, but having re-watched a number of my favorite Christmas specials as an adult, I couldn't help but notice the influences of an earlier, simpler, uglier life in America. Rudolph the Red-Nosed Reindeer had an especially hellish upbringing in the shadow of Claus and his elven slave-drivers, according to the storytellers at Rankin/Bass Productions, Inc.

Overtones of discrimination and the Old South start from the very beginning. The comforting tone of Burl Ives as the friendly, banjo-toting, Good 'ol boy snowman-narrator help to lighten the apocalyptic mood of newsreel footage foreshadowing the storm that inevitably vindicates Rudolph's hapless existence.

Read the rest of this story...

Managing Expectations

2009-12-17 14:47:35 by jdixon

If you're unaware, there's an Advent calendar for Systems Administrators. Strangely enough, they accepted my submission and published it this past weekend. I believe these philosophies will benefit anyone who has "internal customers", but they are especially well-suited for IT professionals. If you have other suggestions please let me know.

Announcing Blogsum-1.0

2009-11-14 12:56:56 by jdixon

I'm happy to announce the release of Blogsum-1.0. This release includes a number of bugfixes and a couple enhancements over 0.9:

  • Fixed preview mode
    Preview content is now encoded so markup will always get recreated properly in your browser.
  • Tag Cloud
    Thanks to Jim Razmus who submitted this new feature. Make sure you add the new $max_tags_in_cloud setting to your local
  • Update date when (re-)publishing
    The published timestamp updates when you publish or republish an article.
  • Fix timezones in db
    Fixed a bug where article or comment timestamps were always set to GMT instead of localtime.
  • Fix pagination
    Removed pagination view from all non-default views. That is to say, we shouldn't paginate when viewing by year/month or tag filters.
  • Minor aesthetic improvements
    Lots of whitespace fixes, a redesigned footer and the addition of a meta generator tag for Blogsum.
  • Example httpd.conf for Apache-2.x
    Thanks to Dan Colish for testing Blogsum with Apache-2.x and submitting his configuration example. This has been added to the examples directory as httpd2-blogsum.conf.

I'd like to also thank Johan Huldtgren for submitting Blogsum to the FreeBSD ports tree for inclusion. It has been accepted and will likely bring many new Blogsum users, which will inevitably cause me to struggle even harder against the onslaught of feature requests. ;)

Just kidding, I'm glad to see Blogsum gaining interest in the community. I've also updated the OpenBSD port, if you happen to be using that instead of following svn. Enjoy!

Where Obfuscurity Meets Negligence

2009-10-21 19:24:42 by jdixon

There are people out there who would argue that Security through Obscurity is better than no security at all. They advocate port knocking or running applications on "random" ports. Certainly, I'm not one to go around broadcasting my attack vectors to random visitors (oops!), but that doesn't mean it's a rational means of protection (honest, I'll pull out this time).

Read the rest of this story...

Pressing Needs

2009-10-21 14:12:39 by jdixon

Love fonts? Check out the work by Jessica Hische over at the Daily Drop Cap. I stumbled across her work thanks to an interview linked by @shiflett. Believe it or not, I was an art geek before I went full-bore UNIX geek. I still have an appreciation for the analog arts even though I'm a left-brainer now.

Jessica's work is very impressive. It almost makes me want to try my hand at letterpress. And then I saw Pictorial Webster's and became afraid. Very afraid. Just kidding, it's unbelievably cool no matter which half of your brain dominates. Check it out now!

Let Your Mutt Growl

2009-10-18 00:30:45 by jdixon

Like any self-respecting UNIX user, I consume most of my email through the console. Mutt has been my client of choice for a few years now. I used to be a die-hard fan on my Apple systems, but the performance was abysmal. As time went on, I evolved from running Mutt on my laptop to running it in screen on a home server. Combined with imapfilter's client-side "push filtering", this allowed me to keep my existing mailserver architecture intact (outside the scope of this post) while gaining all the functionality I missed from a traditional fat mail client.

Recently my Facebook and Twitter Attention Span Syndrome (FaTASS) has peaked, motivating me to find creative solutions for managing the extra load. Growl is a very popular notification system that Mac OS X users have enjoyed for years. I've haven't found myself wanting for it before, mainly because I don't use an abundance of GUI apps for my daily tasks. And yet, Growl's unobtrusive nature and support for network events seemed the perfect fit.

Read the rest of this story...

Passing Fail

2009-09-29 14:19:01 by jdixon

I've heard all sorts of stereotypes about bad drivers. Usually they're racist or sexist (or both). And although it's politically incorrect to agree with them, there's almost always a sliver of truth hidden inside. But it's pretty rare to hear a specific criticism about an entire state of drivers (other than "they suck").

Maryland drivers are quickly gaining a reputation for cruising in the Passing Lane. This might sound like a minor gripe, but you have to consider that the entire state of Maryland is the size of a pimple on Virginia's forehead. Most of the highways are two- or three-lane affairs, not including interstate 95 or the Baltimore and DC perimeters. Monopolizing the Passing Lane can have a significant affect on the normal flow of traffic, and not just during rush hour.

Sometimes I try to consider what they might say if I confronted one of them. I bet they would argue that "I'm already going the speed limit in the fast lane, you're just trying to go faster. You're the unsafe one!". Therein lies the crux; it's not a fast lane, it's a Passing Lane (excessive and redundant emphasis mine). There's nothing subjective about the intended purpose of that lane. It's intended for passing slower traffic. It's not there as your personal safety zone, and it's certainly not yours to do with as you please. You're free to use it for the purposes of Passing vehicles. Once that's over, GTFO of my way.

That is all. Safe motoring, everyone.

Shooting a Barrelfish of Monkeys

2009-09-26 23:29:47 by jdixon

Stumbled across the Barrelfish project over at OSnews. The proof-of-concept Operating System appears to borrow concepts from distributed systems design. Rather than have a single kernel managing multiple cores, the Multicore kernel assumes no inter-core sharing and communicates with message passing. Presumably they've been able to overcome some of the traditional performance hits there.

I was particularly pleased to see their first relase distributed under a BSD-style license. Those crazy bastards at Microsoft, what's next... a Windows release that doesn't suck?

Mad Stylers in Demand

2009-09-20 23:04:53 by jdixon

Blogsum is quickly reaching the point where the focus is on style rather than substance. This is a good thing, of course; all of the core features envisioned for Blogsum are complete. If you've been paying attention at home you might have noticed that the directory layout has been tweaked a bit this weekend. I think these changes will make it much easier to support user modifications and third-party style templates.

The preference for Blogsum styling is to just modify the CSS stylesheet. However, users are also free to modify the images and HTML templates if they so desire. The structure is pretty straightforward:


The default theme is obviously contained in /blogsum/themes/default/ and shouldn't be modified. Copying the entire contents to a new theme directory is enough to get started. Make sure to set $blog_theme in your The only images currently included are used in the Admin view for managing articles.

P.S. There is now a Blogsum-users mailing list available for general questions and discussion about the project. If you happen to craft a new theme, please let us know!

Business Metrics

2009-09-15 23:58:42 by jdixon

Somewhere between our first corrupt filesystem and an unlikely ascent to CTO, all Systems Administrators are taught to monitor their systems. We're trained to monitor the health of our computers and trend the usage for capacity planning and analytics. A Nagios is deployed; eventually complemented by Cacti; both of which are inevitably supplanted by Something Enterprise (TM). Services are checked, change is managed, and reports are reportified.

Have you asked yourself, what value does this offer my company? Perhaps you've correlated your database connection breakdown time with website load time. Or you noticed that the FULL backups on Sunday coincide with excessive packet loss on your Seattle firewalls. Besides buffing out some of the rough edges on your operational capabilities, how does this data work for you?

Read the rest of this story...

Wings of Blurry

2009-09-11 10:06:38 by jdixon

This past Monday, the kids and I sat on the front porch watching bees buzzing into the purple trumpets of our hosta. We followed the long stems of the plant bow and bounce as the curious insects went about their work. In a fleeting moment, we heard an impossibly loud buzz coming from overhead and then shoot past us. A large hummingbird paused, directly above the hosta. It considered the plant for a moment, wings in full turbulence, then zipped away to its next destination.

I love how some of life's coolest moments are painfully brief. It leaves you wanting more.

Updates on Blogsum

2009-08-30 21:07:54 by jdixon

Minor features are still being added to Blogsum. It supports searching by author (effectively treating authors like tags) and the ability to disable comment submissions. There is also readmore support, allowing you to define a portion of an article that should only be seen in full "article view". You simply insert a <!--readmore--> tag where you'd like the "preview mode" to stop.

I'm also adding email notifications for comment submissions. This way you'll know the instant a new comment requires moderation. I should be done with this very soon. The last couple of items on my To-Do list are pagination and cleaning up the template usage. Once these are complete it should be ready for submission to the OpenBSD ports framework.

Update: Email notifications for comment submissions are complete.

OpenBSD as an LDAP Client

2009-08-27 22:33:50 by jdixon

OpenBSD's ypldap daemon provides YP maps using an LDAP backend. It was introduced with OpenBSD 4.4 but doesn't seem to have received much exposure within the community. I've been meaning to convert one of our bastion systems from using local accounts to LDAP, mainly for convenience.

The migration went smoothly except for the lack of a netid.byname mapping. Pierre-Yves Ritschard ([email protected]) told me this is high on his to-do list. Without this mapping, sudo is unable to getpwuid(). Therefore, any accounts requiring sudo rights (read: administrators) will need to remain as local accounts until this is resolved.

The vast majority of this write-up was taken almost verbatim from a similar posting at the Helion-Prime Solutions blog. I've filled in some missing bits with regards to the sudo issue as well as ypbind issues over non-broadcast segments.

Read the rest of this story...

Your Mom is Crazy

2009-08-24 11:37:37 by jdixon

When people ask you what you do for a living, do you answer "geek"? While shopping for a new car, is your primary criteria "good, fast, cheap... pick two"? Did you get goosebumps the first time you played with VMware's virtual switching/VLAN support? If so, you might be a perfect fit for our team.

OmniTI is looking for someone with real UNIX chops. We have a passion for what we do and it shows. A typical day in the Ops team is a heaping pile of scalability, smothered with resiliency, and a smattering of optimization. We eat and drink Open Source. We poop cold steel. You will be tempered, and you'll love every minute of it. If this sounds like your sort of thing, shoot me a line so we can talk.

P.S. We're the place your mom warned you about.

The Doctrine of Security

2009-08-21 23:22:36 by jdixon

Recently I had the opportunity to do an interview for a story on SMB security issues. The conversation reminded me just how easy it is, as a security professional, to paint everything in black and white. Hackers are good or evil. Software is secure or vulnerable. Vendors are responsible or stupid. But this really isn't how businesses operate.

The primary focus of most businesses is to engage in commerce. Often we overlook this basic fact when a company neglects to patch their systems and becomes a target. We argue that if the owner was serious about protecting his money, customers or data he would be more proactive. But do we have all the facts to make this judgment?

Every decision in business carries risks and rewards. Responsible patching seems like a no-brainer. Perhaps the company webserver is used for basic order submissions. No personal or private data is stored locally. Is it really harming anyone if the website gets defaced for a week until the owner's nephew stops by to reinstall it again? Certainly you could argue that the defacement reflects poorly on the business, but again we need to consider the risk vs reward scenario. If it costs less to leave a defaced server running than to call an after-hours professional, is that really a poor decision?

Don't get me wrong, this scenario would drive me nuts. And that's exactly why I'm a geek and not an accountant. On occasion we need to take our blinders off and consider the alternatives. Security is a process, not a moral standard.


2009-08-19 12:24:19 by jdixon

Sometimes we all have difficult days. The alarm goes off at 5am for an early start. Traffic is a bitch. Hardware breaks, data corrupts, services lockup, drives fill up and servers crash. Co-workers disagree and people yell. The pager likes the sound of its own voice.

Once in a while, these days happen. We forge through them with a restless eye at the clock, waiting for it to be over. At the conclusion, can we look in the mirror and be proud of our efforts, or is there regret for the should'ves? It's hard to be passionate every day. When the cogs are aligned and the ship runs smoothly, passion stokes our fire and gives flight to new ideas. But a foul day can quickly drain our passion and result in poor judgment and apathy.

I used to play golf a lot. When I worked the graveyard shift, I routinely teed off at the end of my day. While most of the other golfers feared the dreaded sand-trap, I reveled in the opportunity. The chance to easily "save out" and focus on the next hole. Being able to meet these obstacles as opportunities adjusts our perception and can inspire us to greater heights.

Pros and Cons

2009-08-18 02:45:46 by jdixon

I've unofficially kicked off the pre-planning phase of DCBSDCon 2010 for tossing around ideas and informal preparations. If you're interested in becoming an event organizer (think carefully) or sponsor (spend graciously), I'd love to hear from you now. We'll be recruiting event volunteers as the New Year gets closer.

A lot of friends have been asking me when the event will happen. There's a strong possibility that it will be pushed back from February (where the F stands for effing cold) to April. DC weather is much more cooperative during the spring months (cherry blossoms anyone?).

Noit Grows Hair on Your Chest

2009-08-15 14:09:13 by jdixon

Todd Hoff over at High Scalability takes a look at Reconnoiter. He went through the [currently] arduous task of installing and configuring it manually; setting up checks can be a hairy experience. But the end result seems to justify the initial pain. It's a very exciting (and useful) application that will only get better as the #noit devs continue to hack on it.

As an Ops guy over at OmniTI, I've been fortunate to watch Reconnoiter's incubation process. Theo Schlossnagle is probably one of the smartest guys in this industry and he gets scalability issues. We've batted around ideas about network trend and analysis tools before (e.g. NFDB) so naturally I'm anxious to see where Noit takes us.

Shiny Objects and WTFs

2009-08-13 03:42:54 by jdixon

I've never claimed to be a prolific hacker. I take much longer to complete a simple piece of code than even your typical hobbyist programmer. I'm easily distracted by shiny objects and WTFs.

Nevertheless, I finally gave in and threw together something resembling a blogging app. There are no fancy features yet, and likely never will be. It currently does about 90% of what I want it to do, which is closer to 2% of what the typical blogging/CMS application is capable of. It's my own KISS approach with a healthy peppering of careful input handling and a simple SQLite backend.

If you've been looking for a small blog application, particularly one designed for running in OpenBSD's default httpd(8) chroot, then Blogsum might be good for you. If not, that's ok too. Let the next guy have his World Domination. I just want to blog some.

Introducing Blogsum

2009-08-10 19:16:13 by jdixon

This is an in-development version of blogsum. The goal is a simple, secure blogging application that doesn't come with useless knobs or hurdles.

The anti-wordpress.