Today is the day of lots of uneducated information on the internet while researching.

I’m trying to get ntpd to sync off a Windows Server 2003 SP1 box that has the PDC role. There’s a lot of information out there about how w32time between 2000 and 2003 are different, as well as possible 2003 SP1. Complaints from the open source people about how w32time is a crappy SNTP server instead of an NTP server, however a lot of it sounds like their education on the matter is out of date.

This bit here looks close. What follows is what I did, with an attempt made to make it clean looking.

rem pretend we’re reliable
w32tm /config /reliable:yes
rem someone said this being too high was a problem
w32tm /config /localclockdispersion:5
rem changes to ntp from nt5ds or whatever
w32tm /config /syncfromflags:manual
rem use an external server ( NEEDED! )
w32tm /config /manualpeerlist:pool.ntp.org
rem tells w32time to reread it’s config
w32tm /config /update
rem just for kicks
net stop w32time && net start w32time

It’s worth noting that this didn’t work until I synced ntp with something. Apparently w32time doesn’t fake its stratum in such a way that ntp believes. It’s working though. Tomorrow I’ll play more.

update: things seem good now. Wanted to through in this link which had good information about some of the registry keys associated with w32time. This tech article at Microsoft was [surprisingly] the best article I found regarding integrating ntpd + w32time. This blog post has much of the same information as mine and makes more sense in the aftermath. And this article is microsoft’s registry key reference.

I used to bookmark daily sites in a firebox folder just right click, open in tabs to get all my daily sites. I’ve mentioned previously that ones needs to take an additional step (setting ‘browser.tabs.loadFolderAndReplace’ to false as it oddly is set to true) to prevent firefox from mangling your existing tabs, essential for tab heavy people like me. On that note I’d also recommend using the Tab Mix Plus plugin. I turn on “Multirow” which much better supports over ten tabs or so than firefox, and use it’s session restore feature over firefox’s, turning on “ask on startup” so whenever I restart instead of crash, I can still get my old sessions back (tabs!).

Having started a new job, among other things, I’ve had to create these same folders too many times. I’ve just started using del.icio.us today and I’ve installed the full bookmarks plugin which is importantly different than the buttons plugin as it gives you sidebar and top bar access to your del.icio.us (online!) plugins in realtime. Alas, I installed that first, and the bookmarks plugin detected the buttons plugin and disabled it, as it has some of the same buttons and operates in the way I wanted.

I’ve only got this set up on my current work desktop, but when I get home I’ll migrate my bookmarks over and I think I’ll be quite happy. I’m certainly down with the UI so far. Of course, del.icio.us is designed to be pretty “public” and others can see your bookmarks. I guess you can mark certain bookmarks as private, such as your pron or whatnot, but I’m a public kind of guy so I’m not worried about it.

It took me far too long to realize that right clicking on the toolbars gave me the option to uncheck the built in bookmark toolbar and make it go away. I probably wouldn’t use this at home as I use RSS bookmarks to track certain wiki’s and planets, but at work I currently have a crappy monitor and needed the real estate. Looks like I can put rss feeds in del.icio.us and they work as expected though.

Starting today at a new job at WideMile, a Seattle startup (someone not from Seattle might not realize that 5-10 years is still often “startup”) that makes web software and systems to make other companies web sites not suck. Which is noble AND cool.

Of course, it’s more complex, and I don’t REALLY know what it does, but that’s okay. Today I’m building myself a chair and a desktop. So yeah. Startup. The data center is here, big time, high bandwidth, but has grown naturally. So I’ve been there, let’s call Haydrian a dry run for this. Should prove to me more entertaining.

Anyways, goodtimes. Glad to be back to work and be producing something, even if it is just a chair. I’m in downtown now too, so we’ll see how that works out, but any lunch suggestions would be grand.

A bit ago I posted about getting a Western Digital My Book World WDG2NC10000 1TB box. I had it drop off the network a couple times and stopped trying to move data over to it en mass until I could resolve the problems. After digging through one of those crappy knowledge bases (when will people learn what a wiki is?) I found this: “If there is heavy I/O load put on the network and WD My Book World Edition hard drive, it is recommended that a static IP address be used rather than DHCP.” with no explanation.

I switched to a static IP and I’v moved 50gb or so now without it dropping off the network onces, whereas before it’d drop somewhere around 10gb or so. Working much better now.

While at Haydrian we began toying a bit with Oracle database. Using Ubuntu a debian package was needed but Oracle has it’s own out of control installer that’s gui based. I’m not an Oracle DBA, so this was a learning experience. I couldn’t find deb’s out there, so I wrote a build system to make one in a cheating way. This is in no form ready for public use, but it’s a great place to start if you want to put Oracle in a deb.

Grab the tar file here Basically you need to take a build box that’s clean and run the build.sh there. You’ll need to either have the oracle archive ready locally or on a server, see build.sh before you run it. It’ll check for dependencies and try to make an install, then package it up. It won’t pass a lintian check or anything at all. it doesn’t meet any LSB shit. It’s a mess. but it was working for us best as anyone could tell me.

the build shell runs a few python scripts that poke around that box and try to ensure it meets the requirements that oracle presents in the lengthy install document. It builds some trees, then runs the oracle installer headless in a preseed/unattended mode. Note that the install is big, a couple of gigs. You’ll need more than that because of the hacked up way I stuff it into a deb.

A former coworker said there is something better out there than when I last looked. Maybe he’ll comment and add it. Anyways, ask me any questions. I got permission to GPL all of this, so feel free to do something decent with it. There’ll be proprietary configurations in there (like the non-FSB directory trees). I figure at this point it’s best it’s just out there, as I don’t have the time or the desire to work with it.

Looks like the startup I work for is going to possibly be very unstartup soon, so depending on the next week or two I may be looking to move on. It’s always fun surfing job descriptions for Sys/net admin. jobs because it seems like they take a list of every technology they have in the office and list it as a requirement. Fortunately this is Seattle, so there’s some reasonable folks out there especially on craigslist who write listings that amount to “must be a motivated linux geek”. Which I’m totally in agreement with. I come from a background where I learned a lot by leveraging my skills and open source to do great things for cheap for small companies that knew little about linux and pals. but knew they didn’t have any money to spend. In these situations and many that have followed the situation was such that a business person would provide a need, and I’d find a solution. Anyways, props to people who have been in the trenches and value experience making shit work. Back to working on the resume and linkedin.

I picked up a Netgear sc101 a few days back as it was on sale. Turns out everyone hates it. Theres been some reverse engineering work, likely from Google SoC. But for the most part it tries to be a really cheap SAN. Avoiding the SAN vs NAS argument, it has a proprietary protocol and filesystem and requires windows drivers that just provide a drive letter. The aforementioned sc101-nbd code isn’t compatible with these drives, but does give linux access to the disks. In the end the simplest solution is sharing the drive via windows box with smb/cifs, which is of course, very lame. Mostly it’s supposed to be slow and sometimes blows up from the complaints I’ve read. But i had a couple 250gb ide drives in a loud server in my bedroom that I’d prefer to leave off, so it should serve as an acceptable house for those.

My long time friend Matthew is in town visiting since I’ve been out sick for a bit due to my motorcycle accident. He said he had used one and it ended up sucking so he got a a WD MyBook. I had seen one at Fry’s the other day but it was $$$. We stopped by Best Buy looking for some parts on Friday and they had a 1TB My Book World Edition II on clearance for about $300 after tax. This is nice because it’s dual 500gb drives which can be set to raid1. I don’t know what filesystem it uses yet so I don’t know about out of band disk recovery but it provides smb/cifs access which is certainly slick. There’s a bunch of small business features like proprietary remote access technology that I certainly won’t use but Matthew uses and says is great. It’s got ACL shit that’s configurable via web, but again, this is only useful for real small business solutions. It has a USB port and there’s bits in the web interface that talk about sharing USB drives. If I can hang one of my many external USB drives off this rather than my windows box that’d be great.

At PAX I started watching the Yahoo Wii Buyers Guide and Wii Tracker. So far only Walmart has had Wii’s available online, and it’s been as a part of their $540 special (Wii Retail is $249) that is a Wii + extra wiimote/nunchuck, big brain academy, 1 choice accessory, and the choice of three games. Kind of a deal, but a big investment for a console who’s nice retail price is a big part of it’s merit.

There were conflicting reports of Metriod Prime 3: Corruption coming out on the Wii today or tomorrow. I thought perhaps Nintendo would send out some extra wii’s for the occasion. I left work today on a wii/motorcycle adventure. In search of a wii, by motorcycle, I figured I’d have a nice ride if nothing turned up.

1) I stopped by Toysrus in Bellevue. It’s in a weird location, and is currently under construction adding a babysrus or something. I figured they’re out of the way and hopes for stock. It’s also near my office. Asked at the counter. No such luck.

2) Best Buy in Bellevue. Didn’t ask, but didn’t see any either.

3) I headed south and went to Fry’s. I’d never been to Fry’s before, it was pretty impressive. I ran into a coworker and gabbed for a bit. I’ll note that Fry’s had tons of Metriod Prime 3. I didn’t look everywhere, but this gave my theory some hope.

4) Renton Walmart. No Wiis. This is the emptiest I’d ever seen this Walmart. Growing up I always expected places like Seattle to have 24 hour Best Buys for the geeks in town. Not true, so I’ve occasionally found myself at walmart at 10:30 or something looking to get some needed cord or game. The nice woman in electronics told me she never knew when they were gettings wiis. “Sometimes I go to lunch and I come back and I’m like, when did we get 15 wiis? Call ahead or keep stopping in, theres no way to tell.”

I was growing tired of the hunt and feeling far from home. I saw southcenter mall, and headed inside.

5) Sears – Southcenter. Seemed like the kind of place nobody would look. They had a price tag for wii’s, but no wiis.

6) Radio Shack – Southcenter. I didn’t know if they carried game consoles. I know Radio Shack had in the past. They also used to carry Ham Radios though. I was shocked at this one. For how small it was, it still had soldering irons, some small parts drawers, scanners (radio) and antennas. No Wiis though.

7) Game Stop – Southcenter. A travesty. Three wii boxes on display, looking like wiis, but no wiis in stock.

I had a soda, and headed back out, wandering around a bit.

8) Target – Southcenter. I got a pretzel. Went to electronics. I saw wii boxes in a glass case. Not to be fooled like at Game Stop, I waited to ask. The employee was busy with other, I got his attention and he said they were real. Yay! He said he’d help me in a few. I tried to figure out if I needed the AV cables or if the 3rd party ones were just stupid “gold plated” markups (The employee didn’t know what was in the Wii box). I grabbed up a Wii points card and classic controller as they only had one and two of each respectively. They game selection stunk, and they had no nunchucks. So I grabbed three wiimotes and assumed I could use another sd card I had lying around rather than buying the wii cards. We’ll see. Eventually I finished my pretzel and wandered around in search of above employee. I found him trying to help a customer figure out why none of the stereos worked. As he gave up and started walking back to his station he was camped by another customer. Fortunately he saw me and realized he had forgotten about me. He apologized profusely and checked me out.

So as of today, there are at least four more Wiis at Target Southcenter, if you’re looking. Might save you eight stops and four hours. I know I could have called, but it was a nice ride.

edit 8/28:

slashdot linked to a couple articles at 1up and gamasutra regarding console sales. The information I was looking for, how long the Wii has been out, was there. this image at gamasutra shows the Wii and PS3 being out the same number of months, with the Wii selling basically double the units. Of course it’s what, half the price as well? But I wonder if the PS3 would have supply issues if it was selling twice as many units. Back in Februrary in response to SCEA President Jack Tretton’s statements about the PS3 being rare, penny-arcade went out in search of them and found tons. The PA guys are from Bellevue and there’s only one best buy in Bellevue, which was my second stop last night. I saw lots of PS3’s on my rounds, but never considered buying one. I did consider getting an XBOX 360 if I couldn’t find a Wii, but it comes down to still wanting to put my hardcore gaming dollars into my PC (Gears is going to require a massive upgrade). I wanted the Wii because, like everyone else, I have fun playing it.

Anyways, crammed five people into my bedroom for Wii Tennis last night, and a good time was had by all.

I may be missing the boat here as this seems a little easy. I bet it’s just out of date. Googling for something like ‘active directory cisco pix’ brings up a number of blogs and forums (1, 2, 3) on enabling active directory authentication for aaa server groups on a pix. All of these examples use IAS to provide radius to the cisco. However, the following works for me:

aaa-server ADGroup protocol nt
aaa-server ADGroup (core) host 192.168.0.10
nt-auth-domain-controller ad-dc1
aaa-server ADGroup (core) host 192.168.0.11
nt-auth-domain-controller ad-dc2

aaa authentication ssh console ADGroup LOCAL

Replace ad-dcX with the netbios name of the server and 192.168.0.x with the actual IP address of the server. The last line configures ssh use to this group and then fall back on the local user database if it can’t access active directory. I just did this for testing, keep in mind that this effectively allows anyone in AD to login to the pix, so you’ll want to look at ‘aaa command authorization’ if you kept this.

Configuring a vpn to use this configuration would be:

tunnel-group TunnelGroupName general-attributes

authentication-server-group ADGroup

I may still use LDAP instead, as I like the granularity of being able to specify a baseDN and creating an LDAP bind account that has limited read access. At the moment I haven’t gotten to playing with Authorization (keeping in mind AAA = Authentication, Authorization and Accounting, and that they have different roles) yet because I usually dial around ASDM with the ‘preview commands before sending them to the device’ preference set and 5.2(2) has a bug (CSCsg92142) that leaves the Authorization tab of VPN Tunnel Groups blank.

Seattle’s hip. Every time I go into a cafe, it’s full of hip kids with hip laptops. What laptops are hip? Mac’s of course. Take Reload Bags for example… badass messenger bags, custom made in a little shop here in Seattle. When ordering laptop bags, be sure to specify which Mac you have, or be prepared to provide exact dimensions. I realize you can’t know the dimension of every laptop (with a little work, I bet you could compile a list of a lot of them though), but I’m trying to show a trend here. Cool kids, with cool bags, cool bikes, and cool coffee, have cool macs.

Not that macs are horrible or anything, but when counterculture becomes the culture, you’ve got to stand back and fight it! How? By accessorising your un-hip laptop with one of these stickers.

Back around y2k, I almost went to college. I had ditched high school a year prior and worked for a bit at the Univeristy of Maine where I expected to go, obviously planning on a EE/CE degree. I had tried to enroll when I dropped out, but you couldn’t enroll without a diploma, and the state wouldn’t let me take the GED until I was 18, unless I was enrolled in college. Despite letters from school officials pleading exceptions, there was a definite lack of a loop hole. By the time I was old enough to take the GED, I finished my diploma with night courses (prior to my previous graduation date no less).

I approached the UMO dean of the EE/CE department and assorted staff looking for guidance on where to begin. I already had five years of Linux experience, not to mention electrical and other computer experience. What I lacked was the college maths and sciences. Where to start? “At the beginning, like everyone else.” I certainly wasn’t going to pay to sit through a course that I already knew the bulk of, or worse could pick up in a fraction of the time with a text book, so it didn’t work out.

That’s been the story ever since. I’ve decided the only way I’m going to get a college education is if I get one in Agriculture or something that’s completely foreign to me. Okay, maybe Political science would be more appropriate, but you get the point.

I’ve gotten into a couple open source projects lately that need some web work (wnmap and pyramid). I ran across the O’Reilly School of Technology somewhere along the way. They have a number of certificate programs and are partnered with University of Illinois for a bit of credibility (and CEUs). That didn’t matter so much, I’m a long time supporter of ORA books, they’re the number one publisher on my bookshelf, first for the heavy technical aspects written in such a way that doesn’t feel 100% reference. Since my web programming hasn’t evolved since php/mysql days, with a bit of CSS because I had to teach it to some students back at Strategy, I figured Javascript would be a great place to pick that back up.

Enter the OST / University of Illinois

So with O’Reillys website claiming “Enroll Now: Try it risk free” for seven days, I figured $400 wouldn’t be a huge waste. I signed up for the Javascript course, part of the Client Side Web Programming Certificate, which is listed as a ‘beginner/intermediate’ course.

I logged in, figured out the built in interface (it’s not vi, lets put it that way up front) for writing code while reading the lessons. I went through ten or so pages and started to wonder when I’d finish the first lesson, as it was getting late. Then I realized I had actually gone through 75% of the course. I went back and did all the quiz’s and objectives (write code and turn it in to an instructor), then finished the rest of the course. All in all I think it was 8-10 hours.

I spent some extra time making code work in Firefox. That was frustrating, as the course never signaled when code was IE only, I think they assumed you used IE up until the very end when they made some menu code and said right out it was IE only. The biggest hurdle was the DOM differences, eventually I just started writing the code in notepad and testing in IE, then pasting it into their interface to save it to the server and upload it to the instructor.

A lot of lessons referenced the w3school and I found that a number of the exercises where exactly the same as the example code on that website. I realize that something like the second lesson was about “recycling javascript from the internet” but it was getting a little absurd.

From my own teaching standpoint, the lesson plan seemed reasonable, but the content was horrid, especially for the price. It’s worth noting that I bought the ORA “Learning Javascript” the same day for $30, and I’ll mention now that this is the correct route to take. Do not take the class, buy the book. That is unless you NEED the certificate, or you’re a noob / non-geek and need the help. In such case, I’d highly recommend a small classroom type environment where you can get face to face tutoring.

Besides the browser incompatibility bit bugging me, the interface worked okay. I’m a poweruser, so it really sucked on one hand being drug out of the command line, but I had some patience. Keeping in mind that I’m not a web programmer, but I am a programmer, it’s not a lot of surprise I picked this up quickly. Object oriented stuff is fairly new to me. I’ve done a lot (standard sysadmin description of a lot) of shell scripting, perl, php and now python. I didn’t notice a lot of inconsistencies, but not knowing javascript, it would be hard to tell. I’d be willing to reckon that the course is pretty old. Whereas the book talks about using CDATA to comment out JS in XHTML, and that HTML commenting JS is a really old technique, the web course didn’t mention CDATA or XHTML, and said that HTML commenting while old was still a good practice. And while there was little discussion of the DOM issues I was working around, there was no discussion of libraries such as prototype or jquery to solve such problems. As well as no discussion about separating the javascript from the html code with src attributes in script elements. I’m sure there’s more that was left out that I’ll realize as I start reading the ORA book.

When is “Risk Free”, not?

Don’t get me wrong, it wasn’t a waste of time, but it was definitely a waste of $400. Now that I’ve looked deeper into getting that 7 day risk free refund, I see that their FAQ says:

You may withdraw from a course online, at any time.
However, the deadline for withdrawing a course with a refund is 7 days from the day of enrollment. If you paid by check/money order, the “day of enrollment” refers to the day that your enrollment account becomes active.

Additionally, if half or more of the assignments within your course have been handed in by you and graded by your Instructor, a full refund is no longer possible, even within the 7 days.

There can be NO EXCEPTIONS to this policy.

Nice. Now that you fully realize this shit was crap, we’re going to keep your $400 because we know you’re not going to ever be coming back. This is a big disappointment in O’Reilly for me. I’ve written anyways asking for a refund. We’ll see what they say. “NO EXCEPTIONS”, sure, but at what point do you admit it’s the same old college scam wrapped up with some e-learning and a popular companies name? Hopefully I can still get a refund, since technically although all of my assignments are handed in, they are NOT graded yet.

Update: 8/23, Javascript 2: AJAX
OST offered me Javascript 2: AJAX for free to make up for the content. I’ll offer additional opinions about this course when I’m done, but I’ll note now that the AJAX as a pizza delivery man analogy totally didn’t work for me. On the upside of this, for $300 the ‘beginner’ level HTML/CSS course I could acquire a certificate, so the whole escapade will end with something for the resume. Although if anyone asks about it in an interview I’ll still be forced to bring the quality to the table.

Most the guides out there for setting up spamassassin seem to convey that simply installing dcc and the likes makes them work. I ran tcpdump on port 6277 though and didn’t see any dcc traffic.

1) I found that DCC in commented out by default under /etc/spamassassin/v310.pre
2) I added the following to /etc/spamassassin/local.cf:

use_dcc 1
dcc_path /usr/bin/dccproc
dcc_add_header 1
dcc_dccifd_path /usr/sbin/dccifd

Note thatI think dcc_add_header is legacy and doesn’t work, and that the dcc_ifd path throws an error in the next debug section, so is likely not needed.

Then I found when running a test:

Step4: Test DCC is working via Spamassassin

First you can download a common spam message that will trigger DCC detection at:

# wget ‘http://kb.atmail.com/attach/spam-mail.txt’

Next, test a message via Spamassassin in debug mode for the results

# spamassassin -t -D < spam-mail.txt

I saw DCC traffic, but not when amavis was running. Recalling how I had to add clamav to the amavis user, as everything runs non-root, so:

3) I added the dcc user to the amavis group and restarted amavis for the sake of it, and I’m seeing dcc traffic now on port 6277.

I didn’t see this anywhere online, but managed to figure it out. My new mail gateway was throwing the error:

Aug 17 11:49:28 mercury postfix/qmgr[28567]: warning: connect to transport transport: No such file or directory

I realized it was because I was using /etc/postfix/transport to forward mail for my domains into the exchange server, and had a default rule of “* transport:nexthop” which should have been “* smtp:nexthop” but I misread the manual page.

Adam and I went down to Portland for Ubuntu Live. Eric and Andy made it down from Seattle as well. I don’t go to many of these things because the technical contact is low and the costs are high. They seem generally designed to learn your average joe, not the geeks and hackers. Most of what I was looking forward to wasn’t as interesting as the surprises.

The Keynotes were rad, but there were too many. At least, there got to be too much overlap. Keynote speakers were Mark Shuttleworth, Chris Kenyon and Matt Zimmerman of Canonical; Tim O’Reilly; Doug Fisher of Intel (talking about Mobile & Ubuntu and the Intel/Ubuntu relationships); Mårten Mickos of MySQL; Jeff Waugh; Mitchell Kapor of Louts 1-2-3 fame and Eben Moglen. There were others as too. The message is clear, Ubuntu has grown up fast and is in a great position to provide a open platform to solve problems for people. I hadn’t really expected the keynotes to be interesting and hadn’t really noticed them until I was in the first set.

From the sessions, I most enjoyed AppArmor with Crispin Cowan, Linux-based firmware testing with Rolla Selbak and hardware compatibility mainly with Kyle McMartin. Props to Kyle for taking a minute to look at my weird bug where sata disks are coming up as /dev/eth2 (lp 127404).

So technically though, meh. I know better. The best part was of course meeting other developers and admins. It was interesting hearing more about Larry Augustine and others at Medsphere and FOSS license/DMCA evilness, see GPL Medicine for a little background.

We got to talk to Canonical devs a bit, as well as Shuttleworth both at the venue and at Kell’s later. Most important was talking to these kinds of people who do rather than just talk.

The Ubuntu developer conferences were recommended, and I might look at attending one but I think I’ll be sticking to cheap hacker cons for a while. I’ve got some Portland souvenirs, and had a good time bar hopping a bit, but I’ll have to make it back down sometime without so many plans and hike about.

Quick note. In the course of updating some passwords I found a web.config file that contained clear text passwords. Passwords can be stored in cleartext, md5 or sha1 hashes as specified here. There’s surprisingly no hash generator kicking around a default system. I’ve used /sbin/grub-md5-crypt in the past but the output is crypt compatible, not a standard hash. craSH pointed out ‘openssl dgst’ which worked great. It’s normally for hashing a file, but will take input on stdin. Keep in mind that echo produces a \n by default, which affects the hash.

echo -n mypassword | openssl dgst -sha1

So I have an NS50, and in the process of going through and trying to convert the VIP (pat) on the mail server to a MIP (nat) I’ve found a bug in the web interface that breaks the web interface when I remove a port mapping from this VIP address. Unfortunately I need to remove the port mappings before I can remove the address as a VIP, and I can’t add the address as a MIP until it’s no longer a VIP.

Anyways. I try to find a patch on the vendor site, but I need an account. I find an old account, but the warranty has expired and we don’t have support. So I get a hold of Juniper and I’m told that to get the problem resolved, I’ll need to upgrade, and to upgrade I need support. But not just support, I have to buy support for every year between I bought the thing and now when I didn’t have support, as well as a possible 25% penalty. I’ve emailed my reseller to get a quote on this, but let’s just say I’m not a huge fan of this shit right now.