/usr/local.com
half true, half interesting, mostly BS
Buckle Up
In: Cool Videos
6 Feb 2010Important message, well done video!
- No Comments
- Tags: Cool Videos
Monit Tricks
In: SysAdmin| Tips & Tricks
4 Feb 2010Recently I had a chance to do a little monit foo with a co-worker for a rather interesting project that we will hopefully be sending off into the intertubes.
For one part of this project, I got the chance to get my hands dirty with my old friend monit. Monit, for those that don’t know, is a UNIX system administrators dream.
Here’s a brief run down of what monit can do from the web site:
Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. You can use Monit to monitor files, directories and filesystems for changes, such as timestamp changes, checksum changes or size changes. You can also monitor remote hosts; Monit can ping a remote host and can check TCP/IP port connections and server protocols. Monit is controlled via an easy to use control file based on a free-format, token-oriented syntax. Monit logs to syslog or to its own log file and notifies you about error conditions and recovery status via customizable alert.
So…with that little bit of unnecessary advertising going on. What was I trying to do? It was pretty simple really. Monitor a process, if it is not running, restart it. However, there was a twist that I hadn’t done before. It needed to restart as a particular user. My past experience had always been monitoring applications such as a ssh server or smtp server. I hadn’t gone down the path of monitoring an application that a user could start. But if you are doing anything like a kiosk, this type of functionality might come in handy for you.
The solution is ridiculously simple. All you need to do is add an “as” line to the start portion of your script. Here’s an example I found online:
start program = "/etc/init.d/tomcat start"
as uid nobody and gid nobody
stop program = "/etc/init.d/tomcat stop"
# You can also use id numbers instead and write:
as uid 99 and with gid 99
I’m sure I’m not the only one that has run into this so I figured I would help spread the word on a very obvious and probably overlooked monit feature.
- No Comments
- Tags: monit, SysAdmin, Tips and Tricks
Staying Late
In: Cool Videos
3 Feb 2010Now this is a different twist on book advertising. How often do you see a trailer for a book?
If you haven’t had a chance to read their first book, its all online at gettingreal.37signals.com. Its well worth the read.
Chasing Sound
In: Cool Videos
15 Jan 2010One of the pioneer’s of modern music. Well worth the couple of hours to sit down and take this in.
- Comments Off
- Tags: Cool Videos, Les Paul, Music, Pioneers
Another Goal
In: In the news
9 Jan 2010I’ve already stated my main 5 goals for 2010. But this morning I realized that I have developed a very bad habit since getting my iPhone a few years back. This is kind of related to goal #1 of work less. But I think it needs to be separated out on its one.
My iPhone serves several functions for me in the morning. Its my alarm, weather station and unfortunately, its my email client. Yup, one of the first things I do in the morning is check my email. Am I getting called by our 24/7 NOC? If there was something wrong, they would call! So why in the world am I checking first thing in the morning. I don’t need to know that right away. There are more important things to do like eat breakfast, take the dog for a walk, etc. Unless I have an early morning meeting (not recommended for programmers and admins), email just doesn’t need to be in the mix until I get into the office. At the very least it can wait until I have some Cherrios in my belly.
So goal #6: Stop checking email first thing in the morning.
- Comments Off
- Tags: Goals
Bing!
In: In the news| Micro$oft
8 Jan 2010Recently we had a pretty funny conversation with our Microsoft premier support tech. It was clear that a memo had gone out from up above and he was doing his part to push bing out to everyone that he could. Unfortunately, he forgot he was talking to engineers. We’re smart ass bastards and he should know better.
The conversation went something like this.
Tech: Have you guys tried Bing yet?
Us: Yeah, but I don’t see us switching anytime soon. Google is still the better search engine.
Tech: Really guys? I haven’t found that to be the case. Bing has been really great!
Us: Ok, let’s do an experiment shall we, Go to bing and search for “Exchange 2007 SP2 rollup 1 download”. You’ll find a bunch of blogs talking about the download, but not the actual download page itself. Now go to google, type in the same thing and hit the “I’m feeling lucky” button.
At the time of this conversation, the “I’m feeling lucky” link took you straight to the download page, the bing results did NOT have the download page listed on their first page of results.
Tech: Oh, yeah…I guess we have some things to work out.
Us: We’ll try again once Microsoft figures out how to index their own site.
Unfortunately, that conversation happened a couple of months ago. The results are getting a little bitter for bing, but google is still the king of search.
HMC Resource Management
In: Micro$oft| Tips & Tricks
5 Jan 2010Today I’m going to talk about the wonderful thing that is the Resource Manger for HMC (Hosted Messaging and Collaboration), the wondering framework from Microsoft for provisioning users for Exchange, OCS and SharePoint automagically.
Now, we tend to do things a bit differently at my current job. For example, I’m pretty sure I’m the only developer in the US that is hitting HMC (again, a Microsoft product) with PHP hosted on our linux based customer portal. That’s right, the Unix guys is the lead developer hitting a very Microsoft-centric product. Normally this would be done by a .Net developer.
So what does the Resource Manager give you? Well, the resource manager allows you to add, edit, remove mail databases for use on the system in the Exchange world which is what we are mainly going to focus on. When you first setup these resources, you set certain parameters for the mail stores. Do you want the domains on there to be tightPack or minStoreCount. TightPack attempts to use the smallest number of mail stores. MinStoreCount attempts to minimize the number of stores allocated to each org. We have gone with the minStoreCount model as we want to have all the users of the same domain live on the same store if possible.
Which is good in theory, but Microsoft has an extremely poor implementation of this.
Here’s an example. There is a domain on our system. The users used to live in 2 mail stores. We moved the users, through HMC calls, to all live in the same mail store. Now, when we create a new user, we do not specify the mail store. We rely on HMC and the resource manager to put the user in the correct location. Unfortunately, Microsoft drops the ball big time here. Instead of putting the user on the correct mail store with the other 30 accounts, it instead picks the old store that has no users on it. It fails to figure out that the mail store has been abandoned by that domain and continues to put users there.
Nice right?
So how do we get around this? Simple, write our own and tell them exactly where to put it. Yes, that’s right, recreating the wheel. Well all know we don’t need a rounder wheel. But in this case, we’re actually improving the functionality of the system.
I can’t go into the detail of how we actually implemented our system. But I can tell you, its already paying off by putting the users in the correct location.
But but but…is that it? Is that all you really solved? Do you really care if the users are spread out? Well, yeah, we do. We want them to be in the same mail store to help save on space for those messages that have the same attachment that went out to every users in the organization. Its not going to save you a ton of space, but it does save a lot more than you think it does.
But the placing of users isn’t the only improvement that we got from writing our own resource manager. One lacking feature of the resource manager is the ability to mark mailstores as non provisionable. I’m sure I’m going to get someone from Microsoft telling me that yes you can, there is a bit you can flip. And I’m here to tell you, they’re right, but they completely missed the boat on actual implementation.
It is true, you can mark a mail database as non provisionable. However, when you create a new user, HMC will ask which databases the domain lives on and picks one of them. note, it doesn’t query for all the databases that are provisionable, it asks for ALL of them for the domain. There is a chance, a very GOOD chance that HMC may automatically pick one of the stores that you have marked as not provisoinable. Awesome I know.
So how do you get around this little gem. Well, you can mess with the resource manager as we ran for a while. We had a script that would run daily and check a list of databases that we had marked to not have new users on them. Then it would check out the free space on the system and mess with the resource manager basically tricking the resource manager that it would be out of space. This had the same effect of not having new users allocated to it on the system as the resource manager would at least check to see if there was enough space on the database when putting a user on there. But even this had its drawbacks. For example, what if you have a system setup where you have plans in place where a user can have a 1GB, 2GB and 4GB mailbox. They have the 1GB plan and want to upgrade. Guess what, if the datastore doesn’t think that there is any more space on the drive, you you CANNOT upgrade them. Why in the world would you ever want someone to upgrade their account and spend more money with you. Crazy talk I know.
I’m sure you’re thinking, how in the heck did you ever come up with these crazy ways of mail database retirement. These suggestions came from Microsoft themselves. Even our premier tech support guy (who is awesome btw) didn’t know that these changes would cause such ass ache. Its like they never ran into a situation where someone would want to mark a database to not have any more new users allocated to it.
Our solution, write our own resource manager. not for the weak of heart, but I’m also not a pansy when it comes to this sort of thing. What we have done is put in place a system that keeps track of where each user, domain and mail store is located, how many users per store and where each domain lives. We can easily query this for the best place to put a user, but also the best place to put a user even if you have retired all the stores that the domain lives on, the system is smart enough to place the user on a new datastore for that particular domain. now when a new user is created, our provisioning system queries the resource manager, gets the appropriate store and we put that once “optional” parameter in HMC in the request XML and basically bypass the pile of shit resource manager that Microsoft has given us.
I’m sure that the big boys out there in this space will laugh at this post. I’m sure that they are way past where we are at. Or they have a bigger team that ran into this problem and put in their own solution. But if you happen to be starting out and are relying on the HMC resource manager, you might want to think again on that one. Eventually, you’ll write your own.
The Winter Olympics and the World Cup in 2010, sports fans have a lot to be happy about this year!
- Comments Off
- Tags: World Cup
We launched our Hosted Exchange 2007 Product just over a year ago. And for the most part, things have gone great.
One of our early decisions was to balance the security of the system while making the system as user friendly as possible. Originally, we had a pretty strict password policy. We soon found that many of our customers were not too happy with this policy and thought it was too much. Were we out of control security freaks? Shouldn’t the customer appreciate the steps that we are taking to not only secure our servers, but their information!
Looking around at other vendors, we quickly found that we may be a bit too harsh. Take Gmail for example. Sure its not exchange. But then again it has over 100 million users. If they had massive issues with security and hacking, they clearly have it under control behind the scenes so things do not get out of hand.
And have you ever been prompted to change your password on gmail? I haven’t.
So we compromised. We altered the time between when the system forces you to change your password. We altered the number of passwords that you could recycle. And we also added a somewhat buried feature in our customer portal. That feature, ‘allow passwords to never expire’
Holy crap! Let’s just blow a huge freaking hole in the security system shall we.
This was a feature that we were not all that happy about, but with the other measures in place we figured we would avoid passwords such as abc123. It makes the end user happy, we have some level of security though not as high and tight as we would like. But its better than having things wide open.
Now here is the shocking part of this. 20% of our users have this feature enabled. 20-feaking-percent! I was really hoping for this number to be in the 5-10% range.
But no, 1 in 5 of our users will never change their password again.
Or will they?
I’m currently developing a nag script that will send out a reminder to the end users ever couple of months. Not enough to completely annoy the heck out of them. But hopefully enough to get a good portion of that 20% to change their passwords on a semi-regular basis.
So what do you do for your password policy? Leave your tips and tricks in the comments section. We’d like to hear what you think is an acceptable policy to stay secure!
- Comments Off
- Tags: Hosted Exchange, Policy, Security
Goal Setting
In: In the news
30 Dec 2009As the end of the year is quickly approaching, I like to look back at what I have accomplished for the year and what new things I will strive to complete in 2010. Some people like to make a New Year’s resolution. I personally think that this is great, but limiting. Most people will set one goal for the year and probably abandon that resolution within a few months. Typically these resolutions center around weight loss which is fine and the local gyms like to prey on these individuals.
For me, I like a nice set of goals to work towards. I do this both professionally and personally. I can’t share my professional goals with you as most of them involve products yet to be launched.
However, I can share some of my personal goals.
- Continue to work on not working too hard. The home life balance is just that, a balance. I need to continue to work on making sure that work life does not overlap into the home life. The big boss and I will celebrate 10 years this year. Seeing the next 10 and the 10 after that is pretty important to me. When I look back in 50 years, I don’t want to say, I should have spent more time with my family. I’m fine not getting a project done if it means having a better life at home. Goal #1: work less
- Yes, I do have some of the same weight goals like the rest of you. But I’m not going to state I want to weigh XYZ by date X. I first thought about setting a goal where I would run 4 – 5K races this year. Yes, its something that I haven’t done before but it isn’t that much of a stretch for me. For some people, running 3.2 miles is a joke. I used to be one of those people back in high school. For others, running a mile is something that they could never do. Which is pretty sad, but one of the harsh realities of our culture today. Running 4 races takes some time and keeping a certain physical endurance up but its not a huge stretch for where I am currently. And I’m not going to be crazy enough to say I’m going to run a marathon this year. I just don’t have the time or the desire.
Instead, my goal is to do something that i haven’t done in 15 years. Back in high school, our soccer team had to run 2 miles in under 12 minutes. This is something that I haven’t done since then and it definitely takes some endurance and muscle to get there. Along the way, I figure that I will drop to the weight I want to be at in order to accomplish this goal. So goal #2: 2 in 12.
- Get more out of my side business. You would think that this is completely contradictory to goal #1. But my goal is to dedicate 1 hour a day to my side business. Make a 5 hour work week and see what I can do. Typically the big boss goes to bed before I do so this works out well. I usually have 2 hours to read blogs, cruise the internet and work on side projects. I need to put more of a focus on my side business which is something that I haven’t done as good of a job as I would like in 2009. Goal #3: the 5 hour work week.
- Inbox Zero – all year! I will review here shortly in another blog post, my inbox is better, but its not as clean as i would like it to be. I need to do a better job of turning emails into action items that I can put on a list. I think email automation to tasks will be a pretty huge accomplishment for 2010. Goal #4: Inbox Zero!
- As a computer guy, I spend a LOT of time in front of the computer screen. I surf, program, blog, tweet, update facebook, check email, the list can go on and on. One thing that I don’t spend enough time doing is being away from the screen and getting lost in a good book. I like to read and have several books sitting around waiting to be cracked open. I just don’t spend enough time actually doing this activity. I’m going to dedicate myself to reading more in 2010. Goal #5: read one book a month.
5 goals for 2010. Some will take time, some will take hard work, but all are do-able. I’ll let you know how my goals are reached through out the year.
- (1) Comment
- Tags: Goals
Photostream
Categories
- Apple (19)
- Cool Videos (27)
- Design (6)
- DevDog (15)
- Dogs (4)
- Dumb People (8)
- Hockey (1)
- In the news (63)
- iPhone App Reviews (5)
- Links (8)
- Micro$oft (14)
- Packers (5)
- Politics (21)
- Rants (18)
- Security (12)
- Site News (6)
- Spam (6)
- SysAdmin (13)
- Tips & Tricks (7)
- Toys (1)
Archives
- Another Goal - /usr/local.com: [...] already stated my main 5 goals for 2010. But this morning I realized that I have developed a v [...]
- Judas wears a purple #4 - /usr/local.com: [...] written about it before, I enjoy watching number 4 play. But for the Vikings!?!?! [...] [...]
- blog.brentb.com » iTunes 8.2 Released: [...] but I want a mouse when I have 8-9 pages of Apps on my phone that I want to sort. Matt with [...]
- IgniteIT Talk - /usr/local.com: [...] a month ago I gave a lightning talk at a local IgniteIT Event. I haven’t done a lot of p [...]
- matt: Oh I hear ya there. I still haven't been able to successfully update my avatar on there. I'm not s [...]
twitter.com/usrlocal
- A sales guy follows up with a call 4 minutes after sending me an email asking when we can talk. I haven't responded of WHEN we can talk yet
- Just realized I was backing up web logs. 3 freaking GB of web logs! #trimmingthefat #backuptesting #sysadmin
- Puppy Bowl on Animal Planet!!! This could result in us adopting another pooch.
- RT @iapp100: Check it out, the Super Bowl XLIV Official NFL Game Program on your phone. http://iapp100.com/detail.aspx?id=98993
- RT @donttrythis: This: http://www.youtube.com/watch?v=h-8PBx7isoM Is one of the loveliest PSAs I've ever seen. < couldn't agree more