Wednesday, March 14, 2007

RHEL 5 is released today

Tonight, I read a review by Linux Format , the best-selling Linux magazine in the UK. The review is done for the latest RHEL 5 (Redhat Enterprise 5) which is released today. Technology enhancements are welcomed, such as those in SELinux administration and full integration of Xen virtualization as expected from Fedora Core 6.  The review also included an Q/A interview with Nick Carr, general manager, RHEL.

More noteworthy is that, Redhat Inc., as a company, has revamped its support, marketing, customer relation plan, and its relationship with the open source community. As stated in the review, the company has realigned the whole company to work better with the open source community as well as their enterprise customers. 
  • The one page SLA
  • server/client flavor versus the traditional WS/ES/AS flavors for RHEL3 and RHEL4.

Wednesday, February 14, 2007

first impression of Bestpractical's RT, an open source ticketing system

I heard quite a bit of good things about RT, an open source ticketing system.  Here is the first impression I had after retrieving the source tarball off's web site.

The current stable version is 3.6.1.

Per README in the source tarball,
  • "RT is an enterprise-grade issue tracking system. It allows organizations to keep track of what needs to get done, who is working on which tasks, what's already been done, and when tasks were (or weren't) completed."
  • GPLv2
  • commercial support is available including training and such: .

The installation seems a little too involving, even for a professional UNIX/linux system engineer.
  • it requires Perl >5.8.3 with a lot of CPAN modules. To the developer's credit, a RT util tool is built to help get CPAN modules and compile them in place.
  • It support a few RDBMS as its backend: MySQL/Postgres/Oracle/SQLite
  • Apache with mod_perl (or FastCGI)

Tuesday, February 13, 2007

linttylog hang my Linux system on a Dell PowerEdge 6850 at first run

When troubleshooting a Dell PowerEdge 6850 server, I read on Dell's linux-poweredge mailing list that a small utility named linttylog may be useful to dump log from the PERC raid controller.  The function sounded a lot like what action=exportlog does using OMSA's srvadmin services. However, I was desperate enough to try anything reportedly working. So, without much ado, I downloaded the utility. It came in as an RPM and was a bit aged (probably out-of-date too).

syb04:/# rpm -ivh linttylog-1.00-0.i386.rpm
Preparing...                ########################################### [100%]
   1:linttylog              ########################################### [100%]

syb04:/# linttylog

        Serial Port Output History Handling Application 1.00 (Date 10/01/2003)
                Copyright (c) 2003 LSI Logic Corp.

Depending on the buffer size, it may take several minutes...Please wait...

        TTY History Updated in the file tty.log.

syb04:/# ls -ltr
The ssh shell session got disconnected from here. I couldn't log back in either. No response on serial console either. Nothing on the console screen. Nothing logged onto the remote syslogd server either, even though all kernel.* and all *.warn are redirected via /etc/syslogd.conf and verified to be working.

I had to power cycle the server to get it back online again. Once the server was back, I re-ran the utility successfully without any problem. What the ... The moral of this post is not to run linttylog on your mission critical system in production.

Wednesday, February 07, 2007

lay off ~= business strategy ~= choked by your own success

Four weeks ago, I called in to a meeting from home. In that meeting, John, my manager was let go, because the business strategy has renewed. The rest of us were assured in a later company-wide town-hall meeting, that "this is the team we are going forward with." John wasn't present. I was told later that he was asked not come in at all and his employment terminated that day. Why the rush? We were just about to roll out a major release on the ASP platform our team work on for the first third of our customer base. John was a hands-on manager, so the big void caused by his departure was apparent.

Three weeks ago, Stevie, Matt, and Prakash, three more team members, were let go. Their positions were eliminated, because the management is confident that the latest release on the ASP platform is "feature-rich and robust enough to go forward without new development, for years to come". Again, my team or the left half of it were assured that "this is the team we are going forward with." Why the rush? We were yet to roll out the major release to the rest two thirds of our customer base.

Does this second layoff justification suggest that our team choked by our own success? If less feature were rushed in by John and squeezed in by Sales/marketing and we didn't work days and nights and weekends to smooth the edges, we'd all still have jobs? I couldn't help wondering whether this why ISVs release bug-ridden code or QA/test inadequately.

At any rate, the red PANIC button has been pounded on. Seasoned professionals as we are, we instantly hit the floor. Calling recruiters, line up old friends and contacts, update resumes and post them. It pretty much resembles a scene where rats rush off a sinking boat.

Various news starts to tickle in through the cubicle walls. Hallway meetings anytime. Then, Matt's sense of humor struck me. He said, "Yes they were a bit clumsy firing people. It could only be a good thing. At least they are not used to this kind of thing or hadn't do it often enough to become proficient and smooth."

I don't think I am thinking straight right now. I probably will add a few more comments when I have leisure to reflect, after I find my new job somewhere else.

Thursday, January 18, 2007

how to verify ownership to Yahoo on blog server

The mischief caused by 404.php template is not a problem for authentication, when I stumbled into Yahoo!'s Site Explorer. To claim your site, you were instructed to place a special file with special content under / of the site. This way, one GET will do and have no problem with customized 404 pages. The latter is pretty common in use for sites managed by a CMS (Content Management System) or blogging servers. I wonder how come the smart engineers at Google decide to do two GET instead...

Once I added the required file on my blog server's / and clicked to continue, the next page asked me to keep the file there for 24 hours, till Yahoo's bots take their sweet time to crawl, literally! To a sharp contrast, Google's webmaster tool authenticates site ownership real-time, and sucks in sitemaps real-time too!

Placing a special file under / is the only way to authenticate your ownership on Yahoo Site Explorer. For millions of hosted sites (blogs or otherwise) whereas content owners don't have access to the /, they'd be out of luck. For now, at least. Hopefully when Yahoo! Site Explorer comes out of beta, they'd come up with a way to authenticate sites whose content owner have content-level access (META tokens, maybe?) instead of file-level access.

In comparison with Google's web master tools, Yahoo's site explorer is so spartan right now. Its own blog hasn't been updated for a few months now. I guess it is real beta then.

Sunday, January 14, 2007

trial & errors :: SEO Dave's adSense-spiked themes

It's a God-send when I found SEO Dave's themes for blogs. He spiked some default themes with Google's adSense and optimized the placements. I gladly took his words for it, since he is a SEO consultant by trade.  This way, I can get new sites up quickly w/o laboring on SEO first :)

On a new server I set up recently, I attempted to unzip the five theme zip files obtained from his blog. I was surprised to be prompted to overwrite this file and that file. I said 'None'.  It turned out that only "connections", one of five zip files holds everything under a directory, as expected for a compliant theme package, which is to be extracted under /wordpress/wp-content/themes. No biggie, a little command line bash magic, I got it.

/wordpress/themes.php, the admin page to preview and activate a theme,  now showed all of them. Many, however, didn't show preview screenshots. Some of them even reported errors. Long listing of these files on the server revealed that the permission was too restrictive: 0700 for directory and 0600 for files. The root user's umask is 0022, so I am sure the restrictive permissions came from the theme zip, instead of from my sometimes overly-secure setup on the server. A few find and chmod later, all is well again.

There may be a bug in the original or spiked Blix theme, as it treats any new page as top-level, even if it is specified as child page for the ubiquitous About page. Same parent-child page relationship was handled properly by other themes such as Kubrick.

I posted a comment on SEO Dave's site in hope he may check it out, along with a wish of using Google's search box instead of the default search box.

how to verify ownership to Google on blog server

I was checking out Google's web master tools site the other night.  In order to verify the ownership, I opted to create a static HTML file on my site. Google failed to verify the ownership, stating it received a 404 error inside a 220-status page. I saw the file on the server and could browse to it properly using a browser too.

Puzzled, I looked at the server's access log. It turned out the Google attempted to retrieve two files. One was the long-winding name it stipulated. The other was the former file with its name prefixed with 'noexist_'.  The logic is clear: Google wants be sure the 220 code returned for the "magic" file is real, by verifying a different code (404 in this case) would be returned if the "magic" file doesn't exist. - - [11/Jan/2007:20:12:20 -0500] "GET /google0467d40068c96de7.html HTTP/1.1" 200 59 - - [11/Jan/2007:20:12:20 -0500] "GET /noexist_0467d40068c96de7.html HTTP/1.1" 200 5306

The help page claims Goggle does HEAD only. This obviously isn't true, or isn't true any more, per Apache's access log entries above.

<META name="verify-v1" content="DGxlTrIdDwI9xwBYeYOMddr34POYb934o45vCpf3t+nvcI=" />
I ended up use the META tag instead. I copy+pasted it into /wp-content/themes/myTheme/header.php right before </HEAD><BODY>. This time it worked just fine.

The mischief was caused by a beautified 404 page generated by the /wp-content/themes/myTheme/404.php. Vaguely recalling Apache's manual pages do state that ErrorDocument directive and some other types of redirect tend to lose the original response status code, be it 404, 501, or 403.

Wednesday, January 10, 2007

AJP proxy enabled by default for Apache 2.2.3 on Fedora Core 6

As part of hardening an Apache instance on a new Fedora Core 6 Linux server, I commented out all _proxy_ modules in the main httpd.conf. When checking for syntax, however, I got
# /etc/init.d/httpd configtest
httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax error on line 2 of /etc/httpd/conf.d/proxy_ajp.conf: Cannot load /etc/httpd/modules/ into server: /etc/httpd/modules/ undefined symbol: proxy_module

Surprised by the something actually required proxy_module, I took a look at the proxy_ajp.conf.
#cat proxy_ajp.conf

LoadModule proxy_ajp_module modules/

# When loaded, the mod_proxy_ajp module adds support for
# proxying to an AJP/1.3 backend server (such as Tomcat).
# To proxy to an AJP backend, use the "ajp://" URI scheme;
# Tomcat is configured to listen on port 8009 for AJP requests

This surely is nice. The building of mod_jk for Apache 2.0 on CentOS 4 has got old pretty fast. From a security standpoint, I'd  think this comes off some httpd-tomcat package. Not exactly!
# rpm -qf proxy_ajp.conf

For my purpose, I just commented out the LoadModule directive inside proxy_ajp.conf. However, it'd make more sense, if
  • it comes off an optional module package, something like httpd-tomcat or httpd-ajp. Or,
  • disabled by default.

Tuesday, January 09, 2007

weird wormholes :: set reply-to header to the list, or not to

Recently I asked on a mailing list how come I had to remember to copy the list address to the CC whenever I reply to a post. To my surprise, it turned to a big flame war of sorts. Unwilling to make any changes, the list administrator essentially asked both parties to go away, politely.

In its current form, you need to 'reply-all' to mailing list and the list administrator will make sure the poster's email address is in a special list such that the poster not receive two copies. Occasionally, someone may request his/her email address be added to the special list, yet again. What a hassle! Why the administrator wants all this hassle for nothing?!

It puzzled me in the past. It still puzzles me now. To my simple mind, the benefits of setting reply-to header to the list is so obvious:
  • less keystrokes for the list members. Many modern MUA (Mail User Agent) has default to 'reply' instead of 'reply-to-all', esp. web-mail UI.
  • less unnecessary mental note to reply-to-all instead of reply, or to copy list's address to CC if you already hit 'reply'
  • no missing discussion
  • consistently threaded discussion in archive and in live discussion. A post sent to the poster alone was often seen forwarded to the list, as an after-thought and after-fact good intention efforts. The thread is then broken, making it extreme difficult to follow a discussion you found an interesting excerpts by googling.
  • Some said it is hard to be done.
  • Some insisted that it is philosophically wrong to reply-to the list. <= Hello, the purpose of subscribing to a mailing list is to publish to and read from the list, not to find sensible partners to conduct private conversations!
  • Some insists reply-to-all is great enough and is the only sensible way, so they went ahead to hack their mail clients (MUA) to detect whether a message is post or private message and automate to save the unnecessary keystrokes.
  • Well, maybe some of these people just accept the dysfunctional setting as the inevitable fact of life, and just find a get-around and moved on. If so, it is pretty sad.
Reflecting a bit more today on the observed need for some people to invent convoluted ways to satisfy themselves, I thought of what the agent in Men in Black says in a StarBucks coffee shop. There are people who can't control their own destiny or fate or fortune, and they are well aware of it. Instead, they opt to pay premium to select from a bloated feel-rich selection of lattes, as if they were the master of the universe.

Monday, January 08, 2007 needs a face lift

Over this past weekend, I built a new blog server on a new CentOS 4.4 server.  It seems the 'official'  plugin/theme repository page at needs quite a face lift. In its current form, the plug-in and theme repository page is
  • spartan: It gives an ordered list of plugins and themes by name (and/or versions).
  • poor in function:
    • No descriptions to tell whether you need or like a theme or plugin. I had to just download it and install it, then read the descriptions from /wp-admin/plugins.php. Quite some wasted bandwidth on the server and time & efforts on the users.
    • no option to download it all to try it out. Instead, you have to click on each one. The lack of description certainly exacerbates the problem.
  • not up-to-date. For example, the link to tiger-admin plugin doesn't work. Upstream now has
  • malformed HTML. plugin page has an empty link text for tiger-admin plugin, causing the page to display funny in FireFox 1.5/Linux and FireFox 2.0/windows.
  • Many of the themes don't show preview screens under /wp-admin/themes.php.  Yet to check whether the themes themselves are at fault, or the tiger-admin v3.0 theme is the culprit.
  • no security or integrity assurance: no checksum or digital signature is provided to verify the authenticity and/or integrity of the file.
I guess I'll generate a more functional version and contribute to the site. Or alternatively, host a beautified version here myself.