Press "Enter" to skip to content

Author: Bryant

I am funny (yellow)

November 18, 2004
2 Comments

So here’s the thing. I’m sitting in a talk about spam, and the guy giving the talk is running over various HTML tricks spammers use to get spam past mail filters. A guy stands up and says “So obviously the trick is to block all email with HTML in it!”

That’s just stupid. First off, it ignores reality. I don’t live in a world in which I can block all HTML email for all my users; neither do most sysadmins. Second, this is very clearly a talk for people who live in that world. If the context of the talk allowed for blocking all HTML email, then there would be an obvious solution and the talk would take about five minutes.

But you know. He got his cheap laughs, har har har.

Dungeon Majesty: Static Spot

November 18, 2004
2 Comments

MUSIC: “3 AM, I’m awakened by a sweet summer rain
Distant howling of a passing southbound coal train…”

OPEN on ROGER PARKER FOR NEW JERSEY STATE SENATE HEADQUARTERS. MUSIC continues.

It is very late at night. It is raining, mildly, not enough to make a statement. The headquarters is in a strip mall plaza, with a big plate glass window opening onto the nearly empty parking lot. Inside, lights are going out one by one.

MUSIC: “Was I dreaming or was there someone just lying here beside me in this bed?
Am I hearing things? Or in the next room, did a long forgotten music box just start playing?”

The camera starts high and swoops down gracefully, focusing in on a television set through the front window. A perky newscaster is giving us the election results for the benefit of those who can’t read them as they scroll up the right side of the screen. Roger Parker lost.

Alvin Wassermann (William Macy) turns away from the screen. One of his co-workers mouths inaudible words of sympathy, gestures that next time it’ll be different. Alvin shrugs and leaves by the front door, gets into his Honda Civic, sits for a moment before driving off.

MUSIC: “And I know it’s a sin putting words in the mouths of the dead.
And I know it’s a crime to weave your wishes into what they said.”

Flashback to a montage of political advertisements for candidates we’ve never heard of. Voiceovers from the advertisements: “In the tradition of John F. Kennedy…” “As the great Franklin Delano Roosevelt said…” “If we do not recall the course charted by Jimmy Carter…”

MUSIC: “And I know only fools venture where them spirits tread.
‘Cause I know every word, every sound bouncing ‘round my head.
Is just static on the radio.
Everything I think I know is just static on the radio.”

Alvin arrives at his apartment: small, cramped, suburban. The walls are papered with political signs and flyers. He settles down at his kitchen table and opens his briefcase: pulls out his folders and starts trying to figure out where it all went wrong this time. There’s no answer there.

MUSIC: “Everything I think I know is just static on the radio.”

At the bottom of the briefcase is a dice bag. He hefts it in his hand once, then sighs, and picks up the phone.

ALVIN: “Hey… no. No, it’s Alvin. No, I know, it’s late… you were up watching? That’s really kind of you. Well, thank you… no, no. Just — well, if I’d paid more attention to the game. It’s all in there.”

MUSIC: “Just static on the radio…”

ALVIN: “So we’re playing this week, right?”

MUSIC: “Static on the radio.”

BLACK. Dungeon Majesty logo fades in.

Tinker toy

November 18, 2004
Leave a Comment

cfengine is cool. I dug it. The tutorial was introductory and I was pretty sold on the concepts. If you already know about cfengine there is nothing useful for you in this post.

Cheap summary: a host is classified into a number of groups. Lots of classifications are automatic; there’s a linux group (any machine running linux), there’s a 129_120_10 group (any host on the 129.120.10 subnet), there’s a Hr02 group (any host running cfengine between the hours of 2 AM and 3 AM), etc. Why would you want that last? Maybe you only want to do some checks during that hour. Yes, this is yet another way to schedule periodic jobs in a manner that future sysadmins will be unable to find… but I digress.

You then can specify actions that should take place if a host is in a specific group. Some of the action classes are very generic — running shell commands, deleting files, checking permissions and owners of files, copying files from a central server, etc. Some are pretty specific — there’s a class that allows you to tweak the nameservers in /etc/resolv.conf. This will not work out so well if your nameserver resolver file lives somewhere else, of course. There’s a class that’s tuned for defining the NFS server from which a host mounts its mailspool. Cool but not necessarily of general use. However, there’s a class for editing files which is pretty featureful, so you can roll your own stuff as needed.

It kinda runs under Windows if you have cygwin installed. Hm.

It reminds me of the system we used at AltaVista, but it is substantially more featureful.

Talk talk

November 16, 2004
Leave a Comment

Our VoIP/Asterisk tutorial is going much more quickly than the presenter expected. This is not unusual for first-time presenters. Asterisk is pretty interesting, but shows signs of being an open source project. Hm — OK, some sample configuration file stuff:

exten => s,73,Playback(thank-you-for-calling)
exten => s,74,GotoIfTime(6:01-18:00|mon-sun|*|*?s,76)
exten => s,75,Goto(s,78)
exten => s,76,Playback(have-a-great-day-goodbye)

In theory, the template is something like exten => <exten>,<priority>,<application>(<args>), but it’s been brutally extended into something that looks alarmingly like BASIC. See the line numbers masquerading as priorities? It looks like it was originally just a simple method of specifying extensions, but grew like kudzu. Soon there’ll be m4 macros for building these scripts which masquerade as configuration files.

Twin Peaks

November 16, 2004
Leave a Comment

My Monday LISA tutorial was on system log aggregation, analysis, and statistics. mjr taught it, and he’s as good a public speaker as ever. Also the topic was pretty damned fascinating. I’ll be dumping a pile of links into del.icio.us sometime soonish now.

Highlights, some of which are significant and some of which are just cool:

You can set up an invisible loghost. What you do is you specify a non-existent host as the loghost on all your DMZ servers. You’re gonna need to manually stuff an entry into the arp table so that your DMZ servers will blithely send syslog packets off into thin air. Then you hook the real loghost up to the DMZ with no IP address in promiscuous mode. Run tcpdump on it to capture all the packets, and write some cheap perl to strip syslog payloads out of the captured packets.

Or use mjr’s plog instead of tcpdump, since it’ll automate all that complex stuff for you. Neat.

Artifical ignorance. Cute term. It’s basically the same rule of thumb as “block everything, then permit what you want” but reversed. “It’s interesting unless I’ve explicitly said it’s boring.” At a very basic level, it looks like this: grep -v -f patternfile. As you figure out what you don’t care about, stick a regexp to match into patternfile and you won’t see it again. The process speeds up over time, obviously. This calls out for a slick web front end.

First seen anomaly detection. It’s sort of like artificial ignorance, but different. You alert every time something completely new appears in the logs. There is a tool for this, also written by mjr, called NBS (Never Before Seen). It uses Berkeley DB and is very fast. You feed it input for a specified dataset and it tells you if it’s seen that particular chunk of input before. It can report on its database in a bunch of useful ways.

Example: record DHCP servers giving out IP addresses. (Sample string after a bit of log parsing: “10.0.0.10 gives IP 10.0.1.1 to MAC 0:2:2d:10:10:10”.) If a new MAC address shows up, it’ll be flagged by NBS as a new chunk of input, because that string is guaranteed to differ in that case. If an old MAC address gets a different IP address, that’ll show up too, but only the first time it gets that particular IP. As a bonus, you’ll find out if any new DHCP servers show up. Pure gold.

Another example, which happens to be the first use I thought of: turn it loose on my HTTPD log files. Filter said log files for referrer and URL pairs; report the first time a new referrer/URL pair is seen. I have something like this in place now but it’s written in perl and it’s fairly fragile; this will be better.

Or just dump URLs into the database. “Hm, someone just tried to load /cgi/foobar.exe for the first time; looks like a new exploit.”

So yeah, a very cool tutorial. I’m all jazzed about the possibilities. Check out his web site on the topic.

On my mind

November 15, 2004
Leave a Comment

I kinda think I haven’t found the heart of Atlanta yet. I took MARTA up to the Buckhead station, and found a wasteland of shopping malls, alleviated only by a Borders with a stunningly friendly woman behind the counter. Midtown was nicer this morning — the Flying Biscuit is a short walk from the train station, and they do an awesome breakfast. Even if they only have turkey bacon. So maybe Midtown is the right place to be, but there weren’t all that many pedestrians. Hard to figure.

People are authentically nice. You can tell because they aren’t just nice to you; they act in a manner which expects niceness back. I was walking past Piedmont Park and a guy in his twenties said “Hey, excuse me?” He was in the middle of parking. He wanted help parallel parking so he wouldn’t ding the bumper of the car behind him. That’s pretty nice, and he assumed I’d be nice and help out, so I did.

(He had three feet in front of him. A Bostonian would have been embarassed to ask for help in a situation like that. There’s some kind of tradeoff here.)

In any case, I have the pleasure of having gone from this:


To this:

The latter is Grady High School’s football stadium, by the by. It is the alma mater of Earthwind Moreland, New England Patriot.