5 Reasons for Admins to Know TCP/IP

As a system administrator, one can be forgiven for thinking that knowing the details of TCP/IP is unnecessary. However, knowledge of TCP/IP will be indispensable at times.

Knowing your TCP/IP and TCP protocols will assist you in debugging network problems in your systems.

1. Server connection failures. When server connection fails, knowing the details of TCP/IP protocols will assist you in figuring out why. Is the connection attempted at all? Does the TCP connection fail or is the connection made only to be denied or dropped?
2. Routing. Is the network connectivity down? Knowing the details of TCP can assist you in figuring out why.
3. Physical connectivity. Is there activity on the wire? Is the link up? Are you using an old 10Base-2 network? If so, can you debug connectivity problems with it? Is your duplex set correctly on your 10Base-T networks?
4. Internet connectivity. Is your firewall working correctly? Can you make connections to disallowed sites? Are there holes in the configuration? Are your Internet accessible sites really accessible from the Internet?
5. Testing network services. Is that DHCP server serving correctly? Is the NFS server actually using TCP throughout? Is the load balancing working properly?

Even if you have a dedicated networking team, knowing the TCP protocols will help you to tell them what is wrong and exactly what is happening – and might just let you resolve it yourself.

Learning the network protocols is not difficult. Start by downloading the network utilities tcpdump and wireshark. These utilities will let you see what is actually happening on the network – real live traffic you can analyze.

Before you start analyzing real traffic, make sure that you can. Sniffing network traffic can violate corporate security rules; make absolutely sure you have authorization.

Secondly, get a general book on TCP/IP protocols; you can learn protocols in-depth later. The TCP/IP Guide from No-Starch press is one such book. Another good book would be one about Ethernet – Ethernet: The Definitive Guide from O’Reilly is one such good book.

Of course, if you aren’t using TCP/IP (as in a OpenVMS cluster, for instance) – then you need a different book…

Midwesterners: Are You Going to Barcamp?

In the Midwestern United States, where I am, there are three BarCamps that are always of interest to me. I though I would check out what was going on and when the next one is (I’ve made the Chicago Barcamp several times).

The Milwaukee BarCamp will be in its fifth run, and usually occurs on the first weekend in October. For 2010, that would be October 2-3, but there doesn’t seem to be any word on what to expect.

Madison, Wisconsin (the capital) will be host to the Madison BarCamp on August 28, 2010 – from 10a to 7p. It appears that the event will not be overnight, unlike my experiences in the Chicago BarCamp.

Chicago has wonderful BarCamp events; no word on the web site as to what is happening with Chicago BarCamp this year. Last year was July 11-12; we should be getting close.

If I find anything more about BarCamp Chicago, I’ll post it here.

Tomcat Missing Java Standard Tag Libraries (JSTL) in Debian and Ubuntu

If you load Apache Tomcat onto your Ubuntu system, you’ll find that JSTL is missing. Trying the provided JSTL examples will thus result in failure, as will any normal operations that require the standard tag libraries.

This is mainly because of one reason: JSTL is considered to be part of J2EE – which in this case means that JSTL comes with Glassfish (or by translation, Apache Geronimo).

Originally, JSTL was a “built-in” feature of the Glassfish packages in Debian and Ubuntu; however, because of the desirability of having JSTL in Tomcat and other containers, JSTL is now available separately.

The package is glassfish-javaee and contains three JAR files which contain JSTL. The best thing to do is to run this command (whether Debian or Ubuntu):

apt-get install glassfish-javaee

This will install the packages and all dependencies – though if you’ve Tomcat already, there probably won’t be any dependencies required.

I experienced this with Tomcat 6, but Tomcat 5 is probably affected as well.

Do You Have a Data Retention Plan?

If you don’t, your company could find itself having to save documents it would much rather have gotten rid of when a lawsuit occurs. More importantly, customer information is protected by law and not handling it with care can lead to significant and adverse consequences.

Consider the tale reported over at the Clutter Diet blog. The company in this tale did not handle customer data properly at all.

Shredding document isn’t enough either; companies will reconstruct the shredded documents for a hefty fee – even from cross-cut documents. In the New York Times (July 17, 2003) Doublas Heingartner reports about an effort to reconstitute hundreds of documents from the East German Stasi (or secret police).

The best thing to do is to have a written and accurate plan for disposing of documents, and a method of disposal that precludes reconstitution. The US military now uses pulping and pulverizing of paper; it should be possible to do this with corporate documents in some fashion as well.

A data retention plan should, of course, manage electronic documents as well. Sensitive documents should be deleted and the hard drive space wiped. If the hard drive is to be disposed of, physical destruction is the only way to completely be assured of total data loss; however, your company may very well be satisfied with a complete wipe of the drive with tools like Darik’s Boot And Nuke.

Just do it. Your lawyers and customers will thank you.

Why Site Filtering By DNS Fails

Filtering by DNS seems a good idea when you first consider it. OpenDNS has a very nice setup for doing just this, and is often recommended as a business tool for content filtering.

The concept is simple: use a benign form of DNS “hijacking” in reverse against malicious sites – and other undesirable web sites (such as adult or gaming or sports, et al). To use the DNS server in this way, the client identifies itself (pairing an IP address to a server-based account) to the DNS server, then replies with the appropriate web addresses based on the client’s DNS requests.

For example, once the client authenticates to the DNS server, then the client will make a DNS request. Once the server receives the request, it consults the filtering in place for the account, and either returns the actual IP address, or an IP address of a website showing the actual web site as blocked.

Unfortunately, the problem is not in the implementation at the DNS server; it is in actually getting to the DNS server that is the problem. One very big problem is that any DNS cache will subvert the filtering at the DNS server. When the DNS cache makes its requests, the association with the account is broken, and the actual IP address is cached.

This means that you will not be able to use a DNS cache on your local host for speeding up your Internet access. However, the problem is deeper than that: if your Internet provider uses a DNS cache – which they might and you would never know – then the DNS filtering breaks.

The other problem has to do with IP addresses. If the user can get to a site that has the actual IP addresses in it, then the DNS server is never consulted and filtering again breaks down.

There is also the problem with proxies. A proxy receives a URL itself, and makes the DNS request on its own, bypassing any DNS-based content filtering which may be in place.

And then there is the Google cache. Using Google, if a person selects the cached version of a page (and not the direct link) then the page can be seen rather than blocked.

The only reasonable way to perform content filtering is by using your own local proxy – such as Privoxy or Squid with Squidguard – but even this will not stop the Google cache and perhaps other methods. But at least it will be immune to most problems listed here. Privoxy is good for personal proxies, and Squid is good for enterprise implementation.

Using a local proxy is more resource intensive (both in terms of processing power and administration required) but this may be necessary to keep reasonable order in the workplace.

A Single Character Causes Downtime for… WordPress.com!

Last Thursday, an error in the wordpress.com software caused some user settings to be overwritten, which resulted in loss of settings for some customers. The site was taken down for checks, and an hour later, 99% of users were back online.

The cause of the error? A coding error of a single character. Certainly checks and balances are needed, but according to Matt Mullenweg, founder of WordPress.com, they are already using reviews and testing.

It was less than a month ago that Toni Schneider, CEO of Automattic, wrote in glowing terms about the use of “continuous deployment” at wordpress.com. Is this event going to lead to the death of “continuous deployment” at WordPress? I suspect not.

In fact, Paul Graham described in a paper how he used Lisp for Viaweb in just this fashion. Viaweb was bought by Yahoo! and became the Yahoo Store. Viaweb would fully implement features before it had even become mainstream.

Let this WordPress.com downtime be a lesson as to what a single character can do, and also a lesson in how none of us are immune from such mistakes.

Life Without Mono: Removing Mono from Ubuntu

I removed Ubuntu from my system yesterday; I’ve already got problems with memory and decided I didn’t want it cluttering up my already sparse memory (1Gb!). One gigabyte isn’t enough? Don’t get me started…

Anyway, I removed it, and it was interesting to see what went with it:

• sysinfo
• tangerine
• tomboy
• f-spot
• beagle
• banshee
• gnome-do

These are good apps, but I don’t need another runtime environment cluttering up my sparse (sparse??) memory. There are a lot of other applications: the Mono folks have compiled a list, and the folks campaigning against Novell (and Mono) have a list also.

Most of these I never use (except F-Spot and Gnome Do) but I won’t miss them. Ubuntu has officially replaced F-Spot with Shotwell, and Gnome Do is not quite as good as the original Quicksilver (I’ve a Mac Mini with Quicksilver installed).

I’m already using some massive memory-abusing apps. For example, consider Google Chrome with a gazillion tabs, or NetBeans, or Gnome itself. I can’t replace NetBeans (unless I want to use the massive Eclipse instead…) but sometimes I use Midori instead of Google Chrome, or WindowMaker instead of Gnome (all very nice and highly recommended!). It also appears that the Google Chrome extension Too Many Tabs will free up memory when you “suspend” a tab; fantastic!

Try some of these lightweight items and see if you won’t have a snappier system!

The Organized Mindset: How to Stay Organized in 5 Steps

Recently, over at the Clutter Diet, Lorie Marrero had this to say:

People always ask me this question: “If there were just one small step I could take to get more organized that would have the most impact, what would it be?”

Often people are looking for a “tip” or some kind of expert trick, but my most authentic and accurate answer is to change your mindset.

I agree entirely. Change your mindset and you can stay organized. Many organizational “tips” are just about how store all of your stuff, or how to get rid of stuff – or how to psychoanalyze yourself and correct your organizational failings by psychotherapy. I believe that the most practical is the down-to-earth daily habit changes that will get you organized and keep you organized.

However, in her article, Lorie’s choices just don’t mesh for me; I’ve some of my own ideas. Also, these are not just ideas – but mottos to remember and apply. See if these don’t change your life:

One in, one out. We “collect” stuff; as long as more stuff is coming in than going out, we’ll keep gaining more stuff. To reduce, make it one in, six out…

“Where will I look for this the next time I need it?” If you apply this regularly, you will start finding things instead of looking for things. Every time you put something away, think of this question – and apply it.

Every time you leave a room, take something with you. This will whittle away at the dirty stuff in a room. Don’t leave a room empty-handed.

If it’ll take less than six minutes, do it now. David Allen’s GTD has the same rule, but he uses two minutes instead. Either way, this will whittle away at your to do list.

If you haven’t used it in six months, toss it out! If you haven’t used something for that long, when will you use it? You’ve not missed it, and you’ve not used it. So go ahead and toss it out or give it to good will.

If you start to indoctrinate yourself with these mottos, and apply them in your daily activities, the organization in your life will reach new heights.

For further steps in organizing, I recommend Organizing Your Life and Getting Rid of Clutter (by Carla Wolfe and DeLynn Copely) and Sink Reflections (by Maria Cilley). Both of these are very practical guides to daily organization; adopting their methods will help you stay organized.

Making Scala and NetBeans work under Ubuntu Lucid Lynx

Scala is an object-oriented language designed for the Java Virtual Machine (JVM), and a very interesting language. The inventor of Groovy suggested that Groovy would never have been created if Scala was around at the time, and the inventor of Java named Scala as a language he’d use.

NetBeans is an integrated development environment (IDE) which is particularly suited for Java (and was developed in Java besides).

Getting Scala and NetBeans to work together requires some adaptation; the basic directions are at the NetBeans website. There are, however, some caveats to making this work, especially under Ubuntu.

Install NetBeans from the Ubuntu repositories; this will be version 6.8.

The version of Scala installed by default in Ubuntu (the current stable release, 2.7.7) is not suitable. The current release candidate (2.8.0-RC3) from scala-lang.org should be installed instead, and into a single directory – /usr/local/scala is a good location. When done, the directory should contain these directories:

• bin
• doc
• lib
• man
• meta
• misc
• src

The directory which contains these will be SCALA_HOME. Create a file under /etc/profile.d/scala like so:

SCALA_HOME=/usr/local/scala

Then, add this to the file /etc/netbeans.conf (at the end of the netbeans_default_options):

-J-Dscala.home=/usr/local/scala -J-Xmx1024m

At this point, let’s add the modules to NetBeans to support Scala. Download the archives and unpack them.

Start NetBeans, and select the Tools menu, followed by selecting the Plugins menu item. This brings up a new window. Select the Downloaded tab. Click on the Add files button, and select all of the nbm files that you just unpacked. After they appear in the list (all checked), click on Install.

NetBeans will have to be restarted to complete the process.

To check and make sure that everything works, create a new project and check for a category folder for Scala. Also try selecting the Tools menu, and then Scala Platforms – make sure that the path is /usr/local/scala.

Have fun with NetBeans and Scala!