Category Archives: $work

Rants and mutterings about work.

CA eTrust PestPatrol versus UltraVNC, FIGHT!

Posted on by
1

When I migrated the work PC back to XP, I installed the eTrust antivirus software that $work has a license for.  Everything seemed fine, until my co-worker mentioned that I’d installed the wrong version.  ‘Oh,’ says I, ‘I’ll sort that out now then.’  Quick install from the central deployment server, and all was well, or so I thought.

Enter stage left our hero, ‘Windows needs to reboot’.  Fine, fine, reboot if you must.

A few hours later, I needed to VNC to one of the servers.  This would be easy, if my VNC icon was still pointing to the VNC application.  Instead it had been replaced by the Windows default ‘I have no clue where it went boss!’ icon.  ‘Peculiar.’ I remarked to myself.  Went into my downloads location, re-ran the installer.  Got one step in, and it complained that it couldn’t find the source files for the install.  Then I noticed that my installer had vanished from disk as well.  Beyond peculiar.

So, lets test.  Download the installer again.  Run it.  It vanishes from the Desktop within a few seconds of being run.  I check the local eTrust console in case it’s thinking ‘Virus!’, which is isn’t.  I try it again, same effect.  I try a third time, this time with a movie capture running (just in case I was seeing things).  Still does it.  Gave up, found a different VNC application and used that for the rest of the day.

This Monday, I poked and prodded it some more, and found the management console for eTrust after reading that PestPatrol (part of eTrust) doesn’t like VNC very much.  After much fiddling, I found the PestPatrol exclusions – there was even a local policy called ‘VNC’.  Sounds perfect.  Click.  Add exclusion.  Search.  UltraVNC.  Add UltraVNC 1.0.2. Save.  Weird, not listed.  Repeat several times (proof of insanity anyone?).  Still not listed.  Shrug, add path exclusion, hit save.  Done.

Re-install UltraVNC.  Installer stays around.  Run UltraVNC client.  Stays around.

I hate platforms that silently remove software, and even worse, don’t log that software was removed.  Oh well.

On the new job

Posted on by
1

This new job has ever so kindly thrown me in the deep end, which happens to be somewhere that I’m used to being. Task one was to investigate the portal software they use (Liferay) and how to integrate some document management software (Alfresco) into it. Cue lots of head scratching as I learnt about Java, Tomcat and finicky Windows Vista. Lots of browsing later, and a few ‘delete that entire tree, and go again’, I managed to find a way to make it all work. Not pretty though – Liferay and Alfresco don’t share a common authentication database, even when using the Alfresco portlet for Liferay. Came across something called CAS, a SSO specification that both Liferay and Alfresco can use. So that report has been sent up the chain, and I moved onwards.

The next task involved looking at some of the current Linux servers to see if various backups were being done properly. In short, they weren’t, but are a lot closer now. There’s a variety of distributions in use, which is all well and good, but makes supporting them as a sysadmin a bit harder. So that’s another document in the works – how to standardise the Linux servers deployed throughout the company, complete with build servers for custom packages, and deployment/update servers so that updates get pulled from internal once a single copy has been downloaded. It’ll certainly help with the fact that some of the hosts don’t even have ‘locate’.

I’m also evaluating (over a month or so) the current tape backup and management strategy. It works, but I’m fairly sure it can be done in a better manner. As always with this kind of thing, it’s a case of writing up a good business case that presents the current model and the associated costs versus the proposed model and associated costs and savings. It’s impressive how far tape technology has moved from the DLT-IV era – an order of magnitude with the current technology, and a bit further than that with the next generation that’ll be out later this year. I think it’ll be good to take the company from over 22 linear hours (3 parallel jobs) per backup run to just over 1.5 hours :)

The new work PC I received as my workstation came with Windows Vista – so we decided I’d be the lab rat to see how well it worked. Suffice to say, I’m running Windows XP Professional now, in line with the other guys in the department. Yes, it was that bad with respect the software I needed to use – like VMware Server. Boot the client application, no problem. Tell it to boot an image? Go away for 10 minutes and hope it’s come back to life by the time you get back (on a dual core no less). XP is also much snappier than Vista – and I had all of the fancy stuff in Vista turned off!

So, onwards and upwards. Unless I royally screw up, I see a lot of work ahead of me. Work that could be quite a lot of fun, and will certainly expand my skillset. Heck, I’m programming in Perl/Tk to parse backup software files and produce XLS output… the perl I’m used to, the Tk is cross platform, but writing out XLS? That’s new. I’m also pulling out my rusty skills as a Windows administrator, simply because I have to be able to solve some problems as part of the team.

All in all, it’s an excellent job change for me. My stress level has dropped, I’m not taking work home, and Leamington is a nice place (with some most excellent patisseries).

Dhclient3 and MS DHCP classless static routes

Posted on by
Reply

$dayjob uses a Microsoft server for DHCP. Not really a problem, except out of the box, the (K)Ubuntu dhcp client (dhclient3) doesn’t actually support option 249 – classless-static-routes (or ms-classless-static-routes as some sites on the net refer to it). The format that the MS DCHP server spits out is the mask, followed by the subnet, followed by the gateway, in hexidecimal, delimited with colons.

So, after a bit of digging around on the net, and not finding anything that useful, I rolled my own code to deal with it. It’s not pretty, it’s probably not efficient, but it certainly works (for me).

First off, a new file in /etc/dhcp3/dhclient-exit-hooks.d

configure_ms_classless_static_routes

#!/bin/sh
function process_routes() {
 perl /etc/dhcp3/perl-classless.pl $1 $interface
}
if [ "$reason" = "BOUND" ]
 then
 echo "ms_classless_static_routes = $new_ms_classless_static_routes"
 process_routes $new_ms_classless_static_routes
fi

Second, a perl script

/etc/dhcp3/perl-classless.pl

#!/usr/bin/perl
# Input line will be a long hex string, seperated by :s
# MS DHCP feeds us Class : SN : SN : SN : SN : RT : RT : RT : RT
$unit = '[dw]{1,2}';
$in = $ARGV[0];
$nic = $ARGV[1];
while ($in =~ m/($unit:$unit:$unit:$unit:$unit:$unit:$unit:$unit:$unit)/) {
 $match = $1;
 $in =~ s/$match://;
 @i = split(/:/, $match);
 $exec = sprintf("ip route add to unicast %d.%d.%d.%d/%d via %d.%d.%d.%d dev %s",
 hex($i[1]),hex($i[2]),hex($i[3]),hex($i[4]),hex($i[0]),
 hex($i[5]),hex($i[6]),hex($i[7]),hex($i[8]),$nic),
 print $exec . "n";
 system($exec);
}

Presto, working Microsoft classless static routes via DHCP.

SQL is Weird

Posted on by
1

Yep, weird with a capital W.

Take two tables.  Un-optimized indexes are present on both tables.  EXPLAIN says 45 rows will be retrieved from one table, 5 from the other.  The 45 will invoke where, the 5 invokes temporary and filesort.

Alter the index on  the table returning 5 rows (it’s a pivot table).

Now explain says 75, 4, with 75 invoking where, temporary and filesort and 4 invoking where.

Alter the index on the table returning 75 rows so that the index hit picks up the data that’s getting pivoted.

Now explain says 158, 4 with 158 invoking where, index, temporary, and filesort and 4 invoking where.

The weird part?  The last modification is the fastest, even with no_sql_cache invoked.  More rows to be worked with (arguably it’s still a small number), but it’s faster.

MySQL merge tables

Posted on by
Reply

A few years ago, when defining a table, I wasn’t very savvy to the fact that MySQL uses 4 byte pointers for the MyISAM data files (by default). This has subsequently bitten me in the rear a few times, enough for me to learn about altering the table with a max_rows argument, and to define the default pointer size in my.cnf. Unfortunately, the $work installation of MySQL has a bug – the default pointer size in my.cnf gets ignored. This leaves me creating all of the various tables with a manually specified max_rows to ensure that I don’t get bitten.

Enter a legacy table from a few years ago that just hit the pointer limit. The only solution I had in my arsenal is to rebuild the entire table with a larger pointer size. The last time I did this, it took 3 days. 3 days to rebuild the indexes for a 4 GB table. This time around, I tried a method that involves creating a new table definition without the indexes but with larger pointers, copying in all the old data, copying the old index file to the new index file, and executing a repair table. Unfortunately, while this method is meant to be faster, it only works when you can fit all of the keys into memory, otherwise it uses a slower rebuild method. 2 GB of RAM isn’t enough to hold all of the keys :(

So, chatting with Dad, he started to say something that tickled the grey cells. Namely that MySQL has a merge table format that can merge two (or more) identical MyISAM files, and support reads from both underlying files, while specifying where the writes should go. This means I can create a new underlying table with the new pointer size, then overlay the merge and specify the new table as the target for the writes. Total time to perform – 10 seconds, most of which is typing! Much, much better than 3 days.

Designing web interfaces

Posted on by
Reply

Designing web interfaces is something that gives me grief. I’m not exactly the most elegant web designer in the world – interfaces that look like a bunch of stacked rectangles are fine as far as I’m concerned. They may not be pretty, but they are functional. Unfortunately, when doing $dayjob stuff, it has to be presentable to our customers, and they’re not always as technical as I am, so the interface needs to be ‘pretty’.

For the longest time, I’ve usually sketched a rough outline on a bit of paper, and then tried to implement the basics of it in HTML and CSS. I then hand it over to our actual web design guy to make sensible and prettier. Enter, stage left, QT designer. Yep, it’s a GUI UI designer, but it has drop-downs, text labels, text inputs, check boxes and radio buttons – which is exactly what a web browser has access to when rendering your bog standard HTML.  One print-screen later, and I have a nice mock-up of what I want the interface to look like, rather than a badly drawn version.  It’s also a heck of a lot faster to drag and drop UI elements than sit and churn out HTML code.

Browser Caching of Doom (Doom I Say!)

Posted on by
2

I think I’ve ranted (mildly) about this before.

I hate web browsers – different ones will render markup differently, requiring hacks to get around the borked behaviour. However, that has nothing on what Firefox just did to me for about an hour. Load a page in my development environment. Everything looks right. Click on one of the links that performs an action, sets a message in the session, and hands back to the code to render the message and update the page. That works. Click refresh – the message should go away (and the exact same code on other pages has always worked). The message doesn’t go away.

Check the contents of the session – the message area is emptied, which is correct, so there’s no content to be displayed. Hold down Shift and click reload. Message is still there. Check the server side cache of the template – the message isn’t there. View source, the message is there. The only thing that’s changed since I was last testing this code was a Firefox update.

Set Firefox’s cache to 0, and the problem goes away.

I hate web browsers.