Moving domain registrars – NoDaddy Day

My domains are currently registered with GoDaddy, which seemed like a good idea at the time but given the company’s and their CEO Bob Parsons’ blatant disregard for customers, common decency, ethics and acceptable business practices I’m moving them en-masse to different registrars.

As for why? Let me count the reasons:

  1. GoDaddy Faces Boycott over SOPA support (Goodbye a free Internet, hello online feudalism. Don’t believe their attempts at backtracking, merely an ill-considered public relations move that’s fooling noone)
  2. CEO Shot Female Elephant, Not Bull (Bob Parsons, CEO – thinks it’s perfectly fine to hunt elephants for sport, fails to CYA. Welcome to the 18th century Bob)
  3. SOPA debate puts GoDaddy in hot water over domain transfers (GoDaddy limiting outbound domain transfers – either you simply don’t have the capacity or you’re outright dodgy dealing IMO)
  4. Need I say more about their cringe-worthy advertising and “Go Daddy Girls”?

As I host my own DNS services (Motto: “If you want it done right, do it yourself – including screwups”) I expect little to no downtime.

For folks unfamiliar with the proposed legislation (and if you’re a savvy user in the US and don’t – why not!) go and read about it right now! Do you want commercial enterprises and government flodging complaints and taking down lawful domains/content with impunity and no legal recourse? Stifling innovation and competition by allowing said bodies to simply muzzle online ideas that don’t suit their worldview?

Not I. So on the 29th (if not earlier) I’ll be participating in the great exodus from GoDaddy to a registrar that actually cares for the state of the global Internet.

For reference, here’s some info on the bills in question:

Seriously – in comparison Steven “I’m not bought by the Australian Christian Lobby, really!” Conroy’s Australian internet filter is positively mild 🙁

 

A response to Danny Nalliah

(Non-technical post: Fedora folks can skip this if they like, I just feel the need to rant as this offends me deeply)

Context: My city of Brisbane, Australia is currently experiencing the worst floods in the region since 1974; Outlying areas and regional towns and cities are cut off and practically underwater. 9 have died and 72 people unaccounted for in Toowoomba, about 1hr outside of Brisbane.

This evangelical preacher, Pastor Daniel Nalliah of “Catch The Fire” Church believes this is his God’s wrath for an ex-Prime Minister asking the state of Israel to participate in the Nuclear Non-Proliferation Treaty)

Here’s my response: Originally sent as a comment, but posted here for posterity (and because I suspect Pastor Nalliah has the moral courage to approve comments not matching his own viewpoints)

As a Brisbanite currently preparing for the worst of these floods I take extreme offense to this post and the ignorant, spiteful rhetoric you appear to espouse.

To blame natural disasters affecting hundreds of thousands of people on a politician’s failure to back your *political* belief of choice is utterly vile and as un-Christian as a person of sound mind can conceive.

I (as a practicing Zen Buddhist amenable to the core beliefs of other faiths) have been under the impression that Christ and his followers showed compassion to their brothers and sisters, especially in times of hardship? Am I mistaken? Is compassion in your church only applicable to those who follow your beliefs in lock-step fashion?

If you are truly a Christian (or a decent human being of any ethical / moral character irrespective of believe or lack thereof) then you’ll recant your comments and apologize to the people of Brisbane.

If you truly believe in your heart that the people of Brisbane deserve to suffer because a former Prime Minister’s reasonable call for a government to disengage from creation / proliferation of weaponry capable of killing millons – then frankly I pity you and consider you a poor excuse for a human being with no place in providing ethical and moral guidance to anyone and may your God have mercy on *you*.

While I doubt that this comment will be posted to your site at all (as I’m not preaching to the choir :-)) I would be sincerely interested in a considered response. I will also be posting it to my own blog for the consideration of others, even if you fail to publish it.

Gassho,

Michael Fleming

Going dark…

Don’t be alarmed, I’ve not been compromised 🙂

In support of the Open Internet / No Clean Feed initiatives fighting proposed mandatory Internet filtering here in Australia, I’m “turning the lights out” on my site until the 29th.

The Great Australian Internet Blackout site (http://www.internetblackout.com.au) has more info – support us if you can, on and offline.

Keeping afloat in a binary ocean

Micro-rant:

One of my pet peeves as a guy who likes to say his piece online is the number of really interesting and useful technologies / ideas completely ruined by lazy attempts at marketing by even lazier “salesmen” and marketers.

Look at email – DKIM/SPF/DNSBLs/greylisting just to keep the signal to a sane level. I don’t accept IM’s from contacts not already vetted and authed, I’d be flooded..

Social media is no different, alas. I have accounts on both Twitter and Identi.ca and the former attracts enough bot followers that I routinely clean them out (no for the nth time I don’t want to see Britney naked; we’ve all seen it and we’re still paying for the eyebleach. Cheers)

Getting it right takes only a little  effort. Lauren Cochrane, an old colleague of mine who now works for the RSPCA nails this on the head – you need to balance your “brand” with being human ; don’t fail the Turing test.

While it’s easy to write up a bot to spruik a message cheaply and efficiently (especially to services with a free, public API like Twitter or Laconica, although thankfully identi.ca/Laconica aren’t as badly affected) it’s a huge turnoff for a lot of people and ineffective – the sign of laziness / ignorance in my rarely humble opinion. If your product / “brand” has real worth then it should be very easy to talk about it earnestly and openly and give it a bit more depth – Lauren cites commenting and relaying information relating to your interests, even a few pics here and there just to assure your community you don’t end in .sh 🙂

Be interesting, discuss useful ideas, show you’re the real deal and they’ll come – something that F/OSS communities are also very good at. Are you reading me via Fedora Planet? See the posts above and below mine? These are great examples – a potpourri of diverse people, places and posts not essentially directly free software or Fedora related. The community works well and brings in more people simply because it has this depth, it’s not strictly dry technical talk.

If you can’t do that with your product / “brand”, then go buy a sandwich board / billboard we can choose to ignore if we want to while we go about our business. There’s enough noise in traditional advertising without adding to it here, there’s no need to force a broken old model on a medium built in an essentially polar-opposite fashion.

Other stuff:

I seem to have a spam dry run – for the first time since I started using email (1994, I’m a relative newbie) I have 0 spam in my junk folder. Either I have achieved some sort of email enlightenment, my setup is too hardcore for current spammer tricks or something is horribly wrong. The irony is that my secondary MX has no greylisting or spam filtering on it yet – just when you think you’ve seen it all something can still surprise you.

As heretical as it sounds I may have to lay off the caffeine, as my poor old brain doesn’t seem to cope well (beware the wired sysadmin!) plus for some reason instant coffee makes me sleepy (hey, that’s not meant to happen! Stimulants anyone?) Fortunately I dislike anything that I haven’t ground myself or at least been beans recently.

Any suggestions for good quality green tea are welcomed 🙂

Just Plain Bad Service

I almost lost two of my domains this week – a registrar / hosting company that will not be named decided to close them off without any notice – no email, letter or even a phone call.

15 minutes in a phone queue as the “next to be answered” and a debate with the tech on the other end finally got me the registry keys for both – I certainly won’t be renewing with them or asking for the accounts to be reopened, I’m already transferring them to my GoDaddy account.

Given their focus on “customer service” (even their technical support staff are “e-business consultants”) this is a MAJOR blot and I won’t tolerate it – no more business from me! It’s bad enough that they’re double the price of most offshore competitors but to close down accounts without notice is just plain intolerable.

The irony of the situation is that I worked at that hosting company for years and on realising this the tech at the other end started to agree with my assessment of the situation 🙂 Additionally I still know their systems better than some of the folks there now! (I talked him through the process of getting the keys)

I was quite pleased to see a WordPress 2.8.1 upgrade hit EPEL quite quickly – new features and a security rollup all in one and before I felt the desire to roll one up myself. Cheers Adrian! This release was rock solid and the upgrade the most painless on record.

My own packaging is slowing up a little due to so little out there that is a) not already packaged or b) not really ready. One I have given a test run is the Miredo client for IPv6/Teredo tunnelling. IPv6 tunnelling is widely available – many places will even have native connectivity – but for those cases where you are behind a restrictive NAT (or just want to tinker like I do) it’s an interesting alternative. Fedora packages from my usual repositories.

Revisting Nagios for monitoring – I can’t just walk over and look at a server several thousand miles away –  brought back a few memories, it took a bit more dusting off of the old knowledge  (I use Zabbix at work, they’re dragging me into using Xymon which I don’t like as much) but it’s working quite well and the EPEL/Fedora packages are kept well up to date. With puppet / func it’s even simpler to roll out the NRPE checks (which were always tedious when done by hand)

The SmokePing package has also been a boon in the workplace – I used it to successfully convince our network administrator that the packet loss we’d identified wasn’t our imagination and lo, it got fixed as we could track performance. Again it wasn’t hard to install and the configuration makes sense after a pint or two 🙂

My girlfriend and I have been getting back into yoga – “hot” yoga, which is the standard fare, just in a 35+ degree heat – and the timing is perfect; It’s been freezing here in Brisbane (10-20C on average, which is brisk for this part of the world) and I needed something to keep my mind in check. To my surprise I even held my form despite being away from it for a month or more 🙂

New hosting arrangements

If you’re reading this (and not a “Page Cannot Be Displayed” or “Internal Server Error”) then I’ve successfully moved my site(s) to the new server.

After years of hosting off my own gear, either at datacentres or literally in-house I’ve moved to a Xen VPS at Slicehost, running CentOS 5. Setup and migration was relatively painless (fat-fingered a DNS record however, I won’t be doing that again..) and their default bare-bones install is an absolute boon for keeping an instance clean – I hate cluttered installs full of cruft I don’t need/want.

I’ve even got low-ping IPv6 to most of the world now via Hurricane Electric (just as I remember it – simple and do it yourself, which also meant pinging the service to keep the tunnel up :-D)

The only nit I’ve found has been the lack of SELinux support on their guests – I’ve had it in Enforcing mode on my servers for as long as I can remember it being offered – it just feels weird and wrong not having it now 🙂

I’ve also found that there’s a few Fedora packages not available in EPEL that I just can’t live without (postgrey and linux_logo!). I’m not sure why they’ve not been picked up but I’m tempted to do so myself if there’s been no takers – give EPEL some love, it’s nice and stable and won’t do the dirty on you 🙂

Too Fscking Clever

  • If you have six discrete crontabs for a relatively small set of tasks instead of two (or even just one) you may be Too Fscking Clever.
  • If your SQL statement has five or more JOINS in it, you may be Too Fscking Clever (or a web development framework ORM)
  • If you are asked to forward ports to a host and instead DNAT the entire IP address, you may find that your Too Fscking Clever-ness will bite your arse when the usage case changes. Thinking it won’t is a sign of severe Too Fscking Clever Syndrome.
  • “We should cache this data for as long as humanly possible (what’s stale data?)” or “We should only cache this in RAM for 5mins (and refetch from a  large table?)” are classic Too Fscking Clever symptoms.

If you or someone you know has symptoms of Too Fscking Clever syndrome, often identifiable as a frequent need to overengineer what should be a simple solution, invite design by committee or overthink a problem ignoring practical usage cases and requirements,  suggest seeking immediate help before TFC develops into Solution Looking For A Problem Disease, which can in turn lead to madness or a career in Windows Server administration.

Treatment often involves simple counselling (of the W. Venema “what problem are you actually trying to solve” method or similar), introduction to Occam’s Razor, or in extreme cases flogging the subject with a copy of Plan 9 until s/he has an epiphany and tries to simply just get the job done.

This has been a Public Service Announcement.

Things I thought I’d never see

If I hadn’t been present for these, I’d probably call myself a bullspit artist. But I swear on a stack of $documents I was there and my experiences are 100% true.

Firstly, I thought I’d never ever see a web framework’s object relationship model used as a database stress tester (cheers Django!). I don’t think it was intended as such but some of the queries it’s generating are just hideous and driving load averages to insane levels.

Secondly – I have two USB keys in front of me. Nothing really unusual about that, except they have “Windows + PHP: Platform of Choice” on them. Yes, I raised an eyebrow too, and I’ve actually done Windows on PHP before at an old workplace.

Choice, PHP and Windows Server from experience boils down to this, in my experience: a) Run as FastCGI or b) Endure a world of suffering (the ISAPI is awful and suphp doesn’t exist).

I’ll of course advocate c) Run it on a Linux box as a DSO / suphp / under mod_fcgid process as your needs dictate – at least they’ll all actually work as you’d expect. 🙂

I got the keys from a presentation / open session run by a good friend and former work colleague Jorke Odolphi, now working for Microsoft (but still genuinely interested in F/OSS, I’ve trained him fairly well) and “Professional Geek” Nick Hodge (also a pleasant and well versed chap).

Microsoft having an open session on OSS was not something my curiousity would let me miss, so off I went. I applaud Nick and Jorke for having a go – the turnout wasn’t huge but the session was very lively and definitely worthwhile.

Writing up an auto-installer for FOSS web apps under Win/IIS was a nice touch, and now you know how difficult it is to implement a depsolver 🙂 IronPython / IronRuby are interesting ideas (the Parrot project / Perl6 peeps are doing almost the same thing and Java has been doing it for ages) but your usage case might be a bit of a corner one. We are all aware in the OSS world how charmingly limited the PHP database drivers can be (hence PECL alternatives and native drivers) so you’re part of a large-ish crowd there 🙂

But chaps you’re going to be pushing harder than Sisyphus to get some real FOSS cred for your bosses, if they genuinely want them.

I’m not going to delve deeply the licensing side of things (for good reason, there’s a post of it’s own) but a BSD-like license isn’t likely to get you the community you might want – it’s not really Free and there’s nary a nod to those making code / docs or other contributions (contributor doesn’t mean distributor by the way, if anyone from MS is reading)

The existing culture and mindset and that of Microsoft, it’s partners and some users is fatal to any “open source” initiative in my view (this doesn’t mean I’m unhappy to see an attempt, it shows the strength and relevance of communities like Fedora’s – or any other distribution’s for that matter)

They’re a cathedral; the faithful are handed tools and protocols blessed by the Powers That Be, with such tools/protocols invariably created because they help maintain the status quo (commercially advantageous to the “church”, closely coupled together to ensure/encourage adherence / lock in etc.) – many don’t know of or even see anything outside of the cathedral! Compare to the marketplace that’s Free Software – don’t like a tool/protocol? There’s other stalls with alternatives. Pick up a few and you’re building your own in no time and trying out ideas they may not even had considered before.

That’s the worrying part for the “high priests” – if the “faithful” are choosing their own tools for their own purposes (not just building using blessed tools for those protocols deemed desirable or “holy”) what’s to stop them straying from the rest of the flock? If the market allows you to build your own stall and offer your own wares, why go to the cathedral and be told how what to use?

I’m sure Microsoft’s upper management are happy (even if their outward demeanor may not show it) to see the projects around the Codeplex – still centred almost solely around their own technologies – .NET / IIS / Sharepoint / Windows Live Auth. Nothing really innovative and widely interoperable (and decoupled from other MS tech) like XMPP or memcached / OpenID / Laconica..

The real test will be projects that tie to *genuinely* open tech, a completely non-MS solution. I suspect the “high priests” may quietly sideline such “heresy”, even if the frontline preachers do not. 😛

Lastly: To answer a question posed to me by James Morris via identi.ca: I asked about the IE8 and $10K giveaway: Technically it was mind bogglingly simple: IE8 has a little “feature” where it will display these “web slices” on certain pages like a favourite / bookmark. Find the “splice” with the winning content (on an MS partner site of course) and the 10K is yours.

The splice itself is just a boring standard DIV element with a “hslice” class.
But the hack worked for Microsoft Australia marketing, so I suppose it serves it’s purposes.

Of course there were Chrome and Firefox extensions to support this behaviour almost immediately 🙂

The post is bought to you by lekhonee v0.4

Vale SORBS, we’ll hardly miss ye…

SORBS is on death’s door.

I can’t say I’m unhappy to see this or i’ll miss it when it’s gone. An arbitrary definition of “spam” is not so good; providing almost no information to administrators and end users is just plain poor and demanding a “donation” for removal is just plain bovine excrement.

Something I learned from my formative years as a neophyte mail admin-in-training on news.admin.net-abuse.email was that if you wanted to run a blacklist and be taken seriously, you need a fair deal of transparency (ie provide info on why/how a server got listed and a means to resolve the issue) and fairly sane and personable demeanour, and a clear and stricly enforced policy on listing.

Unfortunately SORBS failed all of these in my experience.

One of my old jobs was to handle abuse@ at a Large Australian Hosting Provider (now part of MelbourneIT) along with my regular systems admin / support duties.

Alas, as unfortunately happens in large network / hosting ops, a customer spews some junk. We found and terminated the perp, but not before getting blacklisted.

A quick check of the major lists found the evidence / reason for listing and after informing them that we’d resolved the issue removal was quite swift.

But not SORBS. After jumping through a couple of hoops to find out how / when the servers got listed, no evidence for it’s addition was found aside a single “Recieved:” email header – which is easily forged (and at the time quite popular with spammers to confuse less experienced users/admins)

Our request for more information was met with little more than “I have proof, but I’m not sharing any more” and removal was met with “Donate to the fund supporting Mr Anti-Spammer, who’s being sued for defamation by WeSpamYou Pty. Ltd and I’ll remove it” (names spared to protect the innocent).

W.T.F? Of course the answer was “no” (with the backing of management) especially after I pointed out the case had been settled, in the anti-spammer’s favour. This was changed to a “donate to $charity” after I reminded Mr/Ms Sullivan of that fact.

It still didn’t act as a deterrent (even Legal pointing out that it’s potentially extortion didn’t work!) so I just gave up and stopped bothering with him. You know what they say about arguing with an idiot – they bring you to their level and beat you with experience.

Henceforth, I’ve been advising mail administrators not to use SORBS zones. Customers getting bounces mentioning SORBS got a boilerplate response outlining the situation and why using opaque and arbitrary lists are a Bad Thing (worded appropriately for on-forwarding to ISPs as applicable). I don’t recall ever getting one complaint, as most of the major ISPs here didn’t use it to block mail anyway and smaller players generally got the message once made aware.

There are far better alternatives that don’t generate so many false positives, catch more genuine spam and don’t shake down mail admins / abuse guys for removal. I personally use zen.spamhaus.org for my DNS blacklist needs and it’s never let me down in over 6 years (tied into a multitude of Postfix and Exim installs for small and large mail providers alike)

More of Michael’s Not So Quick Tips

Migration

I migrated my filesystems to ext4 (I’ve come from an all0ext3 F10 to F11 upgrade, FWIW) and just like to mention that if you’re migrating your root filesystem you might want to regenerate your initrd via mkinitrd; the stock one I had didn’t seem to like ext4 (complained about unsupported filesystem options at boot time and failed dismally) but a quick initrd rebuild in rescue mode had me up and running in minutes.

I didn’t see this mentioned anywhere – perhaps I’m a corner case – but I thought I’d record it for posterity in case someone else finds it useful – or desperately needs it!

Backup

If you’re looking for a simple, cron-capable no-fuss delta/differential backup solution (looks over in Peter Gordon’s direction) I’d consider the “rdiff-backup” package, which has been in Fedora for quite some time, does rsync-like backups of reversed diffs – the actual data transfer is small, you can do “point in the past” backups with little fuss plus if you want just the last copy, you can just grab it from the backup tree as-is, without a need to invoke rdiff-backup’s restore (rdiff-backup -r) option. All you need is SSH set up between two hosts, ideally pubkey auth or GSSAPI (ie passwordless or pre-authenticated)

To back up a home dir (~fred) to a remote server, barney:

rdiff-backup /home/fred barney::/home/fred.backup

To restore tmp/wilma from last week (7 days)

rdiff-backup -r 7D barney::/home/fred.backup/tmp/wilma /home/fred/tmp/wilma

How simple is that?

Hacks for database admins

This is an ugly idea, but it’s functional and insanely simple:

Much of my day-to-day systems admin work is with web developers and frameworks. Some frameworks in my experience, whilst being insanely great and powerful for a developer have an unfortunate tendency to hide things under the hood – one example is where the framework defines the database schema (via ORM et. al) but keeps it fairly opaque to the developer – leaving it to the DBA / system admin to work out what may have changed.

This can be a PITA for both developer and systems mangler alike – the developer isn’t always sure if it’s introducing a regression and the DBA/sysadmin wondering about the performance difference.

Both PostgreSQL (pg_dump -s  or –schema) and MySQL (mysqldump -d or –no-data) allow you to save schema-only dumps of databases (I’m not sure about Firebird or others, I’ve not tried them out lately)

I take this at regular intervals and check it in to version control – I can then see changes via standard VC diff commands. It’s a simple hack but it’s functional and requires no extra tools.

This came about because I need to maintain a script that purges old data from a pgsql database, including foreign keys (manually as the schema doesn’t grok DELETE CASCADE) and a change in the FK relations means that my script broke – if I can follow the schema changes it becomes trivial to add in the FK changes needed. 🙂