Keeping it simple isn’t stupid

GeoIP / IPv6

As an IPv6 enthusiast/proponent/fanboy I was really happy to see Maxmind finally put up a free-as-in-beer IPv6 GeoIP database[1]. Now to find some applications that will make good use of this data… ๐Ÿ™‚

(Don’t worry, I’ll pull it into EPEL/Fedora GeoIP packages either way. It’s not a huge file)

Keeping it simple isn’t stupid, no sir!

I’ve worked with configurations in a variety of baroque formats, not limited to but including your common XML formats, Perl scripts (thank you cleanfeed/amavisd), python (ta maradns!), something that may be Erlang (ejabberd), lua (prosody) and have developed a fondess for the simple simpicity of a key = value pair config.

This is especially useful when you’re in a bind with a relatively unfamiliar piece of software, as I was this morning. The last thing you want to be faced with when you’re under the gun and need something working Right Now is some app developer’s bizarro idea of a sane config file, so keeping them simple and sensible is a huge plus – app developers take note, resist the urge to be too clever ๐Ÿ˜€

Say what you will about the old Windows .ini file, at least you know what you had to do with it

(The less said about the prank-gone-wrong that is registry hives the better and I’m glad UNIX vendors never took that particular drug :-))

PS. The application was qpidd from the AMQP stack, for reference and both it’s manuals – and Red Hat’s MRG Guides – helped immensely. Microbrews all around!

[1] http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz

Just Plain Bad Service

I almost lost two of my domains this week – a registrar / hosting company that will not be named decided to close them off without any notice – no email, letter or even a phone call.

15 minutes in a phone queue as the “next to be answered” and a debate with the tech on the other end finally got me the registry keys for both – I certainly won’t be renewing with them or asking for the accounts to be reopened, I’m already transferring them to my GoDaddy account.

Given their focus on “customer service” (even their technical support staff are “e-business consultants”) this is a MAJOR blot and I won’t tolerate it – no more business from me! It’s bad enough that they’re double the price of most offshore competitors but to close down accounts without notice is just plain intolerable.

The irony of the situation is that I worked at that hosting company for years and on realising this the tech at the other end started to agree with my assessment of the situation ๐Ÿ™‚ Additionally I still know their systems better than some of the folks there now! (I talked him through the process of getting the keys)

I was quite pleased to see a WordPress 2.8.1 upgrade hit EPEL quite quickly – new features and a security rollup all in one and before I felt the desire to roll one up myself. Cheers Adrian! This release was rock solid and the upgrade the most painless on record.

My own packaging is slowing up a little due to so little out there that is a) not already packaged or b) not really ready. One I have given a test run is the Miredo client for IPv6/Teredo tunnelling. IPv6 tunnelling is widely available – many places will even have native connectivity – but for those cases where you are behind a restrictive NAT (or just want to tinker like I do) it’s an interesting alternative. Fedora packages from my usual repositories.

Revisting Nagios for monitoring – I can’t just walk over and look at a server several thousand miles away –ย  brought back a few memories, it took a bit more dusting off of the old knowledgeย  (I use Zabbix at work, they’re dragging me into using Xymon which I don’t like as much) but it’s working quite well and the EPEL/Fedora packages are kept well up to date. With puppet / func it’s even simpler to roll out the NRPE checks (which were always tedious when done by hand)

The SmokePing package has also been a boon in the workplace – I used it to successfully convince our network administrator that the packet loss we’d identified wasn’t our imagination and lo, it got fixed as we could track performance. Again it wasn’t hard to install and the configuration makes sense after a pint or two ๐Ÿ™‚

My girlfriend and I have been getting back into yoga – “hot” yoga, which is the standard fare, just in a 35+ degree heat – and the timing is perfect; It’s been freezing here in Brisbane (10-20C on average, which is brisk for this part of the world) and I needed something to keep my mind in check. To my surprise I even held my form despite being away from it for a month or more ๐Ÿ™‚

New hosting arrangements

If you’re reading this (and not a “Page Cannot Be Displayed” or “Internal Server Error”) then I’ve successfully moved my site(s) to the new server.

After years of hosting off my own gear, either at datacentres or literally in-house I’ve moved to a Xen VPS at Slicehost, running CentOS 5. Setup and migration was relatively painless (fat-fingered a DNS record however, I won’t be doing that again..) and their default bare-bones install is an absolute boon for keeping an instance clean – I hate cluttered installs full of cruft I don’t need/want.

I’ve even got low-ping IPv6 to most of the world now via Hurricane Electric (just as I remember it – simple and do it yourself, which also meant pinging the service to keep the tunnel up :-D)

The only nit I’ve found has been the lack of SELinux support on their guests – I’ve had it in Enforcing mode on my servers for as long as I can remember it being offered – it just feels weird and wrong not having it now ๐Ÿ™‚

I’ve also found that there’s a few Fedora packages not available in EPEL that I just can’t live without (postgrey and linux_logo!). I’m not sure why they’ve not been picked up but I’m tempted to do so myself if there’s been no takers – give EPEL some love, it’s nice and stable and won’t do the dirty on you ๐Ÿ™‚

I’m IPv6 ready – are you?

Firstly for those wondering about Courier-IMAP / authlib / maildrop+authlib packages for Leonidas:ย  I’ve built them successfully – only a minor adjustment needed after all that –ย  and it’s available in the usual place. Enjoy, and let me know if there’s any bugs / issues.

(For a change I managed to get them out the door before someone emailed me asking where they were. Miracles happen! :-P)

I was quite surprised – and pleased – to check my website stats and find that my most frequent visitor is an IPv6 address:

IPv6 in AWStats for ThatFlemingGent
IPv6 in AWStats for ThatFlemingGent

(If only the GeoIP database had an idea about IPv6 netblock ownership…)

A good friend of mine is a network administrator for a fair size network – two AS’ under his control and a network covering the Australian eastern seaboard. He’s often tasked with finding additional IPv4 address space

Because IPv4 addressing is becoming scarce the registrars in many locales (APNIC in his and my case) set a high bar for new allocations to network service providers (must use 80% of existing allocation, justify new allocations for a max of a /22 last I heard) – and rightfully so. They’re not toffees and they are indeed becoming quite scarce, moreso with increasing takeup of internet-enabled mobile devices and broader broadband availability.

Yes, there are other options such as NAT (Network Address Translation) and name-based virtual hosting to mitigate many issues – but not all applications play nice behind NAT, Voice apps and some games being good examples – and port forwarding isn’t simple for the novice user.

IPv6, step up to the plate! Support in Linux has been around for aeons and it’s rock solid. If you’re already IPv6-enabled, you’re likely talking to me over it now[1]. It’s even on by default with “link-local” fe80:: class addressing ubiquitous on new installs (even if there’s a lot of frankly ordinary advice on turning it off!)

For Fedora, there’s a number of options for public IPv6 – the documents for the “initscripts” package show the basics of IPv6 quasi-native tunnelling and “6to4” tunnelling and are a good starting point

The latter is easier and a good option if you don’t have a nearby tunnel broker / point of presence like SiXXS, Hurricane Electric or a provider offering a Hexago-like service.

(Australia is a good example – the AARNet educational network offers such a service, as does Internode for it’s customers; Telstra may still do so but that’s it, with Hurricane Electric a higher-latency option down here. Other points of presence are just too distant to be useful)

Wolfgang Rupprecht has a Fedora-specific howto, which applies just as well for F11 or even RHEL/CentOS.

The aiccu package is in the Everything repository if you’re eyeing off a SiXXS tunnel connection.

The “go6” client from Hexago is another that hasn’t been packaged yet (to my knowledge and while I use it due to my provider’s use of their broker software I’m not really a fan)

HE.NET (Hurricane Electric) lets you use the standard tools, no extra apps needed (bless ’em!)

The simplest method? 6to4. It’s not as fast as full tunnelling or “native” direct IPv6, but it will get you “on the road” so to speak. Unfortunately NetworkManager currently gets in the way,ย  going from my testing, but on a headless gateway not using NM it works a charm:

  1. Make sure IPv6 is on in your network config: (NETWORKING_IPV6=”yes” in /etc/sysconfig/network)
  2. Tell the network the default IPv6 interface to use (set “IPV6_DEFAULTDEV=tun6to4” in the above file)
  3. Add the following lines to your network interface:
    • IPV6INIT=yes
    • IPV6TO4INIT=yes
  4. That’s about it – restart the network service and you should be rollin’.

It will use anycast to 192.88.99.1 (default anycast prefix host for 6to4) to find the nearest 6to4 broker and use it as the endpoint. Test by going to a site like www.kame.net (if you see an animated turtle, it’s working) and enjoy.

I’m moving servers next week (a Xen VPS with a fatter pipe) and rest assured it will be IPv6-aware!

[1]

[mfleming@qbert ~]$ host -t AAAA www.thatfleminggent.com
www.thatfleminggent.com has IPv6 address 2001:44b8:62:1b0::1

This is why I’m not a “webmaster”

In an effort to help my girlfriends website generate a bit of trafficย  – and some business for her ๐Ÿ™‚ – I’ve spent a bit of time (probably a little too much for a holidaying techie, but it’s a “love job”) trying to get my head around more indepth search engine optimisation and Google Analytics / Webmaster tools in particular.

In summary I still think a lot of it is voodoo ๐Ÿ˜€ .

Generating the sitemap etc. is easy, as is submitting it (except Yahoo, too many hoops, FIXME) but the resulting information can be just a tad opaque – bounce rates for example (mine seems high at over 70%, maybe because of the package downloads) plus GoogleBot’s view of my site seems rather different to mine (or what awstats tell me about visitors) – I suspect the poor old META tag doesn’t get the importance it did in times past, and this old curmudgeon is still in the tech-bubble era regarding search visibility.

But I’m learning again – there seems to be some positive results already and it’s another string to my bow.

An impressive practical use of Google Maps (and Twitter to get the word out) during the flooding here in Brisbane:

Google Map of the affected areas and road closures

Fortunately I’m in the inner city and a floor up in an apartment, so wasn’t affected, unlike far too many (including a close friend who arrived home from the pub to a flooded front lounge and no electricity ๐Ÿ™ )

I also attempted to split my IPv6 allocation (a mere /64) over 2 physical links – bad idea and an epic failure on my part. It was worth a shot I guess.

All of my revision controlled code has been switched from bzr to git – I don’t know why I didn’t do this sooner – it’s been a breeze, and the learning curve hasn’t been steep at all – or perhaps my needs aren’t too complex? (I’ve been primarily a bzr/cvs/Subversion user). The “tailor” package from the main Fedora repository was also helpful – it’s not the easiest to use, but the results were excellent.

I’m converting my rather venerable Samba domain controller to an LDAP backend (it’s currently tdbsam and a pain to manage) – using Fedora Directory Server (ahem “389” now – admittedly good vendor-neutral branding there folks) has been fairly painless, barring my unfamiliarity regarding how it manages ACLs (or perhaps that’s just the management console not doing what I think it is)

Speaking of which – I’ve had a dreadful experience with LDAP management apps – both gq and lat crash on me badly and while I don’t mind phpldapadmin (and use it at work) it’s not particularly fast. I welcome suggestions for alternatives ๐Ÿ™‚

I’m currently hand-editing via ldapvi and feeling rather old-school.ย  A little Perl CGI app called “pluma” has piqued my interest – I’ll package it up if it turns out to be worthwhile.

No IPv6 :-(

Folks,

It seems my IPv6 routed range and tunnel have been offline for the best part of the week. I’ve tried multiple times to rebuild it and that part of it’s fine – but once it hits the other end of the tunnel, no route to any host.

So it looks like my tunnel broker, he.net (Hurricane Electric) aren’t particularly on the ball in this regard and I’m not expecting much.

I’ve tried singing up with sixxs.net but they haven’t got a presence point I can use (their policy is to reject latencies > 100ms, which means pretty much everywhere outside of Australia – the link via NZ is the killer, even the closest PoP is 250ms+.

I can go with AARNet, but have tried before and it’s a bit ugly. It’s a standby if I really, really want it I guess.
Mind, there’s very little traffic from the wildside coming in over IPv6, so I’ll likely just shut it all down and stick with classic IPv4. It’s been an interesting experience but the educational benefit and cool factor have now worn off – so I’ll likely take the tunnel down for good and remove the AAAA records soon enough.

To those IPv6 users – sorry folks.