I Don't Know

One of the biggest differences between a senior system administrator and a junior system administrator lies in knowledge of their own knowledge. Both know a vast quantity of information but the senior admin has the ability to say “I don’t know” when he needs to research something further. He does not see that phrase as an admission of weakness but as a promise to not mislead the person asking the question with an inaccurate answer. A good customer, employer, or colleague will appreciate this trait, especially when the correct answer is supplied in a timely fashion.

Lazy

One of the biggest differences between a senior system administrator and a junior system administrator lies in laziness. Both are equally lazy, but the senior admin is not self-conscious and plans accordingly. The junior admin does not admit such things so to look strong, yet tasks are left undone or completed in haste.

Why Buy New When Strange Will Do?

“Hey Bob, do you think you can install Linux on a machine for me?” I hate “just installing Linux” for people. Actually, it’s not all that bad, but the machines become one-offs. I’d much rather give people the CDs and have them do it themselves, and then maintain it themselves. “Sure. What kind of machine is it?” I’m a masochist at heart, apparently. “Oh, it’s this old machine that was a mail scanning appliance. I want to rebuild it and use it for a desktop.” “I know the machine you speak of. Isn’t it like five years old?” “Yeah. Linux should run okay on it, right?” Linux, the miracle worker. Dear Linux, I have an IBM PS/2 Model 30 386 …

Read More

Shell Scripting & Blogs

You know why I love my blog? It’s because of everybody who reads it. Thanks y’all. Case in point: my fix to randomize shell script execution went from # Don’t slam the mail servers! sleepamt=$(echo “$RANDOM/1092” | bc) /bin/sleep $sleepamt to # Don’t slam the mail servers! /bin/sleep $(($RANDOM/1092)) Hehe. It’s like extreme programming, writ large. The second case has fewer dependencies, though, and I like that.

$RANDOM

Shell scripting just isn’t my bag. Maybe it’s that I started life with DOS and batch files, or that my first scripts were in csh (not the greatest shell to script with). I just tend to write everything but the most basic things in Perl. Sometimes, though, I just need to fix a shell script. I hate grafting Perl in the middle of a script, mostly because I know damn well you can do whatever you need with the shell. Every time I have to fix a shell script I end up learning something. That is, provided I can figure out how to ask Google for what I want to know. 🙂 Today I wanted to introduce a random sleep …

Read More

Size Matters: Use The Right Tool

Once upon a time there was a man who was a sysadmin. He took care of twenty IBM AIX boxes. These machines were built by his predecessors, and they were built over time, each different, each with a personality. This man’s customers didn’t like the different personalities. They wanted each server to be the same so they could write scripts that had the same results on all the servers. They wanted to compile and not have to worry about differences between compilers on the machines. This man asked around and discovered that IBM’s Network Installation Manager, or NIM, was a tool he could use to manage the machines. He took an older AIX box and made it a NIM master. …

Read More

How To Create A Self-Signed OpenSSL Certificate

I can’t remember OpenSSL options. Having grown tired of looking up how to create a self-signed certificate and finding lengthy tutorials I have opted to write my own. Three easy steps to having your own completely kinda-trustworthy certificate for testing and whatnot: openssl genrsa -out bogus.key 1024 openssl req -new -key bogus.key -out bogus.csr openssl x509 -req -days 365 -in bogus.csr -signkey bogus.key -out bogus.crt There, that was easy, wasn’t it? Update: NickyP commented with a one-liner for this. That’s why I love blogs. Thank you!

Why "openssl -des3" Sucks

“Bob, why do you always complain when people encrypt their web server’s SSL keys with DES3?” Well, since you ask, it’s because the web server needs human interaction to start. You need to supply the password. To remember the password you need to write it down somewhere. Or store it online so you can retrieve it. These are potentially insecure, they are avenues of compromise, and at the very least they create more work for already busy administration teams. You could set the password to be the same on all the servers, and tell everybody what it is. That might solve the administration problem but negate any value from encryption. Having a password means you cannot background the web server …

Read More

Do Or Do Not, There Is No "What If"

What’s the difference between a one-off solution and the beginning of a trend? What’s the difference between a kludge and a brilliant fix? What’s the difference between the bleeding edge and the cutting edge? Vision. How do you get a vision? Be out there doing things. Find out what works and what doesn’t. What if I don’t have time to be out there doing things? Then you will always be at the mercy of others. Two roads diverged in a yellow wood, And sorry I could not travel both And be one traveler, long I stood And looked down one as far as I could To where it bent in the undergrowth; Then took the other, as just as fair, …

Read More

Crappy Default ip_conntrack Settings

Read this, from the netfilter/iptables FAQ: To optimize performance, please also raise the number of hash buckets by using the hashsize module loadtime parameter of the ip_conntrack.o module. Please note that due to the nature of the current hashing algorithm, an even hash bucket count (and esp. values of the power of two) are a bad choice. Now examine the kernel output from my RHEL AS 3 box: ip_tables: (C) 2000-2002 Netfilter core team ip_conntrack version 2.1 (8192 buckets, 65536 max) – 304 bytes per conntrack 8192 is both even and a power of two. Great hash size. I don’t know if I should blame Red Hat or the Linux kernel (leaning towards Red Hat since their quality assurance sucks …

Read More