taking a page from the doctors at the moses taylor hospital, i.t. staff at the scranton, pa., facility last year diagnosed their messaging system and came up with an effective treatment that’s turned out to be a life saver.

the patient in this case was an aging microsoft exchange 5.5 environment that couldn’t support increased message loads and was going to cost a bundle to upgrade.

i love hearing stories like this.

[ read more... ]

i’m curious if anyone is using voip at home, with service from a commercial voip provider — and integrated with asterisk. i’m one of the younger generation who hasn’t had a home phone in almost two years. the last year that i had one was only so i could have dsl and a fax at home (for my business). i use my work-issued cell phone (blackberry) for all my phone calls (except when i’m in the office).

i’ve been toying with the idea of setting up an asterisk box at home lately. i don’t really need to, but when has need ever had anything to do with the reason a geek does something? because i wouldn’t really use it much, i’m looking for something cheap.

what i’d like to do is just use voip at home without being tied in to any vendor-specific hardware (i.e. if i switch providers, i still want to be able to use it), and to be able to purchase an “x minutes/month” plan. i want something that’ll integrate with asterisk and give me a fixed number of minutes per month for a fixed cost. i’d probably pick up a couple of cisco ip phones to use.

if i can get that working, i have another house in another town that i’d connect as well. it has dry dsl, so there’s no actual phone there (i’m only there once every few weeks). i’d put a cisco router in there, set up an ipsec vpn between that house and my primary residence, and put a cisco ip phone there as well (assuming the latency and jitter are okay).

i’ve briefly looked into broadvoice and packet8 and would be interested in any opinions or recommendations.

i originally wrote the following on 23-may-2007:

i installed red hat enterprise linux 4.5 on an hp dl365 yesterday to test out iscsi.

we carved out some space on the san to use for the testing, 500gb to be exact. the dl365 has a qlogic fiber-channel hba in it, connected to the hp san at 4 gbps. the 500gb of storage shows up on the rhel box at /dev/sda. no partitions or filesystems were created on the device.

as far as i can tell, rhel does not include support for being an iscsi target, which i did not find out until after i had it installed. fortunately, i came across the iscsi enterprise target project on sourceforge. their wiki led me to martin’s “iscsi target howto on enterprise linux (rhel4)“. by following that, i was able to get the iscsi target up and running, exporting the 500gb on /dev/sda.

the next step was to connect to that storage space from a windows box. this test is sort of a proof-of-concept to see if we can get things to work the way we want — which means windows “clients”, or initiators, will be used. i found anze vidmar’s “going enterprise — setup your fc4 iscsi target in 5 minutes” wiki page, which details setting up an iscsi initiator on windows. i grabbed the microsoft iscsi software initiator version 2.04 and installed it on my windows xp workstation (a vista version wasn’t available, or i’d have went for that).

following anze’s instructions allowed me to get the windows xp client configured as an initiator in just a few moments, and i had a p: drive showing up as a local disk, with an ~500gb ntfs filesystem on it for all my storage pleasure. excellent!

unfortunately, we need some access controls in our environment. if or when this goes into production, all iscsi traffic will be on an isolated, private network. i’m a big fan of the layered security approach, however, so while an isolated, private network is a good start, i want to implement the authentication that iet and the microsoft initiator are supposed to support.

enter problem. =)

anytime i try to set up some credentials on the target side (using “incominguser username password” in the /etc/ietd.conf config file) and use those same credentials in the microsoft iscsi initiator, i get a simple “authentication failure” dialog box on the client/initiator side. unfortunately, there aren’t any log entries on the server/target side (that i noticed, anyway) to help provide any insight.

anyone ran into this before and have any suggestions? tia.

update: seems i didn’t have any credentials listed in the “global” section of the /etc/ietd.conf file, which is needed if you try to do authentication during the discovery phase (i was). added that in and now have authentication working across the board.

if, like me, you run bind, then you’ve probably encountered the “lame server” error messages in your logs at some point.

to be honest, they’re really not errors. they’re more warnings than anything, because the problem is actually with the remote server and not yours.

nevertheless, they can really build up over time and i, personally, don’t really care to see ‘em. to keep them out of your logs altogether, put the following near the top of your named.conf, then reload/restart bind:

logging { category lame-servers { null; }; };

i originally wrote the following on 23-dec-2004:

well, i finally got something i’ve been wanting for a while… a dedicated linux server at work.

for a while now, we’ve been running a not-too-critical service on linux and it’s been stable and reliable as hell, but it was running on an old 400 mhz desktop-class pc. finally, it had a hardware failure (i knew it was only a matter of time) and it happened, of course, on the first day of a three-day out-of-town trip for $work. $boss got it straightened out and got the hard drive moved to a new, more modern box, and i was able to tell him over the phone what to do to verify that everything was working properly.

anyway, shortly after that he asked me about a dedicated server, which i definitely wanted. so now we have an hp server running debian gnu/linux in the datacenter. this is a huge step for our campus, since up until now we’ve been primarily a windows-only shop (with the exception of an old novell box or two still lingering around). i like windows and while we never have a problem with the majority of our applications and services i’d love to be able to migrate whatever i can off of windows and onto linux. it’s so much more stable, has fewer problems, and i’m much more familiar with linux administration than i am windows administration.

i’ve been adding a few things to the server already and need to migrate that one $critical_service over, but that won’t be difficult. luckily, the semester is over and there aren’t many students around, since it will result in downtime. i know i hate when a service i’m relying on is down, so i do my best to minimize downtown for everybody else.

anyway, got me a new server. woohoo!

boy, how things change in three and a half short years.

when i started out at this organization, we had that one linux box and that was it. today, we host a number of web sites running apache on red hat enterprise linux. those sites are backed by mysql databases running on gentoo. authentication, authorization, and accounting on our wireless networks is handled by freeradius on red hat enterprise linux. in addition, we have a number of “internal” services and homegrown applications that run on linux servers as well.

more and more of our critical services and applications are running on linux, and windows can’t even come close to matching the reliability and stability of the operating system.

as an example, i have a debian gnu/linux box running syslog-ng that is the syslog server for all of our network devices. it’s uptime just surpassed 500 days. take that, windows!

a month or so ago, i downloaded jungle disk. i installed it on an older laptop i have running windows xp that has quite a few files on it i’d like to have backups of. i uploaded a few hundred megabytes of files to disk storage on the amazon s3 system and pretty much forgot about it.

a few days ago i was looking at my bank statement and seen a charge from amazon for $0.04 for the s3 storage. that got me thinking about backups again. i don’t really have any good backups here at home, other than keeping copies of “important stuff” on multiple machines — not exactly an ideal backup strategy.

i have an external usb drive that i’ve been wanting to use with time machine on my macbook to keep it backed up (it has pretty much became my “primary computer” in the last few months). i was keeping copies of important files on it, though, so i couldn’t just wipe it clean. instead, i first hooked it up to an ubuntu linux box that i have here, copied off all the important stuff, and then wiped it clean.

the external usb drive is now hooked up to the macbook and the first full backup (using time machine) is taking place as i write this (in textmate, of course!). it’s currently at 7.7gb of 105.9gb to back up. fun!

on the ubuntu linux box, jungle disk is hard at work backing up all my important files to the amazon s3 storage. i started out with 2.4gb of data to upload, mostly pictures and video that wouldn’t be easily replaced. with my cable modem connection (10 mbps down/1 mbps up), it’s going to take a while. once i get all the “important stuff” dumped onto amazon’s servers, however, and only occasionally add stuff to it, the backups will run much quicker.

i still have a few more pc’s to sift through in order to find everything i want backed up, but i don’t anticipate having more than 10gb or so of data stored on amazon’s servers. at their rates, that makes for very cheap off-site backups.

if you’re looking for a good solution to this same problem, i highly recommend amazon s3 and jungle disk. i’ve had no problems with either as of yet (granted i haven’t used either extensively). jungle disk is commercial software (only $20), but you can run it on as many pc’s as you have. they also have windows, linux, and os x versions that operate nearly identical. i haven’t installed the os x version yet, but i imagine i will before the day is over.

windows toaster

the windows toaster looks great, but sometimes it just won’t make toast. it either comes out burnt or raw, and you have to unplug the toaster and plug it back in again each time you want to try and make some toast. for every loaf of bread you buy you are forced to buy a new toaster to go with it.

linux toaster

the linux toaster looks absolutely awful: it has wires crimped together, things are just hanging out of it. the first time you make toast with it the toaster burns it; the next time it’s raw. you read the man pages and invoke the command line “toast -verbose -breadsize 50132 -eject -o z3321 > /dev/toast” and it makes perfect toast ever after.

mac toaster

the mac toaster has no settings or controls. it looks very stylish, but will only accept proprietary-sized bread which can only be bought from apple dealers at ten times the cost of regular bread. the toast is fine except that the size of the bread is so odd that you can’t actually eat the toast it produces, although it does look very good.

i got bored tonight and, for some reason, decided to get out my trusty old dell laptop that has fedora linux (and, coincidentally, aircrack-ng) on it. as i was getting it, i seen my netgear wg511t wireless card that i bought specifically because it supported packet reinjection. fun ensued.using the somewhat new “ptw method”, i was able to crack a neighbor’s 128-bit wep key in as little as 96 seconds. as i noted on twitter, “even after all the times i’ve done it, i still get such a thrill out of cracking wep”.

red hat doesn’t want you to call it “rhel”.

according to red hat magazine, “it is never correct to abbreviate ‘red hat enterprise linux‘ as ‘rhel’”. yeah, alright. whatever.

red hat, if you don’t want us to call it “rhel”, maybe you should stop?

this is a list of some of my “life goals” — things that i want to do at some point in my life. i usually track my short-term goals elsewhere (such as vitalist, my gtd system of choice), but it never hurts to make a list of things you want to do “someday” and refer to it often to keep you on track. a lot of these i will never get around to, for various reasons, and i’m fine with that.

with that, i present to you my list of “life goals”. it will be revised often and the list is not in any particular order.

• continue my education and finish a bachelor’s degree
• put away $10k in my savings account
• uspa skydiving license
• become a licensed private pilot
• red hat certified engineer (rhce)
• microsoft certified system administrator (mcsa)
• systems security certified practitioner (sscp)
• certified information systems security professional (cissp)
• visit italy
• visit australia
• get married
• fork() a child process
• buy a house
• buy a new car with cash
• pay off student loans