Site Went Down – All appologies.

One of the pitfalls of hosting my own blog is trying to keep Time Warner at bay.  They got me and the site went down for a while as they haggled me about using Dynamic DNS for hosting public services against my consumer grade contract.  So I took an outage during negotiations to avoid paying over $200 a month for a Road Runner Business Class account.  time Warner didn’t budge so I took the site down for a while.

My AT&T DSL was installed Friday and I’ll be buying a modem later this week.  They were the same price and they gave me a static IP Address (no more Dynimic DNS hosting required).   I get 3MB down and 768K up.  That’s better upstream than I usually get with cable.  There maybe another site outage whileI work to get the new serviceon-line and my DNS changed over.  Sorry in advance.

In other news – Tiger may lose the 2008 US Open in a minute.  Yay!

1st Annual Forecast

My Predictions for 2008:

Financial: A major US recession is coming due to the massive credit bubble bursting, an inability of the central banks to continue using credit to create a false sense of prosperity, and continued stagflation. Look for expanded government backed plans like the sub-prime mortgage rate freeze to combat the falling value of the dollar.

Health: Health care costs will continue to rise during a long period of stagflation as health corporations attempt to increase profits or reduce profit loss for their shareholders. When was the last time you heard of a hospital corporation posting a quarterly profit loss? Based upon direct influence of the insurance industry lobby more “mandatory health insurance” laws will be passed at the state and federal level. This will further reduce access to health care for millions and provide fuel for the aforementioned recession. No end to this cycle is in sight based upon public opinion that health care costs should not be influenced by the government (the aging free market argument).

Politics: This is a hard one. My hope is that the Christian Coalition, Southern Baptists, and Evangelical Church don’t win any elections (i.e. Huckabee). By now anyone that knows me should understand that I don’t interfere with the worship practices of anyone but I have strong disdain for anyone supporting pulpit politicians. Remember, we’re fighting to keep terrorism at bay, not Muslims. This includes stopping domestic terrorists in the form of abortion clinic bombers and other extreme activists. The United States is not Jesus Camp. Nor was it founded as a “Christian Nation” under any written doctrine.

My prediction is that the race will be tight. It will be a race between those who support Holy Wars against Muslims and legislating morality verses those who know that if we keep this up “Fascism will come to America wrapped in a flag carrying a cross”. – Sinclair Lewis

Also, Ron Paul will not be your next President. Sorry Internet.

Music: Look for me at any nearby shows performed by KT Tunstall or The National. I may finally start my review of local shows on this blog and if I don’t get in trouble for it I might join a blues band to start playing dive bars.

Technology: Microsoft will continue to take a beating for creating Vista and if the new 2008 Server is released it will not be embraced at any influential rate. For this reason the number Mac sales and Ubuntu installations will continue to rise while XP will continue to be the dominantly installed OS (boy I hope I got that one right huh?).

Look for more touch screen cell phones to flood the market in response to the iPhone rage. Don’t expect better service though.

Flat panel LCD and plasma TV’s will fall below $750 for a quality 42″ 1080p model.

Playstation 3’s will fall to a steady $299 this year and Wii’s will be more widely available as Nintendo increases production.

IBM Network Services Division contractors should be wary of the coming acquisition by AT&T. This could mean more layoffs in Research Triangle Park and more IT workers on the market in NC. Unix Admin’s will all be moving to Lenoir where the new Google data center is located.

American women are now paying Indian surrogates.

As a society we should have a problem with this. First we accepted, without argument “elective cesarean section” for rich women who sit in Starbucks browsing the latest gene catalogs to engineer themselves the perfect child by selecting the sperm. Much like they selected the unique interior of the Mercedes SUV they intentionally double parked. Now these same women will claim they “can’t have their own kids” and ship the selected sperm and their eggs off to India where they’ll pay a surrogate mother around $5K US dollars to be pregnant for them.

So, a 42 year old woman who feels she’s “achieved enough success” in her business and social life to finally have kids can ship off some eggs, some select sperm and viola! In about 10 months Fed-Ex delivers a healthy new born. Now all she’ll have to do is hurry and hire the nanny so she can avoid having to do the annoying parenting part until she’s in her 60’s. After all women of this importance can’t afford to let go of too much “me time” can they?

I hope that by the time my kids are in high school there aren’t so many of these unnatural kids running around that they end up getting labeled. I’ve always called them “Vetros” and Amy hates it (I’m told it’s not nice to stereotype). These kids won’t be intellectually superior or have super human strength for all the selective process that goes into them. They won’t be ultra successful because mommy and daddy were rich, aristocratic assholes. They will be normal kids with delusional parents. The same parents who will be in their late 50’s trying to understand why their investment just got busted driving drunk for the second with half a joint in the ash tray and two tickets to the High Times Cannabis Cup in the glove compartment.

Connor’s Ubuntu Laptop

P10103151.JPGOn Tuesday morning of this week Connor officially learned to use a mouse by himself. He’s the only 4 year old I know with his own Dell D610 running Ubuntu. I have a marker on his desktop with a star icon that takes him straight to Dora the Explorer and Go Diego games. He’s even using the scroll wheel big boy style.

KVM Battle: Raritan vs. Avocent

Recently I started evaluating KVM console switches and power distribution units (PDU’s) for implementation in the new American Kennel Club Data Center which will be under construction within the next three weeks. At the start of this evaluation all of the SA’s in the IT department worked together under the guidance of the Principal Network Engineer to come up with a set of criteria that the chosen solution should meet broken down into mandatory functionality and bonus features. The mandate from the CIO was that the solution allow us to effectively “seal off” the data center for all routine administrative tasks that did not involve physical adds, moves and changes. This includes the ability to remotely power cycle a server without having to enter the rack.

We have a large assortment of server types and console interfaces to support in the environment. These include serial connections to various Sun servers, VGA, PS2 and USB connections to x86 servers, and ALOM network interface connections into those Sun servers that support them. I should preface the details of this evaluation by stating up front that we are implementing state of the art components in this new environment that most veteran administrators would not suspect of the AKC. We’re investing in some of the latest technologies and current trends in hosting environment solutions. This includes a 25TB SAN, 3-phase 208V power provisioned through overhead Starline Busways, zero-U managed power distribution units and overhead cable trays instead of the old school raised floor tiles. The KVM solution we select must be of an enterprise level sufficient to compliment all of these technologies. Here’s the criteria we set for the Raritan and Avocent proof of concept teams. At minimum:

  • The system must support KVM console connections over both IP and serial interfaces. It doesn’t matter if this requires separate switch models to achieve this.
  • There must be a central management appliance or software to administer all KVM switches and nodes connected to all IP and Serial KVM ports.
  • This central management console must be capable of establishing console management sessions to Solaris versions 8-10, Ubuntu, Windows 2003 Server and VM Ware server instances.
  • It must be able to launch an internal (embedded) SSH terminal client such as PuTTy when making connections to Unix servers.
  • The solution must incorporate the ability to communicate with 3-phase 208V PDU’s or CDU’s (Cabinet Power Distribution units). Additionally it must be able to control each PDU to the outlet level with the ability to associate each outlet to a respective server or appliance node.

Optional components that would be of benefit but are not necessarily required include:

  • RSA SecureID authentication support.
  • Auto discovery of any virtual servers associated with primary VM Ware server nodes.
  • ALOM (Sun) and iLo (x86) support for network management interfaces on servers.
  • The ability to interface with 3rd party PDU’s or CDU’s.

So the bar’s set relatively high. All of the contacts from both companies did a very professional job representing their products and did not hesitate at all to provide any necessary eval units to meet the criteria specified above. Raritan provided a Command Center Secure Gateway v1, a KX2-216 16 port IP KVM switch, an SX-8 serial KVM switch and a PCR8-15 PDU. Avocent has initially provided a DSR 2035 IP KVM switch, a Cyclades PM-10 PDU and a 90-day full version of DSView 3, their central “hub” software for managing all Avocent components on the network. We’re awaiting the arrival of an Avocent serial KVM which should be in later next week.

The Raritan Command Center is their central management solution in an appliance form (it’s a 1U server) and is ready to go out of the box without any licensing required during the initial setup. For Avocent’s DSView3 evaluation software we did create a Windows 2003 virtual server instance for the installation and it did required activation and licensing through the Avocent support website. Obviously this software could have been loaded on to a physical test server but we just didn’t have one available so we opted for the quick VM solution. As advised by our Avocent field engineer we would not put the central hub instance of DSView3 into production on a virtual machine (we’d dedicate a pizza box or something).

Despite the Raritan Command Center being a 1U server with no software installation required, from the installation of the Raritan hardware and obtaining access to the first administrative interfaces took about 4 hours. About an hour of this was probably consumed with network issues such as obtaining available IP’s addresses and running cables. Unfortunately the biggest problem with the Raritan solution was discovered prior to the start of the evaluation process. Currently they do not have an available 3-phase 208V PDU that can integrate with their KVM switches for seamless administration and sever node to outlet association in the Command Center console. Furthermore, they cannot provide such integration to 3rd party PDU’s such as Server Technologies or APC. In Raritan’s defense they do have this complete solution available in single phase 208V Raritan brand PDU’s and they are promising 3-phase by June 2008. We will be moving into the new facility some time in late March 2008 so this key requirement could not be met by Raritan in our time frame.

Avocent on the other hand can meet our PDU management requirements in one of two ways. They have their own brand of PDU’s through the acquisition of Cyclades last year providing the 3-phase 208V Cyclades PM-42. The only problem we have with this unit is that it only comes with 42 outlets (three banks of 14 single-phase 208V receptacles). Since we’re running an “A” power and a “B” power strip into each rack for redundancy this would mean 96 outlets per cabinet. It’s impossible to populate racks with that kind of server density. For this reason we’d like to use something like the Server Technologies 3-phase CW-24V2 CDU. It’s got three banks of single phase 208V receptacles and what do you know – Avocent was an OEM reseller of Server Tech PDU’s before buying Cyclades so their switches can interface seamlessly with this model including server node to outlet association. Perfect.

Update: KVM Battle Part II – Raritan vs. Avocent

Right out of the box Ubuntu is easier than XP on a Windows Workgroup.

Samba on UbuntuThis is no exaggeration. Tonight I loaded Ubuntu Desktop 7.0.4 for the first time. After so many rants abouts its superiority on Digg I finally decided to give Ubuntu a try. I loaded it on my Dell D610. Here’s how it went:

First I downloaded the ISO from Ubuntu.com to XP desktop. Then I used Alex Feinmans ISO Recorder to bounce it to CD-R. This creates a bootable image of the OS that you can actually run from the CD for a thorough evaluation before deciding to install it. If you chose to go it’s as easy as clicking the “Install” icon on the pseudo desktop.

The install is completely automatic. This is probably true for most newer Dells (built in the last 3-4 years) since it is offered on the newest models straight from the factory. The only option that has to be selected is the time zone and the some simple information about disk architecture (use some of the disk or all of it?). Type in an initial user name and password and you’re off.

For most Unix-like OS versions I’ve installed on laptops in the past at least one hardware component has failed because of the lack of driver support. Without exception this included the Wireless LAN adapter which always required the use of ndis-wrapper to accommodate the Windows driver. Not this time. All I had to do was click on the wireless LAN connection, a drop down list of available wireless LANs was displayed, I clicked the one I wanted to connect to and put in the WEP key. Bang, I was on the LAN. This was the first thing that was easier than XP.

You see, under XP this same laptop continuously tried to connect to my neighbors unsecured wireless network by default. I actually had to let it connect, disconnect it and then agree to the “warning” that Windows would not attempt to connect to this foreign network again. That’s what it took to get it to keep from overriding the connection to my own preferred, secure network.

So, speaking of networks, the next thing I was going to do was install Samba so I could see shares on my local Windows workgroup. But first I went to the very obvious “Places”, “Network” option on the Ubuntu panel menu and whaaaaa? There’s my Windows workgroup displayed right in front of me. Damn are you kidding? Sure enough I can browse the shares and write files directly to them. When XP was on the exact same laptop I often had to put my right thumb in my left ear, hop on my right foot and restart Windows Explorer three times before I could see the shares on the other machines.

Now before Windows Fanbois go screaming that I just don’t know what I’m doing I need to lay two cards on the table: First, I build and administer enterprise Active Directory domains for a living. I have for over 12 years, check the balance of this blog for details. And second, I actually own the URLs windowsfanboy.com and windowsfanboi.com (and I may be pointing them both to www.ubuntu.com after this experience). Anyone with any tenure in Windows networks knows that Microsoft peer-to-peer networking is intermittently unreliable at best, even under the correct configuration conditions.

The fact that an easy, downright simple to install Linux OS now lives in the desktop market ought to scare the crap out of any company that just released the likes of Vista. No, I won’t be playing Halo on this D610 but with a full blown install of Open Office, Gimp, Samba right out of the box I am not lacking a single component to get to work on this system. It even has a Terminal Server Client right in the Application, Internet menu option. So I can manage my AD networks right away from this Ubuntu desktop.

For once I can agree with all the hype presented by a segment of the user base at Digg. Compared to every other free OS available Ubuntu is, in my opinion, the best. This is coming from a long time FreeBSD fan. This OS brings hope that unified file systems may ultimately “win” the desktop marketplace after all.

IBM didn’t take too long.

That was a nice, intermediate escape from Pack-Rat.  Now I’m on to bigger and better things.  Tomorrow I’m starting what I hope is going to be a long term relationship with the American Kennel Club.  I don’t project this to be an endless series of institutional meetings with little outcome as I experienced at IBM.  Good luck to all the contractors I worked with in Big Blue’s Network Sevices Division.  I hope you all find yourselves a home at AT&T.  Surprisingly most of you seem to be looking forward to it.

I really like the folks I met with at the AKC last week.  It appears there are some Netbackup issues in-house that will be first on my list once I get my bearings in the environment.  I also get to help move another data center in this new post.  There’s plenty of VMWare, Exchange and other technologies to keep me disecting the technology profile for a couple of months at the least.  And finally I’ll be in an environment again without prejudice toward Unix like OS’s.  Most of the time this “prejudice” is no more than lack of experience administering the technology and IT managers that don’t understand the difference between a carriage return that is constructed of one vs. two acsii characters or why it matters.

For today I’m going in search of a new WordPress editor.  One that makes it easier to upload and orient photos inside a post.  It’s time this became a photo blog again.

Reverse DNS – PTR Records

Imagine you’re a small company owner and you decide to host your own mail server. You hire a technician to come in and set up a small SMTP server of some flavor for your domain and have him modify your external DNS and MX records so your mail starts flowing to the static IP address for your network assigned by your telecommunications provider (AT&T, Time Warner – whoever). Two days later you begin receiving non-delivery errors for sent messages that state “You don’t have permissions to send to this recipient”. This is typically a case of the receiving mail server performing a “reverse DNS lookup”. In order for these reverse lookups to succeed the telecommunications carrier that provided your static IP for your network is required to maintain a PTR record for the host name of your new mail server. Now you will learn the horror that is requesting a PTR record from a major telco or ISP.

Many ISP’s and telco’s are reluctant to add PTR records for customers they have delegated IP addresses to for a couple of reasons: The first is usually because they don’t know what you’re talking about when a request for a reverse DNS entry is made and you’re required to travel well up the support food chain before talking to a technician that understands that PTR records are maintained by the ISP delegating the IP address, not the ISP hosting DNS for the domain. The second reason is that unlike the ISP hosting the public DNS entries there is no money involved for the telco or ISP providing your static IP (yet).

PTR records are becoming common requests that you would think ISP’s would be more more willing to accomodate since major ISP’s like AOL and Time Warner both require successful reverse DNS lookups for any mail being sent to a receipient of their domains. It’s a bigger shame they don’t realize the greater importance of hosting PTR records which is it’s actually a technology in the fight against spam that works. If every mail server out there had reverse DNS lookups required for incoming mail I could speculate the number of successful spam deliveries would be cut in half.

What most people, including a lot of Sys Admins, don’t know is that any ISP or telco delegating an IP address is REQUIRED by the text of their ARIN agreement to provide reverse PTR records for the IP addresses they delegate. I wouldn’t hesitate to drop this bomb in the ear of any ISP refusing to add a PTR record for a network I administer.

Under section 7.1 of the ARIN number resource policy manual (American Registry for Internet Numbers) it specifically states

“All ISPs receiving one or more distinct /16 CIDR blocks of IP addresses from ARIN will be responsible for maintaining all IN-ADDR.ARPA domain records for their respective customers.”

This means that any ISP or telco delegating IP addresses is required to maintain accurate DNS entries not only on the domains for which they host public DNS records for but also for any IP addresses they delegate (i.e. statically assigned IP address for your network).

iPhone for Windows

“High Tech Computer Corp. announced the HTC Touch, a Microsoft Windows Mobile 6 Professional OS device designed with one-touch screen features giving users instant access to emails, contacts and appointments.”

http://wireless.itworld.com/5021/070605htc/page_1.html

I beleive I would prefer this for business use over the entertainment value of an iPhone.

“The Touch does not come with large internal flash memory capacity for music and movie storage, which the iPhone will have. HTC instead offers a microSD drive, and a 1G-byte microSD card is included with the handset.”