Planet TLLTS

This is somewhat of a reprisal of some thoughts I shared on a recent episode of the LinuxLink TechShow.

I have been asked many times about being a Linux admin. After a few years of walking the walk and being in on a lot of interviews, I have compiled a few mental notes and thought I would share…

• Get a cert.
  I have been doing Linux for a LONG time but I never had so many job offers until I got my RedHat cert and put it on LinkedIn. Once that happened I get, some weeks, upwards of 5 job offers per week. Seriously. These offers are also local – not like people are calling me to move out of state or even out of the area. The jobs are out there folks. Linux people are currently on the hot list. Just do it right and you should be a shoe in.
• Know your stuff.
  Here’s the deal. You MIGHT run into a company where you can snow them into thinking you are a serious Linux guy even though you don’t know how to tell what directory you are in on the command line, but it sure won’t be MY company. I ask potential candidates lots of questions – ones that I am convinced that anyone that *actually uses Linux* should know. Make sure that you do. You should know all kinds of common Linux things down absolutely cold and this includes things like common userland commands, problem diagnosis and resolutions. If you don’t know the fix to a problem, you should be able and prepared to demonstrate that you can quickly find the correct answer / resolution.
• Don’t rely on the gui.
  I used to think this was a given but after a dozen interviews it bears mentioning. You *cannot* correctly administer a hundred servers if you need to rely on gui tools. They may be handy in a pinch, but they are wildly inefficient. On the same tolkin, you should be familiar and comfortable with at least basic scripting. One of the questions I generally ask is if another administrator left your company, how would you change the root password on 100 servers in a hurry?
• Do be familiar with Desktop Linux.
  Although I think it’s extremely important to be command line savvy on the server end of things, I am also convinced that a Linux guy should be comfortable with using it on the desktop as well. It always strikes me as strange when I ask a Linux guy what kinds of computers he has at home and what he uses them for and he (or she – it’s just a figure of speech) says they have a windows laptop that they only use for browsing the web and email.
• At least feign interest.
  In my opinion, a Linux system administrator should be interested in Linux and system administration. Things like playing at home with different linux distributions, running your own home server, setting up , learning about and trying different Linux services are all big plusses.
• Don’t BS on your resume (or resume inflation).
  A friend of mine I work with and I have this theory that a person’s actual skill level with Linux is conversely proportionate to the size of their resume. Actually, this goes back to that “Know your stuff” rule as well. Put the relevant things you know on your resume and *actually know them*. Trust me, I will ask you technical questions about the things you list on your resume and I *will* find out if you are lying. Inflated resumes may impress H.R. people but not the people who actually have to weed through them.
• Shake hands like you mean it.
  When you come for an interview, if you offer to shake hands or take an offer to shake a hand, actually do it. Nothing weirds me out more than someone giving me one of those limp wristed, pantywaist, palm tickle handshakes. Grip my hand like you mean it and give it a good shake like you are happy to be there.
• Be genuine.
  Don’t try and be someone you are not during the interview. Be yourself, relax a little, be honest. Don’t be overly cocky, snarky, apologetic or overtly eager. Also, try and dress decently and speak well.

That’s all I can think of right now – Knock ‘em dead!

Last night on the TechShow I was asked about providing some info on a decent default server build. Here are some quick notes to get people going. Adjust as necessary.

Just for ease, here, lets assume you are installing CentOS 5, a nice robust enterprise class Linux for your server needs.

CentOS 5 / RHEL 5 / Scientific Linux, etc., does a really great job picking the defaults, so sticking with those is just fine and has worked well for me on literally hundreds of servers.

• I let the partitioner remove all existing partitions and chose the default layout without modification.
• Configure your networking appropriately, make sure to set your system clock for the appropriate timezone (no I do not generally leave my hardware clock set to UTC).
• When picking general server packages I go for web server and software devel. I do not, generally, pick virtualization unless there is a specific reason to. I find that the web and devel meta server choices provide a robust background with all the tools I need to set up almost any kind of server I want without having to dredge for hundreds of packages later on.
• The install itself at this point should take you about 15 minutes depending on the speed of your hardware.
• Once installed, reboot the server and you should come to a setup agent prompt. Select the firewall configuration. Disable the firewall and SELinux completely (trust me here). Once that is done, exit the setup agent (no need to change anything else here), login to the machine as root and reboot it. This is necessary to completely disable SELinux.

From this point on it’s all post install config…:

• Add any software repositories you need to.
  I not only have my own repo for custom applications, but also have a local RedHat repo for faster updates and lower network strain/congestion.
• Install your firewall.
  I use an ingress and egress firewall built on iptables. While mine is a custom written app, there are several iptables firewall generator apps out there you can try.
• Install your backup software.
  Doesn’t matter if this is a big company backup software like TSM or CommVault, or you are just using tar in a script. Make sure your system is not only being backed up regularly, but that you can actually restore data from those backups if you need to.
• Add your local admin account(s).
  Don’t be an idiot and log into your server all the time as root. Make a local account and give yourself sudo access (and use it).
• Fix your mail forwarding.
  Create a .forward file in your root directory and put your email address in there. You will get your servers root emails delivered to you so you can watch the logwatch reports and any cron results and errors. This is important sysadmin stuff to look at when it hits your inbox.
• Stop unnecessary services.
  Yes, if you are running a server you can probably safely stop the bluetooth and cups services. Check through what you are running with a “service –status-all” or a “chkconfig –list” (according to your runlevel) and turn off / stop those services you are not and will not be using. This will go a long way toward securing your server as well.
• Install OSSEC and configure it to email you alerts.
• No root ssh.
  Change your /etc/ssh/sshd_config and set “PermitRootLogin no”. Remember, you just added an admin account for yourself, you don’t need to ssh into this thing as root anymore. Restart your sshd service after making the change in order to apply it.
• Set runlevel 3 as default.
  You do not need to have a GUI desktop running on your server. Run the gui on your workstation and save your server resources for serving stuff. Make the change in /etc/inittab “id:3:initdefault:”.
• Fix your syslog.
  You really should consider having a separate syslog server. They are easy to set up (hey, Splunk is FREE up to so much usage) and it makes keeping track of whats happening on multiple servers much easier (try that Splunk stuff – you’ll like it).
• Set up NTPD.
  Your server needs to know what time it is. ‘Nuff said.
• Install ClamAV.
  Hey, it’s free and it works. If you do ANYTHING at all with handling emails or fileshares for windows folks on this machine, you owe it to yourself and your users to run Clam on there to help keep them safer.
• Do all your updates now.
  Before you go letting the world in on your new server, make sure to run all the available updates. No sense starting a new server instance with out of date and potentially dangerous software.
• Lastly, update your logbook.
  You should have SOME mechanism for keeping track of server changes, whether it be on paper or in a wiki or whathaveyou. Use it RELIGIOUSLY. You will be glad someday you did.

The Marvelous Land of Oz by L. Frank Baum

My rating: 4 of 5 stars

I must say, I was really enjoying this book and as it came close to the end I wondered and then was pretty floored with the outcome. How bizarre this was for a children’s book; yet very fascinating.



I so enjoyed the characters in the second installment of the series and eagerly look forward, as my daughter does, to see where the adventures take us.



The Oz series is proving to be a fantastic classic to enjoy for all ages.



View all my reviews

Topics include:

In today's ogg cast, dave talks with Todd Lewis, Conference Chair of the Palmetto Open Source Software Conference -- POSSCON. POSSCON is March 23rd -25th, 2011 at the Columbia Metropolitan Convention Center. You can find out more about POSSCON by visiting posscon.org

Links:

lottalinuxlinks.com linux user podcast 135 ogg vorbis format;

lottalinuxlinks.com linux user podcast 135 speex format;

Palmetto Open Source Software Conference;

After episode 142 of the Linux Action Show where the hosts exclaimed strongly against Google dropping h264 in favor of WebM largely because WebM is an “Open Standard” I was prompted to discuss this further in their forums and came to the the realization that I may have been completely misled as to what the term Open Standard truly means.

I subscribed to the definition that most fits Bruce Peren’s concept of Open Standard defining it, roughly, as a standard that is publicly available and can be implemented without restriction. Now he goes into more detail with six tenants and these are further expanded upon by a wonderful paper titled The Meaning of Open Standards.

Review the Wikipedia definition of Open Standard and it becomes apparent that there is no single consensus on what an Open Standard is. Most subscribe to something akin to Peren’s Six principles but what about ITU-T? Their definition states that an Open Standard is a standard that is collaboratively developed, balanced, publicly available and implementable via royalty free licenses or on reasonable terms and conditions. The last point contrasts Peren’s Point 3 – Royalty Free implementation and most other defintions. So which definition is right? They cannot all be? Yet it would appear that OpenStandards.net would have us believe they can all exist under the same umbrella.

On the Jupitercolony forums a contributer, ShawJGroff, replied to my post on this topic with the following statement:

“Open standard” describes the standard as an entity by itself: it does not describe the thing the standard is defining.

Now this is not a definition I have ever heard put forward for the term Open Standard. So if I re-iterate what my post was about: “Is h264 truly an Open Standard.” By his definition what is meant by saying h264 is an Open Standard is that the published standard for h264 is openly available to all and the term Open Standard in no way should be applied to the implementation of the technology, h264, detailed in the standard.

This is the the single most salient point I think that all definitions put forth for Open Standard agree upon. That the standard is open to all to read. There is no mention of implementation, privileges or restrictions put forth in this definition. So is this the true historical meaning of the term Open Standard? Has the term Open Standard become polluted over time particularly by members of the Free and Open Source movement to apply it more towards the tenants of Free and Open Software?

When Steve Jobs stands up and says h264 is an Open Standard are we bucking up against sociological, political and generational corruption of what he truly means? Is he saying that and Open Standard refers to the availability of the standard itself and has nothing to do with the implementation, restrictions or privileges defined by the standard and licenses applied to the standard? Is there a purposeful play on words here to describe a technology like h264 as an Open Standard thus playing to the popular “buzzword” term of the day ascribing Open Standard to be akin to Peren’s definition when in truth it is merely the publication of the h264 standard itself and nothing more?

Has the term Open Standard become too polluted now? I’d be interested to hear other people’s opinion.

Topics include:

In today's ogg cast, dave issues his largest apology yet, while also managing to talk about the Google CR-48 cloud book, the SouthEast LinuxFest, Darren Aronofsky movies, ps3 games, Fossil-SCM, and Debian Squeeze.

Links:

lottalinuxlinks.com linux user podcast 134 ogg vorbis format;

lottalinuxlinks.com linux user podcast 134 speex format;

CR-48;

SouthEast LinuxFest 2011;

Fossil -SCM;

Darren Aronofsky at IMDB;

Reqium for a Dream;

Pi;

The Fountain;

The Wrestler;

Black Swan;

The Wolverine;

Machine Man;

Below;

Aronofsky Batman reboot comic;

Dinner for Schmucks;

Splice;

RED; and

Debian GNU/Linux The Universal Operating System.

In continuation, somewhat, of my last post and a brief review on the last TechShow, I wanted to jot down some notes about my newest encounter with ESXi and Subsonic.

I wanted to try out Subsonic, so I really needed to put together a new machine to play with it a bit. As a RL System administrator, some things carry over into my home computing environment, and paranoia is one of them. I just *have* to test things outside of my “production” servers at home too. Since I run my servers in a virtualized environment, this shouldn’t be too much of a problem.

I run ESXi at home for my virtualization platform, and the norm there is to use virtualcenter (or the vic) to create and manipulate VMs. The problem there is I am just not a Windows fan (no kidding). I had gotten around this problem initially by creating a VM on VMware Server (running on Linux) and then using VMware Converter to move that VM to my ESXi machine. This time, I did a little more digging on the subject of using the command line to create those VMs natively and I actually found some great information that let me do just that. What I found was these two links that contain all the information I needed:
ESXi – creating new virtual machines (servers) from the command line
and
http://www.vm-help.com/esx40i/manage_without_VI_client_1.php

Without rehashing a lot of the detail provided in those two sites, the basics are using vmkfstools to create a disk image for you to use and then building a small minimal vmx file with enough info in it to get things going. To do the install, make sure have your vmx start an iso image from the cdrom drive and turn on vnc for the box. From there it’s quite easy to get an install working.

The server I decided upon installing is CentOS 5.5. I chose the standard server install and the only things that were required to get Subsonic working on it were:
yum install java-1.6.0-openjdk
and then to download and install the rpm from Subsonic’s website. A little later on I found that Subsonic would not stream my ogg files and that was easily fixed by:
rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
yum install lame ffmpeg

After all that, pointing your web browser to http://:4040 and you are rocking and rolling with the big boys. The thing that really impressed me with the setup is when you tell Subsonic where your music is. On every other music server install this is the part where it takes a while to scan and index your music. With Subsonic this was surprisingly almost instantaneous! You tell it where the music is and *whamo* your music shows up, ready to be played. Fantastic! The other great piece is the ability to add album art. You can just tell subsonic to change your album art and it finds some suggestions on the web and will let you pick the correct one and save it to your collection. It’s very nice and a complete time grabber

   Early last week I had another burst of reading activity on my Kindle 3. Reading for me tends to come in spurts when the rest of my life doesn’t interfere and it had been a while. I loaded up the Kindle with some new goodies (Sh*t my dad says is hilarious, btw) and started peeling through not only the books but also the menus, setting things up just the way I like them.

RANT: As a side note here, why the heck are collections so freaking difficult to setup? I mean come on Amazon. Make them work by directory structure or something easy, or at least fix it so that when you add to collection, you are only shown books not already in another collection by default. OK, rant done

   Anyhow, as I was reading and setting up different collections, etc. I noticed a familiar recurring problem. The short history is when I got my Kindle 3 I noticed every so often the e-ink would not fully display, but only display VERY faintly. I called Amazon and they had me update the firmware but ut was really hard to tell if that fixed it as it was not a constant thing. Queue up last week and I notice this a LOT more. Not only while reading the books, but now in the menus, etc.. So, I called Amazon right up as they instructed me to do the last time I noticed this. They IMMEDIATELY sent me out a replacement. I mean I had it the NEXT day, during a snowstorm. There was no arguing, no listening to some low end tech worker flip pages on the other end of the phone, no shipping or return costs, no hassle whatsoever. THIS is what customer service is all about and it’s easy to see that Amazon stands behind it’s products. This is why I will always recommend the Kindle. I don’t know what the other guys service is like, but Amazon is absolutely tops every time I have had to deal with them.

   Shortly after I got my new Kindle (read hours) I got horribly sick (sinus infection) and have been that way for 4 or 5 days now. During my occasional bouts of lucidity and while waiting for the NyQuil to kick in again I was reading through my facebook posts and noticed Tom Higgins mentioning that he was enjoying using Subsonic, which is a new (to me anyway) software that manages your music collection for you. It’s a server side app with some seriously nifty clients you can run on you android phone, which made it catch my eye. I have (and still do for now) been using Kplaylist for quite some time and I really like it, but, hey, nothing wrong with checking out new things, right?

   Well, the thought of me trying out some new music collection software got me looking at my music collection. You know what this is like. I have been hanging on to my music in digital form for better than 10 years, so, it’s substantial / sizable, in different formats, mixed up, formatted and named badly, bad mp3 and ogg tags, etc.. What’s a guy to do? Well, I searched around a bit and found a whole lot of programs for Linux that will let you manually fix tags. Ick. With thousands to do I kept searching. I found a bunch of programs for windows and mac that will help you reorganize and fix your collection, and, eventually, I found ONE that will do the same on a Linux box. It’s name is MusicBrainz Picard I have been using it here and there (still sick) for a couple days now, sicking it on a directory of my music collection here and there. It sure beats doing this all by hand! It’s not perfect software by any means, but it sure will be a timesaver compared to the alternative and the more people that use it and update those databases, the better it’ll work. Check it ut, I think you’ll like it!

The Wonderful Wizard of Oz by L. Frank Baum

My rating: 4 of 5 stars

I read this book to Avery before bed. What a wonderful adventure. It was hard not to break out into a chorus of "Follow the Yellow Brick Road, follow the yellow brick road! Follow, follow, follow, follow, follow the yellow brick road!" If you have seen the movie but never inquired about the books you are in for a treat. The book is different than the movie but both are magical in their own way. Thus, unlike most movie adaption of books, I cannot say that the movie is at all inferior to the book.



I was a bit surprised at some of the violence in the book. The tin woodman does some beheading, but of animals and beasts; still, beheadings are brutal. Still, it is pretty safe to read to a child.



Tomorrow we start the next book – The Marvelous Land of Oz.



View all my reviews

I’ve had my Nexus One phone for around a year and for the most part really enjoyed using it. I’ve also enjoyed getting updates to Android before any other Android phone on the market. The only negative aspect is the limited on-board memory. On occasion towards the end of the day I might get a popup dialog saying I was running low on system memory. Recently my wife requested me to pick her up an Android based phone. Initially I was thinking of just picking up one of the low/middle level Android phones available for around $50. The LG Optimus L is pretty well rated. I would have to upgrade my plan on T-Mobile to a “Family Plan” with shared minutes between the 2 phones. I went to the T-Mobile store near my office and found out they were doing a buy one get one special for all their phones. Now I’ve checked out all of the Android phones and currently the best one being offered by T-Mobile is the Mytouch 4G. While it is not staggeringly more powerful than my Nexus One it does offer the following improvements:

more than 1 gig of internal memory available

slightly more crisper display than the Nexus One

front facing camera to do video chat via Qik

improved battery life

what T-Mobile calls 4G speeds

All the improvements over the Nexus One are nice but the most noticeable improvement is the overall network speed. With my Nexus One I was getting about 2 Mbit down and about 1 Mbit up in good conditions. With the Mytouch 4G I’m getting about 5.5 Mbit down and 2 Mbit up. While T-Mobile advertises this as 4G it really is HSPA+ which is technically more like 3.5G. As far as I can tell this is the fastest available mobile speed in my area. At my office myself and several of my co-workers compared our mobile carriers’ speed by using the Speed Test application. We compared my phone’s speed against an iPhone on AT&T and an HTC Incredible on Verizon. The Mytouch 4G on T-Mobile won handily. It wasn’t even close. I’ve had the phone for a couple weeks now and I’m really enjoying it. The phone is very well built and feels like a tank compared to the Samsung Nexus S with it’s somewhat flimsy plastic case. The video chat works with the only requirement being both parties have to be registered with Qik. I highly recommend the phone to anybody.