Monthly Archives: July 2006

Multipath is working

Yesterday, we got multipath working with our HP MSA1500cs SAN. We have a fully redundant setup with redundant controllers, fibre channel switches, and two FC controllers per host.

We had been having a lot of trouble getting things to work right with active/passive controllers. We could get failover to work in some cases, but getting everything to communicate correctly in the event of a failure was difficult, since every machine would have to flip over to the passive controller simultaneously.

With a firmware upgrade, the MSA 1500cs can support active/active controllers. With the dual-active setup, both controllers are active simultaneously and both are valid paths.

Despite HP support’s indications to the contrary, HP does have information on using built-in multipathd in Linux instead of their proprietary multipath solution. It’s document c00635587, part AA-RW8RA-TE.

We’ve configured multipathd.conf like this:

      path_grouping_policy  multibus
      path_checker              tur
      failback                  immediate
      no_path_retry             60
      path_selector             "round-robin 0"

Just put that in your default block and it should work.

Reactions to Israel and Lebanon

I was surprised by the reactions to my story Saturday on Israel and Lebanon. Several pro-Israel posters are apparently in complete denial about what the Israeli military forces are doing.

Today, the American network ABC reported that Israel had bombed a Kleenex manufacturer, numerous farms, and all the major roads out of Lebanon. And they showed pictures of all of these during their evening newscast.

I find it highly unlikely that ABC is making this up.

One person asked, essentially, “do you really think a democracy could do this?” Yes. It’s happened many times before. The United States and Britain did this sort of thing when they destroyed tens of thousands of homes and killed over 25,000 people, most of them civilians, in the bombing of Dresden. The United States also was responsible for the nuclear bombs dropped over japan, killing 140,000 people instantly and countless more due to the effects of the atomic weapon.

Being a democracy is no guarantee against extremism. Some Israel supporters need to take a hard look at what their military is doing.

As I explained, none of this is to defend the attacks against Israel, which of course are also terrible.

But I think Israel’s strategy is going to wind up costing them — they are creating huge numbers of angry Lebanese, that perhaps didn’t have the motivation to attack Israel before, but now do. (Of course, the same error could be attributed to their enemy)

And both sides are catching innocent civilians more than military targets.

It’s very sad.

Israel and Lebanon

You know, I’m sick and tired of this whole “you wronged us, therefore you will pay” attitude that there seems to be in international politics today. Both sides of the whole terrorism thing seem to have that attitude.

But the latest sanity-defying news is that Israel is bombing wheat silos, food stores, and lines of civilians trying to escape Lebanon. Huh? What is the strategic value in having starving civilians in Lebanon? To me, it seems like a recipe to make things worse for Israel. You kill people’s family in Lebanon, and you create large numbers of very mad family members that now have a reason to plan terrorist attacks on Israel.

It defies sense.

Why don’t people try to value human life for once, everywhere?

Announcing hpodder

Today I’m finally announcing hpodder.

I’ve been trying different podcatchers in Linux, and have been generally unhappy. ipodder looked nice at first, but turned out to be horribly buggy.

bashpodder/podracer looked like a nice idea. However, it didn’t have enough flexibility for me, its XML parser has some well-known failures (it’s not a real XML parser, after all), etc.

So I wrote hpodder. hpodder is a command-line podcast downloader for Linux. It features:

  • Extensive manual (installed as manpage, or you can view the PDF versoin). Documents all command-line options, the config file, a quick start, plus some basic information about the internal database
  • Database of seen URLs (in Sqlite3) — for use both for downloads and when processing feeds
  • Graceful handling of Ctrl-C, shutdowns, network troubles, etc — including ability to resume downloads later, plus the ability to detect servers that don’t handle download resuming properly (libsyn)
  • Automatic setting of ID3 tags based on the episode title and podcast title from the podcast’s feed (as iTunes does) — dramatically helps with viewing of all sorts of podcasts on the iPod and your PC
  • Support for download rate limits, progress bars, etc. via Curl
  • Seems to be stable for me
  • Command-line tools to: add new podcasts, remove podcasts, update podcast feed URLs, scan podcast feeds, list known podcasts & status, list known episodes & status, alter episode status (mark for downloading or not), “catch up” podcasts, etc.
  • Automatic retry of downloads that failed due to transient errors

You can download a source tarball, or apt-get install hpodder if you run Debian sid.

hpodder is written in Haskell, and calls the curl and id3v2 binaries. It uses the Sqlite3 library and my HDBC database interface for Haskell.

But you’d never need to know or care about that unless you’re a programmer.

In future hpodder versions, I intend to improve the download status display, add last-seen date tracking, and add multithreaded downloading.

Week 2 (ending Jul 8)

The big news this week: the kitchen is gone and the wash house was saved!

On Monday, I went out to take the week 1 pictures and clear out some junk from the wash house.

Workers started Wednesday. We thought we’d have to tear down the wash house, but they managed to save it! It’ll make a nice outbuilding somewhere.

They pulled down the kitchen/bathroom. So things are looking very different already.

Check out the week 2 photos. Here’s a sample:

Renovation: Week 1

I’m a week late in posting these, so pretend this was posted July 1.

We bought the place on June 27. The next day, somebody was already out removing the chimney from the house. Then over the weekend, dad and I went out there to remove the chimney from the wash house.

Our contractor happened by while we were out. He had heard that some concrete blocks would be available at an auction, so he bought them for us for $2 for the whole lot. Should save us some money.

Photos of the place after week 1 are now available.

Here’s one, featuring a vulture sitting on top of the barn:

Why Is Expensive Software So Crappy?

Today I was listening to Gary McGraw on Frontline Security talking about software security. One of his points was that a large part of security trouble is poor design.

That reminds me how I’ve been meaning to rant a bit about the really terrible security I’ve seen in proprietary software lately. Some of this is very expensive software that people pay lots of money for.

  • World-writable installations. In one case, the documentation for the software directed users to mark the entire program’s directory tree world-writable, including all files and directories within it. In a whole host of additional cases, consultants or support people tasked with installing the software make everything world-writable as a matter of routine. And some of these are programs specifically designed to be used on Unix shell hosts.
  • Overuse of telnet. There’s telnet use everywhere. One program actually telnets to a server to start their own server-side component and then send XML to it. So we have to have an account for the server-side component, put the password in plain text on the client side, and maintain *telnet* for the application. Have we never heard of, say, CGI, people???
  • Overuse of root. Again, I’ve seen this even in documentation — “run everything as root” or “if you have trouble, just run this as root.” I’ve seen installers actually check to see if they’re running as root, and fail if they’re not, even though they have no need for root privileges.

Sigh. Although I’ve seen some poor code out there in the Free Software community, I’ve never seen anything that even approaches this level of insanity.

Why is the most expensive software the least secure? And what can we do about it when the vendor doesn’t care?