Tony's ramblings on Open Source Software, Life and Photography

Mounting Windows Shares with "credentials"

I had a hard time using the following line in my fstab until I finally realized the problem:

//winserver/incoming /home/outgoing cifs uid=me,credentials=/etc/smbpassfile,noauto,user 0 0

The mount would fail, and my DMESG would report:

[2492180.882826]  CIFS VFS: No username specified
[2492180.882857]  CIFS VFS: cifs_mount failed w/return code = -22

Doing a mount passing the username and password directly would work just fine. Turns out I was missing the following package:

sudo apt-get install smbfs


Guess what OS this is running in

Take a guess what OS this is running in:

If you guess Ubuntu 8.10 64 bit with no emulators, you'd be correct! That's a screenshot from Regnum Online, a free to play MMORPG that just happens to offer a Linux client. I took that screenshot from a cliff overlooking the battle before I stupidly jumped into the fray and swiftly died.

Here I am shooting my wimpy magic missile at the beast just before he killed me in one blow:

Regnum has been around for just over two years. It's not quite as in depth or polished as some of the games out there like Knights Online or Silkroad, but it's certainly an enjoyable game. They also have announced that they will be releasing a new upgraded version with better graphics and dynamic shadows in the very near future and that they do plan to continue to support Linux.

Kudos to them - they just go to show that there's no technical reason you can't develop awesome games for Linux. It's mostly political (and market driven,) but we knew that already.


PHP Sessions can't handle SimpleXML data

I've been banging my head against the wall over an error reported in some PHP code I've been writing. For some reason the session would be trashed on the server and on next page load I'd get "Node no longer exists" when I tried to open the session.

It turns out that you can't take a response from a SimpleXML object and store it in a session. You'd think that if you could type "echo $myxml->thisnode" and get a string that it's really a string, but PHP automatically typecasts and converts as needed - except in the case of storing in a session variable.

There's an easy solution. Use explicit typecasting when trying to store an XML result string in a $_SESSION[] variable:

$_SESSION['myinteger'] = (int)$myxml->myinteger;
$_SESSION['mystring'] = (string)$myxml->mystring;


DRBD Defaults Too Slow For Today's Servers

I was just setting up a new install of two Ubuntu servers with a TB mirrored between them in realtime using DRBD. It occurred to me while I was configuring DRBD that the default settings are way too slow for current hardware.

For instance, if you're going to set up a high-availability cluster no doubt you're going to have a minimum of a Gigabit network connection between the servers and at least use SATA 300 hard drives - probably in a RAID array to get even more throughput.

The default sync speed in DRBD is only 10 Megabytes / second. It's in your best interests, especially on the initial sync, to increase this considerably. At initial setup time you can safely configure this to be as high as your hardware will allow. Check out this article that describes how to go about calculating it.

For instance, initially my setup used 22 MB as the sync speed, but for the initial sync of 1 TB across a Gigabit crossover using SATA 300 drives was going to take almost 10 hours to complete. My hardware config actually lets me push this as high as 68 MB / second, reducing my initial sync time to about 3 3/4 hours, and that's on two systems with no RAID - simply a 1 TB hard drive synced over a crossover cable.


First Jaunty Tweaks

An update to my Hardy LTS desktop caused my nVidia drivers to puke again, and for some reason they refused to reinstall. It's all related to having installed this system first as a Gutsy install, and using the nVidia drivers downloaded from their website. Every time there was a kernel upgrade I'd have problems, and it started getting worse with package file conflicts recently.

My hard drive had also gotten a bit small for me, so I decided maybe it was time to go ahead with a fresh install of Jaunty (which I'd downloaded just before the drivers went wacko) and take the opportunity to throw in a new hard drive.

On my first install attempts the Jaunty CD would simply drop to a BusyBox console prompt and never install, without giving any indication of what the problem was. I did a bit of googling and found that this could be caused by a crappy SATA control chipset on the motherboard. I then wasted the next hour attempting to update my BIOS without Windows, a floppy drive or a USB stick. I finally was able to run the BIOS update by placing it on a CF-II camera card and using that. Unfortunately there was no improvement.


Making Apache Run Python

I've always been a PHP guy, but recently I had a little Python web scraper utility I wrote that I wanted a nice interface to, and I didn't feel like writing a complete GTK interface for it, or rewriting it in PHP with CURL.

So, I thought, "Hey, there's these people that run Python on their servers instead of PHP, why don't I try that! It shouldn't be any harder than running PHP, right?"

Wrong. It's not hard, but it brings back memories of my first attempt to get Perl scripts to work properly with Apache.

First, you need to install "libapache2-mod-wsgi". This is the module for Apache that lets you run Python scripts from inside your web server. I know, why doesn't it have the word "Python" in the name? Don't worry - just make sure you don't actually try to use the module that DOES have Python in the name. It's the old and outdated way of doing things.

So, use Synaptic to install the module, or at a console enter:

sudo apt-get install libapache2-mod-wsgi


IT Security At HIMSS09

I consider security one of my top concerns, and one of my major strengths. Given the volume of information that my servers hold, any potential breach could pose serious problems. We constantly audit our servers and security logs, use a custom firewall and intrusion detection software and take a "close everything open only what's necessary" approach to security. We also use full hard disk encryption on all laptops. I'm confident our systems are more secure than 99% of hospitals out there.

On a given day my servers detect and thwart a minimum of 5 to 6 all-out brute-force intrusion attempts. Identified attempts are automatically blocked from accessing any services on any of our servers. Our firewall logs and blocks at least 50 networks scans per day.

But, even I know that to assume we'll never suffer an intrusion is arrogant and dangerous. That's why I made it a point to attend the session on HIM breach notification laws. What was surprising to me was how few people attended that session. I guarantee a lot more will attend the session on the Government stimulus bill, but managing and planning for security issues should be even more important.


Fixing libgl1-mesa Package Problems

I've known for a while that the proprietary NVidia drivers I downloaded some time back screwed with my system, unfortunately I hadn't realized just how bad until I tried upgrading from 8.04 to 8.10.

After the upgrade and reboot, X wouldn't start and my package manager complained about various libgl1-mesa packages. When I tried doing "apt-get -f install" as suggested, I would get the following error:

unable to create `./usr/lib/': No such file or directory
among other things...

There's actually a pretty simple fix... I entered the following in a console:
dpkg-divert --remove /usr/lib/
dpkg-divert --remove /usr/lib/
apt-get -f install

All was well with the world - I still needed to manually reinstall my proprietary NVidia drivers, but at least now my package system wasn't broken anymore.


Where's The American Dream Gone?

There was a time when people referred to the "American Dream." The dream was that if you worked hard and smart, that you could become something better than you were. Immigrants flooded our borders hoping to jump on the capitalism bandwagon and make something of themselves.

What's interesting is that they have. In fact, a study by Johns Hopkins in 2001 found that even when considering Caucasian European immigrants against native-born Caucasian American's (in order to remove any racial prejudice from the numbers,) immigrants generally had greater than a 35% better net worth.

As an employer, entrepreneur and father, the average work ethic in the US seriously concerns me. I have to say we have an exceptionally good batch of employees right now, but when we were located in Alabama, finding good employees was exceptionally hard. Several people seemed to feel entitled to work 5 hours a day, and then spend 3 of those browsing the Internet or chatting with other employees. Unfortunately I didn't just have a bad batch, it was something I saw over and over. If you had to let someone go due to lack of work ethic, suddenly they threatened you with a lawsuit (one even went to arbitration.)


Why Open Source Should Be The Future

Everyone can agree that computer software has become orders of magnitude larger and more complex when compared to early home computer software. The first complete non-game application I wrote was a spreadsheet. No, I didn't use a spreadsheet app, I wrote my own Excel clone, or rather in the day I called it my own "Visicalc" clone, complete with recursive algorithms. The entire application and data fit within 64k of RAM on my Commodore 64.

Any modern software developer will tell you that a program that creates a dialog that says "Hello World" will likely be 1MB in size. Modern computers are more complex, modern operating systems are more complex, and that makes even the most simple application more complex.

Complex software requires a complex team of developers to get everything designed, tested and developed. A single application might have dozens of programmers working on it.

The more complex an application is and the more developers working on it, the more chance there is to be bugs that are not found in the initial testing phase. Different segments of the application rely on other pieces in order to work correctly, and those pieces cannot be tested until they are all snapped together.