Viraj's Weblog

I've been playing with Zabbix for network monitoring. I had first heard about it in Linux Magazine, and the trending functionality looked interesting.

I spent about a week testing both the current stable version and the alpha. The stable one is quite old, and from an administrative standpoint is not really up to par. I since then went to the alpha version.

The system is very nice. It monitors many things on Linux boxes and provides very useful graphs of all the data. You can easily see how fast disk usage is growing, trends in CPU load, memory, etc. All the configuration is done via the web. It has a very nice graph creation procedure, and you can create custom graphs with any variables you like on the fly. It's all generated in real-time.

One drawback I see is that it is not very scalable to administer via the web. For example you have dropdowns with huge number of items in them even with just a few monitored hosts. The database (mysql) seems not very optimized for large amounts of data. There is alot of duplication of data that can be normalized. The alerting features are also sub-par when compared to Nagios. Quite a few times I've had false alarms, and I've not been able to pinpoint the issue. Nagios has nice features such as retesting services to make sure they are down before paging you. Those features are missing from Zabbix.

In general though I like Zabbix so much that I'm reluctant to ditch it. It seems to have very good potential, and I love the trending/graphing features. These are missing from Nagios. I will probably ditch it though, as it's more important to me to have a robust alerting system rather than trending performance data.

I saw a French movie this weekend called Fear and Trembling. It's an autobiography of a woman that goes to work for a corporation in Japan in 1989.

It's an amazing portrayal of Japanese office culture. I thought my office experience was bad, but after watching this, my worst experience was like heaven compared to this. It's hard to tell whether this movie was a comedy or drama, because it gets very serious at times, and some parts are ridiculously funny. It seems such offices were all about public humiliation taken to its extreme. It was all about servility, and climbing the corporate ladder. The main character goes up and down this ladder, from accountant to toilet cleaner.

I liked how it showed that not everyone in the company management was evil. You had the sumo wrestler vice president, whose main job was to verbally shit on everyone. His scenes were hilarious. There is one scene where he is yelling at a female worker for not tasting the chocolate on his desk. Then you had the president, who was the nicest person on earth and licked your wounds. Then you had the impossibly friendly co-worker, who stabs you in the back to prevent you from getting up the ladder faster than they did.

The main character narrates one scene when a boss is yelling at a female worker, describing it as a rape scene. And really, that's what it was.

What surprised me so much was that people took such abuse and did not quit. People expected the abuse and dealt with it. And it was almost like the more abuse they could take, the higher up they would get.

The ending was very thoughtful, and very strange. Essentially, the main character's salvation is to succumb to the humiliation at the highest degree. By letting the others do this to her, she gives them the satisfaction that they are all searching for in their life, to the point where, as she described it, her superior achieves orgasm.

Granted the movie does portray Japanese office culture in a very bad light, and some would argue it is unrealistic. But it was fascinating to watch nonetheless.

Today it was reinforced to me how great it is to work with open source software. The benefit is not just having the source, but being able to change it to work how you need. Here's the example.

We use Communigate Pro as a mail server we are transitioning to. Our MX record is still our old mail server, so the required mail is relayed to Communigate. Essentially the path of incoming messages is:

internet -> our.mx.server -> our.cg.server

Communigate has the ability to check SPF records, and reject messages based on that. I like SPF, and in my opinion works fairly well to reject some spam. But I can't use it in the above scenario because all mail comes from our.mx.server.

On cg, we are also running SpamAssassin. I knew SA had SPF support. I had ran it with the -D (debugging) option to see what it does in regards to SPF. The problem now is that SA considered our.mx.server as a trusted relay and skipped SPF checks.

Next it was time to look at the source. I ended up looking at PERLLIB/Mail/SpamAssassin/Plugin/SPF.pm and noticed line 165 is where the 'trusted relays' are being checked. The comment around that code was that trusted relays 'may' change the envelope from, so we can no longer trust it. I thought of just commenting out that block, but I wanted to find out some more info as to why this check was added, so I went over to SpamAssassin's download page hoping to find a CVS browser with changelogs. I didn't, but then did some googling and found the CVS updates mailing list.

That got me further, and pointed me to the SpamAssassin ViewCVS. I dug around for SPF.pm, but didn't find much comments on that code (but I didn't look too hard).

Then I thought maybe someone else has this issue and searched the devel mailing list with Gmane. The first result of the search string 'spf' pointed me to this bug which describes exactly my issue (and my original solution to comment out the block). I've come full circle, which is usually a good sign .

So why have I blogged this? Well I just thought this whole process showed the true importance of open source: being able to find information and hack what you please.

Here's an informative article on the GRUB bootloader. The tab-completion is really nice. A good read for those planning on an RHCE certification .

b2evolution has some simple blog antispam features, but it relies on a list of strings that in my opinion is not very scalable. I have been wanting to add SURBL support for awhile, and finally did. It was much easier than I expected. I had found some complicated solutions to do this in PHP, but really all I needed was URL parsing and DNS functions, both of which PHP has. All I did was modify the antispam_url() function in _functions_antispam.php with this PHP code. It also makes sure any URL domain has a proper MX record before it is accepted.

The b2evolution developers suggest making plugins for modifications, but I felt the above too simple to warrant class inheritance and all that crap. We'll see how it works. Unfortunately, SURBL is mostly for links in spam email, and I doubt their submission form would accept blog comment spam. Anyhow, I think it should help somewhat.

At work they were testing a Business Continuation Plan, which pretty much is a setup that allows the company to continue business in the event of a disaster.

For Internet access we had a simple Linksys router with a DSL line. During the test, Internet connectivity was determined to be working by going to Google and making sure the page loaded up. A tester said they couldn't get their email, so I was pulled in to figure out what was wrong.

So I started simple, doing some pings to www.google.com. Response was ok. Then went to the Google site in Firefox and Internet Explorer without issues. Then I tried telnetting to our mail server port 143 (IMAP), 25 (SMTP), 80 (HTTP), 443 (HTTPS), and 110 (POP). All gave me connections, and I was able to send simple commands without issues. But Outlook was crapping out.

Outlook was setup to use CommuniGate Pro's MAPI connector, which essentially converts everything to IMAP. I really didn't think the connector was at fault because it has worked fine in the past.

I then tried going to our webmail and didn't get anything! What was going on? I could connect via telnet, but not via any browser. Next I tried another site besides Google, such as www.cnn.com. That page didn't load up either... neither did Yahoo. I thought maybe it was network routing issue, but I could ping the destinations just fine. And even when CNN didn't load up in the browser, I could still telnet to port 80. Some screwed up proxying by Bellsouth DSL?

I thought it was a browser issue, but both IE and Firefox has same results. Why would Google load up but not other sites? Next I had to connect a real system (i.e. Unix) to this network and do some tcpdumps. I started a tcpdump, and ran a wget:

wget -O - -q http://www.cnn.com/

I got nothing back as expected, and saw in the tcpdump:

sudo tcpdump -nlp -i en1 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
20:11:27.120888 IP 192.168.1.100.54924 > 64.236.24.28.80: S 1892952170:1892952170(0) win 65535 [mss 1460,nop,wscale 0,nop,nop,timestamp 4252212886 0]
20:11:27.187946 IP 64.236.24.28.80 > 192.168.1.100.54924: S 3676883317:3676883317(0) ack 1892952171 win 5840 [mss 1460]
20:11:27.188062 IP 192.168.1.100.54924 > 64.236.24.28.80: . ack 1 win 65535
20:11:27.188228 IP 192.168.1.100.54924 > 64.236.24.28.80: P 1:582(581) ack 1 win 65535

The 3-way handshake is there, but once the GET request is sent, nothing comes back.

Next I suspected some problem with the DSL line or the Linksys router. I looked through the web interface and saw an option for SPI, or Stateful Packet Inspection, with features to block ActiveX and other crap underneath it. I tried disabling SPI, and did my wget again. It worked!

So it boiled down to the Linksys SPI feature causing problems. It could be that it just doesn't work well for many sites. This explained why the Google page came up: because it was relatively simple HTML. Anything complex, such as CNN, would hang. I checked I was running the latest firmware on the Linksys, and I was.

Lesson learned, Linksys SPI (Stateful Packet Inspection) sucks. Don't use it.

Ugh, my gmail outgoing mail seems to taking very long deliver, up to 24 hours! wtf..

I've packaged up the IMAP calendar proxy I've been working on and made it available at my site. Please read the README.

It's nowhere near production-ready, but I figure people can try it and see how it works. I'd appreciate any feedback. I suggest making a backup of your Mozilla calendar file before using it.

The only IMAP server I tested with was CommuniGate Pro. I'm hoping others will behave the same.

Update: Some users have reported issues. Please try latest version on my site. If problems, edit ImapCalendar.py and uncomment the debug line in the init method. Send me the output, removing any passwords, and let me know what IMAP server you're using.

My Adelphia cable started doing video on demand. They had some free stuff to checkout, and I came across this video by the Chemical Brothers which I thought was pretty funny.

Over the past few days I've been writing a hack to let Sunbird access a calendar via IMAP. Basically it is a Python HTTP proxy that runs on the same host that you run Sunbird. You configure Sunbird to post to something like http://localhost:8001/Calendar and the proxy converts the request to IMAP.

It keeps track of differences in the calendar updates, and only changes the specific events via IMAP, instead of reposting the whole calendar (changes, additions, removals). This saves alot of bandwidth when using large calendars.

It's not an elegant solution as I would've liked to do it within Sunbird itself, but it let me learn about IMAP a bit. It's not quite ready for use, but if anyone is interested let me know and I will post it on my site when done. I'd like to do some caching and have it work when offline, as well as reconnect to the IMAP server if the connection is broken, etc.

I may be embarking on a programming project at work. It's basically a web based system that will interface with a database, nothing fantastic.

I would really like to do it in Python. I think the code would be easier to maintain than PHP. So I did some research on Python web programming and unfortunately have not found the right toolkit yet. I spent some time playing with CherryPy and Webware, which are servlet-type frameworks. They are nice, but not quite up to par. The documentation is really lacking in both projects. CherryPy makes things almost too simple, and Webware makes things too complex.

I don't like CherryPy because it does not seem very much suitable for production use. It's basically a web server, and I have to restart it every time I make code changes. There is a 'autoreload' module but it seems hackish. Another thing is they talk about using thread-unsafe database connectors like MySQL, but what about thread-safe ones like PostgreSQL? It's unclear how I should implement such a setup with one shared database connection across multiple threads, and the mailing list is rather quiet about database connectivity. It tells me not too many people are using it. However, some reviews are very positive about CherryPy.

Webware is very cool in that code changes are immediate. The problem is it doesn't make things very easy (for example login authentication requires way too much code).

mod_python looks interesting, but again involves alot of work for simple tasks. Python Servlet Engine does look promising, but I have to play with it more. I wish Python had more widely-used, stable, and standard web programming toolkits.

Today I closed on selling my townhouse in Fort Lauderdale. I ended up getting $40k. This is pretty good, but not great. I bought the house for $220k, kept it for 1 year, and sold for $260k. This pretty much equates to me living almost for free for the past year. Let's see the breakdown.

I stayed in an apartment for 1 year = $12k

I paid closing costs = $10k

I paid mortage = $16k

I paid other bills = let's say $5k

40 - 12 - 10 - 16 - 5 = -3

So I have a net loss of $3k in the past year. That's not exactly how it breaks down, but close to it. Obviously I would've made more money if I lived in the place longer (it was preconstruction). But the buying and selling is really just buying me time, and letting me live relatively free.

What's next? Well I'm eyeing Port Saint Lucie. There are some fairly good single family homes there running $220-240k. Those are 3 BR, around 1800 sq ft. I really see those appreciating at least 50k a year. Everywhere else is just too damn expensive, and going up. Salaries on the other hand are not.