Viraj's Weblog

So I'm reading an Oreilly newsletter which gets sent to my gmail account. I came across this blog explaining some neat bash tricks. One of the comments pointed to a Unix Tip of the Day site which I thought would be cool to subscribe to.

Then I came across this blog about email newsletters. I thought to myself, I do get a shitload of newsletters to my email account, which I just read and trash. Do I want to add more crap? I think email is becoming more and more useless for such things. I end up wasting alot of time reading email. Then I remembered that Bloglines lets you create random email addresses to use for subscribing to newsletters and such. It displays them just like the blog subscriptions.

This seems a more natural way of dealing with email newsletters, and I think I'll convert all of mine to this.

Interesting Exchange reverse-engineering project. Wonder if they will get DMCA'd.

I'm reading this book about medical specialties. I thought this description of an anesthesiologist was interesting:

From beginning to end, the practice of anesthesiology for each patient is similar to flying an airplane. As captain, the anesthesiologist first conducts a complete preoperative history and physical examination. Induction of anesthesia, using powerful drugs like propofol, represents the "take-off" into the flight of the procedure. This part is more than just pushing medications -- anesthesiologists have to set up the appropriate monitoring equipment and then intubate the patient. Once the patient is fully anesthetized, paralyzed, and breathing by a ventilator, maintenance has been achieved. Like a pilot, the anesthesiologist keeps careful watch over the patient, always adjusting physiologic parameters with pharmacologic agents as the case proceeds. Any operating room crises ("wind shear") require rapid interventions and quick thinking. The captain then lands the "anesthesia plane" by reversing neuromuscular paralysis, stopping anesthesia, and safely extubating the patient.

I have been through this "flight" two times in my life in the emergency room. It's strange, but both times even though I had only exchanged a few words with the anesthesiologist, this person stuck in my mind. They were both very caring and it almost made me feel nervous how much they cared. I realize now that their job requires this, as one wrong dosage and the patient will die.

I found it amazing how much control they had. I remember one telling me just before I was put out, "Ok, here comes the happy medicine." Then BAM! Immediately, before I could even laugh, I was out cold. What seemed like a few seconds later I was up in the recovery room. I was just fascinated at how powerful anesthesia could be. They are literally becoming a pilot of your body, and the above quote explains it well. It's an eerie situation. Think about it, you are so paralyzed that your body cannot even breathe, and you require a machine to do it for you. That's alot of trust you are putting into the anesthesiologist. I remember reading about one doctor that went down into the wrong pipe when intubating. He didn't realize it until the patient was already dead.

Here is a very interesting story about how someone caught identity thieves.

I've been meaning to learn Applescript. It seems great for scripting all sorts of things. However, I've never got around to learning this . Here's my first lame Applescript application.

I have a website (duh) that I would like to backup to my Powerbook weekly. Now the easiest thing to do would be to create a backup shell script and install this in cron. That's great for a machine on 24x7, but my laptop is not. Hmm, ok so let's use anacron. That will make sure my backup script runs. But then I thought, what if I suspend my powerbook during a backup. I wouldn't be able to know when the backup was running.

Ok, so how about bringing up a dialog before the backup starts (and ideally during the backup, but I couldn't figure this out). So began a sojourn into Applescript. I found this article describing cronning iTunes, and it's somewhat related to what I need to do. How do I display a dialog? Granted I would probably know this if I actually learned Applescript, but I found display dialog.

I brought up Script Editor and started playing with it. I'm impressed with how intuitive it is to write these scripts. It has a cool record function also, which I didn't use. I ended up with the script:

tell me
	activate
end tell

display dialog "Backup process will run in a few seconds"
   giving up after 3
do shell script "~/Backups/website/backup.sh >/dev/null"

The 'tell me' stuff was needed to bring the script to the foreground when it runs from cron. I found this by digging in this document. I had to save this as a 'Application' in Script Editor so I could run it from the command line.

I already had anacron installed, but the next issue was that it was only running root's scripts (periodic). I ended up adding a script to /etc/periodic/weekly/ with contents:

#!/bin/sh

su - virajalankar -c /path/to/backup.app

This would run my Applescript as the proper user. It's sort of a clumsy solution though. I should probably put the backup logic in backup.app rather than a separate shell script. But like I said, I don't know alot of Applescript.

The end result is this script gets run 'weekly', and brings up a dialog just before it runs. It won't do much good if I don't have an Internet connection when it runs though .

I do some consulting every now and then, and a recent project requires that I setup a Linux mail server for about 50 users.

Now this sounds like a very simple project, but I have been using CommuniGate Pro for so long that I've become unfamiliar with the current state of the art in free mail servers. I had some good experience with Postfix in the past, and I damn sure don't want to use Sendmail. I spent a few hours searching and found dozens of Postfix + SASL + Cyrus + IMAP + BLAH + MORE + WORK + THAN + NECESSARY guides. They are great and all, but honestly why does setting up an email server need to be so complicated?

Is there no free CommuniGate Pro equivalent out there? The closest thing I found was Courier, but it seems no one is using this as a complete server, and just using parts like IMAP. Maybe I'm wrong to look for an all-in-one solution. After some more research, the best combination of tools in my opinion for this project would be:

• Postfix (SMTP)
• Dovecot (IMAP/POP3)
• Mailscanner (SpamAssassin and ClamAV)
• Optional MySQL user database

Everything else just seems messy to me. For my project it doesn't really make sense to have a 'virtual' domain setup, and instead I can just use local user accounts. The drawback is, since they are hashed passwords, client login is required to be plaintext. That shouldn't be a problem when using SSL, but still bothers me. One option is to store the passwords plaintext in a MySQL database, and configure the SASL stuff to authenticate via that.

A goal is to let this customer manage users via a web interface, but I've found no such tool. I was thinking if I just use system accounts, Webmin for account maintenance should be easy enough. Or maybe just some simple python scripts.

Anyhow, I setup a wiki page with some more info.

I have decided to go back to school to study medicine. Those that know me probably think I'm going insane, and I don't blame you. Maybe I am.

Honestly medicine is something I've always wanted to get into but felt it was too late for me. I've always felt that being a doctor would be a very noble profession, and I would like to ultimately do something to help others in life. Computers are great and all, but the IT field is not very fulfilling for me. I found a pretty good site describing a Comp Sci PHD grad going back to school for medicine at age 37. He posted alot of useful information to help others. Another interesting page is this story about a man going to med school at age 52!

I am 30 now, and my dad is an ER doctor. He told me that some of his co-doctors started school at age 38 and above. In general I am finding out that age should not be a limiting factor for me. It would be great if I could use my computer science background in medicine, and I know of many fields I could get into. I have the funding necessary to go back to school, which is a huge influence on my decision.

What it would involve is me going back to school for about 2 years just taking prerequisites for the MCAT. Some of these classes I've already taken, but in no way remember, so much of it would be a refresher. The courses are college algebra, calculus, biologies (many!), chemistry 1 and 2, organic chem, physics 1 and 2, and other electives. At that point I would be ready for the MCAT, and after that would need to apply to med schools. That's probably another 6-8 years. I hear it's very difficult to get into schools, and students apply to 10-15 or so. Here is a somewhat discouraging comment on Slashdot about one person's experience.

I have decided to resign from my current job effective 5/13/05 (yes, that's Friday the 13th). I would start summer courses immediately. I've setup a wiki to help me keep track of things, and hopefully I'll be able to update by blog as things go. I don't know whether I'll succeed. Maybe I will get fed up and come back to IT, who knows. We will see!

I find the OS X startup chime annoying, especially when powering up my powerbook in a quiet room (meeting, library, etc). My boss says it sounds like Sinead O'Conner's Nothing Compares to You.

Searching on macosxhints.com led me to this app which lets you mute and control the volume of the startup chime. Ahh, much better.

I would like to backup certain items from my website (MySQL, etc) to my Powerbook on a weekly basis. Normally I could use cron but my laptop has to be on at the time for it to work properly.

I knew about anacron, and found this hint. Anacron will let me schedule backups and also takes care of running the periodic crons that come standard on OS X, which probably have never run for me in the past.

We have a Coraid device with 10 120gig drives setup as storage for our mailserver. This Saturday at about 5am the Coraid powered off, and appeared to be a problem with the power supply. I came in later in the morning to check it out.

We took apart the unit and found that it has a simple rackmount ATX power supply. The motherboard connector plugs into the Coraid backplane and 3 HD power connectors also plugin to the same board.

We had an ATX power supply tester which plugs in to the motherboard connector and has an on/off switch. We connected it to the power supply, switched it on, and it powered on. Then we connected it back to the Coraid, and the unit powered on as well. We put it back together and it seems stable.

Obviously we'd like to prevent this from recurring. Coraid support told me that they've never heard of a problem like this. They mentioned it might have been a power glitch causing the switching power supply to freeze. They asked us to check our UPS load, but it is very low and the other systems on it exhibited no problems. They claimed that it does not sound like a defective power supply.

I'm not so sure. Honestly these boxes should be built with redundant power supplies, but unfortunately it seems rather cheaply made. We have to keep our eye on the unit, but we still don't know why it failed. We will probably buy another power supply just to be safe.

Here be spoilers.

This movie is about 3 hours of Nicole Kidman getting raped by 10 or so males in a town called Dogville. Dogville is supposed to be a representation of America. Grace (Kidman) is sort of an innocent fugitive which the town takes under their wing. She offers her help to do different tasks around town. Soon they start to take advantage of her more and more, and if there ever was a movie showing a 'deflowering' of an innocent girl it is this one. Eventually she becomes a slave, chained, sexually assaulted, etc. Kidman looks beautiful and acts great though, as always.

The director absolutely hates the US, and it is vividly apparent. I can understand hatred of a society, but the film borders on insanity (even Ebert thinks so). If it were not for the ending, I would have been very disappointed with the film. Granted there are some evil people in this world, but they are in every country just as much as they are in America. The ending can only be described as revenge. Grace turns into the person she most desperately does not want to become. Giving orders to kill a mother and her children, Grace says "Make the mother watch and tell her you will stop killing the rest of her children if she doesn't cry." Of course she does cry. But it is revenge, and at this point you agree with her.

The movie is heavy on dialogue and philsophical ponderings. One thing I really liked is that the Kidman character originally is a merciful one, but the town changes her. She was idealistic, and believed that rapists and murderers should be forgiven for their sins. However, when those sins are done to her, though she tries, she cannot forgive. It is a double-standard, and this is where I think the true social criticism of the movie is.

I also liked the set pieces. The town is represented by chalk lines on the ground, and there are no walls. I'm not sure what the director was trying to say here, maybe that the town is so dependent on each other that they cannot survive on their own.

The movie was directed by Lars Von Trier. I remember the first movie I saw by him, called Zentropa. It was a very strange and hypnotic film. One thing I distinctly remember was the main character dying at some point and the film sort of following him through his own death sequence, and the nothingness afterwards. It was probably the most eery drowning sequence I've ever seen, and gave a good feeling of what death must be like. What's worse is the movie kept going, without its main character. I was very intrigued by it, and watched some of his other films which I loved (like Dancer in the Dark). He takes alot of risks, and he has alot of talent.

I'm reading this very good book documenting a surgeon's life through residency. It is written as the doctor is just starting out, and goes through the learning process. Here is a good quote from the first chapter:

Not everyone appreciates the attractions of surgery. When you are a medical student in the operating room for the first time, and you see the surgeon press the scalpel to someone's body and open it like fruit, you either shudder in horror or gape in awe. I gaped. It was not just the blood and guts that enthralled me. It was the idea that a mere person would have the confidence to wield that scalpel in the first place.

There is a saying about surgeons, meant as a reproof: "Sometimes wrong; never in doubt." But this seemed to me their strength. Every day, surgeons are faced with uncertainties. Information is inadequate; the science is ambiguous; one's knowledge and abilities are never perfect. Even with the simplest operation, it cannot be taken for granted that a patient will come through better off--or even alive. Standing at the table my first time, I wondered how the surgeon knew that he would do this patient good, that all the steps would go as planned, that bleeding would be controlled and infection would not take hold and organs would not be injured. He didn't, of course. But still he cut.

I've been using Nagios at work for network monitoring. I honestly wish this was still called Netsaint, as I sound like an idiot trying to pronounce Nagios.

Anyhow, it's a great system that works very well. I have it currently installed behind our firewall on a private IP. We have 2 T1s, one through Bellsouth, and one through Qwest. The default gateway for the monitoring system is through the Bellsouth T1.

I would like it to monitor connectivity through both T1s and was thinking how to do this. Our routers are actually Linux boxes, so one way I was thinking is I could use the 'check_by_ssh' plugin to execute a network connectivity test directly on each router, by doing something like a wget to www.google.com.

Another way is I setup a static route for some external website to go through the Qwest T1. Let's say I use www.cnn.com for the Qwest T1 check. Looking up their IP I could add their address block to a static route:

route add -net 64.236.16.0 netmask 255.255.240.0 gw QWEST_FW

I decided to do the route method. It's not great, since cnn could change their IPs anytime, and also just because cnn is not accessible doesn't mean the Internet connectivity is down. But we had no monitoring in place so I wanted something.

Good article on cell phone security. It's true the average person does not give a shit about security of such devices.

Checkout the Wikipedia link for what pictures were found on Paris' phone (bottom of page).

Here is an interesting article on certifications. I agree that GIAC's main benefit was its practical assignment. It was probably the most difficult part of the certification, and a shame that they will be taking it out.

As far as RHCE, the article states:

... Is this certification worthwhile? For many security people looking to understand Linux better, the answer would be a resounding yes. The RHCE seems to be the last remaining cert that makes you demonstrate your skills via a practical, hands on portion. Unlike the "paper certification" syndrome as mentioned above, the practical segment of the RHCE makes it stand out for all the right reasons. A prospective employer will know that you can actually do the hands on work once you have earned this certification.

I definitely agree with this. The RHCE has a great hands-on test that requires you to fix broken systems. It requires that you know quite a bit about Linux systems in general, even if somewhat specific to Red Hat. Many times I have had to employ the same skills in the work environment.

I had an idea of going back to school to take some courses. I have no final decision on this, but for fun I was looking at FAU's summer course listings and was trying to come up with a course schedule.

At some point I realized this course scheduling procedure, which involves checking to make sure the classes don't conflict and corequisites are taken, was rather time-consuming. I thought, why don't I just just write a program that takes as input the courses wanted, parses the listings, and devises a list of possible schedules for me that don't conflict and have all the corequisites.

So I started writing some Python. The main algorithm underwent alot of changes, and I got some good algorithm advice from Randall. Writing it out on paper helped me. The output of the program looks like this. In general it works as follows:

Let's say I have the list wanted which contains the list of courses that I want to take: (A, B, C). Next I have the full courselist: (A1, A2, A3, B1, B2, C, D1, D2). The numbers represent different times for the same course. I used a recursive function to get the various permutations, though they are not exactly permutations because they should only have one of each course.

First I strip from courselist any course that is not in wanted, which reduces the set quite a bit. From the example above, the 'D' courses would be removed. I keep a list called schedule that keeps track of the current schedule. I split the courselist into 2 lists, one containing the first element and all courses that are the same as that element. These can be thought of as parent nodes in a tree. The rest becomes the second list. So I end up with something like this:

schedule = ()
roots = (A1, A2, A3)
rest = (B1, B2, C)

Next I loop through roots, building a schedule for each. On the next recursion, it would look like:

schedule = (A1)
roots = (B1, B2)
rest = (C)

... next recusion

schedule = (A1, B1)
roots = (C)
rest = ()

The recursion should be apparent. Once either rest or roots is empty, I save the schedule. That operation does other checks such as making sure none of the classes conflict, and that the schedule contains all the needed corequisites.

Might not be useful to others, but was to me . Anyhow its good to do little programming projects every now and then or I get rusty.

Today I struggled to get Apache setup as a reverse proxy. The idea is you have a server on your intranet, say internal.server.com, that you want to be able to access from the Internet as, say external.server.com.

A reverse proxy is setup on external.server.com, and HTTP requests are proxied to the internal server. This allows you to wrap SSL over the connection, or even use separate authentication on the external server. There are issues though. The HTTP headers need to be rewritten from external.server.com to internal.server.com for requests, and vice versa for responses. This can be done with mod_rewrite. Additionally, you would need to rewrite the HTML to change any links. That's where it gets tricky.

The only thing I could find was mod_proxy_html. There was no Debian package, and I had alot of trouble trying to get this to compile with Apache 1.3. So I went ahead and grabbed the Apache 2 Debian packages, which had a pre-built mod_proxy_html. I wanted to wrap SSL on the connection, but found that the SSL configuration is not setup by default in Debian. I found this blog which had alot of useful info for setting up SSL with Apache 2 on Debian quickly.

Next I followed the tutorial to setup the reverse proxy. After much trial and error it was working mostly, but didn't rewrite meta-equiv refresh stuff properly, even with the proper mod_proxy_html options to supposedly make it do that. Ok, not a big deal. Then while testing an internal Twiki site, I saw that the html got fucked up on certain pages, with random >'s and such. Not a good sign. I was ready to ditch this solution.

Pete pointed me to CGIProxy, which I figured would give a try. This is basically a Perl CGI script that acts as a proxy. To my surprise, it was simple to setup, and just works flawlessly. I was concerned that the last update to the script was in 2002, but it looks like it is stable. I can still wrap SSL over it, or do authentication, etc. I definitely recommend this over the Apache config hackery.

The idea of 'workflow' is being thrown around alot at work. The hope is to streamline business processes.

First of all I think this whole concept of workflow is more complex than it needs to be. One of the least 'vague' packages I found was Openflow, which is based on Zope. I've been doing some reading on Zope and I think it's a very cool web framework. But this Openflow thing has shitty documentation. At least put some howto up to help people try your code. There I noticed links to the Workflow Management Coalition which has some sort of standard out. There is a TALES language specification for defining workflows. Ugh, it's all ripe for picking by commercial packages.

Then I found another package called CMSOpenflow which looks based on Openflow, but requires Zope, Plone, CMS, blah blah. It's still very cryptic to me, and why am I going to install all this stuff for something I have no understanding of.

I thought the simplest workflow, at least that I could understand, was an approval system. There is some purchase request, someone needs to look over it and approve it. Simple.

Pete over at Mako pointed me to Twiki, so I started looking for plugins. I found ApprovalPlugin, which is probably the clearest explanation of a workflow implementation I've read. So I'm reading about it and notice the author. Wow, it's an old co-worker from Z-Kat. Nice work!

I'm still not very excited about this. It's hard to be excited about business processes.