Skip to content. | Skip to navigation

Personal tools
You are here: Home TBSI Technology Blog

TBSI Technology Blog

Technical articles of interest by the principals and staff of True Blade Systems, Inc.

Nov 23, 2009

Problem resolving DNS names with Verizon FiOS

by Eric Smith — last modified Nov 24, 2009 05:57 AM

I recently upgraded my FiOS service and had a problem resolving some DNS names. The solution was simple but frustrating.

I've been using Verizon FiOS for Internet service for years. In general I've been pleased with the service: it's very fast and very reliable.

I've been running FiOS without using the Verizon supplied router. Instead, I plugged the incoming CAT5 cable directly into my Linux server. This did require that I use a slightly complicated configuration supporting PPPoE, but once I finally got it set up it has been problem-free. My Linux server has also been my DNS server and my DHCP server. I'm sure Verizon doesn't like this configuration, as it gives them less control over and less visibility into my network. But that's fine with me.

However, I recently switched to using FiOS TV. Because of the way the TV set top boxes (STB's) need to communicate upstream for program information, I'm forced to use the ActionTec router that Verizon supplies. As long as I'm forced to use this router I decided to use a more normal, less techy configuration and just let the ActionTec be my DNS and DHCP server. This has generally worked without issue, at least for the first few days.

Last night I decided to change the default domain name that the router uses. It defaults to "home", but it's better for me if it uses "trueblade.com", that way I can more easily resolve domain names. In any network I've ever worked on, this would not be a problem. The only thing it should affect is that when a client asks for a name like "mail", it would first query for "mail.trueblade.com".

However this morning my home network wasn't able to connect to my mail servers. After a lot of poking around I discovered that my internal systems were not able to resolve fully qualified DNS names like mail.trueblade.com. After a lot more poking around, I discovered that the ActionTec would not resolve domain names ending in trueblade.com if its default domain were also trueblade.com.

So the solution was simply to change the default domain name on the ActionTec back to "home", or indeed any other string. That's frustrating, because it means that I can't type domain names like "mail", but I need to use the fully qualified "mail.trueblade.com". But it's only a minor frustration. The only time I don't use fully qualified names is when I'm debugging. All of my systems use fully qualified names for their configuration files.

I'll probably switch away from using the ActionTec as my DNS and DHCP servers. In addition to this problem, you're limited in the amount of configuration you have over the DHCP server in particular. I'll post more when I've made the decision to switch off of the ActionTec for DNS and DHCP.

Nov 03, 2009

User input during a Fedora Kickstart

by Eric Smith — last modified Nov 04, 2009 08:55 PM
Filed Under:

Kickstart is Fedora's automated installation facility. Sometimes we need to get user input on the computer being built. Read on for how to do that.

In order to reliably build our servers, we use kickstart and PXE to give us a simple, repeatable process. During this build process, we need user input to decide exactly which configuration to apply to the system being built.

In order to do that, we run a Python script in the ks.cfg %pre section that uses the snack library to get information from the user. Snack is the (poorly documented) UI toolkit that comes with kickstart/anaconda. Here's how you use it in %pre.

First, you need a %pre section that runs the python interpreter. To do that, start the section with:

%pre --interpreter /usr/bin/python

Next, you need to realize that the kickstart screen you usually see runs on tty3. But the snack UI will show up on tty1. So we use a little routine to switch tty's:

def set_tty(n):
    f = open('/dev/tty%d' % n, 'a')
    os.dup2(f.fileno(), sys.stdin.fileno())
    os.dup2(f.fileno(), sys.stdout.fileno())
    os.dup2(f.fileno(), sys.stderr.fileno())

Next comes the function that actually calls snack to get the user input. Don't worry about the host_config parameter, instead focus on how snack is used. This code build a dialog box with a listbox and an OK button:

def get_user_input(host_config, default=None):
    # get the hostname, from it the other params are computed
    # return the hostname and everything that's derived from it
    # which for now is just the disk layout scheme

    from snack import SnackScreen, Listbox, Grid, Label, Entry, Button, GridForm

    def host_list():
        def hosts():
            return sorted(host_config.keys())

        lb = Listbox(height=len(host_config), returnExit=True)
        for host in hosts():
            lb.append(host, host)
        if default in host_config.keys():
            lb.setCurrent(default)
        return lb

    screen = SnackScreen()
    form = GridForm(screen, 'Select host to configure', 1, 2)
    form.add(host_list(), 0, 0, (0, 0, 0, 1))
    form.add(Button('OK'), 0, 1)

    # now run the form
    result = form.runOnce()
    screen.finish()

    hostname = form.childList[0].current()
    return {'layout': host_config[hostname],
            'hostname': hostname,
            }

Finally, put it all together:

set_tty(1)  # change to tty1, we're called by kickstart with stdout as tty3
user_args = get_user_input(host_config, args.args.get('tb-host'))
set_tty(3)  # restore

If you ever need to find information on snack, it helps to know that it's a wrapper for newt. So you can Google on "snack newt python" to get some useful answers. But be warned that there's not much there and you might have to look through the source code to snack.

Sep 27, 2009

T-Mobile G1 GPS Saves My Day

by Eric Smith — last modified Sep 28, 2009 11:23 AM
Filed Under:

The GPS on my G1 helps me navigate the confusing streets in Washington, DC.

Yesterday I dropped my daughter off in Washington, DC at Georgetown Cupcake. If you've ever been to Georgetown, you'll appreciate that I had to park about 10 blocks away. When I was walking back to join her, I realized that I didn't remember all of the turns I'd taken in order to find a parking space. Plus, all the quaint houses look the same, so I was having difficulty retracing my path.

So I used my new G1 (the "Google phone") to find my location and a local map. I did have to turn on the GPS, since I usually leave it off to extend the battery life, but other than that it was simple to find my location and a map, all without breaking stride (which was important because it was starting to rain!).

I was also able to use the phone's voice search to find the store's address. This even worked with the background noise of a jet taking off from the nearby National Airport.

Aug 31, 2009

Virus "Trojan horse Injector.FP" Slips Through Postini

by J. Robert Burgoyne — last modified Sep 01, 2009 10:32 PM

True Blade uses Postini for our email virus and spam filtering. Today's the first time I can recall that Postini has let a virus come through. The email's Subject was: "Western Union transfer is available for withdrawl". Other technical details of the email and the virus are presented below.

 

virus-2009-09-01.jpgToday at 9:56pm I received an email with a virus in an attached zip file. Others are probably receiving the message as well so delete the email if you receive it.

For testing purposes, I uploaded the zip file to a Linux server and unzipped the zip file to look at what was inside. At that point AVG anti-virus was able to immediately identify the .exe file within the email as a virus.

The email came with a .zip file attachment called M2f318a54.zip with file size 28357 bytes.

Inside the zip file was an executable program: M2f318a54.exe, 45056 bytes, and dated Jan 18, 2038. Delete this email if you receive it; do not open this email or forward it to others. Below is the email's header and body.


Return-Path: <commiserationep3@sobmen.ru>
Received: from murder ([unix socket])
         by deleted (Cyrus v2.3.7-Invoca-RPM-2.3.7-8.fc6) with LMTPA;
         Tue, 01 Sep 2009 20:56:17 -0400
X-Sieve: CMU Sieve 2.3
Received: from psmtp.com (exprod8mx279.postini.com [64.18.3.77])
        by tok.trueblade.com (Postfix) with SMTP id 478131818164
        for <deleted>; Tue,  1 Sep 2009 20:56:14 -0400 (EDT)
Received: from source ([173.74.55.173]) by exprod8mx279.postini.com ([64.18.7.10]) with SMTP;
        Wed, 02 Sep 2009 00:56:16 GMT
Received: from 173.74.55.173 by mail.sobmen.ru; Tue, 1 Sep 2009 20:56:09 -0500
Message-ID: <000d01ca2b68$28a0f230$6400a8c0@commiserationep3>
From: "Misty Fournier" <commiserationep3@sobmen.ru>
To: <deleted>
Subject: Western Union transfer is available for withdrawl
Date: Tue, 1 Sep 2009 20:56:09 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_0006_01CA2B68.28A0F230"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-pstn-neptune: 45/43/0.96/77
X-pstn-levels:     (S: 0.06505/99.18051 CV: 0.0000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:9
7.0282 C:98.6951 )

This is a multi-part message in MIME format.

------=_NextPart_000_0006_01CA2B68.28A0F230
Content-Type: text/plain;
        format=flowed;
        charset="iso-8859-1";
        reply-type=original
Content-Transfer-Encoding: 7bit

Hello.

The amount of money transfer: 2111 USD.
Money is available to withdrawl.

You may find the MTCN number and receiver's details in document attached to this email.

Western Union.
Financial Services.

Aug 27, 2009

Advanced Plone Training

by Eric Smith — last modified Aug 28, 2009 06:36 AM
Filed Under:

I attended a training class in Plone a few weeks ago. Read on for a few of the things I learned.

The advanced Plone class was taught by Joel Burton from Plone Bootcamps. I've attended Joel's basic Plone class a few years ago, so when I heard he was teaching his advanced class in Chapel Hill, I decided to attend. I'm very glad I did.

Here's what I learned:

  • Plone is designed by some very smart people. Once you understand a handful of concepts, it's simple, elegant, and extensible. It's true that some of the concepts take a while to understand, but I think it's worth it. And Joel helped tremendously.
  • Plone is improving with each release. Over the years I've been using Plone, it has added locking, easier workflow configuration, a much-improved setup facility, and an install process based on the awesome zc.buildout. If you're not using zc.buildout for your Plone deployments, you should be. And you might want to think of using it for other installations, too.
  • Joel is an excellent educator. He not only knows Plone inside and out, but he also understands how to teach.
  • Zope's acquisition is much maligned, but it's incredibly useful. We had an example in class where we wanted to add a portlet only when we were under certain folders, and to make the content folder specific. I couldn't figure out how to do it, but a 2 line Python method and acquisition solved the problem. Incredible!
  • Chapel Hill, as you'd expect, has some awesome barbeque places.

Aug 19, 2009

Windows Remote Desktop Doesn't Work with Certain Nvidia Video Drivers

by J. Robert Burgoyne — last modified Aug 20, 2009 05:47 PM
Filed Under:

Here's a strange reason why a new PC wasn't able to be a Windows Remote Desktop host: it had the wrong Nvidia video drivers.

We recently setup a new Dell Optiplex 360 PC in a client's office. This PC needs to be a Windows Remote Desktop host for an offsite user. The PC has Windows XP Professional and an Nvidia GeForce 9300 GE video card, with 512MB of memory.

Microsoft publishes a series of instructions for how to setup a PC so that it can be a Remote Desktop host. After following these instructions, we were unable to establish a connection to the PC. We tried making changes to the Windows firewall, etc. all without success.

A Google search eventually turned up a posting by someone with a similar problem, which was eventually traced back to an older Nvidia driver.

Updating the PC's old driver with the new driver immediately fixed the problem, and the PC was then able to be used as a Remote Desktop host.

The Nvidia driver that works is Nvidia driver version 6.14.11.9038, dated July 14, 2009. The Nvidia GeForce 9300 GE video card's BIOS is version: 62.98.42.00.06.

Aug 15, 2009

TB Excellent Vendor Award Goes to: HopOne Internet Corp.

by J. Robert Burgoyne — last modified Aug 16, 2009 09:03 PM

From time to time True Blade Systems will write about the many excellent vendors we use who enable us to provide our professional services. HopOne Internet Corp., our vendor for server Colocation facilities, earns their fee and more.

Sparkling, Animated Gold TrophyAs any business owners knows, having excellent, dependable vendors is a key factor to providing great client service and maintaining a successful business.

For True Blade, an excellent vendor meets all our needs and provides exceptional service, often anticipating what we'll need in the future, based on what we're doing today.

With that in mind, True Blade Systems decided to create our TB Excellent Vendor Award.

Today we want to make you aware of the vendor we use to host our servers: HopOne Internet Corp. The service is known as Colocation. We use HopOne's DCA2 facility in McLean, Virginia. The staff are friendly, competent, and professional and the facility is first rate. We've had our servers there for several years and never had a problem.

Congratulations, HopOne, and thanks!

--
True Blade Systems, Inc.

Jul 15, 2009

Windows Vista - Works Fine for Me

by J. Robert Burgoyne — last modified Jul 16, 2009 02:45 PM
Filed Under:

Lots of our clients are concerned or unwilling to try Windows Vista. My experiences using Windows Vista on my primary desktop PC are positive.

system-300x312.jpg
I rebuilt a Dell Vostro 200 with updated hardware and installed Windows Vista Ultimate SP1 in March, 2009. I've been using it as my primary desktop PC since then. All my other PCs run Windows XP.

I haven't had any issues with Vista over these four months.

Today I needed to print something in color, so I had to install printer drivers for the two color printers in our office:

  • An HP Color LaserJet 3800, and
  • A Konica Minolta C250


I'm impressed with how easy it is to add a network printer.

From the Windows Control Panel, Printers, click "Add a printer", then click "Add a network, wireless, or Bluetooth printer".

Windows Vista then polls the network and found the HP Color LaserJet 3800 and automatically installed the printer driver. When it was finished, everything worked. There was no other effort required.

Vista did not discover the Konica Minolta C250, so I clicked on "The printer that I want isn't listed". Next I clicked on "Add a printer using a TCP/IP address or hostname" and entered the Konica's IP address. Within a few moments, Vista was setting up the printer, and when it was finished, everything worked.

For me, setting up a new printer under Vista is much easier than in Windows XP.

Jun 23, 2009

APC Smart UPS 750 - Hot Swappable Batteries?

by J. Robert Burgoyne — last modified Jun 24, 2009 02:50 PM
Filed Under:

Although a user can replace the batteries in a Smart UPS 750 without turning the unit off, in our case clearing the replace battery warning requires power-cycling the UPS, which cuts power to the devices you have plugged in and are trying to protect.

 

UPDATE - June 29, 2009 - The APC Smart UPS 750described below figured out its battery had been replaced, and now gives the correct status message, without power-cycling.


True Blade Systems has been using APC UPS products for many years. They're reliable, integrate well with our Linux servers and we've generally been pleased. We run apcaccess and apcupsd to monitor what's going on with the UPS. 

But a recent experience with a battery replacement in an APC Smart UPS 750 left us asking the following question:

Why make the UPS' batteries hot-swappable but NOT clear the battery warning indicator upon replacing the old batteries?

APC's technical documentation for this unit notes:

"This UPS has an easy to replace, hot-swappable battery. Replacement is a safe procedure, isolated from electrical hazards. You may leave the UPS and connected equipment on during the replacement procedure."

The above is true. Although I was a bit afraid to swap the batteries without turning the unit off, nothing bad occurred during the swap. But replacing the battery module (actually two batteries) did not clear the Replace Battery LED on the front panel. 

So I waited a day to see if time would clear the LED, but the LED stayed on. 

Thus on June 24, 2009 I called APC on (800) 555-2725 and spoke with a support rep. The support rep informed me that to clear the Replace Battery LED I must power-cycle the UPS. For me that means I must also power-cycle the server that's plugged into the UPS, which is not acceptable for me. So I'll have to wait for a weekend night to power-cycle the UPS. 

The rep created an internal case for future reference, case #C1-1041119483. 

Here are some other relevant details from apcaccess, the Linux based program we use to monitor the UPS:

APC      : 001,040,1009
DATE     : Wed Jun 24 14:36:56 EDT 2009
HOSTNAME : kenya.[deleted]
RELEASE  : 3.12.4
VERSION  : 3.12.4 (19 August 2006) redhat
UPSNAME  : TBSI_UPS
CABLE    : USB Cable
MODEL    : Smart-UPS 750
UPSMODE  : Stand Alone
STARTTIME: Sat Jun 20 13:40:37 EDT 2009
STATUS   : ONLINE REPLACEBATT 
LINEV    : 123.1 Volts
LOADPCT  :  24.7 Percent Load Capacity
BCHARGE  : 100.0 Percent
TIMELEFT :  36.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
OUTPUTV  : 122.4 Volts
DWAKE    : -01 Seconds
DSHUTD   : 090 Seconds
LOTRANS  : 106.0 Volts
HITRANS  : 127.0 Volts
RETPCT   : 000.0 Percent
ITEMP    : 35.5 C Internal
ALARMDEL : Always
BATTV    : 27.3 Volts
LINEFREQ : 60.0 Hz
LASTXFER : No transfers since turnon
NUMXFERS : 0
TONBATT  : 0 seconds
CUMONBATT: 0 seconds
XOFFBATT : N/A
SELFTEST : NO
STATFLAG : 0x07000088 Status Flag
SERIALNO : AS0721121024
BATTDATE : 2009-06-18
NOMBATTV :  24.0
FIRMWARE : 51.13.D USB FW:7.3
APCMODEL : Smart-UPS 750
END APC  : Wed Jun 24 14:37:04 EDT 2009

Let us know if you have had a similar experience with an APC or other manufacturer's UPS.

May 14, 2009

Google Service Outage on May 14, 2009

by J. Robert Burgoyne — last modified May 15, 2009 04:37 AM
Filed Under:

Users of Google services experienced slow service or interruptions in service on May 14, 2009. Here's what happened and what users should know.

 

Yesterday, Google suffered an outage that affected people using Google Calendar and Google Mail. The services were either unavailable or extremely slow.

In the past year, True Blade has become a big fan of Google Calendar, Google Contacts, and Google Mail. They've become critical to how we do our work and we highly recommend each of the services to our clients.

So when any of these services go down, we know first-hand that it's painful, and we understand that users are concerned.

It's especially frustrating that with technology problems the time required to restore service is often unknown. Nonetheless, we remain confident that Google aspires to high standards and that data saved on Google servers will always be safe, if not always available at every moment of the day or night.

More information about the Google Service Outage of May 14, 2009:

Official Google Blog 

NY Times Blog Entry on the Google Service Outage

 

Internet Connectivity from Taiwan to the USA circa 2009 - Excellent!

by J. Robert Burgoyne — last modified May 15, 2009 04:25 AM
Filed Under:

I've been visiting Taiwan since 1990 and the Internet here keeps getting better each year. Below are some notes on my experiences.

Photo of Longshan Temple, one of the oldest temples in Taipei, 300px x 450px.

Internet connectivity in Taiwan for residential users is available from the Cable TV company or via DSL, similar to the USA.

The residence where I'm staying uses a DSL vendor known as KBT or KB Telecom. KBT enforces PPPoE, but the Linksys WRT-54G router I installed handles the chore of establishing and maintaining the PPPoE connection.

The monthly service cost is NT$393 for the ADSL fee from www.hinet.com + NT$279 for the ISP, www.kbtelecom.com. So the total monthly service cost is NT$672 with a one year commitment. At today's exchange rate of US$1 = NT$32.864 the monthly cost is $20.45, including all taxes. The service is rated at 2Mbps down and 256 Kbps up. Such a deal!

The service is reliable and the Internet speeds are excellent. I'm getting 1,362 Kbps down and 207 Kbps up to Speakeasy's Seattle, Washington servers. Here's a comparison of the measured bandwidth from various ISPs.

I'm having no problem getting work done with our company's IMAP server & Plone webservers in New York and Virginia.

Document Actions