the jof

I’ve been brainstorming with the idea of having a sort of “brain” process to keep tabs on systems I watch. For recurring problems with consistent solutions, my hope is that it can eventually take care of these without human intervention.

• Attracting or sending too much traffic to/from a peer? Query a snapshot of cFlow records and pick some CIDR blocks to block accordingly.
• Inbound DDOS attack to a single source? Sink the traffic to a mitigator device up to a certain threshold of collateral damage. Past that, automatically inject a BGP-blackhole-community-tagged /32 route upstream.
• Route being hijacked? Determine hijacked block size, and slice up an aggregate into more specific routes where possible.
• Router CPU spiking again? Capture a process list as it happens.

I’m envisioning a set of ruby or python libraries that can interact with different systems and tools in a monitored environment, make some sane choices about what to do, and at the very least, be smart about alerting the administrator. I would much rather receive nagios and cacti threshold alerts over XMPP/Jabber than SMS while I’m in front of a real keyboard.

Come to think of it, receiving alerts over SMS isn’t that great. Email to SMS gateways add a lot of garbage to the message, and they show up as coming from different senders, so they never seem to thread on my phone. Having a programatic way to access alert data would make gathering this data into a ‘Systems Alerts’ type of app on the mobile phone possible.

Here’s what I was brainstorming in OmniGraffle:

BoingBoing Gadgets 'Referer' hiding in effect

I saw this the other day on a BoingBoing gadgets post from within Google Reader. Perhaps an over-zealous .htaccess over at BBG?

Interesting spelling nitpick: the original HTTP 1.0 spec (now in RFC1945) misspelled referrer as ‘referer’ and now it has stuck as a proper misspelling for many things HTTP.

So, note to self: when searching through natural language text, be fuzzy about spelling – it’s not so static changing over time and through repeated use in varied contexts. It sucks to miss a good result just because of a common misspelling.

 

Bandwidth graph for sfo.thejof.com

Here’s an example of how poking into what your applications are really doing can really save you some compute resources. In early December, I was adding a new job to my crontab and wanted to go over all the things that were running from there.

One of these cron jobs was a script snippet to instantiate mbsync to synchronize my remote IMAP store at work to a local maildir for perusal with mutt. When I wanted to grab a capture of some example network traffic of some of its polling cycles, I was surprised to find that it was always SELECT-ing each folder and iterating through each UID to check if it had seen it before. This took a decent amount of bandwidth to poll every five minutes – around 200 kbps. And of course, with the remote mailstore being an Exchange shop, this stretched the polling cycles on big folders out longer than it should have, blurring the lines between the stop of one cycle and the start of another.

Taking a look at some of the alternatives for remote mailstore synchronization, I started taking a look at fetchmail and eventually settled on switching. By configuring it to use IMAP IDLE-ing, the same process happens faster at around only 5-20 kbps — an almost four-fold reduction in network utilization.

Efficiency victory dance!

For the last six years, I’ve been making use of the same gpg identity. I’ve copied my private key onto more workstations than I can recall at this point, so I’ve decided to try and be a little bit better about keeping my keys and signatures in-order and up-to-date.

A couple of steps I took tonight in moving to a key set of keypairs:

1. Generated a new signing keypair with gpg --gen-key I cycled through the process several times until I had a nice-sounding trailing 4-bytes. I ended up going with 0×8F8CAD3D — “eight-fate-CAD-3D” I say aloud in my head.
2. Signed the new signing keypair with my old signing keypair, 0xC8579EE5. This is just to mark the new key as trusted by the old one, and to demonstrate that cryptographically.
3. Generated a revocation certificate for the old key, with the old key using gpg -u 0xC8579EE5 --gen-revoke 0xC8579EE5 | gpg --import
4. Sent the revoked, old signing keypair to a keyserver with gpg --send-key 0xC8579EE5
5. Old keypair disappears from keyservers, begin using new signing/encrypting keypairs.

As a result, I’m interesting in finding people I know that want to swap key signatures.

My new key is available here.

Update: I figured “what the heck, it’s 2009, what’s an extra 20k?”, so I embedded a photo in my key as well just for grins. Bask in the glory of a big blob of base-64.

Vimperator is great. It’s a Firefox 3 add-on that implements a separate input layer above normal Firefox controls so that you can navigate around all the browsing and browser settings with vim-like keybindings.
A coworker turned me onto the thing, and I’ve found it makes working in a browser much more productive, as I’m not always alternating between the keyboard and mouse to navigate between different input focuses.

It keeps my hands where they belong when using the computer — on the keyboard!

One feature I like in particular is a binding for ‘[[' and ']]’. The bindings in their respective directions will search for anchor (<a … >) tags on the page and do a little regexp in the inside HTML for ‘prev’ and ‘next’.

This is mucho awesome on sites like Flickr, or multi-page articles where you can just  double-tap the brackets either forward to backward to flip to the next or previous page.

Found this bash gem on some corporate BIND management scripts at work – ugh:

ZTEST=$1
if [ "x$ZTEST" == "x" ]; then
echo “Usage: …..”

Is ab-so-fucking-lutely awesome. Granted, this link probably has latencies of almost 100-200 ms on just the first hop to my gateway at MAE-West, and my max throughput is only about 90k at best. However, the cool hax element of the whole thing is hard to ignore.

Thanks Boingo!

So the webcam idea worked, but all of the photos pretty much sucked. >95% of them were completely blurry…

I think about 50 people recognized that I was a LEGO minifig, and about 150 thought I was a wheel of cheese.
I really think I could do a much better job next time by making the foam discs a little more round. I had envisioned a glossy and perfect lego head and wound up with something that looked more like a sarcastic-lumpy-wheel of cheese or a smirking-drunk-yellow marshmallow.

Perhaps next year I’ll put in an old point-and-shoot digital camera with a remote trigger and have a usb cable running down to my pack that’ll read off the card.
One thing that would have been nice is some kind of heads-up-display inside the helmet. Just a simple backlit LCD would have been perfect. It would display the timer length remaining until the next snapshot, and some other arbitrary piece of random crap just ’cause it’d be cool.
A shutter trigger button on the side of the headpiece would be pretty useful as well.

Hopefully you’ll be able to follow along tonight for Halloween in the Castro.

I’m going to try and put a webcam in my Lego head this year and keep a laptop tethered to my phone to upload images in realtime. It seems to work at the moment, but I still haven’t tested it with my phone or made a mounting hole in the head.
Once everything is set, it’ll upload images to http://thejof.com/halloweencam2006

Build photos at:  http://flickr.com/photos/thejof/sets/72157594354884204/

Update: Everything seems to work, so I’ll be testing out 1 min. intervals on my way out to Shannon’s

Update #2: Pictures are a little blurry, but it totally works!

Orace OpenWorld is at Moscone this week.

ESSID: vpn
64-bit WEP and way more than enough traffic