return to OCLUG Web Site
A Django site.
April 7, 2011

» MySQL Backup Concepts for (Linux) System Administrators – Part 1

Hello, My name is James McOrmond. I am a MySQL DBA (and part time SysAdmin) at the ‘The Pythian Group’ headquarters here in Ottawa.

In my previous employment I was the primary System Administrator for a local Linux OS software company (for over 8 years). Server backups were of course something I was doing as part of my job, but i’ve learned that the backups I was doing for the MySQL databases were probably not what a DBA would have set up.

In this blog post, I will cover 3 basic types of MySQL backups for stand-alone database systems. I will not be covering fancy GUI applications, or really complicated processes – just the basic concepts – which is what I think System Administrators (ie – non DBA’s) need to know to have a good/valid backup.

1) ‘mysqldump’

This is the most basic form of MySQL backup – and likely the one most system administrators have used in the past.

This program reads data from mysqld, and ‘dumps’ clear text to stdout which you can redirect to a file anywhere on the system, or directly to a file. The text output is actually a sequence of SQL “INSERT” commands which would be used to reload the data. Commonly I see the filenames containing portions of the current date, but you can do whatever you want based on your overall backup retention policies.

Various arguments can be given to mysqldump to include all databases on the system, just a subset of databases, or even limiting to specific tables in one database. If you’re looking for “quick and dirty” – the ‘–all-databases’ argument will get you a dump of all the databases on the system. If you have stored procedures or events, you’ll also want to make sure these are part of your dumps.

    mysqldump --all-databases | gzip - >/mnt/backups/mysqlbackup-`date +%Y-%m-%d_%H.%M.%S`.gz

If your databases are large, it’s probably advisable to at least export each database schema into a different file. This would allow you to have different retention schedules for each database. It also makes restoring a single database (or table) easier – if for example someone deletes a single table. This of course never happens in the ‘real world’ right? :-)

While using mysqldump is definitely the “easiest” way to perform a backup, it also has a significant issue that make many serious DBA’s shutter if these are the only backups available.

The main problem of course relates to making sure the data is consistent across all tables within the same backup. If you don’t, one table may reference entries in another table that may have been modified (or even no longer exists) between the start and end of the backup process.

The most convenient way to enforce this is by using the ‘–lock-all-tables’ argument. “Unfortunately” this does exactly what it’s supposed to do – it puts a read only lock all tables (in all databases). That means no other process can modify data in the database until the backup is done. If your database has mostly reads – or if you can put your application into a read only or maintenance mode, this may be fine, but otherwise you will probably eventually notice several write statements in locked state – waiting for the backup to finish.

If your backup takes hours, having a read lock on the data may be quite inconvenient, and you should investigate another backup method.

2) File System Snapshots

File System snapshots (as the name suggests), happen at the File System layer, not within the database itself. Depending on your environment, you may already be doing snapshots to backup other parts of your environment.

If you are using a SAN for your storage, snapshotting is likely a built in feature. If not – you can use LVM snapshots at the OS level, as long as you have created the necessary logical volumes of the correct areas of your system.

As with mysqldump, you need to make sure the data is consistent in your backup, or else it may not be very useful to you when you try to do a restore, at 3am on a Saturday morning, with a customer on the phone ‘asking’ you when everything will be working again :-)

There are two kinds of flows typical with this type of backup:

   perform a 'FLUSH TABLES"
   create the snapshot
   perform an 'UNLOCK TABLES'

At this point, you’re safe to mount the snapshot to a new location, and then copy the database files somewhere else – possibly using whatever method you’re using to backup the rest of the system (tar, rsync or a tool like bacula).

The interruption to the active database is fairly minimal here – only between the “FLUSH TABLES WITH READ LOCK”, and the “UNLOCK TABLES” commands. Performing the first “FLUSH TABLES” ahead of time makes sure the interruption is minimal.

Unfortunately, while this sounds like the perfect solution, some storage engines like InnoDB may essentially ignore the “FLUSH TABLES WITH READ LOCK”, so data may not be perfectly consistent on disk when the snapshot happens. It will be closer than just doing a mysqldump, but still not perfect.

All is not lost, as mysqld will actually do a “crash recovery” based on the various log files available to clean up the database as part of the startup process.

The best and easiest way to be absolutely sure the data is consistent for the snapshot, is to actually shut down the mysqld process entirely while the snapshot is being performed.

   perform a 'FLUSH TABLES"
   shutdown the database
   create the snapshot
   restart the database

The outage in this case will be complete – no reads or writes will be possible at all. The duration of the outage will be quite short so this outage may be acceptable. It’s entirely possible it will be less than a minute from the database shutdown, to the restart.

Your application should still be put into a maintenance mode if possible, but it should be scheduled during an off time, and you may decide it is short enough that end users won’t notice.

3) xtrabackup

xtrabackup is an open source tool available from Percona. Among other things, it is capable of performing backups of InnoDB databases – while the database is still running.

Percona provides yum/apt repositories for Red Hat/CentOS/Fedora, Debian and Ubuntu, as well a generic .tar.gz for everyone else. You should be able to get it installed on your chosen distribution fairly easily. The package will contain many different files most notably the xtrabackup binary itself, as well as the innobackupex-1.5.1 wrapper script.

This innobackupex wrapper script will save you a lot of time when you’re trying to get your backups done. In it’s simplest mode, it will take a single argument – the backup destination directory, and then it will do a fairly complete backup into that directory. If your my.cnf is not in /etc/ then you should use the –defaults-file argument.

Typically you’ll want these backups run through a program like tar, so the –stream option is your friend. This also allows you to compress the backups using a program like gzip, which is of course always a good idea.

   innobackupex-1.5.1 --stream=tar /mnt/backups | gzip - > mysqlbackup.`date +%Y-%m-%d_%H.%M.%S`.tar.gz

To really have the backup at the fully consistent level we want, xtrabackup needs to be done in multiple stages. The first stage simply does the backup into a directory (which it will name based on the date), and the second one re-runs innobackupex with the –apply-log argument so it applies the updates. If you wish, you can also then create a compressed tarball of this backup directory.

These additional stages however don’t need to be done at the time of your backups, they can be done at the time of the restore which is likely far less often. It all depends on when you want your system spending the CPU cycles.

Final Thoughts

This blog is by no means a fully exhaustive list of the tools available, but they essentially cover one example of the 3 basic types – logical, cold and hot.

It is entirely valid and common to use more than one backup type.  Often I have seen a logical backup along with one of the other two backup types.

Care should be taken with the security of your backups of course, and please remember that if you specific user name and password on the command line, that they can be viewed by any user logged into the system that can run commands like “ps” or “top”.

If you are using multiple servers in a master/slave configuration, command line arguments also exist in the different tools for recording relevant binlog positions and those definitely should be used.

…But that is a topic for another time.

Some relevant links

mysqldump documentation on –
Percona Xtrabackup –

May 14, 2010

» Blogrotate #27: The Weekly Roundup of News for System Administrators

Good afternoon and welcome to issue 27. The number 27 according to numerology is “the symbol of the divine light” so I’ll try to do that ideal justice. We’re off to a good start, what with me actually getting this out on schedule and such, so let’s get to it while the day is still [...]

May 13, 2010

» An SSH tool to make your life easier

A MySQL user group member saw that I use Poderosa as my ssh-on-Windows tool, and asked why I did not use PuTTY. My response was that I like having tabbed windows and hate having to keep opening another PuTTY program every time I want to open another connection. With Poderosa I can open a new [...]

May 10, 2010

» Blogrotate #26: The Weekly Roundup of News for System Administrators

Hi there and welcome to Blogrotate in which I, your humble host and blogger, bring to you interesting stories and events from the past week in the SysAdmin world. It’s been yet another busy week, which is why this is coming out on a Sunday again, so I am going to have to short list this edition but there’s still plenty of tasty nuggets to be found. Read on.

Operating Systems

It’s been discovered that Microsoft released three patches last month without including them in the release notes. Two of the patches were to fix security holes in MS Exchange servers. While this is nothing new it completely removes the ability for a sysadmin to evaluate the impact of the patches on critical corporate systems, which is necessary before rolling out the updates. Not to mention it makes it really difficult to diagnose a change in behaviour if you have no idea there was a change made. See more gory details in Security firm reveals Microsoft’s ‘silent’ patches.

Sun/Oracle removed public firmware downloads is a strange piece by someone called techbert describing how he logged into the sunsolve to download some firmware for his systems only to find that they were no longer publicly available. This is a bad move that will likely annoy a lot of people looking for firmware on old, repurposed or used systems. It’s a good thing that my Sparc 1+ is already patched!

If you are an old fogey like me you may still be using newsgroups over nntp for many things. Even Microsoft provided support for their products using newsgroups, but as of June 2010 they will begin decommissioning the groups in favour of their online community message boards. See the official news release Microsoft Responds to the Evolution of Communities.


Ars Technica has a look at the current market share for internet browsers. Chrome has surged to a new high while IE has dropped below 60% market share. FireFox and Safari (Mac) have remained fairly static which means that Chrome is taking the bite right our of Microsoft’s share of the pie. For more visit Emil Protalinski and his aritcle Chrome continues surge as IE drops below 60% market share

From the Google Chrome Blog, a piece about performance improvements in the latest Chrome beta claiming “30% and 35% improvement on the V8 and SunSpider benchmarks over the previous beta channel release” and “as much as 213% and 305% on these two benchmarks since our very first beta”. Take a look at Pedal to the Chrome metal: Our fastest beta to date for Windows, Mac and Linux.

Since we’re all about the chrome this week check out this link that Bill provided, a video demonstrating the rendering speed of Chrome. See the youtube video Google Chrome Speed Tests (SFW[1]). I think the results were skewed because a) the french fry chopper introduced resistance to the potato reducing it’s velocity and; b) actual sound waves move faster than paint moving against gravity no matter how much force you put into the paint. Still they are all really neat.


Linux Journal has a nifty little piece by Bill Childers about setting up your own Ubuntu server in the Amazon cloud. Check out Put Your Servers in the Cloud with Amazon EC2 and Ubuntu.

Data Center Knowledge
has an interesting report by Rich Miller called Rackspace Hits 100,000 Customers. Based on the numbers he presents it seems that “the managed hosting unit accounted for less than 1 percent of customer growth, but 77 percent of revenue growth” meaning basically that they’re gaining a lot of cloud customers but it’s not their money maker, it’s just gravy. Still the gains in cloud presence are impressive.

Matt Asay at C-net writes about increasing competition between Red Hat and VMware in the virtualization and middleware markets, and suggests that Red Hat may look at growing by acquiring a NoSQL technology and VMware may enter a bid for Novell to enter the operating system space. See VMware and Red Hat: The war for the data center.


The world is hungry for storage capacity and there are limits on storage density using current technology. But wait! There is hope for the future. There is a new paper showing how a combination of thermally-assisted magnetic recording (TAR) and bit-patterned recording (BPR) can be used to “store data at densities of up to one terabit per square inch, and suggest the media could be stable up to ten terabits per square inch”. See Casey Johnston‘s article New hard drive write method packs in one terabit per inch.

And finally a couple of amusing items for you. Head on over to IT World and check out Vintage Tech Ads: The 15 Funniest Videos and also Priceless! The 25 Funniest Vintage Tech Ads.

That’ll have to do it for this week. Leave your own picks in comments and we’ll see you next week.

[1] In a surprising turn of events when I went to do my usual linking of the Internet slang definition for SFW above I found that the definitions themselves included language that would be considered NSFW. So for those who do not know SFW == Safe For Work and NSFW == Not Safe for Work.

May 7, 2010

» Liveblogging: Senior Skills: Python for Sysadmins

Why Python?

- Low WTF per minute factor
- Passes the 6-month test (if you write python code, going back in 6 months, you pretty much know what you were trying to do)
- Small Shift/no-Shift ratio (ie, you use the “Shift” key a lot in Perl because you use $ % ( ) { } etc, so you can tell what something is by context, not by $ or %)
- It’s hard to make a mess
- Objects if you need them, ignore them if you don’t.

Here’s a sample interpreter session. The >>> is the python prompt, and the … is the second/subsequent line prompt:

>>> x='hello, world!';
>>> x.upper()
>>> def swapper(mystr):
... return mystr.swapcase()
  File "<stdin>", line 2
    return mystr.swapcase()
IndentationError: expected an indented block

You need to put a space on the second line because whitespace ‘tabbing’ is enforced in Python:

>>> def swapper(mystr):
...  return mystr.swapcase()
>>> swapper(x)
>>> x
'hello, world!'

partition is how to get substrings based on a separator:

>>> def parts(mystr, sep=','):
...  return mystr.partition(sep)
>>> parts(x, ',')
('hello', ',', ' world!')

You can replace text, too, using replace.

>>> def personalize(greeting, name='Brian'):
...  """Replaces 'world' with a given name"""
...  return greeting.replace('world', name)
>>> personalize(x, 'Brian')
'hello, Brian!'

By the way, the stuff in the triple quotes is automatic documentation. A double underscore, also called a “dunder”, is to print the stuff in the triple quotes:

>>> print personalize.__doc__
Replaces 'world' with a given name

Loop over a list of functions and do that function to some data:

>>> funclist=[swapper, personalize, parts]
>>> for func in funclist:
...  func(x)
'hello, Brian!'
('hello', ',', ' world!')


>>> v=range(1,10)
>>> v
[1, 2, 3, 4, 5, 6, 7, 8, 9]
>>> v[1]
>>> v[5]
>>> v[-1]
>>> v[-3]

List slicing with “:”
>>> v[:2]
[1, 2]
>>> v[4:]
[5, 6, 7, 8, 9]
>>> v[4:9]
[5, 6, 7, 8, 9]
Note that there’s no error returned even though there’s no field 9. If you did v[9], you’d get an error:
>>> v[9]
Traceback (most recent call last):
File ““, line 1, in
IndexError: list index out of range

Python uses pointers (or pointer-like things) so v[1:-1] does not print the first and last values:

>>> v[1:-1]
[2, 3, 4, 5, 6, 7, 8]

The full array syntax is [start:end:index increment]:

>>> v[::2]
[1, 3, 5, 7, 9]
>>> v[::-1]
[9, 8, 7, 6, 5, 4, 3, 2, 1]
>>> v[1:-1:4]
[2, 6]
>>> v[::3]
[1, 4, 7]

Make an array of numbers with range

>>> l=range(10)
>>> l
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]

Make a list from another list

>>> [pow(num,2) for num in l]
[0, 1, 4, 9, 16, 25, 36, 49, 64, 81]

append appends to the end of a list

>>> l.append( [pow(num,2) for num in l])
>>> l
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, [0, 1, 4, 9, 16, 25, 36, 49, 64, 81]]
>>> l.pop()
[0, 1, 4, 9, 16, 25, 36, 49, 64, 81]

extend takes a sequence and puts it at the end of the array.

>>> l.extend([pow(num,2) for num in l])
>>> l
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 4, 9, 16, 25, 36, 49, 64, 81]

A list can be made of a transformation, an iteration and optional filter:
[ i*i for i in mylist if i % 2 == 0]
transformation is i*i
iteration is for i in mylist
optional filter is if i % 2 == 0

>>> L=range(1,6)
>>> L
[1, 2, 3, 4, 5]
>>> [ i*i for i in L if i % 2 == 0]
[4, 16]

Tuples are immutable lists, and they use () instead of []
A tuple always has 2 elements, so a one-item tuple is defined as

Dictionaries aka associative arrays/hashes:

>>> d = {'user':'jonesy', 'room':'1178'}
>>> d
{'user': 'jonesy', 'room': '1178'}
>>> d['user']
>>> d.keys()
['user', 'room']
>>> d.values()
['jonesy', '1178']
>>> d.items()
[('user', 'jonesy'), ('room', '1178')]
>>> d.items()[0]
('user', 'jonesy')
>>> d.items()[0][1]
>>> d.items()[0][1].swapcase()

There is no order to dictionaries, so don’t rely on it.

Quotes and string formatting
- You can use single and double quotes inside each other
- Inside triple quotes, you can use single and double quotes
- Variables are not recognized in strings, uses printf-style string formatting:

>>> word='World'
>>> punc='!'
>>> print "Hello, %s%s" % (word, punc)
Hello, World!

Braces, semicolons, indents
- Use indents instead of braces
- End-of-line instead of semicolons

if x == y:
 print "x == y"
for k,v in mydict.iteritems():
 if v is None:
 print "v has a value: %s" % v

This seems like it might be problematic because of long blocks of code, but apparently code blocks don’t get that long. You can also use folds in vim [now I need to look up what folds in vim are].

You can’t assign a value in a conditional statement’s expression — because you can’t use an = sign. This is on purpose, it avoids bugs resulting from typing if x=y instead of if x==y.

The construct has no place in production code anyway, since you give up catching any exceptions.

Python modules for sysadmins:
- sys
- os
- urlib/urlib2
- time, datetime (and calendar)
- fileinput
- stat
- filecmp
- glob (to use wildcards)
- shutil
- gzip
- tarfile
- hashlib, md5, crypt
- logging
- curses
- smtplib and email
- cmd

The Zen of Python
To get this, type ‘python’ in a unix environment, then type ‘import this’ at the commandline. I did this on my Windows laptop running Cygwin:

cabral@pythianbos2 ~
$ python
Python 2.5.2 (r252:60911, Dec  2 2008, 09:26:14)
[GCC 3.4.4 (cygming special, gdc 0.12, using dmd 0.125)] on cygwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import this
The Zen of Python, by Tim Peters

Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one-- and preferably only one --obvious way to do it.
Although that way may not be obvious at first unless you're Dutch.
Now is better than never.
Although never is often better than *right* now.
If the implementation is hard to explain, it's a bad idea.
If the implementation is easy to explain, it may be a good idea.
Namespaces are one honking great idea -- let's do more of those!

This was liveblogged, please let me know any issues, as they may be typos….

» Liveblogging: Senior Skills: Sysadmin Patterns

The Beacon Pattern:
- This is a “Get out of the business” pattern
- Identify an oft-occurring and annoying task
- Automate and document it to the point of being able to hand it off to someone far less technical

- System admins were being put in charge of scheduling rooms in the building
- They wrote a PHP web application to help them automate the task
- They refined the app, documented how to use it, and handed it off to a secretary
- They have to maintain the app, but it’s far less work.

The Community Pattern:

- Prior to launch of a new service, create user documentation for it.
- Point a few early adopters at the documentation and see if they can use the service with minimal support
- Use feedback to improve documentation, and the service
- Upon launch, create a mailing list, forum, IRC channel, or Jabber chat room and ask early adopters to help test it out.
- Upon launch, your early adopters are the community, and they’ll tell new users to use the tools you’ve provided instead of calling you.

- A beowulf cluster for an academic department
- Documented like crazy, early adopters were given early access to the cluster (demand was high)
- Crated a mailing list, early adopters were added to it with their consent, functionality was tested with them.
- Email announcing launch mentioned the early adopters in a ‘thank you’ secion, and linked them to their mailing list.

The DRY pattern
DRY = Don’t repeat yourself
Identify duplicate code in your automation scripts
Put subroutines that exist in an include file, and include them in your scripts.

- “sysadmin library”
- /var/lib/adm/.*pl
- Elapsed time and # of lines to script a task for which the library was useful plunged dramatically
– new tasks were thought up that were not considered before but were obvious now (ie, users that want to change their username)
– migrating to new services became much easier

The Chameleon Pattern
- Identify commonalities among your services
- Leverage those to create “Chameleon” servers that can be re-purposed on the fly
- Abstract as much of this away from the physical hardware
- Doesn’t need to involve virtualization, though it’s awfully handy if you can do it that way.
[this one is a bit harder to do with MySQL config files]

[puppet/cfengine were mentioned...] – more than a script: a methodology

- But isn’t installing packages you don’t need bad? Depends on the package….ie, gcc is bad for enterprise

“Junior annoynances”

Terminal issues

open terminal, login to machine1
think issue is with machine2, talks to machine1.
log out of machine1
log into machine2

opens 2 terminals each of machine1 and machine2 to start

networking issue ticket arrives
logs into server
runs tcpdump

networking issue ticket arrives
logs into server
looks at logs

“Fix” vs. “Solution” ie “taking orders”
Junior will try fix a problem, senior will try to figure out what the problem is. ie, “I need a samba directory mounted under an NFS mount” a junior admin will try to do exactly that, a senior admin will ask “what are you trying to do with that?” because maybe all they need is a symlink.

Signs you might be a fanboy:
- Disparaging users of latest stable release of $THING for not using the nightly (unstable) build which fixes more issues
- Creating false/invalid comparisons based on popular opinion instead of experience/facts
- Going against internal standards, breaking environmental consistency, to use $THING instead of $STANDARD (but this is also how disruptive technology works)
- Being in complete denial that most technology at some point or another stinks.
- Evaluating solutions based on “I like” instead of “we need” and “this does”.

» Liveblogging: Seeking Senior and Beyond

I am attending the Professional IT Community Conference – it is put on by the League of Professional System Administrators (LOPSA), and is a 2-day community conference. There are technical and “soft” topics — the audience is system administrators. While technical topics such as Essential IPv6 for Linux Administrators are not essential for my job, many of the “soft” topics are directly applicable and relevant to DBAs too. (I am speaking on How to Stop Hating MySQL tomorrow.)

So I am in Seeking Senior and Beyond: The Tech Skills That Get You Promoted. The first part talks about the definition of what it means to be senior, and it completely relates to DBA work:
works and plays well with other
understands “ability”
leads by example
lives to share knowledge
understands “Service”
thoughtful of the consequences of their actions
understands projects
cool under pressure

Good Qualities:

Bad Qualities:
[my own addition - no follow through, lack of attention to detail]

The Dice/Monster Factor – what do job sites see as important for a senior position?

They back up the SAGE 5-year experience requirement
Ability to code in newer languages (Ruby/Python) is more prevalent (perhaps cloud-induced?)

The cloud allows sysadmin tasks to be done by anyone… developers can do sysadmin work, and you end up seeing schizophrenic job descriptions such as

About the 5-year requirement:
- Senior after 5 years? What happens after 10 years?
- Most electricians, by comparison, haven’t even completed an *apprenticeship* in 5 years.

Senior Administrators Code
- not just 20-line shell scripts
- coding skills are part of a sysadmin skill
- ability to code competently *is* a factor that separates juniors from seniors
- hiring managers expect senior admins to be competent coders.

If you are not a coder
- pick a language, any language
- do not listen to fans, find one that fits how you think, they all work…..
- …that being said, some languages are more practical than others (ie, .NET probably is not the best language to learn if you are a Unix sysadmin).

Popular admin languages:
- Perl: classic admin scripting language. Learn at least the basics, because you will see it in any environment that has been around for more than 5 years.

- Ruby: object-oriented language for people who mostly like Perl (except for its OO implementation)

- Python: object-oriented language for people who mostly hate Perl, objects or no objects. For example, you don’t have to create a String object to send an output.

But what if you do not have time to learn how to program?

- senior admins are better at managing their time than junior admins, so perhaps managing time
- time management means you’ll have more time to do things, it doesn’t mean all work work work.
- Read Time Management for System Administrators – there is Google Video of a presentation by the author, Tom Limoncelli.

Consider “The Cloud”
- starting to use developer APIs to perform sysadmin tasks, so learning programming is good.
- still growing, could supplant large portions of datacenter real estate
- a coder with sysadmin knowledge: Good
- a sysadmin with coding knowledge: Good
- a coder without sysadmin knowledge: OK
- a sysadmin with no coding interest/experience: Tough place to be in

Senior Admins Have Problems Too
Many don’t document or share knowledge
Maany don’t do a good job keeping up with their craft
Cannot always be highlighted as an example of how to deal with clients
Often reinvent the wheel – also usually there is no repository
Often don’t progress beyond the “senior admin” role

….on the other hand…..
cynicism can be good…..

learn from the good traits
observe how others respond to their bad traits
think about how you might improve upon that
strive to work and play well with others, even if you don’t have a mentor for good/bad examples.

Now he’s going into talking about Patterns in System Administration….

May 3, 2010

» Blogrotate #25: The Weekly Roundup of News for System Administrators

Good evening and welcome to this weeks edition of Blogrotate. It’s a bit later than usual this week due to client concerns but I could not let this week go by without something. This week, after all, is the release of Ubuntu 10.04LTS (Lucid Lynx) so I get to leverage my supreme blogging power to promote the product since I use it pretty much everywhere now.

Operating Systems

So as I was saying, the release of Lucid Lynx has the world abuzz. We had a mini install fest here in the SA cluster at Pythian and 2/3 of it went well. It seems that video is the main source of install pain for us in this new version. My own install went well at home except for the proprietary NVidia drivers, and the fglrx (ATI) driver was an issue for a colleague in the office. Luckily we have the knowhow to get around these issues here at Pythian, but I would be concerned for new users trying to upgrade. Despite that I think it’s a bloody good package and well worth trying.

Here’s a short list of some sources of information on the new Ubuntu.

On in other news, let’s all shake our heads in disbelief at Unix copyrights: SCO want a new ruling.

Priya Ganapati at Wired writes about this weeks Palm purchase by HP. It’s long been known that HP had scrubbed the iPaq because that just could not nail the OS, but now they own WebOS so watch for the iPaq to make a comeback (minus the silly name (and resulting lawsuit from Apple) of course). But I digress, check out HP Buys Palm for $1.2 Billion.

If you are running Windows 7 you’ll want to beware of a recently discovered problem. See the Microsoft Ansrews Forum topic Windows 7 deletes all system restore points on reboot.


Joel Wineland is Senior Product Developer at Rackspace Managed Hosting. He writes about things to consider when evaluating cloud services. See Creating a Successful Cloud Environment.

Amazon Web Services (AWS) adds a Singapore Data Center so users can run their cloud computing infrastructure in the Asia Pacific region.

Have you considered the security risks of your impending cloud investment? Take a look at 10 Cloud Security Threats by Anil Chopra. My advice is to never trust a hosted cloud service with production, proprietary or sensitive data.


Media darling and bon vivant Steve Jobs was at it again in a tirade against the evils of Flash. You can get the short (and long) story at Engadget in Steve Jobs publishes some ‘thoughts on Flash’… many, many thoughts on Flash by Paul Miller. When you are done with that head on over to Ars Technica for a rebuttle of sorts in Pot, meet kettle: a response to Steve Jobs’ letter on Flash.

That’s all I’ll have time for this week. As always your comments and stories are welcomed.

Try Lucid Lynx. The power of blog compels you.

April 23, 2010

» Blogrotate #24: The Weekly Roundup of News for System Administrators

Good afternoon and welcome to another edition of Blogrotate. Though I have been contributing to Blogrotate since its inception, this is the first time I have had the honour of posting it myself. Go me!

Operating Systems

Red Hat has announced the availability of a public beta for Red Hat Enterprise Linux 6 (RHEL 6). There are a number of changes, for which Dave Courbanou at The VAR Guy does a pretty good job of providing an overview. Of note are that Red Hat has completed its migration from Xen to KVM as the supported virtualization technology (which began with RHEL 5.4), and that ext4 is now the default filesystem.

There have been a couple of tidbits of news in the Ubuntu world. The first being a bug with memory leakage in affecting beta 2 of Ubuntu 10.04. The discussion on Slashdot became a debate on the merits of time vs scope-based release schedules. Per the bug report, a fix has since been committed, which is good because — and this leads into the second bit of news — Ubuntu has announced the availability of the release candidate for 10.04. Things are moving fast as we approach its release next Thursday.

And for something that’s not release announcement related, M. Tim Jones has an interesting article over at IBM’s developerWorks about Kernel Shared Memory in the Linux 2.6.32 kernel. Without going into a lot of detail (I’ll let him do that), it’s basically the implementation of a daemon to handle de-duplication of memory pages. This has obvious implications in a virtualization environment as there is the potential to run more virtual machines on a host without increasing the memory footprint.


The big news on this front was that McAfee pushed out a virus definition update that falsely identified svchost.exe as a threat, resulting in Windows automatically rebooting. Peter Bright from Ars Technica has some good coverage of this, and linked to McAfee’s official solution. Meanwhile, Dave Courbanou over at The VAR Guy has a follow up on the situation with some additional detail, and Barry McPherson from McAfee has posted an official response stating that a ’small percentage’ of enterprise accounts were affected. And finally, Ben Grubb of ZDNet Australia reports that Coles had 10 percent of its point-of-sales terminals affected and shut down stores in WA and South Australia as a result.


Oracle has decided to charge for an ODF plugin for MS Office which allows users to import/export documents in Open Document Format. Matt Asay, COO at Canonical, provides some commentary on this stating that “$9,000 is the new ‘free’ for Oracle“.

Jono Bacon, Canonical’s Community Manager, wrote that Canonical has made the single sign-on component of Launchpad available as open source under the AGPL3 license. There is some coverage from The H on this as well. Launchpad itself was released under the AGPL3 license about a year ago.


On a final (interesting) note, ‘Cyber Cynic’ Steven J. Vaughan-Nichols writes that HP and Likewise to release Linux-based storage line about HP and Likewise partnering on a line of StorageWorks products that will make use of the Likewise CIFS stack to support Active Directory authentication.

Well, that’s all I have time for this week. Will Brad be back at the helm next week, or will I continue my reign? You’ll just have to wait and see…

April 16, 2010

» Blogrotate #23: The Weekly Roundup of News for System Administrators

Good morning everyone and welcome to another edition of all the news fit to reprint. Last week iPad news was the number one topic on the hearts and minds of most places I visit, let’s see if the iPad can last another week or if a new champion will be crowned. Call or text your votes to … oh wait that’s someone else. :)

Operating Systems

Starting off on a sad note that I missed last week. Ed Roberts, the inventor of the Altair personal computer died on April 2nd at the age of 68. The New York Times has a good article about it, see H. Edward Roberts, PC Pioneer, Dies at 68. You can also check out an audio interview he did with Mark Frauenfelder over at BoingBoing, Remembering Ed Roberts, the father of the personal computer. Geeks everywhere owe this man a debt of gratitude.

Hey look! It’s an iPad related story. If you miss the good old days of Windows 95, now you can run it on your iPad (assuming you were an early adopter and have not smashed it for YouTube). See this video called Windows 95 on iPad completes the Bill Gates vision. For the record I purposely did not link the iPad smashing video because that nonsense is not worth my time.


Was anyone else up yesterday with email outages that trace back to ClamAV? I know I was. It turns out that ClamAV 0.94 has passed EOL but instead of gracefully disallowing new updates, ClamAV released new virus databases which broke installations of 0.94. You can check out the full EOL release at the ClamAV site in End of Life Announcement: ClamAV 0.94.x. A colleague here (Hi Mo!) found this interesting piece by Neil Schwartzman called ClamAV and the Case of the Missing Mail, proving that we were not alone in our suffering. So once you are done with righteous indignation, be sure to upgrade your AV engine.


Sean Michael Kerner at VOIPPlanet is reporting Open Source Asterisk 1.8 Aiming for Long-Term Support. According to the article users had complained that the frequency of releases in the 1.6 version of the software was making it difficult to know when and why to update, and the Asterisk team hopes to have their 1.8LTS out in the third quarter this year.


VMWare has released new patches for their ESX/vSphere product line. Check out the charmingly titled [Security-announce] VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues.

If you are working towards vitualization and need a primer in the various technologies available look no further than Containers vs. Hypervisors: Choosing the Best Virtualization Technology by Joe ‘Zonker’ Brockmeier at

Rackspace has released a new iPad app which will let you manage your cloud servers remotely using the bleeding edge device. Matthew Weinberger at The Var Guy has details in The Rackspace Cloud Launches iPad Application, and you can check out the marketing version of the news at the RackSpace web site.

Now that Oracle owns Sun, it also owns VirtualBox. Oracle has now released their first maintenance release addressing some outstanding bugs and stabilizing some features such as VT-x and multicore support. You can get the details from Timothy Prickett Morgan in Oracle freshens its VirtualBox.


James Gosling, the father of the Java programming language, has moved on from his position at Sun Microsystems. No word as to what he’ll be doing, but we wish him well. See his new new blog called On a New Road to hear it straight from the horses mouth.


A BGP error at a Chinese ISP caused it to briefly declare itself the route for approximately 37,000 IP networks, many belonging to US companies. The H Online has a report on this event titled Chinese ISP ‘hijacks’ bits of the web.

The key to corporate web sites has been SEO for quite a long time now. How well your web site is ranked by Google and other search engines is important if you want to be at the top of the results. According to Google’s Webmaster Central blog they are now going to be using the speed of your site as part of their ranking algorithm. See Using site speed in web search ranking for the official announcement. You can also find more on El Reg, see Google tweaks search results with mystery site speedometer.


If you are in the market for SSD to speed up your servers, here’s a good place to start. Henry Newman (CTO of Instrumental Inc.) has a 3 part series at the Enterprise Storage Forum that covers most (if not all) you’ll need to know to choose the right fit for your purposes. See all three parts:

  1. Solid State Drives in Enterprise Applications
  2. Solid State Drive Reliability and Performance in Storage Networking
  3. Choosing the Right Solid State Drive for Your Storage Network

Well that’s all the time I will have for this week. I had a ton of other stuff on the list for this week but I have to stop and do some real work eventually. As always leave your own stories in comments and we’ll see you back here next week.

As promised I’ve posted the instructions for Installing TOra with Oracle Support on Ubuntu 10.04 (Lucid Lynx). Be sure to check it out. And don’t forget to upgrade your ClamAV.

April 9, 2010

» Blogrotate #22: The Weekly Roundup of News for System Administrators

Good afternoon and welcome to another edition of Blogrotate. This week has been absolutely insane so it’ll be another short one I’m afraid. Luckily for me the majority of news outlets were binging on iPad related press which left only limited space for real news.


Yes normally I do not cover mobile stuff very much, yet even after the above crack about iPads I feel obligated to at least make mention of it. I, personally, do not care about iPads. Wake me when they have those little scrolly deals from Earth: Final Conflict. For those of you who do care, here’s a quick list of places you could go.

And how is the competition doing? Check out BlackBerry sees iPhone shrink in rear view mirror.

Distro Watch

There was not a lot of news on the OS front this week, but here’s a short list of the few OS coming to a device near you.


There’s a new exploit out against Java which has been proven to have the ability to launch apps on the desktop without authorization. Java exploit launches local Windows applications has the full story.

Here’s the list of what’s in store for the next “Patch Tuesday” release from MS. Microsoft Patch Tuesday for April 2010: 11 bulletins.

Data Centers

Have you ever wondered how a data center protects itself against the damaging effects of an earthquake? Check out Earthquakes and Data Centers over at Data Center Knowledge for an interesting read.

Are you looking for a PCI compliant data center? Check out PCI Compliance: Who Manages What? which gives good insight into the processes and highlights some things you should be looking for when you talk to the sales rep.


Were you the first on your block to run out and get an Intel i7? Well now AMD throws even more cores at you. Check out New server platform and 12-core Opteron keep AMD in the game.

The clock tells me it’s time I should be going. I am sure I missed lots of good stuff this week, so feel free to add it to comments. You know you want to.

Stay tuned, the return of tOra is at hand. I’ve successfully compiled tOra on Lucid and have the instructions to prove it.

April 2, 2010

» Blogrotate #21: The Weekly Roundup of News for System Administrators

Spring has sprung, the grass is riz. I wonder where them birdies is. Welcome to Blogrotate. It’s Good Friday here in Ottawa, a holiday for us. For this reason it’s going to be a short one this week. That and the fact that it’s 25C and sunny here. :)

Operating Systems

Closure sweet closure. It’s been 7 years but SCO has finally lost it’s silly lawsuit against Novell. Novell smugly posted the results on their site with Decision in the SCO Group vs. Novell Jury trial. For us linux users they state for the record “Novell remains committed to promoting Linux, including by defending Linux on the intellectual property front”. This victory means that the case against IBM is the next to fall, followed by the demise of what was once a giant in the industry. The full history of this case can be found on GrokLaw, try SCO Group v. Novell, Inc for starters. A high level summary can be found at SCO loses again: jury says Novell owns UNIX SVRX copyrights.

Ubuntu 8.04 is approaching end of life. The last LTS (Long Term Support) release will stop getting software updates and security patches at that time. If you are running 8.10 fear not, the next LTS (10.04, Lucid Lynx) is in beta and should be released prior to this date. According to the Ubuntu site there is a clean upgrade path directly from 8.04 to 10.04, see their LucidUpgrades page for more info. Also see Ubuntu 8.10 approaches end-of-life at The H Online.

I’ve been saying this for years regarding every version of Windows, but if you don’t believe me read 90 percent of Windows 7 flaws fixed by removing admin rights.


AMD has released it’s new 12 core Opteron CPU, code named “Magny-Cours”. While it’s not news that there’s more cores in a new CPU, there are additional benefits. See AMD’s 12-core chip may cut software costs.


For those of you running Internet Explorer, Microsoft has released a patch to address security issues with it’s widely used browser software outside of it’s normal “patch Tuesday” release cycle. You can read more at C-Net in Microsoft issues emergency patch for 10 IE holes.

Threat Post is reporting that a hacker security researcher has found a way to exploit Adobe Reader with no other plugins required. “The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file” says the aritcle. Check out the full details at Hacker Finds a Way to Exploit PDF Files, Without Vulnerability.


Do you like the online comic xkcd? Well now it’s even better using the xkcd CLI (Command Line Interface). Check it out. If you like it, sign the online petition to get them to keep it around.

Well that’s all we’ll have time for this week. Have a great Easter weekend everyone. As always, your comments and favourite news stories are welcome.

March 27, 2010

» Blogrotate #20: The Weekly Roundup of News for System Administrators

Good evening and welcome to the late night edition of Blogrotate. It’s been hectic around here but I did not want to skip a week so I am burning the midnight oil. There was a lot of action in the world of IT this week, here’s a few tidbits we took notice of.

Operating Systems

The Var Guy is reporting that Novell has rejected a bid by Elliott Associates to take over the company for a reported 1.8 billion dollars. Novell Rejects Takeover Bid… But Welcomes Other Bidders has the full story with some links to the back story as well.

The arguments are done and the deliberation begins in SCO vs Novell. The world yawns in anticipation. No Verdict Today, the Final Day, in SCO v. Novell – Deliberations Begin Again Tuesday – Updated at GrokLaw has the details. “Fine lawyering” indeed.


Tom Krazit at C-Net news reports that DNS registrar GoDaddy may be following in Google’s footsteps, steps that lead out of China. More details and source material links are in GoDaddy to stop registering domains in China


The CanSecWest conference started this week in Vancouver BC, Canada. With it came the 4th annual Pwn2Own contest wherein hackers ply their exploits against various targets. This years target was web browsers. The results so far? See Peter Bright’s article IE8, Safari 4, Firefox 3, iPhone fall on day 1 of Pwn2Own. Ok so the title ruined any suspense I may have built, but it’s still worth reading.

If you are not part of the 1337 gaming crowd you’ve probably never pwn’d anything any may not know what it means. See Wikipedias definition of pwn. After that you can set up a lan party and get fragged because you’re a n00b. Be careful not to camp or backpack, and watch out for headshots.

If you are a user of Cisco IOS on your devices, you need to check out the Summary of Cisco IOS Software Bundled Advisories, March 24, 2010. The patches fix security issues with IPSec, NAT, SIP, H.323 and much much more.


Mark Murphy, Global Alliances Director for Canonical, wrote on his blog that Dell announces support for Ubuntu Enterprise Cloud. According to the blog the Canonical cloud team has been working for 6 months with Dell’s DCS team to “test and validate the integration of the cloud stack on their new PowerEdge-C series [servers]“, and will be offering a series of optimized ‘blueprint’ configurations for the PowerEdge-C servers.

Former MySQL CEO and Sun Sr. VP Marten Mickos will be the new CEO of Eucalyptus, the company behind the Ubuntu Cloud. See Former MySQL CEO to become Eucalyptus Systems CEO at The H Online for more of the story and links to the official press release. Matthew Weinberger at The Var Guy has some more analysis on this subject in “Can Marten Mickos Build Another $100 Million Company?”.


A couple of data center outages this week.

Wikipedia, linked heavily above, suffered an outage to their European data center this week due to overheating. Mark Bergsma from Wikimedia, the company that runs Wikipedia, posted on their tech blog that some of their servers powered down to protect themselves from a worse fate. Services had to be relocated to the Florida cluster causing an outage of at least 1 hour, more for some sites that don’t honour DNS TTL (time to live) properly. You can read more in Mark’s technical blog, called Global Outage (cooling failure and DNS). There is also more at Data Center Knowledge, see Wikipedia’s Data Center Overheats.

The very next day, YouTube suffered a 2 hour outage. I thought it was rather funny because they informed users of the outage via their Twitter feed. Judging by that feed there were more issues yesterday and again today. Is it just me or is this the oddest way to communicate site outages ever? I’d love to hear your opinions.


The Register is reporting that the University of Wisconsin at Green Bay is planning to save cash by switching all it’s fonts to Century Gothic. Apparently Century Gothic uses up to 30% less ink when printed, saving their organization money. See Switch to Century Gothic to save the planet for the story and links to source materials. Gotta love the tag lines at el Reg. “Arial will doom us all, says American IT director”. Indeed.

That’ll have to do it for this week. I’m off to Tosche station to buy some power converters. As always, comments are welcome.

Hey! CNN just facebooked that their mail server is down! :)

March 19, 2010

» Blogrotate #19: The Weekly Roundup of News for System Administrators

Good morning and welcome once again to the (usually) weekly round-up of news that matters to Sys Admins. We missed last week for reasons previously stated, client work always comes first. This week was yet another fast and furious week so let’s get started.

Operating Systems

In case anyone was wondering about SCO vs. Linux it is still going on. If anyone has a lot of free time on their hands and is interested in lost causes, check out SCO vs. Linux: The story so far at The H Online. Even more details can be found at the prolific GrokLaw in Summary of SCO v IBM.

If you are running Max OSX you may be vulnerable to at least 20 major security flaws in you system. Security researcher Charlie Miller will be presenting full details at the upcoming CanSecWest conference. Read more in Mac OS X: “safer, but less secure” – Update.

If you, like me, are part of the “never put a .0 release into production” school of thought, then you probably have not rolled out Windows 7 on your company desktops. Fear not, SP1 is coming. Check out Microsoft announces Windows 7 SP1 at Computer World.


Is Google set to leave China and close the site entirely? Read the story on Cnet news in Report: Google to leave China on April 10. The sources seem to be dubious, so I would take this with a grain of salt until the official announcement.

There has been stuff floating around the internet about DNS tunneling exploits for years. The H Online is reporting that hacker Ron Bowes has now released a command line tool and code that could easily be integrated into an exploit. Check out Exploit code with DNS tunnel for more.

Have you upgraded from FireFox 3.0 to 3.6 yet? You probably should soon. See Firefox 3.0 approaches end-of-life.


The Register is reporting that almost 2 weeks after being notified the Energizer site still plagued by data-stealing trojan. The file in question is “UsbCharger_setup_V1_1_1.exe” so try to avoid downloading that one.

There’s reports of a security flaw in milter, part of the spamassassin utility for scanning email. The flaw allows a specially crafted RCPT command to trick postfix into running commands as root. Sendmail servers seem to not be affected. You can find more details in [Full-disclosure] Spamassassin Milter Plugin Remote Root.

Here’s another follow-up to a previous item about the Waledec botnet being taken down by Microsoft. See Waledac Botnet Now Completely Crippled, Experts Say. Microsoft has also waxed poetic on the subject in What we know (and learned) from the Waledac takedown on the technet blog.

Open Source

Ars Technica has a cute item on hidden gems in open source applications, affectionately knows in geek nomenclature as “Easter Eggs”. Check out Cracking open five of the best open source easter eggs for a larf, and read over the comments for a bunch more.

That’s all the time I will have this week. I know there’s a lot more stuff from the last 2 weeks that I could have added, so feel free to leave your favourites in the comments. ‘Til next week.

Who you trying to get crazy with SA, don’t you know I’m loco?

March 5, 2010

» Blogrotate #18: The Weekly Roundup of News for System Administrators

Is it Friday already? Where does the time go? Lots of stuff going on this week–here’s a few of the things that I found interesting.

Operating Systems

Russia Today-TV announced the existence of “Red Star”, the new OS developed in North Korea and based on Linux. I found this by way of Slashdot of course, citing the source as The Korea herald. According to the article it looks very much like the Windows UI, and features a “My Country” icon that allows connection to Korea’s closed internet-like network and the Woori office application. Slightly more information can be found there in the article N. Korea develops own OS.

The upcoming Ubuntu 10.04 (Lucid Lynx) has had the third alpha version released. The alpha versions are not for the faint of heart, and I have had to put in several bug reports myself already. It’s just part of the process though and will hopefully result in a rock solid release next month. The full release announcement can be found on the mailing list: see Lucid Alpha 3 released. A rundown of some of the things you can expect is on The H Online in Canonical releases Ubuntu 10.04 LTS Alpha 3.

Ars Technica has more on an item mentioned last week about the future of Open Solaris. OpenSolaris not dead; might not get all new Solaris features The exact details of which features may be excluded are not clear from the article but I did not get a chance to dig into some of the source material referenced so you may find more by clicking through them.


Opera 10.5 is out and Ars Technica has a detailed review of the new features, performance improvements and UI changes. There’s a lot of detail in the article, I suggest you read it for yourself. Hands on: Opera 10.50 makes impressive performance gains is the place to go. I think I’ll give the new Opera a try myself.

Local company makes good! I mentioned last week the takedown of the Waledac botnet, this week the Mariposa botnet suffered a similar fate. Ottawa’s own Defence Intelligence detected this botnet in 2009 and started an investigation that ended with the dismantling of the botnet by Spanish authorities. This is a much more important takedown than Waledac because Mariposa actually put sensitive and financial information at risk. You can read more of this story in Spanish arrests mark the end of dangerous botnet. Ottawa, represent!


Microsoft has released new drivers to improve the performance of Red Hat Enterprise Linux systems running under Hyper-V. The new drivers include new network and storage drivers, but still only support a single virtual CPU. These drivers are not officially included in, or supported by Red Hat, but they are fully support by Microsoft. Read Microsoft releases Hyper-V drivers for RHEL for more, and you can check out Microsoft’s side of the story on the technet blog in Red Hat Enterprise Linux and Hyper-V.

How Server Virtualization Impacts Storage. The title says it all. Penned by Heidi Biggar from Hitachi it has a good perspective on current industry trends and growth. We all know that consolidation methods, like virtualization, add bottlenecks on resources like CPU, memory and storage because they are all shared by many instances. Find out what Heidi has to say on the subject.

Data Center

Data Center Knowledge is reporting that the demand for data centers has been growing continually and no change is in sight for 2010. We’re certainly seeing the trend here with many companies making the push for full, real disaster recovery sites. There seems to be a real shortage of data center space and new ones are popping up slowly, so if you have lots of cash this may be a good business to get into. But I digress. The full story is in Strong Data Center Demand Seen for 2010.


The H Online has a good article about the US government’s new cyber security policy. I haven’t had a chance to review the whole document as yet, but I have it bookmarked for later reading. US government publishes parts of its cyber security directive is where to go, which also links the source document.


Tom’s Hardware has an interesting Op-Ed piece on the past, present and future of the 3D graphics industry. See Opinion: AMD, Intel, And Nvidia In The Next Ten Years for 10 pages of goodness.

Allyn Malventano has a very detailed review of Western Digital’s first foray into the SSD market. The new 256GB offering performed well through the tests but is still priced a bit too high for the market. The full review is at PC Perspective, see Western Digital SiliconEdge Blue 256GB SSD Review – WD enters the SSD market. You can find the Western Digital product information page on their site.

Well that about wraps it up for this edition. Comments are always welcome. Until next time, may your days be productive and the levels of administratium be non-toxic.

February 26, 2010

» Blogrotate #17: The Weekly Roundup of News for System Administrators

Good afternoon and welcome to another edition of the usually, mostly, kind of weekly news for System Administrators. I was on a much needed holiday for the last couple of weeks. Many thanks to Tim for filling in on the last one. What with clients’ priorities and February being a short month, we did not have the cycles to get a blog out last week, and this one will be short because, frankly, the IT news world has been a bit slow of late. With that I shall cease my preface and move on to . . . 

Operating Systems

The Phoronix media site is reporting that the end may be near for Open Solaris since the purchase of Sun by Oracle. Oracle has been quiet on its plans for the free/open source version of its Solaris operating system, and the Service Life Status for OpenSolaris Operating System Releases does show the GA (General Availability) phase support as “TBD“. See a little more info in Oracle Still To Make OpenSolaris Changes. This one will be worth watching and I’ll update the blog when more is available.

Users running the Max OS X 10.4 “Tiger” beware–the next versions of the popular Firefox web browser will no longer support you. Check out In future Firefox will drop Mac OS X 10.4 Tiger support for more and a link to the Mozilla press release. Apparently, about 25% of Mac/Firefox users are still using 10.4. Time to upgrade, people!

Red Hat has a beta release of RHEL 5.5, and is gearing up for a full release in the near future–probably April or May. You can check out the full 5.5.b1 release notes on the RedHat site.


Probably the biggest story this week revolves around a secret court injunction requested by Microsoft to take out 277 domain names belonging to the Waledac botnet. By taking these domains off the net it basically cripples the command and control structure for the bots, as they will no longer be able to “phone home” for instructions. This will only be a temporary win I am sure, but anything that reduces the volume of spam is a benefit even if it’s short lived. Peter Bright has more in his article entitled Judge’s restraining order takes botnet C&C system offline. If that’s not enough for you, Google has lots of news items about this. The thing I find funny is that MS did this to reduce the spam being sent to Hotmail, which IMHO has always been a big source of spam due to its disposable accounts.

Google has released a new version of Chrome for Windows, to resolve three high-risk vulnerabilities and some other lesser issues. This is worth an install to make sure you stay safe on the net. More detail is available in Google fixes vulnerabilities in Chrome 4 for Windows.

In a follow-up to a previous post in this blog, Google has now stated that YouTube support for IE6 will officially end as of March 13, 2010. Time to update those NT4 servers folks. See YouTube to kill IE6 support on March 13 over at Ars Technica for more information. There are also details on the Google/Youtube support site in Solve a Problem: Upgrading your browser.


Several Cisco IronPort products are vulnerable to attacks allowing unauthenticated access to files and the ability to execute arbitrary code on the affected devices. Cisco has released patches for these devices and also have workarounds documented for those who are unable to upgrade just yet. See Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance for the full details.

This one is not really IT-related, but it’s scary none the less. Kelly Jackson Higgins at Dark Reading details the recent revelation that criminals in Utah have planted card skimmers in gas station pumps, meaning that if you pay at the pump, your information could be stolen and used for nefarious purposes. Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps has the full story. Be afraid, be very afraid.

Adobe has released a new version of their download manager to fix a severe flaw allowing specially-crafted web sites to push malicious software to your PC. All versions of the Adobe Download Manager on Windows prior to the 23rd of February, 2010 are affected. Check out Adobe patches critical vulnerability in Download Manager for the gory details.

Too funny to not include

Have you ever wondered how eBay retires their datacenters? With extreme prejudice, it seems. See Retiring A Data Center. With an Axe for a good chuckle.

That’ll do it for this week folks. I hope you enjoyed your trip through this door.

Fetch the aliens, write the blog . . .  brain the size of a bloody planet . . . 

February 5, 2010

» Blogrotate #15: The Weekly Roundup of News for System Administrators

Good morning and welcome to a new Blogrotate. We missed last week’s edition because last week was insanely busy. We take customer service very seriously here at Pythian, so when there is a conflict between client issue and a blog, the client always wins out. ‘Nuff said.

It’s been another busy week here and shows no sign of slowing, but here’s a few of the things we found interesting this week.

Operating Systems

The H Online is reporting that Linus Torvalds named one of the 100 most influential inventors by “The Britannica Guide to the World’s Most Influential People”. More info can be found there, as well as a link to some free sample pages from the book. Of course, Bill Gates was also on the list.

Could it be that Microsoft ranks third in Linux sales? As part of their 2006 agreement with Novell, they were required to purchase $240 million worth of “subscription certificates” to sell or distribute. Microsoft says that so far 475 of the coupons have been used which is equivalent to about a half million dollars worth. See Sold out: Microsoft’s Linux business is booming at The H Online for the skinny, and Microsoft exhausts coupons for SuSE Linux at SD Times for a much more detailed analysis.

Ubuntu has released Ubuntu 8.04.4, the fourth patchset for “Hardy Heron”, which is a long term support release. See the release notes for the full list of updates. Alternately, schedule a change window and apt-get update and apt-get upgrade today!

Did anyone realize that SCO vs. Novell was still a going concern? Well, apparently it is. According to Groklaw SCO and Novell File Proposed Witness Lists. Again. If you enjoy a good licensing battle, I don’t think this qualifies, but you can decide for yourself. Why can’t they both just get along?


According to the political news site C-Span’s page for Solving Video Problems, it will be discontinuing support for Real Networks RealVideo streaming format citing as the cause lack of interest. They do, however, still support IE6 unlike . . . 

The official Google Enterprise Blog has announced that as of March 1st, site functionality may no longer support IE6. New features for Google apps will be built without support for IE6 as well. Check out the full deal, called Modern browsers for modern applications.

Apache HTTP Server 1.3.42 Released by the Apache foundation spells EOL (end of life) for the popular web server, though some security patches may still be released. I know of a lot of Oracle app servers out there running apache 1.3, so perhaps one of our crack DBAs can chime in with some details on how to handle it, what versions support 2.0, etc.

The popular Squid proxy server released a patch this week for a vulnerability to specially crafted DNS packets which can trigger a queue overflow and eventually a DOS. If you make heavy use of Squid, check out the creatively named Squid Proxy Cache Security Update Advisory SQUID-2010:1.

We have all heard by now of the Google attack from China. Now Google is seeking the help of the NSA to prevent future attacks of this sort. Ars Technica has the full scoop, see In wake of hack, Google negotiating cooperation with the NSA.


VMWare has announced security flaws in a number of its products. Patches have yet to be released, so if you run VMWare, keep your eye out for them. The full info and affected products can be found in the announcement from the VMWare Security Announce mailing list, see [Security-announce] VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE.


Are you running services in the “cloud”? If so, you’ll need to monitor them. Data Center Knowledge has a roundup of the current players in the cloud-monitoring game. Check out Cloud Monitoring Services: A Resource Guide.

That’s all the time we have for this week, folks. I know there have been other interesting things going on over the last two weeks, so please add them in the comments. Have a wonderful week!

January 22, 2010

» Blogrotate #14: The Weekly Roundup of News for System Administrators

Happy Friday and welcome once again for news from the whacky world of IT. Big Thanks to Tim for pushing out last week’s edition. I was busy banging my head against a particularly nasty wall. If you think my head looks bad, you should see the wall.

I was at the Ottawa VMWare Mini Conference yesterday. It was quite interesting. There were some good keynotes by some good speakers. I especially enjoyed the breakout speaker from Cisco about their direction in the years to come, and I think I drooled a little when he was talking about the Nexus 5000 switch (578 ports ought to be enough for anyone). Also news to me was the Nexus 1000v virtual switch which is a plugin replacement for the standard vSphere 4.0 virtual switch and includes a full Cisco IOS for management. I also really enjoyed the breakout with the Ottawa Senators IT team describing their progression from physical to virtual servers, their challenges, business needs, and lessons learned. There was a lot more, including an enjoyable one by the EMC rep. I’m trying to get my slides and notes together and will likely post more on the mini-con at a later time. I won a door prize! Go me!

Now on to things that are not about me.

Operating Systems

Luke Dicker at Likewise has posted in his blog that their Likewise 5.4 Release included in Ubuntu 10.4 Alpha. We’ve been using likewise with a couple of clients here and it works wonders. Now there will be no reason not to use linux in your company’s AD infrastructure.

A critical vulnerability has been discovered that has been with us since the Windows NT 3,5 days. That’s 1993. This is an exploit against the legacy 16 bit emulation code used to allow old apps to run natively in Windows NT. Check out [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack for the full details on the exploit. is going on in Wellington NZ this week. If you want to get the rundown of events, check out the coverage over at Linux Journal. Start with Linux.Conf.Au – Day One. You can get links to the other days from there.


Linux Magazine has a nifty article detailing all the cool stuff you can do with the VirtualBox command line interface. From the articleI was surprised at how many things you can do with it, very useful stuff. Check out VirtualBox’s Little Secret: The Command Line.


FireFox 3.6 was released today. This new version is a performance release, claiming to be 20% faster than 3.5. They have also made improvements to their Java engine, faster awesome bar and a theme like system called personas. You can read the full press release on the FireFox site Mozilla Delivers Firefox 3.6 to Millions of Users. You can download it from here. You can also find a review or 3.6 at Ars Technica, check out Review: Firefox 3.6 brings joy to Web devs, not just users.

It’s that time of year again. 90% of IPv4 address space used; IPv6 move looking messy!!!!!! Scream with meeeee!!!!11

Microsoft is releasing a patch for their vulnerability, found in every version of IE. Please see their Advance Notification for Out-of-Band Bulletin Release for full details.

If you are a perl developer and had trouble accessing cpan mirrors recently you may want to check out MSNBOT must die! on the CPAN testers blog. It seems some bots from Microsoft were hitting the mirrors creating a DOS effect, the bots ignored the robots.txt which is supposed to stop this sort of thing for compliant bots.

I am sure that there are other good stories I have missed here, so don’t be afraid to add your own into comments. Now I’m off to play with all the pens I got from vendor booths yesterday. Mmmm vendor pens. The sweetest pens of all.

January 8, 2010

» Blogrotate #12: The Weekly Roundup of News for System Administrators

Happy New Year! Welcome to the first edition of 2010 (the year we make contact). There’s been a lot of news since I posted last 3 present and party filled weeks ago so I cannot hope to cover it all. Here’s a few that I thought were worth noting.

Has anyone been following the keynote speakers from the Consumer Electronics Show currently going on in Las Vegas? The CES web site has them transcribed for you if you want to have a look. See the Keynotes page for all the goodies. CNet also has lots of space devoted to CES reports, and you can see them on their Live@CES page.


Sean Michael Kerner at Enterprise Networking Planet writes of the dreaded 2010 exhaustion of IPv4. There is reportedly about 10% of IP space remaining but some large coportations have been releasing unused IP blocks which has helped the situation, hopefully more will get on board with that. I know I have seen many organizations, including the Canadian government, using publicly routable IP addresses as internal IPs instead of making use of the IP ranges reserved for such use. Read the full story in IPv4 Not Dead Yet: 625 Days of IPv4 Addresses Remain.


Hotmailers Hawking Hoax Hunan Half-Offs is an interesting article for more than just alliteration. It’s an in depth look at how spammers are making use of Hotmail’s auto-reply feature to send advertisements for Chinese discount electronics sites. I honestly don’t know why anyone uses Hotmail which seems to be the biggest source of spam since AOL. My teenagers think Hotmail is the best thing ever, so they must be offering something of use to them. For my money Gmail or Yahoo are a much better choice.

A tip o’ the hat to Chrome, which according to the Market Share section of the Net Applications site has surpassed Safari as the 3rd most popular browser on the ‘net last month. See Browser Market Share for the full list.


Are you an IT professional who is unhappy in your job? You may not be alone. The Computerworld careers site had an in depth look at the effects of the recent (current, ongoing) financial cruch and it’s affect on IT workers. See Surveys: IT job satisfaction plummets to all-time low for more.

On a similar topic to the above, see what Channel Insider thinks will be the top issues facing IT workers in 2010. Check out Careers: 2010 Employer Outlook: 10 Top Trends.


Kelly Jackson Higgins at the security site Dark Reading has a good write-up of a recent test of how well email filters really work. In the test some spoofed Linked In were sent, apparently from Bill Gates himself. It’s surprising how many of them actually made it through. Spear-Phishing Experiment Evades Big-Name Email Products has the full story. My guess is that the Microsoft products that failed did so because they have a whitelist for any communications from their Imperious Leader so they will know when to rise up against their human oppressors.

That’ll be all for this week folks. Tune in next week for more of the wackiness that is the world of IT.

December 18, 2009

» Blogrotate #11: The Weekly Roundup of News for System Administrators

Good morning. Welcome to the last issue of Blogrotate for 2009! I expect the world of IT will move on without us for the next couple of weeks , but slowly, as everyone will be out on holidays. On to the show.

Operating Systems

Mark Shuttleworth is stepping down as the CEO of Canonical. He’ll be replaced by Jane Silber, formerly the COO. Read the full release on Mark’s blog My new focus at Canonical and some information from Jane in her blog Management changes at Canonical.

Recently Microsoft released a statement that they controlled the market share for netbooks with some unusually high percentage. Slashdot has a story about this (with links confirming the previous sentence), stating ARM-Powered Laptops To Increase Linux Market Share. There’s some good links to source material in there so I will not repeat them here. Considering most Linux netbooks I have seen make up for the lack of a Windows license with extended hardware, it’s not surprising. I know several people who have preferred the Linux learning curve over paying extra for a machine with less resources (and an OS that really needs more).

Has anyone ever considered installing Windows a form of literature? Canadian Sci-Fi author Cory Doctrow reports of an attempt to define such a thing in Installing Windows considered as a literary genre.


This week the The Software Freedom Law Center has launched a lawsuit against 14 consumer electronics companies claiming violation of the Gnu Public License open licensing scheme by the companies’ use of the BusyBox embedded Linux platform. You can read more in SFLC launches GPL enforcement smackdown on 14 gadget makers. But wait! There’s more! Bruce Perens has issued a statement on the matter saying “I’d like to point out that I’m not represented in these lawsuits, and that the parties and the Software Freedom Law Center have never attempted to contact me with regard to them”. He goes even further. Read all about it in his Statement on Busybox Lawsuits.


Emil Protalinski at Ars Technica writes about the issues between Microsoft China and Plurk, the Canadian startup and microblogging site from which MS China seems to have “borrowed” much of their code. The similarities are striking to be sure, and Microsoft has since taken down the China site in response. Read all about it in Accused of plucking Plurk, Microsoft pulls microblog service. You can also check out a related story at PC Magazine called Microsoft Acknowledges Theft of Code from Plurk, then you can venture back to Ars for Plurk: Microsoft went to great lengths to steal code. I smell lawsuit!


The US Department of Justice Has issued a release about a Taiwanese LCD panel manufacturer pleading guilty to price-fixing and agreeing to pay 220 Million in fines. You can see the full statement in the DOJ press release.


I’ve mentioned in previous columns about the open source cloud Eucalyptus (available in ubuntu 9.10). Matt Asay at CNet has a Q&A session with Rich Wolski, the CTO at Eucalyptus, discussing the future of open source and the cloud. See Eucalyptus open-sources the cloud for the full story.

InfoWorld review: Desktop virtualization for Windows and Linux heats up has a nice comparison of the major virtualization players VMWare, VirtualBox, and Parallels. While VMWare scores the highest in the comparison, it’s not that much over VirtualBox (2nd place) and Parallels (3rd).


Maggie Koerth-Baker on the recent hacking of the $4.5 million Predator drone, used for surveillance by military, using $26 software. See Hacking the Predator drone: Cheaper than dinner and a movie for more. The source material is from the Wall Street Journal’s article Insurgents Hack U.S. Drones.

Just as decaffeination takes the bite out of coffee, DECAF is to COFEE. Microsoft’s Computer Online Forensic Evidence Extractor is intended to allow law enforcement to scour systems for encrypted data and passwords, Detect and Eliminate Computer Assisted Forensics is intended to block it’s attempts to do so. The battle between measures and countermeasures always interests me, but in this case I especially love the play on words. See Protect yourself from COFEE with some DECAF for the full story.

That’ll do it for this edition/month/year. Come back in 2010 for the sublime pleasure of reading our weekly rehash of news previously rehashed by other sites. As always your comments are welcome.

Happy Holidays everyone!