Tuesday, August 31, 2010

MTR

"MTR combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool." Seems to have come with a stock Fedora 13:
sh-4.1# rpm -qa | grep mtr
mtr-0.75-6.fc13.x86_64
sh-4.1# 
It's sort of like the top of traceroute.

Thursday, August 19, 2010

tcp timeout in linux kernel

Some processes on our systems leave idle connections which get cut off by our external firewall after a certain amount of time as per its intentional configuration. We're attempting to fix this by modifying the tcp timeout directly in the linux kernel. My colleague believes that echo'ing a new value into:
/proc/sys/net/ipv4/tcp_keepalive_time
that is lower than the default of 7200 seconds and which correlates better with the firewall timeout will fix our problem. I'll be curious if it works.

rootsh and sudosh

I'm considering using rootsh and sudosh on my servers.

Thursday, August 12, 2010

Password Strength

I just referred someone to John P's How I'd Hack Your Weak Passwords.

Friday, August 6, 2010

Tunnel programs

Todo: try ptunnel ozymandns proxytunnel and SSH port forwaring,
Note: I'm on a bus reading a magazine with cool tricks with the above but I'm about to throw the magazine away.
Published with Blogger-droid v1.4.9

Thursday, August 5, 2010

6to4 outbound relay servers, web apps, and programmer archaeologists to dig through the layers

At work yesterday we discussed how backwards compatibility over time leads to so many layers that there might actually be careers for programmer archaeologists.

Our conversation started with our organization's move towards IPv6 (start early, learn early, act as a consultant for those who waited, and profit!) and got into the details of a life of a packet for a person using IPv4 to access a resource we might host over IPv6 only. Someone pointed out how a 6to4 outbound relay server would help us as recommended by Geoff Huston.

We then tried to imagine the same transaction occurring for a web app where javascript requests XML (you do this every time you click a message in gmail) and just how much has to happen. The XML was generated on the server side by a script, which ran on top of a JVM (running on top of Xen or KVM (which was live migrating via a CLVM-based cluster)) which queried a database, which was using the ext3 file system, which retrieved blocks through a fibre switch to get it from a SAN, which distributed the data over 120 SATA disks using RAID-X.... all the way back and up down through OSI but cranked back through a 6to4 Relay Service and finally applied to the DOM in a browser with more lines of code than a Unix kernel (a relic left over from the browser wars for backward compatibility with invalid HTML)... and we had to laugh... Glad I learned to deal with abstraction early.

Someone mentioned the book A Deepness in the Sky to bring up the concept of a programmer archaeologists which I found rather funny. As per the wikipedia:

"An interesting feature of the Qeng Ho's computer and timekeeping systems is the advent of "programmer archaeologists"[1]: the Qeng Ho are packrats of computer programs and systems, retaining them over millennia, even as far back to the era of Unix programs (as implied by one passage mentioning that the fundamental time-keeping system is the Unix epoch, retained for backwards compatibility). This massive accumulation of data implies that almost any useful program one could want already exists in the Qeng Ho fleet library, hence the need for computer archaeologists to dig up needed programs, work around their peculiarities and bugs, and assemble them into useful constructs."