Wednesday, June 29, 2011

moving ...

After some thought and a few kneejerk reactions, I've decided to move this little tech blog to Wordpress.com before it got much larger.

There are just a few too many limitations to the Blogger platform. It's one of the FEW times where I feel Google truly failed to capture their customers desires.

Since I'm too lazy to build my site out in Django, off to wordpress.com we go.

We'll be living at http://lostinopensource.wordpress.com. Thanks!

Tuesday, June 28, 2011

test

test

Lesson in Life and Story-telling


Presentation Zen referenced this video today, and I'm amazed at how many lessons you can take from a 20 minute video. Lessons for your own life, and lessons in how to tell a story to make a point and connect to an audience.

It's a great talk, well worth the 20 minutes of your life.

-jamie

Monday, June 27, 2011

At what level Open? Walking the walk or being a fanatic?

I most sincerely do think that, ultimately, the business model that is going to win out is going to be some variation of what the most successful Open Source companies are doing (see http://www.redhat.com). Heavily simplified, these companies release the software they produce for free, and if they make a profit it is providing associated expertise with their software (training, installation, customization, etc.).

The reason I believe that it is going to be the model that wins out is that is the only way you can truly foster a community around a product. And that community is the only way that a project will be able to truly remain innovative and be able to move at the speed of technology. These are pretty amazing times that are around the corner. Hiding your development team solely in a cube farm and expecting them to be at the front of the pack is an increasingly antiquated idea.

But at what point do I stop being an advocate for open source solutions? And at these points, am I being pragmatic, or am I shielding myself from the harsh truth that more than a few of the things that I take for granted and/or hold dear are against the very principles that I hold dear?

At the micro level, I love Google Apps. I love it for myself, and I love it for my company. I proved a long time ago that I know how to set up an email server, and I hope to never have to maintain one again for large groups of users. Google is willing to dedicate teams of people and maintain acres of datacenter for just that purpose, and sell me the service for an incredibly reasonable rate. Since Google doesn't release GMail and Google Apps (or at least portions of them) under some flavor of the GPL, am I being a bad ambassador for FOSS concepts by using them?

I recently re-read an old piece written by @jimmy_wales at http://jimmywales.com/2004/10/21/free-knowledge-requires-free-software-and-free-file-formats/, from 2004. In it he states, quite eloquently that by providing information in any format that is encumbered by proprietary software or some sort of patented process, you're not making the information freely available.
If we offer information in a proprietary or patent-encumbered format, then we are not just violating our own commitment to freedom, we are forcing others who want to use our allegedly free knowledge to themselves use proprietary software.
 I totally get his point. But is there a point where putting this into practice in the real world would become impractical? And is that being a good citizen within the community I'm sharing knowledge, or is it simply perpetuating the problem?

And at the macro level there is the internet itself. The internet isn't run across campus labs at Stanford, Harvard, and MIT any more. The internet's lifeblood courses through Level 3, Cogent, and Verizon's fiber networks.  Reading http://www.shareable.net/blog/the-next-net, this is in direct opposition to the principles of Open Source and even the premise that the Internet purports to be founded under.
Of course the Internet was never truly free, bottom-up, decentralized, or chaotic. Yes, it may have been designed with many nodes and redundancies for it to withstand a nuclear attack, but it has always been absolutely controlled by central authorities. From its Domain Name Servers to its IP addresses, the Internet depends on highly centralized mechanisms to send our packets from one place to another.
And I read about Afghan people ingeniously running point-point ethernet connections through their country using what is essentially trash. And I think that's great. But I don't think that the internet is going to be made ubiquitous and truly universal by scrapping the current infrastructure and hanging an array of Pringles cans off the side of millions of chimneys worldwide. Starting up a "new net" with the proper principles and a truly decentralized architecture is a great idea. But is it going to happen from the grass roots up? Being down here in the grass roots, I don't see enough disgust or distrust with the current situation to start that fire burning. IPv6 ain't that bad...

In conclusion, I have no conclusion. But is does make me wonder. Am I being pragmatic and forward thinking, or am I being diluted by at least some level of hypocrisy just to make my life a little easier. Should I try to continue to be innovative with what I'm doing now, or get a dovecot cluster rolling and start building a WiMax antenna in my garage?

Sunday, June 26, 2011

Saturday, June 25, 2011

Zabbix Fun - Tracking SSL Certificate Expiration Times

One of the most important things that an IT pro has to do is make sure the SSL certs for his sites don't expire. It's one of those weird little things that seems to fall through the cracks way too often. Happily, Zabbix can help keep track of this and make sure we take care of it.

For the record, I heavily borrowed this idea from http://aperto.fr/cms/en/15-blog-en/15-ssl-certificate-expiration-monitoring-with-zabbix.html, keeping the vast majority of his technical operation, and primarily changed how Zabbix is executing the check.

Step 1 - the script:


[root@sfo-it-zabbix-prod-01 ~]# cat /etc/zabbix/scripts/ssl_check.sh 
#!/usr/bin/env bash
host=$1
port=443
end_date=`openssl s_client -host $host -port $port -showcerts /dev/null |
          sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
          openssl x509 -text 2>/dev/null |
          sed -n 's/ *Not After : *//p'`


if [ -n "$end_date" ]
then
    end_date_seconds=`date '+%s' --date "$end_date"`
    now_seconds=`date '+%s'`
    echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi


This script takes a hostname as input, and looks up the associated SSL certificate using openssl. Example usage is:



[root@sfo-it-zabbix-prod-01 ~]# /etc/zabbix/scripts/ssl_check.sh www.gmail.com
176


The SSL Certificate for www.gmail.com expires in 176 days.


Now we add this as a custom parameter to Zabbix.


Step 2 - adding to zabbix_agentd.conf


UserParameter=cert_check[*],/etc/zabbix/scripts/ssl_check.sh $1


More information about creating custom checks in Zabbix can be found at http://www.zabbix.com/documentation/1.8/manual/config/user_parameters

Step 3 - setting up the Zabbix GUI

Since this will only change once per day, we really only care about checking it once every 24 hours, or 86400 seconds.


So now we're collecting data.  If you look at the overview for the box your zabbix server (or wherever you wrote this script and applied the template to), you should see something similar to:


And that's cool. BUT, how do we get Zabbix to send us info if our certificates are getting close to expiring? The answer is TRIGGERS.

Information on Zabbix triggers is available at http://www.zabbix.com/documentation/1.8/manual/config/triggers. I created three alert levels. 

1. If the certificate is within 30 days of expiring, a standard level alert is sent out.
2. If the certificate is within 7 days of expiring, a high level alert is sent out.
3. If a certificate expires, a Disaster level alert is sent out.


And there you have it. Zabbix is now keeping an eye on our SSL Certificates, and will scream at us loudly to make sure we don't let it expire.

Friday, June 24, 2011

Making Open Source Better with LUGs

When I tell people I work "with Linux", most of them have a vague idea of what I do for a living. Granted, some of them think if involves dark basements full of hardware that looks like it's from War Games, but at least they're in the right ballpark.

A (very) few of them actually perk up and mention that they're interested in Linux a little. Usually this is phrased as "Oh, I tried out Ubuntu on an old laptop for a while". This is when I go into something that looks a little more like this scene from Tommy Boy than I care to admit.


Unless I've seen this person previously at my local LUG meeting, odds are the first impression is out. 

My poor salesmanship notwithstanding, I often find myself wondering why desktop use of Linux is still lagging behind. With the debut of Gnome 3 recently, I find myself wondering that even more, because that experience is at least as good as the one with Mac OSX 10.6 (I use them both every day). 

So how do we, as the ambassadors and experts of Linux, make our own community better?

The LUG. 

I know. It sounds weird. The first thing that most people think of when they hear "Linux User Group" is acne, debates about kernel logging, and nerd-sweat. But I truly believe that the Linux User Group can be a game-changer in how Linux is perceived and used. 

Take a look at the Mac Genius Bar. Come in. Test drive a Mac, and talk to people who know way too much about it who can show you how and why it's better than Microsoft. And if you have a Mac, come in and learn cool new stuff whenever you want in a very comfortable, low-hurdle environment.

Why can't a LUG do that? And do it better?

Make it the focus of a LUG meeting, and take away the $2k price tags. You can have people come in who are interested in Linux (or just interested in not paying for Windows or Mac OSX), and have your own community of experts show them how Linux can be superior for them no matter what their needs are for a computer. Lots of LUGs have "Install Fairs" already. Why not make them "Welcome to Linux Fairs", and include some basics on the user experience, as well?

The second thing that the Genius Bar does so well is that softening of the initial learning curve and offering soft support to people when they come in.  A LUG could easily man an email address that new users could ask questions on, or have online forums for that purpose, or make videos, or any of a thousand other cool things that would help someone get comfortable in Linux more easily. And if the LUG takes it on as a community it could easily be a superior experience for everyone involved. Not only would more people use Linux, but the people in the LUG grow, and the current members would gain experience by generating that support network. It's a win-win situation for everyone, and well worth the effort.

The long and the short of it is that even now we people in the Linux community like to walk around and feel a little bit superior about using Linux to solve our problems better. That's great. But instead of just walking around I think we should be showing other people how they can do it, too.