Saturday, December 11, 2010

Quick script to run Cherokee under runit

For one of my web services I'm using the Cherokee web server, which just happens to be awesome. I don't want to run anything as root if I don't absolutely have to. Runit gives one great flexibility in the way services are managed. Part of this flexibility is the ability to delegate to users what services they have runit supervise with their own instances of the superviser. I won't be discussing that just in this post. Instead let's look at chpst. This is a great little utility that comes with runit to allow you to start a process with different state attributes like user, group, memory, directory, and more. I use it to conditionally manage the start of the cherokee server thusly:

# cat /var/service/cherokee/run
if [ $(id -u) -eq 0 ] ; then 
    chpst -u mirror:www cherokee -C \
    cherokee -C /usr/local/etc/cherokee/cherokee.conf

This way, when root's supervisor process (re)starts the server the process has no elevated privileges. If any other user stops and restarts the process it executes normally with the privileges of that user. This setup means that we cannot run on port 80. As a remedy for this we run on port 8080 and redirect at the gateway.

Sunday, October 3, 2010

quick start and stop functions for runit('s runsvdir)

I've been playing around with HomeBrew and I actually like it much more than I'd expected. I was in the process of migrating many services away from my pkgsrc and MacPorts setup and decided to write a couple of handy little shell functions to manage runit:

 1 #!/bin/ksh
 2 my_pathadd PATH ~/bin ~/scripts ~/.bin
 5 runit_start(){
 6     #handy little function for starting runit on a service directory speified
 7     #by ${SERVDIR}. 
 8     SERVDIR="/usr/local/var/service"
 9     RUNSVCMD="runsvdir -P ${SERVDIR}"
11     if { ps -auxww | grep ${RUNSVCMD} | grep -v 'grep}then
12         echo 'already running'
13     else 
14         echo -n "starting runsvdir on ${SERVDIR}: "
15         #nohup runsvdir -P ${SERVDIR} &
16         eval nohup ${RUNSVCMD} &
17     fi
18 }
21 runit_stop(){
22     #function to stop runit
23     typeset i
24     for i in $(ps -auxww|grep ${RUNSVCMD}|grep -v 'grep'|awk '{print $2}')do
25         kill -1 ${i}
26     done
27 }
29 runit_status(){
30     {ps -auxww|grep ${RUNSVCMD}|grep -v 'grep';} 2> /dev/null || echo "not running"
31 }

Updated to be portable across KSH and ZSH.... I don't care enough about BASH to check compatibility there (10-11-10):

RUNSVCMD="/usr/local/bin/runsvdir -P ${SERVDIR}"

    #handy little function for starting runit on a service directory speified
    #by ${SERVDIR}. 
    if { ps -auxww | grep "${RUNSVCMD}" | grep -v 'grep' 2> /dev/null ;} ; then
        echo 'already running'
        echo -n "starting runsvdir on ${SERVDIR}: "
        #nohup runsvdir -P ${SERVDIR} &
        eval nohup " " ${RUNSVCMD} &

    #function to stop runit
    typeset i
    for i in $(ps -auxww|grep "${RUNSVCMD}"|grep -v 'grep'|awk '{print $2}'); do
        kill -1 ${i}

    { ps -auxww|grep "${RUNSVCMD}"|grep -v 'grep' 2> /dev/null ;} ||\
        echo "not running"

Saturday, July 3, 2010

Dealing with the F'Idiots at the Woodfield Apple Store

  • May 28th 
    • I make a trip to the local Apple Store (Woodfield Mall in Schaumburg, Il) and purchase a Mac Mini ($799)
  • June 15th
    • I find out that apple has just released details fo the new 'unibody aluminum' Mac Mini. There is no longer a $599 and $799 version. 
  • June 25th
    • After calling around to double check on the ability to exchange my Mac Mini from 5/28 with for a new one, I'm told that I can return and repurchase the same one that I have. This would result in a $100 credit going to me as a result of the End Of Life pricing on the product that I'd purchased previously. Alternately I can return the previous generation Mac Mini and get the new one with no problem.
    • I go to the Woodfield Apple Store:
      • Point of Sales system was down so we (about 20 customers) had to wait for that the be brought back up 
      • In talking to another customer trying to make a purchase while the POS was down we discovered that the Sales Rep who had tried to ring her up manually, ended up overcharging her by $100. 
      • While the system was still down I asked if it would be possible for them to start a memory upgrade and data swap so that things could be done in parallel. I was told that was not an option and I'd just have to wait. 
      • I finally get checked-out and I'm told that my memory upgrade and data swap will take about 2.5 to 3 hours. Based on this information I decide to hang around in the area and get some shopping done until my new Mac Mini is ready. 
      • 3 hours later I get a call from a woman calling her self "Cat" saying that my data will take at least another 7 hours to transfer because they didn't know I had so much information on my system. I asked why I was told only 2.5 to 3 hours before and she said that she didn't know how much data was on there before the transfer started. When I asked why, when they figured out that it would take more than 3 hours, they hadn't called me to adjust my expectation, I got no direct reply. She continued on stating that my machine would need to be stuck in the store overnight to complete the transfer by morning. This was unacceptable. I asked about coming in and just getting my mac and transferring the critical pieces myself. She said the whole process would have to be started all over again. I told her that was on my way in and that I'd decide what to do when I go there. She said that she would keep the transfer in progress and not stop it until I let her know what I wanted to do.
      • 15 minutes later I show up at the Woodfield Apple Store and ask a sales rep. who I can speak to about the data on my two Minis that was being transferred. The rep. disappears into the back room, then comes out and hands me my new aluminum Mac Mini. I asked him about the transfer and tell him that I'd been told it would take another 7 hours. He said that "Cat" told him that the transfer was done and that sometimes the calculation is off on the program that does the transfer. I asked him pointedly "Are you absolutely sure that all of my data has been transferred? I'd hate to find out that there was some sort of misunderstanding here". He replied that "Cat" had told him that the transfer was done and he trusts her when she says it. Based on his confidence in her word I decide to go and do some other shopping before returning home for the evening to take care of the dogs and get started on a project (part of the reason I needed to have the data transferred). 
      • 2 hours later I return home, plug-in my Mac Mini and discover that my user account is there:
        • I log-in:
          • Looks good. I should be able to get some work done this evening
        • Later I discover that my email application doesn't seem to be available. Then I notice that some settings are off. Suddenly I realize that not all of my data had been transferred. I did a quick du -s on my home directory to see that only about 72 gigs of the 250gigs had been moved. 
      • I call the Woodfield Apple Store and end up speaking to a guy who identifies himself as "Tommy". Tommy tells me that he'll try to get to the bottom of what happened with 1) me being told 3 hours then 7 hours for a transfer time 2) me being told that everything had been transferred when it, in fact, had not and 3) what the Woodfield Apple Store could do to make sure that I got my data back. After being away from the phone for a bit he came back and said that he didn't know what the breakdown was between "Cat" and the sales rep. who had brought my mini to me but that if I wanted to come back to the store (in the 20 minutes left before they closed), they would make sure the transfer happened and I could pick up my machine int he morning. I told him that there was no way I could get back over there in that short period of time and that I'd been expecting to work (on my new Mac Mini) that evening. "Tommy" told me that he'd keep my Mac Mini there so that I could return anytime in the next couple of weeks to get my data transferred. He then asked me if I thought I'd be in on the next day (Sunday) to complete the transfer. I told him that there was no way I'd be able to be there the next day as I had things to do outside of dealing with the magical and revolutionary customer support at the Woodfield Apple Store. He said that was fine and that I should just know that it will be there when I'm ready to come and transfer my data. I replied that it would most likely be on one of the next two weekends. He said that was fine.
    • July 2nd I make an appointment at the genius bar because my one of the four USB ports doesn't seem to be functioning properly. When I arrive I speak to one of the geniuses who says that the unit will be replaced. I asked him about buying back my old Mac Mini that is waiting for me there so that I can just do the data transfer at home and return it when I'm done. He goes in back, then returns. He tells me that there is no Mac Mini back there waiting for me. Trying to refrain from putting my fist through the Genius Bar I say "are you flipp'n serious?". He is. 
      • Later he asks me if I want my data from the old aluminum Mac Mini transferred to the replacement they are giving me. Initially I said "yes, please" then I find out that they will do it the same way as they did the previous "transfer" and I changed my mind, stating that I didn't have any confidence that they could do so without screwing it up. I said that I'd just rather find out what happened with my old Mac Mini (the one purchased on May 28th) so that I can do the transfer from there.
    • July 3rd I call up the Woodfield Apple Store to ask for "Tommy" and try to figure out what happened to my data. I get a manager named "Dan" who telle me that my Mac Mini from 5/28 has most likely been shipped back to Apple. He further states that he was told that I have a back-up of my data at home that I'd prefer to use rather than having them (do their f***ing job and) transfer my data. This struck me as odd given that I never told anyone that I had a backup. I did say that they were inept but I never said that I had a back up. "Dan" keeps telling me that from what he knows of the situation my data is basically gone and if I have any questions I can speak with "Tommy" tomorrow sometime. In his vast ineptitude he continually responded to my questions with answers to questions I'd never asked. When I told him that I'm trying to figure out why there seem to be so many issues of miscommunication there at that store he said "...if I could get your data back for you I would but I just don't have it here with me. Maybe Tommy did something with it and he can find it for you tomorrow". This is, of course a perfectly appropriate answer to the question that had been asked 5 minutes prior but for the question of "miscommunication"... uhmm all this response does is prove the necessity to figure out what the hell is wrong with the capacity of the employees at the Woodfield Apple Store to communicate effectively. They don't seem to listen. When I'd asked "is there anyone who can get in touch with Tommy so I can figure out what's going on with my data". He responded "Tommy is off today". To which I replied "Great now can you answer the question that I actually asked; I didn't ask whether he was off today I asked whether there was anyone who could get in touch with him.. ". Dealing with idiots is rather vexing. I think I'll have to have a shirt made up that says "I see dumb people (everytime I deal with the Woodfield Apple Store)"

As it stands now I have to wait to talk to Tommy to figure out what happened to my data. Never mind the fact that I'm out of time and money on the project that I had to hand off to another party to complete because of apples' ineptitude. Do you think Apple will send me a $15K gift card to make up for the difference? No, I didn't think so. 

If Apple hadn't pulled a time estimate out of their asses I could have made an informed decision to either transfer the key data myself  and leave the rest to be done later or decided to purchase back my old unit and do the transfer at home. If they hadn't lied to me by saying that the transfer had been completed when it hadn't I could have made arrangements get the key data and proceed with my work. In both cases I would have known not to continue shopping and running errands. I could have just gotten to business. Instead by trusting Apple employees to know WTF they were talking about, I ended up being screwed. Screwed out of time (which I'll never get back), money (which Apple is not likely to fork over to me), oh yeah and my flipp'n data which is apparently off in bit heaven. We'll know more tomorrow, hopefully. 

It's interesting to me that no one at the Apple Stores knows of anyway for customers to provide feedback on their customer experience other than the survey that may or may not come to you via email after you've completed a transaction there.

UPDATE: according to the sales rep. that I just spoke to at 800-My-Apple. There is a Customer Relations Group to be sought by calling 408.996.1010. We'll see where this leads.

UPDATE: Just about a hour ago I was informed that my data is likely unrecoverable. They have offered to take half off the cost of the Mac Mini that I'd purchased most recently. It's a bit insulting to think that they have cost me so extensively and move to remedy this by offering half of my money back without regard to the time and money I've been out as a result of trusting them.

UPDATE: Yesterday (7/3/10) I got spoke to another manager at the Apple Store in Woodfield who was under the impression that I'd chosen to not have my data transferred and then got upset when I discovered that none of my data was available. I corrected his perception of the situation by going through the above time line. In the end I told him that the offer to just credit back half of the purchase price on the mac mini was insulting. I stated that I wanted something in writing detailing; 1) why I was told 2 - 3 hours given that it was obviously not a reasonable time frame to transfer my data; 2) why I hadn't been notified in advance of 3 hours passing that it would take 7 more hours than they had originally told me to complete the transfer; 3) Why it is that I was told my transfer had been completed when in fact it had not been completed; 4) Why I was told that my data would be maintained in the store for later retrieval when in fact it was not; 5) Why my data was not maintained in the store; 6) how this will be avoided in the future so that I can continue to patronize Apple in the future with confidence. I further added that if they were going to give me a credit they could also give me 50% off of the unit (Mac Mini)  I'd planned to purchase before all of this happened seeing as it was only because of this mishap that I haven't been able to make that purchase.

This morning I received a voice mail from "Tommy" saying basically that Apple will give me 50% off of only one unit.. either the one I've already purchased or a new one. There was no mention of the statement of how this all happened or what will be done to make sure that it doesn't happen again. Personally, the credit/money is a much more minor issue than the issue of confidence, which is something that I told the last manager that I'd spoken to. Further "Tommy" added that "... unfortunately Apple is not responsible for lost data...". This just galls. 1) we're past the issue of just the lost data, we're on to the issue of the fact that Apple has told me several things that have turned out to be as far from reality as one can get without working as an intern for Carl Rove.

I just called to reiterate to the a store manager that money is not my concern but that confidence is.. we'll see if they care enough to actually address the issue.

Saturday, June 19, 2010

Apple's Mail app is Teh Suck

Just some quick thoughts of things I'd like for Apple's to handle that it doesn't and probably never will. Considering that I got an iPad and had expected to use it as a great email device this list is particularly personal to me as Mail on the iPad is more ineptly equipped than Mail on Snow Leopard.

IMNSHO Mail on the iPad and OS X should have:

  • Support for Multiple Identities
    • This is a no brainer. Every other mail application has had support for this feature since somewhere around 1997. Having multiple "From" addresses is not the same as multiple identities. The Latter includes changes to "Name", "From", "Signature", PGP-Key
    • There are multiple use cases for this
    • When I brought this up to the reps at the Apple Store their solutions were just ridiculous:
      • Create multiple 'sender accounts' that remain 'off line' 
      • Use MobileMe (don't know how that one was supposed to help)
      • Do things a different way 
      • Use GMail or Thunderbird 
  • PGP/GPG Support
    • C'mon PGP's been around since I was in high school (and I'm in my 30s).
  • Ability to display Full-Headers
    • It's useful.
  • ServerSide Filter Support
    • Sieve plugins are available for most other Email Applications
  • Associating a default email address with a particular mail folder

I'm thinking of implementing the above in an app myself but with Apple's fickle approval process I'm reluctant to put in the time and effort only to be rejected for vague reasons.

Until I figure something else out, it's just mutt+msmtp, which I love by the way.

Friday, June 11, 2010

The most significant issue with Google dropping Microsoft

Admittedly, I've not been following the fall out over Google ditching Microsoft with much interest so it's a certainty that I've missed much commentary on the topic. That said: I'm surprised that in the main stream coverage that I have seen, there was no mention of what I believe to be the most important consequence of Big Search's decision.

Some contend that MS Windows is no less secure than any other operating system. While I do not agree with this sentiment, I understand the rationale that with popularity and wide adoption any system can become a more attractive target than others in the same space. As such MS Windows with it's domination of the corporate and home desktop market offers a potentially worthy return on investment for an attacker looking for system to compromise. By this reasoning, Google being a very large enterprise has just painted a huge target on the back of Linux and Mac OS X (users) by making it public knowledge that they will offer only those two options, for desktop computing, to employees. Now attackers know that they have at least one very large and attractive target with millions (yes millions) of computing devices running one of two (not too dissimilar) operating systems that would otherwise not be worth investing the time in compromising.

Just a thought

Tuesday, June 8, 2010

Blog migration (yes again)

I just recently migrated to blogging solution number 5. Well 5 in the last 2 years. I won't count the time on Zope/Plone (which I really liked). I loath MySQL and PHP so I was never find of running Word Press on my network. Having moved to a hosted solution I can now remove the MySQL instances from my network and uninstall all things PHP.... well most things PHP.

I'm actually working on a blog solution of my own in Python that I hope to have ready by year's end.

Oh well. For now this is the new home of Not A Discussion. Let's see how long this lasts.

Sunday, May 16, 2010

your interview questions can leave you without qualified talent

As a consultant I've been subjected to many technical screenings which have often felt more like interrogations than honest evaluations of my technical merits. One problem is that often people who conduct interviews for technical positions are often not (as) technical (as the party being interviewed). A device often used in such cases is a list of interview questions. The idea being that anyone (technical or not) can ask a set of simple, very narrowly defined, interview questions and from the answers provided determine a candidates ability to perform well in the capacity for which talent is sought. This approach is grossly overused and abused especially in IT, IS, MIS, ISS, etc.


Interviewer: tell me Mr. Williams how would you, while on a Solaris 6 machine, view network traffic to determine what was the cause of your network connections to host xyz failiing? Is there any tool that you would use to see what might be happening on the wire?
Candidate: Well sure, I might start by first determining whether I'm getting a timeout or a connection refused, then I'd take a look at the network traffic with tcpdump if I had root privileges on the machine.
Interviewer: Is that the only tool you'd use to look at the traffic?
Candidate: From the wire; yes. I might save it to a file and process the information with other tools but tcpdump will grab everything that I need so form that point its just a matter of extracting and interpreting it.
Interviewer: I'm sorry but that's not right
Candidate: What's not right?
Interviewer: tcpdump is not the right answer. I was looking for snoop. You're obviously not a good fit.


In this situation Candidate gave a perfectly valid answer and one that was applicable to multiple systems. Interviewer had only worked in an environment with Solaris and assumed that anyone who's worked with Solaris would use snoop (which is specific to Solaris). He had never before heard of tcpdump and didn't know that it serves the same function as snoop. As a result he didn't recognize the validity of answer that was more right than the one he was expecting and dismissed a candidate with greater experience and merit than his own.

This sort of thing happens all the time. I've both witnessed and been subject to it repeatedly. Whether it's tcpdump v. snoop, od v. hexdump, ed v. ex it's all frustratingly common and really should be stopped.

The Problem

Even when the people asking the questions are themselves technical, and in some cases especially so, there is a tendency, in many cases, to expect a specific (set of) answer(s) as opposed to evaluating what's said by the candidate to determine whether it might actually be right. In the Unix/Linux world this problem is compounded by the fact that there are so many ways to get things done in general and each type of system might have several idiosyncratic ways to achieve something in a way that's specific to that particular family of systems and no others.

What it is that they're after

Some interviewers just want to feel superior. They get their sense of importance from being in what they perceive as a position of power. That is an individual issue. The organization is usually looking for someone who can perform well in the position for which they are looking to hire. This is where the whole issue of litmus test questions starts to break down most often.

It's only natural to presume that if you have an open position, one way to make sure that you hire a qualified candidate is to find someone who's doing or had done exactly the same thing. It's rare but it does happen. More often than not it's the case that you have to interview candidates who display the skills required to perform well in a given role and make a determination based on their experience in several areas as opposed to one given thing. This requires much more insight into their background than can be had from just going down a predetermined list of queries.

Don't get it twisted

I'm not saying that no one should use a list of questions when they go into an interview. Sometimes people purposely ask vague and open questions to see how a person thinks or to find out what assumptions the candidate will make. This is a perfectly useful technique when appropriately qualified. Unfortunately too many people feel empowered by their interview questions and don't do enough to make sure that they are used effectively. Having a good set of key points to be covered is a great way to make sure that you're comfortable with the decision you make about a candidate. The point here is that interviews (particularly those for technical positions) are not conducted like hollywood read-throughs. They are not pre-scripted.

Tips for successful evaluation of technical candidates

  • Be specific - If you're asking technical questions you should provide some context. Let the candidate know what your assumptions are about the environment.

  • Listen - If you ask a question learn how to listen to and evaluate the answer

  • Let them have rope - Giving someone enough rope to hang themselves might also mean they have enough to swing to safety. Ask open but pointed questions that allow a candidate to expound.

  • Do your research - If you're looking for a specific response to a question you should make sure that you know what all of the appropriate responses are. Saying "well I've been doing this for 12 years" does not count as research.

  • Get ready to be wrong - Letting a candidate prove that their solution is valid is sometimes the only way to know that they know what they are talking about. While not alway practical it's valuable at times.

Happy head hunting

Sunday, April 18, 2010

Palm Pre extended battery

Palm has made a number of critical blunders in their handling of the Palm Pre and the Pixi; to say nothing of the handling of the company overall. One such blunder IMNSHO was the battery. It would have been perfectly acceptable to have an option at purchase for either a slim battery or an extended life battery. Consumers would have been empowered to choose for themselves similarly to the way they could have opted to get the Touchstone Charger. Instead, Palm decided that all of these wonderful features that they managed to jam in to such a tiny little package, should be enjoyed 3 - 4 hours at a time.


Thankfully two companies have stepped up to the plate and filled a void created by Palm's chronic myopia. Seidio and Amzer both have extended batteries for the Pre and Pixi. While Amzer has higher capacity offerings in this space, Seidio has more attractive pricing. The standard Pre/Pixi battery is 1150mAh which is fine for a feature phone that won't be doing much online. Wow I just described the Palm Centro which, BTW, has a 1150mAh battery that will fit into the Palm Pre/Pixi.

Seidio Offerings:

Amzer Offerings:

I purchased the Innocell 2600 mAh and have been very pleased with it. At the time of purchase it was around $65 from the store. The larger battery cover makes the phone appreciably larger. Because of the great design of the Seidio's replacement cover, the phone looks completely normal just a little bulkier. The contour and curve is great and it feels nice in hand.

Real world Usage

When the Inocell 2600 mAh arrived, I immediately put it on the charger for a full 24 hours. The first day I used it, I was quite shocked to find that even though I'd been using the phone durring my whole hour long commute I still had more than 80% of the battery life left. Throughout the day I put the phone through moderate online use but checking email frequently and using the Facebook and various twitter applications. For the whole of the day while I was at work, I refused to plug in my phone to charge it. On my train ride home I finally got the 20% battery life warning. This was over 10 hours after I'd initially set out with the phone and new battery. Finally after about 12 hours of use I had to pop the battery out, put it in the charger and switch over to the original which had been charging while I was out.


  1. No matter which battery you get, I highly recommend you get a a standalone wall charger. Both Seidio and Amzer sell them (they look very similar)

  2. Charging by USB is generally (much) slower than using the wall outlet

  3. Charge your new battery for at least 8 hours before you start using it. If the package says 24 hours then charge it for 24 hours

  4. Keep your original battery and cover

  5. Tethering and bluetooth are battery hogs


I'm generally quite pleased with my decision to get the Innocell 2600 mAh. If I had one complaint it would be that Seidio doesn't offer an even higher capacity battery for the Pre/Pixi. I could have purchased one of the Amzer offerings but I have familiarity with Seidio and I trust the brand. Their products are well regarded. Amzer is a company I hadn't heard of until just recently and their websites and product images don't do much to instill confidence. Amzer's product labeling looks tacky, their website equally so. Perhaps in the future Seidio will offer something in the 3000+ mAh range, hopefully soon. Until then I'm ordering another Innocell 2600 mAh.

Monday, January 18, 2010

Upgraded Dovecot on FreeBSD and Sieve stopped working (Fixed)

I recently upgraded Dovecot (1.1x to 1.2(.8)) on FreeBSD (7.2) and had a slew of issues.

Postfix wasn't delivering messages

This was because Dovecot wasn't starting and Postfix couldn't get the SASL connection that it needed. The fix was to upgrade/install both dovecot and dovecot-sieve ( I use Dovecot's deliver as my Local Delivery Agent (LDA) ). The FreeBSD port/package has dropped support for cmu-sieve in favor of dovecot-sieve. So The first thing do to is make the switch to dovecot-sieve.

After some quick config file changes you'll be able to start Dovecot and consequently postfix should be able to come up with out a hitch and start delivery of messages ( in my case I had some permission issues to contend with and you may too, but since it's a highly individualized thing I'm not going into that issue here).

Problems with Sieve Filters in Dovecot

This was a nightmare. Dovecot's deliver was actually delivering messages but not to the folders specified in the filters. First thing I did was turn on debugging.
mail_debug = yes

Then I noticed this message in the log files
Error: sieve: path to user's main active personal script is unknown. See

This was fixed by adding / to the beginning of  the "sieve" parameter in dovecot.conf (remember that paths are relative to mail_chroot):
sieve = /%d/%u/.dovecot.sieve

That fixed one issue. The next error message I got was:
Error: sieve: failed to open script /<userdir>/.dovecot.sieve (view logfile /<userdir>/.dovecot.sieve.log for more information)

turns out that (on my system anyway) despite the fact that claims that dovecot-sieve supports imapflags and notify including those in your sieve scripts may cause issues. If you have older scripts in use form before you'll need to make suer that they don't include those extensions.  I hope this posting helps others save some time and energy as it was a non trivial task to trouble shoot my installation and figure out what was gong on.