The Power of FreeBSD

As an odd consequence of being so stable. I find our FreeBSD boxes are always running EOL software. Then the struggle starts of not wanting to upgrade because the box works perfectly fine.

This one for example is being upgraded to 10.0-RELEASE via a quick stop at 9.2-RELEASE:

data01# uname -a
FreeBSD data01 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
data01# uptime
5:03PM up 878 days, 19:13, 2 users, load averages: 0.74, 0.46, 0.37

This box and it's sister are being left alone:

sys01[~]% uname -a
FreeBSD sys01 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
sys01[~]% uptime
5:08PM up 1396 days, 18:39, 1 user, load averages: 0.00, 0.00, 0.00

What's amazing is that their uptime would probably be in the six to seven year range if it wasn't for a datacenter move.

Open Source Progress

I've been doing some spring cleaning in my hard drive and stumbled across these Apache + modssl/OpenSSL + modperl/Perl installation instructions from over a decade ago. It's really remarkable how far Open Source has come in that time.

Steps:

#   extract the packages
$ gzip -d -c apache_1.3.x.tar.gz | tar xvf -
$ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -
$ gzip -d -c openssl-0.9.x.tar.gz | tar xvf -
$ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf -
$ gzip -d -c mm-1.1.x.tar.gz | tar xvf -

#   configure and build the OpenSSL library: 
$ cd openssl-0.9.x
$ sh config 
no-threads
$ make
$ make test
$ cd ..

# configure and build the MM Shared Memory library
$ cd mm-1.1.x
$ ./configure --disable-shared
$ make
$ cd ..

#   apply mod_ssl to Apache source tree
$ cd mod_ssl-2.8.x-1.3.x
$ ./configure 
      --with-apache=../apache_1.3.x
$ cd ..

#   apply mod_perl to Apache source tree
#   and build/install the Perl-side of mod_perl
$ cd mod_perl-1.xx
$ perl Makefile.PL 
      EVERYTHING=1 
      APACHE_SRC=../apache_1.3.x/src 
      USE_APACI=1 
      PREP_HTTPD=1 
      DO_HTTPD=1
$ make
$ make install
$ cd ..

#   increase the Apache hard server limit from 256 to 1024
$ vi apache_1.3.x/src/include/httpd.h

#   build/install Apache with mod_ssl and mod_perl
$ cd apache_1.3.x
$ SSL_BASE=../openssl-0.9.x 
  EAPI_MM=../mm-1.1.x 
  ./configure 
      --prefix=/path/to/apache 
      --enable-module=ssl 
      --activate-module=src/modules/perl/libperl.a 
      --enable-module=perl 
      --enable-rule=SSL_EXPERIMENTAL 
      --disable-rule=SSL_COMPAT 
      --enable-module=rewrite 
      --enable-module=so 
      --disable-module=userdir 
      --enable-rule=SHARED_CORE
$ make 
$ make certificate
$ make install
$ cd ..

#   cleanup after work
$ rm -rf mod_perl-1.xx
$ rm -rf mod_ssl-2.8.x-1.3.x
$ rm -rf apache_1.3.x
$ rm -rf openssl-0.9.x
$ rm -rf mm-1.1.x

Puppet Environment Errors

This morning I found one of our Puppet installations in a state of total fail. Specifically:

May 25 16:22:47 www-app01 puppet-agent[7779]: Could not send report: Error 400 on SERVER: no 'environments' in {:rootenvironment=>#<Puppet::Node::Environment:0x7fb712b7e780 @manifest="/", @modulepath=[], @name=:"root", @watching=true, @configversion=nil>, :currentenvironment=>#<Puppet::Node::Environment:0x7fb712b7e780 @manifest="/", @modulepath=[], @name=:"root", @watching=true, @configversion=nil>} at top of [[0, nil, nil]]

A few things stood out immediately. How did a working Puppet installation go completely belly up after running without problems for so long? Apparently Puppet updated itself on May 23rd from 3.6.0 to 3.6.1 – even without any configuration in a module/class instructing it to do so (note to self, look into this later).

After banging my head against Google search for a while I noticed a new directory $configdir/environments. According to the Puppet documentation you can enable environments in one of two ways, but you still needed to make configuration changes. As an experiment I renamed the "environments" directory and Puppet started processing again.

This is just another in a long, long series of issues with Puppet that are driving me away from the platform. I get the move fast and break things approach to development – and I want you to do so – just don't completely break things on minor releases.

95th Percentile Billing

What is the 95th percentile?

The 95th percentile is a method for metering bandwidth that allows a customer to burst over their Committed Information Rate (CIR). Unlike a fixed network link, a customer is able subscribe to a CIR at a fraction (usually 10-20%) of the interface speed, but when necessary burst above and even consume the entire interface. The 95th percentile is an alternative to either fixed or GB transfered billing methods and is ideal for datacenter applications.

Every five minutes the network interface is sampled for the total amount of bytes transfered. This is averaged over 300 seconds to estimate the average transfer rate per second. These averages are collected every five minutes and stored in a database. When the month is over, the samples are arranged from highest to lowest and the top 5% of samples are removed. The next highest sample is the 95th percentile.

A 30 day month has 36 hours of free peak traffic.

30 days * 24 hours * 5% = 36 hours

The 95th percentile is not a mean or an average, its represents the value that your bandwidth is at or under 95% of the time. To avoid bursting charges you can think of this one of two ways:

  1. 95% of the time the usage should be at or below the CIR, or
  2. 5% of the time the usage can be over the CIR.

If you are looking for more information, I'd recommend you start with Wikipedia's article on Burstable Billing.

Formula to Calculate Margin

Just because I see this so often in spreadsheets:

Costs * 1.Margin = Resale

The proper way to apply a margin to your cost is:

Cost / ( 1 - Margin) = Resale

It makes a big difference on the final number:

100 * 1.3 = 130
100 / ( 1 - .3) = 142.86

If you do it the first way at some point you are going to be wondering why you are short 7%.

Boy Scouts and the Future

There is no way to explain the impact that Scouting has had on my life. Probably the simplest is the Scout Law:

Trustworthy, Loyal, Helpful, Friendly, Courteous, Kind, Obedient, Cheerful, Thrifty, Brave, Clean & Reverent

There is not a day of my life that that hasn't rattled through my head.

This past June I resigned from the Los Angeles Council Board – Membership Standards was a significant part of this decision for me. Almost every Scouting function I attended included a discussion on Membership Standards, ranging from the official discussion of "National Policy" to sidebars on "the Gay issue". From my perspective the arguments against inclusion (changing policy) boiled down to fear. Fear of the unknown, fear of change, fear that Scouting's religious base would leave the organization, fear that gay Scouts would somehow infect others, etc… At some point I would interject with a:

  • "Do you think that the policy is effective and 'protecting' from [insert fear point]?", or
  • "Do you believe that this policy is keeping Gay Youth or Adults out?"

In my experience some of the most dedicated, passionate professional employees and volunteers that I have ever met are Gay/Lesbian. It infuriates me that in order to stay involved they have to pretend to be something else, and hope that they are never found out.

January 1st brought a significant change to Scouting. No longer will a Scout be disqualified on the basis of sexual orientation. This is a long overdue and needed change to the program, and what I hope is just the first step in the removal of membership standards based on sexual orientation. Wouldn't it be nice if newly minted Eagle Scouts could be involved past the age of 18?

2014 Resolutions

In the spirt of public accountability, here are my New Years resolutions:

  • Migrate this Blog to Jekyll
  • Loose 20 lbs before my Birthday (this is a pound a week – no problem). Accomplished via: sweat every day, make carbs the exception – not the rule, balance indoor life with the outdoors.
  • Get back to charity. Since resigning from the local BSA Board I've missed this in my life.
  • Travel. Six four night trips over the next 12 months, plus a few one to two night destinations.
  • Photograph more, take classes, learn.

Sounds simple right?

HOWTO Trim comments and spaces from files

Trim comments and spaces from a file:

$ grep ^[^#] file

“The regex ^[^#] matches the first character of any line, as long as that character that is not a #. Because blank lines don’t have a first character they’re not matched either, resulting in a nice compact output of just the active configuration lines.”

Via David Berner

Cogent Giving Away Transit?

From an email this morning:

I wanted to follow up with you on Cogent’s promo that is running this
month. I do know you have a year left with Level 3, and that would fit
perfectly with what our promo has to offer. If you have 11 months or
less left on your contract we can offer Phyber a free internet
circuit. You essentially would sign a minimum of a 2year contract and
only pay a year of it. I hope this can strike up a conversation on how
we can be a valuable partner to [snip].

The details aren’t exactly correct – and I’m not going to bother asking for the rate / Mbps on this. But it’s an interesting development.