Will UEFI boot Linux?
I saw this article mentioning signed boot loaders float down the BLUG.org news stream. The highlight pullquote:
A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.
I’m sure someone is already busy working on proper support for this, it will be interesting to learn what it will take to boot off of future PCs.
Linuxfest Northwest 2011 Prize
Here’s the Bruce Schneier doll that Modwest donated to the Linuxfest Northwest world famous raffle. What a great prize! Bruce is decked out Matrix style to defeat all your security-thru-obscurity talk and send you packing back to your world of security theater. I wonder what Modwest will donate next year…I know a Leo LaPorte doll would not fly with this crowd ;-) A steampunk Ada doll would rock!
jed and bruce, tag team!
Copy Protection for Our Identities
Another idea sprouted: I love the concept that Doc Searls discusses about the Intention Oriented Economy. This is the reverse of the identity oriented economy where we supplicate our commercial oligarchy with our percious identifiable information for free stuff so they can better advertise to us. Rather–it makes much more sense to develop an anonymous identity and then publish intentions (I want to buy a bicycle) and then grant permission to commercial supplicants to market to us based upon our published desires.
I was listening to the latest ep of Triangulation with Daniel Briskin and he mentioned having a non-copy protected version of Visicalc, one of the few left that could run on any PC. Duh! Our *identities* need to be copy protected.
Please tell me that TPM and remote attestation, with our own private identities being the attestors, is what unlocks degrees of our identifying information for marketers? We provide some binary blob of our intention, to read it, they supplicate to our attestation, they decrypt that shard of our identity, but that encrypted shard expires because we provide it through our publicly administered perishible anonymous identity administration.
Ok, enough of the crack cocaine, time for bed.
Tiny Computers: 4 for $100
This would be an awesome exhibit for LinuxFest Northwest 2012: small usb computer kit.
Quick thot on MySQL
Had a good question in my MySQL talk about how to monitor performance, and of course I suggested turning on the MySQL slow query log. What I neglected to mention, however, was mytop. This little utility is found in the rpmforge repo and it’s like a top(1) for your mysql queries.
The basis for it is the SHOW PROCESSLIST command, of course. Mytop collects, sorts and colors the output and adds the system summary of key-hits-ratio, query count, etc at the top.
Another Great Linuxfest Northwest
What an impressive LinuxFest. It felt really pro this year with big printed badges and registration. I would have been. Happy to have picked up my badge friday night if I knew what the crowd might have been Sat morning.
The robot room was definitely Liam’s favorite. Thank you BAIRS! I really dug the competition robot. Seeing BPD’d bomb squad robot was quite a privilege for us as well. That was very generous for BPD to spend a few hours at Fest. Would have been cool of JBLive.tv coulda got some footage.
I loved being able to poke into the Linux Action Room and it was a great opportunity to get to present on a live stream. Thanks, Chris, Bryan and Jeremy! Opening up the stream to some guest intro takes was a hoot!
The OpenStreetMap presentation was really neat and I would dig doing another bike ride map collection next year, now that I know how to better be prepared. I need to see how I can better use my BB to collect waypoints. It was fun taking a spin with Isaac, anyhow.
I’m grateful there were some people interested in bike rides for fest but I need to start that conversation earlier. But crazy ideas popped up:
- a display of how to charge mobile devices by bicycle
- ANT+ linux drivers that collect cycling telemetry
- getting penguin bicycle pennants printed to sell at the raffle booth
- any bike vendors or mfrs using open source?
I’d once againt like to heartily express my thanks, appreciation and gratitude to the LinuxFest Northwest organizers! It was a great fest and the best sunday of all the two day LFNW events yet!
Linuxfest quick noon #bike ride #gps #lfnw
Gather at bike racks, G building. Look for cargo bike.
@lfnw #bike #gps sunday noon
Interested in doing a short ride with GPS and uploading to OpenStreetMap.org?
LinuxFest Northwest 2011: Traffic Control in Apache
Here are my slides for traffic control in Apache. I decided that last years presentation about Apache rewrites actually sat in a much bigger context of information architecture, performance and caching. So I’ve generalized the discussion and reduced the number of mouse-print code examples.
Slides:2011-apache
LinuxFest Northwest 2011: MySQL Overview
These are the slides I’ll be presenting with for my MySQL Overview talk. Last year I called it the “MySQL Buffet”…and I prolly have more slides up here than time window.
Slides:2011-mysql-buffet
You’ll find a surprise slide, “boring” in there. And this is pretty much my take on the Oracle acquisition of Sun thus of MySQL AB. Any we trolls of why “MySQL Sucks” aside, are you really all that interested about what features and bug fixes Oracle management approves of…in an overview talk. My take: the griping, if you want to dig, is in the askmonty.org wiki. There they are discussing how they are trying to keep feature parity with the MySQL features and fixes.
MySQL and it’s sisters are not about to disappear, esp not with how promising Drizzle and Maria look, and that there are commercial consulting services like Percona that could resell services around both Drizzle and Maria.
LinuxFest Northwest 2011…comin’ round the mountain!
I’m looking forward to LinuxFest Northwest 2011 this year! I’ll be presenting on the MySQL database and how to control web traffic in Apache. I’ll even be presenting in the Linux Action Room and will get to show my evil grin to Chris and Bryan :-) I’ll be posting my slides ahead of time, I have one ready to post tonight.
Don’t forget the sunday bike ride! I’m guessing a ride to Hovander is what we agreed on, but let me know if you’d rather bike closer to somewhere that has more of Bellingham Bay, or closer to the pub…or whatever.
Translating Filenames — Bash Voodoo Style #linux
This is an example of using Bash to convert a crazy apache log and translating the filename into an IIS log pattern:
d=`date +%Y%m%d`
find k -type f \
| while read filename
do
nextfile="${filename/k\/done?0.www\./k2/www-Server_T${d}_}.log"
echo "$nextfile"
cat $filename | $translate > "$nextfile"
done
I love how I can refer to a shell variable ($d) inside a string translation (${d}).
Last happy thots on LinuxFest Northwest 2010 #lfnw
As always, I completely enjoyed meeting all the new and returning people at LinuxFest Northwest. I was especially proud to finally shake Brian Aker’s hand and thank him for his work on memcached and how inspired I was about the ideas behind Gearman. Gearman is a job-coalescing processing protocol that can solve map-reduce problems. Please check it out! This is more impressive than memcached by a mile!
I was very interested to talk to the brewers showing their Linux controlled brewing. I was especially honored to meet the chair of OSBridge and friends at the PostgreSQL table. I would have put a shiny Pg shirt on Krow if we coulda caught him…
It was intersting seeing the talk on airline, healthcare/medical adoption of Linux, too. Always glad to hear progress there. Interesting to note that Sun Micro’s thin clients are still widely regarded as the best in those areas, too.
I really like the idea of exploring the possibilities of getting kids to do presentations at LinuxFest. I asked my oldest what he might want to present on, and he said, “teaching my mom how to operate my MP3 player.” Well…maybe in a few years he’ll be ready to talk to his peers at BTC for LinuxFest NW.
And of course, it was great to meet up with Bryan and Chris and chat about kids, camping and keeping animals.
My talk on Apache rewites went … OK. I was not rehearsed, my notes were disorganized, and 1/3 of my room slipped out on me. Those that remained had fun discussing java, c#, cookie processing and http auth wrt codeigniter–so it wasn’t a total waste at all. But I really gotta organize the concepts down if I really want to present an intro to the topic, and at that, I bombed…sorry. Maybe just a talk on Apache would be more useful. I should prolly leave the mod_rewrite topic be a BOF slot.
Anyhow–I’m sure I’m leaving something out, but now its time to get some rest. Many thanks to all the Fest organizers that helped put this on! It is a valuable experience every year and I always recommend it.
Looking forward to 2011! The talks, the next batch of brews, and seeing if anyone else wants to cycle there, too! Nerd bike ride…?
Remember “In the Trenches”? That’s How I Learned of LOPSA #lfnw
I chatted with a few of the guys at the LOPSA booth and mentioned that I first learned about LOPSA by listening to Kevin Devin’s In the Trenches podcast. This Friends In Tech show was insightful, informative and inspiring in that it presented intelligent and professional discussion about the profession of system administration, not merely righteous badmouthing of L-users. It turned me on to the SOTY contest, for which I was nominated in 2008 2007 and received a T-shirt, even.
Bike Route, Hampton – BTC 1.9 mi #lfnw
I’ve ridden this route four times this weekend and it’s not unpleasant. North along Bennet is uphill, but that’s good for us :-) Making zooming down to BTC that much easier! A fun variation on this would be to stop by Squalicum beach and bike up the trail that leads to the BTC parking lot.
Bike Route, Hampton Inn - Bellingham Tech, 1.9 mi
LinuxFest Northwest (Bellingham Herald)
Always great to see the local paper write a few inches about LinuxFest Northwest. Funny ’bout how both “Microsoft Windows” and “Vista” get mentioned in such a short article.
Tail the Latest Log File
I’m grateful for Cygwin. I wouldn’t know how to do this in cmd–though I should probably learn how to do it in PoSH.
find LogFiles/W3SVC1 -type f | xargs ls -1tr | tail -n1 | xargs tail -F
I need to make it an alias now….
Longest MySQL Replication Run? #lfnw #mysql
I’ve heard of people replicating MySQL from coast to coast. I’d love to hear if anyone attending @lfnw has longer replication runs. Happy to share some examples at my talk on Sat. http://linuxfestnorthwest.org/sessions/mysql-performance-and-availability
Crazy mod_rewrite examples? #lfnw #opensource
I’d love to see some wacked mod_rewrite uses! Got one? I’ll put them on screen on Sun @lfnw http://linuxfestnorthwest.org/sessions/using-apache-modrewrite-ninja
LinuxFest Northwest 2010: Apache Rewrites
Apache Rewrites — for Ninjas!
This session is an overview of using Apache mod_rewrite, driven mostly by your interests and questions.
Your Questions, Your Interests?
The simple difference between rewrites and redirects.
You can specify an redirection in a few ways, and they don’t need to be RewriteRules. You can use an Alias directive to map to the file system or a Redirect directive to bounce hosts:
# mod_aliasAlias /newspaper /home/newspaperAliasMatch /(newspaper)/(*\.htm) /home/$1/today/$2 Redirect permanent ^/xml/ http://xml.news.com/ RedirectMatch permanent ^/xml/(.*)\.xml$ http://xml.news.com/$1.xml
Why to NOT use Aliases and Location directives?
Access control features might be the first thing to consider. If you want to configure the security of a directory, then you probably want to use Directory or Location directives.
Otherwise, consider maintainability, really.
The order of operations:
- <Directory>
- <DirectoryMatch>
- <Files>,<FilesMatch> << rewrites
- <Location>,<LocationMatch> << aliases
- <VirtualHost> << repeat the above order inside VH’s after global scope
See http://httpd.apache.org/docs/2.2/sections.html for this example of A,B,C,D and E in order:
<Location /> E </Location> <Files f.html> D </Files> <VirtualHost *> <Directory /a/b> B </Directory> </VirtualHost> <DirectoryMatch "^.*b$"> C </DirectoryMatch> <Directory /a/b> A </Directory>
Aliases and Location directives first and File directives second. This means that mixing and matching Location and File operations can introduce confusion or flaws because the a Location directive is out of sight of your rewrite rules, and you start hair-pulling because you can’t figure out why your intended rewrite is not even being reached. Debugging rewrites and Location directives is not so easy, there’s no step-wise debugging.
Usually, a rewrite is a transparent transformation of the URI into another path. You’re given a wonderful array of internal variable and re-entrant processing capabilities to use. For example, if you wanted to cache popular content that a cron job created, you could match it and look it up on the filesystem before going to your php script:
# Static Local Location
RewriteCond %{DOCUMENT_ROOT}/$1/$2 -f
RewriteRule ^/book/(.+)$ %{DOCUMENT_ROOT}/$1 [L]
# NFS Location
RewriteCond /home/books/$2 -f
RewriteRule ^/book/(.+)$ /mnt/webdata/ebooks/$2 [L]
# bounce this request to new.news.com if static version is not present
RewriteRule ^/ebook/(.+)$ http://new.news.com/prweb/ebook/$2? [L]
Skin That Cat Many Ways
Starting off with Alias and Location directives is fine. However there are a surprising number of places that Apache functions overlap. I presume this is done mostly because it’s difficult to switch between apache modules to accomplish these goals.
* example *
<Location /newsimage.gif> ForceType application/x-httpd-php </Location> RewriteRule ^/newsimage.gif$ - [T=application/x-httpd-php,L] ScriptAlias /newsimage.gif /website/newsimage.php
Apache Directive Processing is not a Programming Language
Apache processes data thru the directives in a rather obtuse fashion. environment variables and pattern matches are not globally visible. Pattern matches between the directives are effectively blocked across directives. Examples:
<LocationMatch /news/today-(.*)> RewriteRule ^(.*)$ - [L,F] </LocationMatch>
Since the regex matches found in RewriteRules share a different memory scope in the Apache process than the other core directives. You’re not given a programming language withing the apache.conf files. The only way to convey data between directives is by setting environmental variables using SetEnvIf or RewriteRule [E] directives.
RewriteRule ^/news/(today-.*)$ - [E=baddate:1] <Directory /oldnews/* > Order Allow,Deny Allow from All Deny from env=baddate </Directory>
Introducing RewriteCond
We can incorporate host name, query parameters and other parts of the request header, and environmental variables into the rewrite using RewriteCond directives.
RewriteCond HTTP_HOST ^(.*)\.news.org$ RewriteRule ^(.*)$ http://%1.news.com/$1? [R=301,L]
Chaining Rules
Rewrite conditions are important because they are the way you can pull in data from the header and query string, which is pretty common. However, if you have a series of rewrites that don’t require things like the query string, it is often easier to chain rules. Rule chaining is easier to read and are processed in order.
RewriteCond HTTP_HOST ^(.*)\.news\.co\.uk$ [OR]
RewriteCond HTTP_HOST ^(.*)\.news\.co\.ch$ [OR]
RewriteCond HTTP_HOST ^(.*)\.news\.co\.nz$
RewriteRule .* - [E=server:ww1.news.com]
RewriteCond %{ENV:server} != ""
RewriteRule ^(.*)$ http://%{ENV:server}.news.com/$1
Making Things Forbidden
There are a few ways to gaurd against bots and what, often by checking for suspicious user agents or referrers. These lists can get very long.
RewriteCond %{User-Agent} ! .*google.*
RewriteCond %{REQUEST_URI} ^/sitemap
RewriteRule .* - [F,L]
Homebrew Cached Output
Consider a batch process that pre-generates static html for frequently hit content that’s originally generated by a PHP script.
RewriteCond %{QUERY_PATH} ^/today/(business|world|entertainment)/(.*)$
RewriteRule .* - [T=application/x-httpd-php]
RewriteRule .* %{DOCUMENT_ROOT}/%1.php?q={%2} [L]
Otherwise you could use LocationMatch and ForceType to execute the php script. You would be using fall-through from Files directives to LocationMatch directives to do this.
Proxying Internal and External Content
We’ve seen how easy it is to redirect. We can also proxy those redirections (and rewrites) using the [P] directive.
Little Performance Tip
Turning Etags off to mask backend servers can make the results last in cache longer.
Check AskApache.com for other speedup tips.
Don’t Forget to Back Up!
Who am I?
Jed Reynolds has been an IT pro since 1996. He recently completed his first year of car-free commuting — traveling 2500 miles on his bicycle. He also loves his Pentax K10D.
LinuxFest Northwest 2010: MySQL Buffet
MySQL Buffet
This session covers topics in MySQL high availability and performance, centered mostly on your interests and questions.
Your Questions? Your Interests?
Jed Reynolds is not employed by MySQL but has been using it in a HA capacity since 2004
MySQL is a large topic and we can do a thumbnail overview followed by specific topics you’re interested in. I’ve listed the topics below in what I believe are the most important first –if you haven’t mastered backups, you have no business doing InnoDB tuning.
Backups and Recovery
- mysql dump,
- replication! do dumps from a pooled out replica
- LVM snapshots
- snapshot load issues
- snapshot recovery: flush w/ read lock, InnoDB recovery
- InnoDB Hot Backup
- Maatkit replication checking correction, use cautiously
High Availability
- replication: snapshot v. restore, LVM, InnoDB
- load balancing: internal to application or external to application?
- health criteria for pool-in/out
- (replication lag, response time, disk free, system load, thread count)
- ???? Multi-Master v. NDB?
- Single master, multi mater, and fail over
High Performance
- High Availability before high performance
- mysqlperformanceblog
- monitoring: slow queries, system load, swap, disk io, concurrent connections, replication lag
- identifying “table pressure” and “update pressure” (large joins, inadequate indexes, bad queries)
- indexes, multi-column indexes
- EXPLAIN *show example, geoip data?*
- query caching and when to not use it (large, infrequent results, frequently updated tables)
- query caching, memcached, application level, or mysql write-thru
- table engines suit different purposes
More Detailed Tunings can be found on the mysql performance blog. And softwareprojects.com.
Table Engines Notes
- MyISAM, Memory, Merge, InnoDB, BDB (tx, fk)
- Archive (fast inserts, compression, lacks indexes)
- CSV text files
- Black Hole
- Federated, NDB
- :-( Falcon – transactional, orphaned?
- ALTER TABLE t ENGINE=foo
- - 3rd party -
- NitroEDB – security log management
- BrightHouse – infobright, warehousing
- DB2 (IBM)
- Kickfire: column based db appliance with compression, FPGA processor, CentOS
MariaDB
This is the myontyprogram fork of mysql, and it includes other engines (PBXT) by default, thread pools and XtraDB instead of InnoDB (same format).
Other Tricky Features
- triggers
- views
- materialized views
- memcached
Full Text Search
- RDBMS != Full Text Search
- Sphinx
- Lucene, Solar
Security
- grants
- ssl
- think layers: start outside your application and work your way thru it into your backup storage policies.
Don’t Forget to Backup!
Who Am I?
Jed Reynolds has been an IT pro since 1996. He recently completed his first year of car-free commuting–traveling about 2500 miles on his mountain bike, rain or shine. He also loves his Pentax K10D.
When NOT to Use a SAN?
The vast number of filesystems, distributed file systems, and network replication schemes available for Linux all come with learning curves and caveats. When does one actually want to avoid merely picking out an average SAN solution and go with a Linux oriented distributed storage solution like Gluster or NFS on DRBD?
What Prizes Will LinuxFest Northwest 2010 Behold?
PogoLinux donated this system to the LinuxFest Northwest raffle.
I enjoyed taking Liam to LinuxFest Northwest 2009. I won i Core i7 system at the raffle there! I don’t expect to win such a thing again. I thought I’d just post a screenshot, because Compiz is just so cool. It runs BOINC pretty well:
top - 21:07:17 up 2 days, 9:08, 2 users, load average: 8.24, 8.37, 8.48 Tasks: 260 total, 9 running, 251 sleeping, 0 stopped, 0 zombie Cpu0 : 0.3%us, 0.7%sy, 99.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu1 : 3.9%us, 1.0%sy, 95.1%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu2 : 0.3%us, 2.6%sy, 97.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu3 : 0.0%us, 0.5%sy, 74.7%ni, 24.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu4 : 0.7%us, 0.3%sy, 99.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu5 : 0.0%us, 0.2%sy, 75.0%ni, 24.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu6 : 0.0%us, 0.0%sy, 75.2%ni, 24.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu7 : 2.3%us, 2.6%sy, 95.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 6023600k total, 5343188k used, 680412k free, 149640k buffers Swap: 17647360k total, 0k used, 17647360k free, 2560740k cached
