What can RHEL learn from video game pirates

September 9th, 2009

After reading Free by Chris Anderson I have some thoughts on how Red Hat Enterprise Linux can claim much of the unpaid Linux market share.

In his book, Free, Chris Anderson tells a story of a game developer who asked Slashdot, a technology forum, why pirates continued to steal his games when he charged just $20 for them. While many open source advocates and others might expect the responses to be filled with arguments against intellectual property the response was very different. Most of the individuals who commented back to the game developer said the piracy was occuring for two reasons. First, because the small amount of copy protection and difficulty navigating his web store provided a barrier to playing the game. Second, the individuals generally didn’t feel that the games being provided were worth $20. This meant the game developer had to create a better game or lower his prices and also provide an easier means of access to the game.

A similar situation exists in the Linux market today. Red Hat Enterprise Linux, a paid Linux distribution held roughly 62.2% of paid market share while CentOS, a free copy of Red Hat Enterprise Linux, and other free Red Hat based Linux distributions hold 50% of the unpaid market. In 2008, according to IDC, unpaid Linux subscriptions accounted for 1.2 million of the 2.8 million servers deployed. According to this data 42% of the server based Linux deployments used unpaid Linux in 2008. So why has this situation occured? It’s difficult to draw a conclusion because there are many different variables and situation, but one possible reason that an organization might run unpaid Linux is similar to why a pirate would decide to use a cracked version of a game. First, because they cannot gain access to Red Hat Enterprise Linux quickly. A system administrator may not feel it’s worth speaking with his manager, going through procurement, and then waiting for his/her Red Hat Network account to be created. These are all barriers to scratching their Linux itch, so to speak. Second, they don’t feel that $2500 is an approrpriate price for an operating system. Maybe they just want to serve up some web services to a LAN in their office.

So how can Red Hat remove these barriers to capture the unpaid Linux market?

First, remove the barrier to Red Hat Enterprise Linux and allow any users to download and use Red Hat Enterprise Linux. Certainly this would not entail providing support to consumers who do not pay for a subscription, however updates, erratta, and other information should be provided. More reasearch is required around the economics that would make this possible, but there is such a small marginal cost to providing updates to an unpaid audience that we could afford to give updates to all consumers. The Fedora project already performs similar functionality and the infrastructure could be leveraged to provide free updates to Red Hat Enterprise Linux as well.

Second, lower the price of supported Red Hat Enterprise Linux to a price that the unpaid Linux market finds more reasonable. Some revenue is better than no revenue. Provide pricing to markets that creates a psychology of responsibility and value. If a consumer is willing to spend a certain amount of money for a copy of Red Hat Enterprise Linux wouldn’t it serve our best interest to provide him/her Red Hat Enterprise Linux? When consumers in the unpaid market decide to move to a paid product it would be in Red Hat’s best interest tf the consumer was already running Red Hat Enterprise Linux. This would provide a clear upgrade path. It is important to note that the demand at free is much higher than even a penny and will cause a huge spike in the demand curve. Both of these theories need to be validated further.

The psychology of free may have also hampered mainstream adoption of Linux on the home users desktop. Could free be associated with lower quality to the average consumer? Does the fact that JBOSS costs 15 percent of the total cost of Websphere cause buyers to assume it is of lower quality? Would raising the price change consumer psychology and increase sales in certain market segments? This is another theory that should be explored.

Update

For some reason I’m not able to reply to comments on my own blog (I’m still figuring out docspace).

Per a new IDC report:

Nonpaid Linux server operating systems continues to increase in importance on the overall market dynamics, with nonpaid Linux server operating system deployments accounting for 43.3% of the worldwide total, up from 41.4% in 2007.

There is no debating that CentOS is an exact binary copy of Red Hat Enterprise Linux, but the psychology of using CentOS instead of RHEL might make a huge difference in the long run.

1. Many users might not realize that CentOS is a copy of RHEL.

2. When a user looks to upgrade to a paid version of Linux they might think a leap from CentOS to another distribution.

3. If a user had the option of downloading Red Hat Enterprise Linux for free they might run it rather than another distribution (excluding CentOS). This would make them more likely to begin paying for it later.

Posted in Economics, Linux, Technology | No Comments »

Lenovo x200 RHEL5.3 Ericsson 3507g wwan

September 9th, 2009

A quick howto on using the built in Ericsson 3507g wwan card in an x200 running RHEL 5.3. I created this guide form a miriad of sources so do not take this as an original or all encompassing guide

Note: I purchased a SIM card from the AT&T store which was activated at the store. If you do not purchase the SIM from AT&T, but have it included with your laptop on purchase I am not sure how to activate it on Linux (the included software is for Windows). I have read on some forums that people have placed the SIM into another device and powered on the device to get a non-activated SIM registered, but this is beyond the scope of this post.

This document assumes the 3507g card is installed (just under the number pad when you remove the keyboard) and the SIM is also installed (located under the battery).

1. Be sure to enable the wireless wan (WWAN) and Wimax radios in the BIOS

2. After booting check to make the cdc_acm driver has loaded.

# dmesg |grep -i acm
cdc_acm 2-4:1.1: ttyACM0: USB ACM device
cdc_acm 2-4:1.3: ttyACM1: USB ACM device
cdc_acm 2-4:1.9: ttyACM2: USB ACM device
usbcore: registered new driver cdc_acm
drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters

3. Notice there are three ACM devices. We will use ttyACM1 as it is associated with the data connection. Also, notice that although the cdc_acm driver is loaded and the WWAN and Wimax radios have been enabled in the BIOS the WWAN indicator light (located to the right of Bluetooth icon) just under the display is not illuminated. This is because the modem has not been initialized. In order to do initialize the modem and make sure your SIM is active you can use minicom or another terminal emulator.

# minicom -s
minicom: WARNING: configuration file not found, using default

┌─────[configuration]──────┐
│ Filenames and paths │
│ File transfer protocols │
│ Serial port setup │
│ Modem and dialing │
│ Screen and keyboard │
│ Save setup as dfl │
│ Save setup as.. │
│ Exit │
│ Exit from Minicom │
└──────────────────────────┘

4. Select Serial port setup.

┌───────────────────────────────────────────────────────────────────────┐
│ A - Serial Device : /dev/modem │
│ B - Lockfile Location : /var/lock │
│ C - Callin Program : │
│ D - Callout Program : │
│ E - Bps/Par/Bits : 38400 8N1 │
│ F - Hardware Flow Control : Yes │
│ G - Software Flow Control : No │
│ │
│ Change which setting? │
└───────────────────────────────────────────────────────────────────────┘
│ Screen and keyboard │
│ Save setup as dfl │
│ Save setup as.. │
│ Exit │
│ Exit from Minicom │
└──────────────────────────┘

5. Select Serial Device (Shift + A). Set the serial device to /dev/ttyACM1 and press Enter several times to get to the main menu. Then press escape to have the modem initialized.

┌───────────────────────┐
│ │
│ Initializing Modem │
│ │
└───────────────────────┘

Welcome to minicom 2.1

OPTIONS: History Buffer, F-key Macros, Search History Buffer, I18n
Compiled on Jul 26 2006, 06:38:09.

Press CTRL-A Z for help on special keys

AT S7=45 S0=0 L1 V1 X4 &c1 E1 Q0
OK

6. Check whenever the SIM is protected by PIN by sending AT+CPIN? If the answer is +CPIN: READY then the SIM is unlocked.

AT+CPIN?
+CPIN: READY

OK

7. If the answer is +CPIN: SIM PIN you need first to unlock it by sending AT+CPIN=”YOUR-PIN”.

8. Now the card can be turned on by sending AT+CFUN=1.

AT+CFUN=1
OK
*EMWI: 1,0

+PACSP0

*ESTKRSH: 1,7F206F31

9. Notice the green indicator light for WWAN is now on. Also, it’s important to not that you can force the GSM-only connection by sending AT+CFUN=5 and force WCDMA-only by sending AT+CFUN=6.

10. To turn the card off you can send AT+CFUN= and energy saving mode is AT+CFUN=4.

AT+CFUN=
OK


11. Exit Minicom (ctrl + a + z – then x). Now that we know the WWAN hardware is working, let’s configure wvdial, ppp, and vpnc. It’s important to note that NetworkManager tends to screw up the wvdial configuration. I stopped it completely and just the command line for managing all network connections.

# service NetworkManager stop

# chkconfig --levels 345 NetworkManager off

12. Start Network Configuration to create the device and the ppp interface

# system-config-network

13. I’ve attached screenshots of how the connection should be configured, but the important things are:

* Setup a generic modem under the hardware tab with device: /dev/ttyACM1 , Baud Rate: 460800 , Flow Control: Hardware.
* Setup a new modem connection under the devices tab with phone number: *99# , Provider Name: att , Username: * , Password, *
* Once the modem connection is created edit the device and select the compression tab. Check all the boxes under that tab.

14. The actions in step 13 will have changed the contents of the /etc/wvdial.conf and of the /etc/ppp/peers/wvdial files. That is great, but for some reason the init strings for AT&T don’t work. So we need to edit /etc/wvdial.conf.

# vi /etc/wvdial.conf

Make sure your file looks like this:

[Modem0]
Modem = /dev/ttyACM1
Baud = 460800
SetVolume = 0

[Dialer att]
Username = *
Password = *
Phone = *99#
Stupid Mode = 1
Init1 = AT+CFUN=1
Init2 = AT+CGDCONT=1,"IP","isp.cingular"
Inherits = Modem0

15. So we now have wvdial and ppp created. Lets go ahead and take a break and add the modem lights item to our panel so we can easily monitor the activity on our att interface. Right click on your panel, select Add to Panel and then select the Modem Lights item. Once it is added right click on the Modem Lights item and select preferences. Under the General tab make sure connection command is set to /sbin/ifup att and disconecction command is set to /sbin/ifdown att. In the Advanced tab change Lock file to /var/lock/LCK..ttyACM1.

16. Now you should be able to bring up the interface by clicking on the modem lights button. If that doesn’t work bring up a shell as root and run wvdial att to see more specific reasons for the failure.

17. Once you have this complete it’s just a matter of running vpnc to open the vpn. You can put your connection preferences in /etc/vpnc/default.conf to make the process easier.

[root@mensa ~]# vpnc
Enter username for vpnX.company.com: user
Enter password for user@vpnX.company.com:
Connect Banner:
| ==============================
| Unauthorized access prohibited
| Violators will be prosecuted
| ==============================

VPNC started in background (pid: 4985)...

18. Please feel free to comment with any corrections or further tips!

Posted in Uncategorized | No Comments »

Oracle Business Intelligence 10.1.3.4 in Amazon Web Services

March 10th, 2009

I was able to successfully install Oracle Business Intelligence 10.1.3.4 in Amazon Web Services over the course of a few hours this afternoon and evening. The idea is to allow for customers of a friend’s consulting company to train on the instance. The whole exercise cost me $1.32, check out my statement ;)


Summary of This Month's Activity as of March 11, 2009
Billing Cycle for this Report: March 1 - March 31, 2009
Expand All Expand All | Collapse All Collapse All
Rate Usage Totals
Amazon Elastic Compute Cloud
View/Edit Service
Amazon EC2 running Linux/UNIX
$0.10 per Small Instance (m1.small) instance-hour (or partial hour) 6 Hrs 0.60
$0.100 per GB Internet Data Transfer - all data transfer into Amazon EC2 4.713 GB 0.47
$0.170 per GB Internet Data Transfer - first 10 TB / month data transfer out of Amazon EC2 0.101 GB 0.02
$0.10 per GB-month of provisioned storage 0.228 GB-Mo 0.02
$0.10 per 1 million I/O requests 616,002 IOs 0.06
$0.01 per 1,000 puts (when saving a snapshot) 109 Requests 0.01
View Usage Report 1.18
Amazon Simple Storage Service
View/Edit Service
$0.100 per GB - all data transfer in 1.338 GB 0.13
$0.01 per 1,000 PUT, COPY, POST, or LIST requests 138 Requests 0.01
View Usage Report 0.14
Taxes
Estimated Taxes
(Due April 1, 2009)
0.00
Charges due on April 1, 2009† 1.32

I used a 40GB EBS volume which will store the data persistently for just $4.00 a month! The way I configured everything I can just spin up my Amazon Machine Image whenever I want and attach it to the volume. Within 10 minutes I have a running instance of OBIEE and when it’s not in use I can keep it on the shelf for just $4.00 a month (did I already mention that?). The other very big plus is I can snapshot the EBS volume so as soon as they are finished training I can destroy their volume and then return to the clean starting image when a new training is starting.

For a really professional look I’m going to register an Elastic IP address and have them forward training.domain.com to the public IP address. That way whenever he walks into a customers site he can just tell everyone to open a browser and ask them to go to the friendly URL. Also, I can lock down by public network IP address who is allowed to access the site, so they can make sure only the customers site is able to get to the training page.

One more thing, the same server is also running Oracle 10g XE in case they want to build some fancier data sets for their customers to train in.

Check out the cost breakdown

Data Transfer In – 100GB
Data Transfer Out – 100GB
Persistent Storage – 40GB
3 Snapshots of Persistent Storage – 40GB x 3 = 120GB
Hours of Compute time on a small instance – 80 hours

This would cost $57.00 monthly broken down by:
Compute – $8.00
Data Transfer – $27.00
EBS Volumes – $4.00
EBS Snapshots – $18.00

I received some feedback from a friend at Oracle who informed me I should check out Oracle’s Cloud Licensing document. It looks like they charge per core similar to a physical system with just a few small differences. Check out the document here.

Not bad compared to a lot more under a traditional hosted or data center environment. Plus no capital required! Check out the screenshot below of the web login to the public DNS name in AWS.

OracleBIinCloud

Tags: , , , , , , , , ,
Posted in Linux, Technology | 2 Comments »

Polar RS400sd

March 2nd, 2009

I decided that I would train for a half marathon this weekend. I think the biggest barrier to running longer distances is that I run too fast and don’t understand my heart rate. In order to gain a better understanding of my heart rate, get details on my workouts, and of course to increase my gadget count I picked up a Polar RS400sd Heart Rate Monitor Watch. My thought when running with it for the first time is that it is very accurate and I like the way it feels on my wrist. The only complaint I have is that the user interface isn’t very friendly, but I must admit I haven’t spent a lot of time with the unit. Hopefully I can figure how to customize it faster with a little more practice. Also, Polar gives you access to it’s Training Plan Bank to download pre-built training programs. I decided to setup my own 3 day a week training program to get me to the 13 mile mark.

Tags: , , ,
Posted in Running | No Comments »

Les Halles Onion Soup

March 2nd, 2009

This soup is more like a thick onion stew than a soup. It includes a bit of brandy and is a tribute to the time when the Les Halles district of Paris was built around the giant market of meat, seafood, and fruit and vegetable stands.

Ingredients Soup

6 tbsp butter
2 tbsp olive oil
1lb 10oz onions, thinly sliced
1 tsp sugar
1/2 tsp salt
1 1/2 tbsp all-purpose flour
2 1/2 cups hot beef stock
4 tbsp brandy
4 1/2 oz Gruyere and half Parmesan cheese grated
salt and pepper

Croutons

8 slices French bread, about 1/2 inch thick
1 garlic clove, halved

Melt butter with the oil in a heavy-bottom pan with a tight lid. Stir in the onion, sugar, salt, and reduce heat to low. Cover with the lid again and let cook for 20-30 minutes. Stir occasionally to make sure the onions don’t stick and burn. They should turn a dark yellow or gold and then you can open the lid and stir them more often so they don’t burn.

Sprinkle flour over the onions while continuing to stir. Stir in the stock and simmer for 15 minutes, partially covered.

To make the croutons: Place the bread on a broiling rack or cookie sheet and place in preheated over at 400F for 1 to 2 minutes or until the bread is noticeably toasted. Remove from oven and rub with garlic pieces. You can even press the garlic cloves to extract more juice and flavor croutons even more.

Stir the brandy into the soup and season with salt and pepper as desired.

Place the croutons in oven proof bowls as a single layer. Ladle soup over the croutons and top with the cheese. Bake in the 400F oven for 20 minutes or until cheese is golden brown. Remove from oven and let cool for a few minutes before serving.

Tags: , , ,
Posted in Food | No Comments »

Advanced Intrusion Detection Environment

March 2nd, 2009

Advanced Intrusion Detection Environment (AIDE) is a file integrity checker for UNIX operating systems. Its purpose to provide reporting on the integrity of data on supported file systems. It is essentially the open source version of Tripwire. While you can use a tool such as Splunk to perform file integrity monitoring it requires more overhead on the server (running splunkd all the time) whereas AIDE is run only when it executed. This post will show you how you can install and setup a quick script to run AIDE on a target host from a trusted host (using ssh keys). By running AIDE multiple times on the target host you can determine what files are changing. Also, by using a trusted host you keep any data off of the target host free from being compromised (in theory).

The Environment

1. Target host
2. Trusted host (authorized to ssh as root using a public key to the target host)

The Concept

Here is a simple diagram of what we are going to setup.

aidedesign

Install AIDE using yum

You can install aide using yum or you can download it from SourceForge


#yum install aide

or

#wget http://superb-west.dl.sourceforge.net/sourceforge/aide/aide-0.13.1.tar.gz
#tar -xvzf aide-0.13.1.tar.gz
....
#cd aide-0.13.1
#./configure
...
#make
...
#make install
...

Install the runaide.ksh script

First, make the directories you need.


# mkdir -p /app/aide
# for x in store conf report bin; do mkdir /app/aide/$x; done

On your trusted host copy the following into a file called runaide.ksh


#!/bin/ksh -x
#
# Author: jameslabocki@gmail.com
# Date: 05.12.08
#
# A simple script that performs the following
# 1. Secure copies an aide configuration to each host
# 2. Executes an aide init via ssh on each host
# 3. Secure copies the aide database to the store directory
# 4. Performs a compare of the two databases and records the results
# 5. Emails the results to a specified email address
#
WHOTOMAIL=linux.admins@domain.com,infosec@domain.com
#
#Important variables :)
TS=`date '+%m%d%y'`
YESTERDAY=`date -d "1 day ago" '+%m%d%y'`
TWODAYS=`date -d "2 days ago" '+%m%d%y'`
ROOTDIR=/app/aide
REPODIR=${ROOTDIR}/store
CONFDIR=${ROOTDIR}/conf
REPORTDIR=${ROOTDIR}/report
BINDIR=${ROOTDIR}/bin
HOSTLIST=${CONFDIR}/hostlist
SSH=/usr/bin/ssh
#
#Almost as important variables :)
AIDE=/usr/sbin/aide
HOSTCONFDIR=/root
HOSTCONFFILE=${HOSTCONFDIR}/aide.cfg
HOSTDBFILE=/var/lib/aide/aide.db.new.gz
#
#Loop through the hosts and create database, copyi
for host in `cat $HOSTLIST`; do
scp ${CONFDIR}/aide.cfg ${host}:${HOSTCONFFILE}
ssh ${host} "${AIDE} --init -c ${HOSTCONFFILE}"
scp ${host}:${HOSTDBFILE} ${REPODIR}/${host}.${TS}.gz
#
if [ ! -f ${REPODIR}/${host}.${YESTERDAY}.gz ]; then
echo "${host}.${YESTERDAY}.gz does not exist yet" |mail -s "Aide Report for ${host}" ${WHOTOMAIL}
else
#Shortcoming in aide having to use config files for everything
cp ${CONFDIR}/aidecompare.cfg ${REPODIR}/${host}.${TS}.cfg
cat ${REPODIR}/${host}.${TS}.cfg |awk '{sub(/todaysdatabase/,'"\"${host}.${TS}.gz\""');print}' |awk '{sub(/yesterdaysdatabase/,'"\"${host}.${YESTERDAY}.gz\""');print}' > ${REPODIR}/${host}.${TS}.cfg.tmp
${AIDE} --compare -c ${REPODIR}/${host}.${TS}.cfg.tmp > ${REPORTDIR}/${host}.${TS}.log
cat ${REPORTDIR}/${host}.${TS}.log |mail -s "Aide Report for ${host}" ${WHOTOMAIL}
fi
#
#remove the db from two days ago
rm ${REPODIR}/${host}.${TWODAYS}.gz
#
done

The script looks for a file named hostlist in /app/aide/conf and then runs through the list of hosts copying over an aide.cfg file and running the aide executable on each host. This means that you can customize the aide.cfg in one place for your environment and not worry about maintaining the configuration file across machines. Once you have a hostlist and a general configuration file you can execute the script.

Further Development
I also setup the reports directory to be served over http through apache and authenticated against Active Directory using mod_authz_ldap. This is nice because you can allow a third party to review the reports on a daily basis.

Here are a few helpful crontab entries after you have the script running.


#Remove old aide reports files
30 1 * * * /usr/bin/find /app/aide/store/ -mtime +10 -exec rm {} \;
30 1 * * * /usr/bin/find /app/aide/report/ -mtime +30 -exec rm {} \;
#Aide job that audits file changes on systems at 3AM each day
0 3 * * * /app/admin/servicedelivery/linux/admin/bin/runaide.ksh

Tags: , , , ,
Posted in Linux, Scripting | No Comments »

Splunk to Jira for PCI

February 25th, 2009

PCI DSS 10.6 requires that logs are reviewed on a daily basis. If the proper alerting mechanisms are in place you can bypass the need to look through thousands of lines of logs, but you still need a trail of what actions are taken after an alert is received.

PCI DSS 10.6

10.6
Are logs for all system components reviewed at least daily? Log reviews must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS). Note: Log harvesting, parsing, and alerting tools may be used to achieve compliance with Requirement 10.6.

I am using XMLRPC and a perl script to automatically create issues in Jira when a Splunk alert is triggered. Although you can use Splunk to perform log review by tagging events I thought it would be more beneficial to use our currently installed work flow system so that we don’t have to allow everyone to log into Splunk and we could use some of the other features inside of Jira as well. So what do you need to do to make this work?

1. Install necessary CPAN modules (assuming you already have perl) on your splunk server.


#cpan -e
cpan> install XMLRPC::Lite
...
cpan> install Data::Dumper
...

1.b Enable XMLRPC in Jira under administration -> Plugins -> RPC Plugin.

splunkjirapci1

2. Copy the following script in $SPLUNK_HOME/bin/scripts/openJiraTicket.pl


#!/usr/bin/perl
#
# * Your search can trigger a shell script.
# * Specify the name of the shell script to run.
# * Place the script in $SPLUNK_HOME/bin/scripts.
# * Command line arguments passed to the script are:
# * $0 = script name.
# * $1 = number of events returned.
# * $2 = search terms.
# * $3 = fully qualified query string.
# * $4 = name of saved splunk.
# * $5 = trigger reason (i.e. "The number of events was greater than 1").
# * $6 = link to saved search.
# * $7 = a list of tags belonging to this saved search.
# * $8 = file where the results for this search are stored (contains raw results).
use strict;
use warnings;
#
use XMLRPC::Lite;
use Data::Dumper;
#
my $summary = $ARGV[3];
my $description = "An alert was triggered in splunk with the following information:" . "\n\nSearch String: " . $ARGV[1] . "\nNumber of Results:" . $ARGV[0] . "\nAlert Name:" . $ARGV[3] . "\nReason Alarm Triggered:" . $ARGV[4] . "\n\nLink to Search:" . $ARGV[5];
#
my $jira = XMLRPC::Lite->proxy('http://jira.domain.com:8080/rpc/xmlrpc');
my $auth = $jira->call("jira1.login", "username", "password")->result();
my $call = $jira->call("jira1.createIssue", $auth, {
'project' => 'AI',
'type' => 30,
'summary' => $summary,
'description' => $description,
'assignee' => 'usertoassignto',
});
my $fault = $call->fault();
if (defined $fault) {
die $call->faultstring();
} else {
print "issue created:\n";
print Dumper($call->result());
}
$jira->call("jira1.logout", $auth);

3. Add a new input to your savedsearches.conf file in $SPLUNK_HOME/etc/system/local/savedsearches.conf. Note the action_script is set to openJiraTicket.pl which means whenever the relation field is met the script openJiraTicket.pl will be executed.


[PCIDSS-10_3_4-LinuxFailedLogins]
action_email = linux.admins@domain.com
action_rss = 0
action_script = openJiraTicket.pl
counttype = number of events
enableSched = 1
quantity = 0
relation = greater than
role = productionLinux
schedule = 0 * * * *
search = index=production pam_unix failure startminutesago=60
sendresults = 1
userid = myuser

4. Now create a few failed login attempts via ssh to a server that is logging to Splunk and you should see an issue get opened in Jira by Splunk.

splunkjirapci2

Some other enhancements that can be made to this setup are:

1. Creating an event inside of Splunk itself when the issue is opened in Jira. Then log when the Jira ticket is closed to Splunk as well and measure the variance in time of the opening and closing of issues as a KPI of the operations staff.

2. Extend the functionality of the perl script with an array (or maybe use sqlite) to match the alert name in Splunk to a component in Jira. This would allow you to compartmentalize the alerts into groups in Jira (i.e windows in one component, linux in another, network in another, etc).

3. Use encrypted password in the perl script and use XMLRPC over ssl. I will be doing this shortly. A quick howto

Encrypt your password file

openssl rand 32 -out key.temp
openssl des3 -e -pass file:key.temp -in passwd -out passwd.enc
openssl des3 -d pass file:key.dec -in passwd.enc -out passwd.dec
openssl des3 -d -pass file:key.dec -in passwd.enc -out passwd.dec
openssl des3 -d -pass file:key.temp -in passwd.enc -out passwd.dec

Unencrypt your password from within the script using the key. I learned chomp is VERY important ;)

if ($enpasswd) {
$passwd = `openssl des3 -d -pass file:/etc/pki/tls/private/dbi.key -in $enpasswd |awk NF`;
chomp($passwd);
}

Tags: , , , , , ,
Posted in Linux, Scripting, Technology | No Comments »

Lasagna

February 21st, 2009

A not so long and not so short lasagna recipe that I’ve made several times. The ingredient list is below. You can use fresh chopped herbs for a more natural flavor or dried if you want to save time and money.


1 lb ground beef
6 oz ground lean pork
3/4 cup chopped onion
1 clove garlic, minced
16 oz diced tomatoes
16 oz tomato sauce
2 tsp parsley flakes
2 tbsp sugar
1 tsp salt
1 tsp basil leaves
12 oz creamed cottage cheese
1/4 cup parmesan cheese
1 tsp parsley flakes
3/4 tsp salt
1/2 tsp oregano leaves
8 oz lasagna noodles, cooked and drained
3/4 lb shredded mozzarella cheese
1/2 cup Parmesan cheese

Cook and stir ground beef, ground pork, onion and garlic in large saucepan or dutch oven, until meat is brown and onion is tender. I usually add the onion and garlic first as it takes a little longer to to become translucent than it does to brown the meat.

Once the meat is cooked drain off all the fat you can, add the tomatoes and break them up with a fork. Next, stir in the tomato sauce, 2 tbsp of Parsley Flakes, 2 tbsp of sugar, 1 tsp of salt, and 1 tsp basil. Heat to boiling, stirring occasionally. Reduce heat; simmer uncovered 1 hour or until mixture is the consistency of spaghetti sauce.

In another bowl mix the cottage cheese, Parmesan cheese, parsley flakes, 3/4 tsp salt and the 1/2 tsp oregano.

Reserve 1/2 cup meat sauce for thin top layer in the next step. In un-greased baking pan, 13×9x2 inches, layer 1/4 each of the noodles, remaining meat sauce, the mozzarella cheese and the cottage cheese mixture; repeat 3 times. Spread reserved meat sauce over top;sprinkle with 1/2 cup Parmesan cheese.

Here is what mine looked like when I was at this point

lasagna1

Preheat oven to 350 and bake uncovered for 45 minutes.

Tags: , , ,
Posted in Food | No Comments »

Armadillo Run

February 21st, 2009

I will be registering for the Armadillo Run in Oldsmar on March 21, 2009. The run is sponsored by the Rotary Club and proceeds will benefit local charities in the city. I hope to have bought an RS100 Heart Monitor by then. My Nike+ Ipod hasn’t been working and I’ve discovered it’s fairly inaccurate. Check out the excerpt below from The Bull Runner

NOV. 10, SATURDAY. At the risk of looking like Inspector Gadget, I wore both the Garmin and Nike+ on my next long run last Saturday. Our goal this time was 18 km. Again, we ran the same initial 12 km route then ran halfway through that same route making our way back to the starting point.

At the onset, both gadgets recorded the same distance. At least, that’s how it was at 2 km. But, as we increased our distance, the discrepancy increased as well.

For the pace, there was a significant 30 second difference too; the Nike+ giving me a faster pace than the Garmin.

At the same 12 km mark (based on the Nike+ in the past), the Garmin, much to my delight, registered the exact distance as the past week’s run: 9.5 km. I pretty much knew which gadget was more accurate at that point. And, sadly, our once favorite 12 km route needed an immediate name downgrade to “10 km route.”

It looks like I’m not running as far or as fast as I thought! I’ve started timing myself the good old fashioned way and measure out my routes using GPS to about a half kilometer now to be safe.

Posted in Running | No Comments »

Tarragon Chicken Recipe

February 20th, 2009

I followed a similar recipe to this for Chicken Tarragon the other day and it turned out well. I burned the sauce a little in the last stage of reduction so remember to keep the heat low. I also used a sweeter white wine than I wanted to, but it was still very good.

Chicken breast recipe is cooked with tarragon, chicken broth, a little white wine, and heavy cream.
Ingredients:

6 boneless chicken breast halves
salt and pepper
1/4 cup all-purpose flour
1/4 cup butter
1 tablespoon finely chopped onion
1/4 cup dry white wine
1/2 teaspoon dried tarragon
1/4 cup chicken broth
1/4 cup heavy cream

Preparation:
Sprinkle chicken breast halves with salt and pepper; dredge with flour. Set aside remaining flour.
In a large skillet, heat 3 tablespoons of butter over medium heat. Brown chicken on both sides, Remove chicken; keep warm. Add onion to skillet and sauté for 1 minute.
Add wine to skillet; increase heat to high and cook until liquid is almost evaporated, stirring to loosen browned bits on bottom of skillet.

Reduce heat to medium-low; add reserved flour, stirring to a thick paste. Add tarragon and chicken broth. Return chicken to skillet; cover and cook until tender, about 20 to 25 minutes. Remove chicken breasts to a hot platter. Add remaining butter and heavy cream to the skillet. Heat through; pour creamy tarragon sauce over chicken breasts.
Tarragon chicken recipe serves 6

Tags: , ,
Posted in Food | 1 Comment »

« Older Entries