Will the tightening economy make Perl more attractive?

Based purely on speculation and my own view of the universe, rather than on any material evidence, I was wondering if the tightening of economies around the world may not end up being beneficial for Perl.

Don’t get me wrong. I’m not suggesting something insane like Perl makes you keep your job. But rather I’m speculating that it might help simply because Perl isn’t used soley for the web. So take, for example, the situation where a company has a dedicated web developer and a site written in something other than Perl. If they also have a dedicated Sysadmin then you can bet that much of the stuff in the back end is written in either Perl or Python. Since Perl has been around longer, its more likely to be that.

To be fair, your web developer might be mightily skilled at design and PHP. They may be totally XHTML 1.0/strict and CSS2.1 + firefox/safari proprietary extensions compliant. They may have “mad Javascript skillz”, and they may even be pretty fun to hang out with – say Dex of 17, Chr of 16 and Int of 16. Your sysadmin character is likewise highly skilled at (whatever the hell it is that non-sysadmins think we do and get paid for, because yeah, we can do that :-). Okay, so your techie might have the social skills of a somewhat evolved baboon, easily distracted by shiny objects (or “hi tech gadgets” as we call them now), and the sole demand for raman noodles, but they too are pretty good at their job. Lets call it Chr 12, Dex 15, but an Int of 17 and Wis 17.

In a tightening economy, which would you fire, your Sysadmin or your Web designer?

You see people may believe that “Perl whatever’s“, but it doesn’t. Its actually pretty useful at doing things. At getting the data from your database to your Apache config, to your BIND zone files, to your password files and your websites. Its also pretty handy at quietly monitor the entire network 24/7, and record all of your important information, and parsing your log files.

PHP … not really quite the so handy in that arena. And I do remember a very intelligent developer (of C) friend of mine some 10 years ago back in PHP v3 days trying to admin her box with PHP scripts. More of the kind of thing that developers do when they’re bored than having any practical purpose.

And lets face it. You can let the servers run themselves, or you can let the web site run itself. Which is more likely to break. The fast moving always on, always doing things servers or the website?

I’m not saying that knowing Perl will save your job. I’m certainly not wishing any PHP/Ruby/Python devs lose their jobs. Please guys not spams, we like you, really. I’m just speculating that because Perl isn’t used solely for developing webapps, being a Perl dev might not be a bad thing right now.

I moved my Blog to perladmin.oreally.co.uk

I moved my blog to WordPress hosted on my own box. It can now be accessed via the URL http://perladmin.oreally.co.uk/

As for why? Well I’ve played with wordpress on and off for a while, but I never really liked the previous versions that much and had given up several revisions ago. I decided to try looking at it again this time around and really prefered the interface. I’m still not at all convinced about much of the rest of it, particularly it being written in PHP since I have issues with that on several levels, but it is what it is. I decided to try it on line via this site with wordpress.com.

Interestingly enough Google must love this place because for certain searches the site is coming up in first place. Which is surprising, if not troubling since its a new site and if I can do it, any spammer can. I’ve even had people start stealing the content already, and there’s barely anything here…

But what I didn’t like is that I couldn’t customize it the way I wanted to. My PHP is limited but I know enough to hack on the code a little and wanted to try doing that on WP 2.6.2 as I have on earlier versions. I also wanted to try a different theme than the half dozen offered, and even something as simple as changing the CSS couldn’t be done without a paid update. This seemed a little much to ask for something so relatively simple, so I decided to move it off to my own box.

I’m not sure how well it will work since my box is about 10 years old, but hopefully it will be upgraded soon, and I have other options if needed :-)

So come on over to the new site, see if you like it:



Why does IPTables not log when it is started/stopped?

I have to say that it is very strange that iptables doesn’t log when it is started, stopped, restarted or even when a rule is added. Given how big of a part in the security scene iptables plays, you’d think that by default it would send a notice to syslog, probably at daemon.notice level, when it is stopped and started. After all this is one fairly important tool. Not the only (hopefully) but usually a pretty important one and in many cases it really is the only thing between a server and the bad guys (yes, I know, that it shouldn’t be the only thing..).

I mention this because I just came back from lunch to find my SSH connection wouldn’t respond to input. This has happened occasionally, but as far as I’ve been able to tell (by piecing together information afterwards), it has invariably been because iptables was restarted.

Now me, I just add the new rule to the firewall and if it works and I want to keep it, add it to the config file separately. I don’t believe in restarting iptables because if you f*ck up the new rule and restart the firewall you’re not only screwed then, but if you reboot the server too. For a remote connection that’s bad news. At least if you screw up the rule you know that you did the moment that you add it to the firewall, so if it comes to remotely rebooting the box you know it will come back up without a problem. And yes, I did do that once. It was a case of

“I’ll just update the firewall rules before I leave this morni… oh er.. oh, what did I type? Sh*t!”.

But my colleague believes that you should add it to the config file and restart because that way you’re only entering it once. Which is nice, and does indeed have its merits because there’s less chance of a typo, getting the order wrong, etc., but it also means you need to stop and restart iptables. Aside from the risk of locking yourself out of the server to me that’s a royal pain. You lose any temporary rules, and you worst of all you lose the connection tracking. Which means my nice and quiet SSH session which was working before lunch and has my open Vim session in it … is now not working because its state is not new or established or related, and thus not a valid connection state as far as iptables is concerned and thus the packets are blocked, and the connection gets dropped. *grr*

More irritatingly though is that I can’t *know* that that’s what happened because iptables doesn’t log when it stopped or started. Which is pretty crazy really if you think about the fact that every daemon under the sun logs that kind of information. It never occurred to me before, but its true, at least on my box.

Incidentally, if you’re looking to fiddle with the firewall remotely, a few good tricks are;

  1. Add a rule to allow your SSH connection through as a first rule. E.g.iptables -I INPUT 1 -p tcp --dport 22 -s <your ip> -j ACCEPT
  2. Use a sleep; undo system. This works for both the command line and restarting iptables. For example;
    1. Add a rule on the command line, knowing the rule number you’ll give it, and then set it to undo a moment later;iptables -I INPUT 23 <what you want to happen>; \
      sleep 10; \
      iptables -D INPUT 23
    2. Restart iptables, then stop it again if it doesn’t work;/etc/init.d/iptables restart; sleep 10; /etc/init.d/iptables stop

The second tip uses the a chain of commands which do whatever might go wrong, sleep and then undo it. The reason for this is that it will execute a command and then move on to the next command in the list, so if you submit the commands like this, where you must include the semi-colons between the commands, (don’t forget the \’s in the first case, or just ignore them and don’t hit return) , then the shell will execute them one after another like this … do “fiddle with firewall command”, sleep, and do “undo fiddle command”. In the even that you don’t do anything, the firewall will be restarted and then ten seconds later, stopped. This is good because in the event that you f*ck up the firewall rules and can’t type, 10s later you’ll be able to type again because the firewall has been taken down again.

But the best part of this trick is that in the event that you can type you do … you wait a second or so, and then type Ctrl-C to interupt the currently running command. This will be the sleep command, so you’ll interrupt that and interrupt the list of commands to execute so your last command, the “undo” command, is never run. So if you can’t get into the box it unsets its firewall. If you can get in then you kill the sleep command before it finishes thus the “undo” is never executed.

As a tip, if you’re not sure when to hit Ctrl-C, add a command echo “Sleeping” into the list just before the sleep command. If you don’t see that then the firewall was messed up. If you do see it then your changes worked, and you can kill the rest of the commands with Ctrl-C.


Virtualbox 2.0 is out

For those who have never used it, Virtualbox is Virtual Machine software from Sun Microsystems, who bought the previous owners, innoTek Gmbh. While my experience with VM software is not extensive, I’ve used a few programs on a Windows host and I’m pretty impressed with Virtualbox. VMWare was, by comparision much much slower, although this may have changed in more recent editions. I also hated how tightly into the OS VMWare wove itself. Uninstalling it has broken several computers of mine and resulted in days of trying to unbreak its grip on my network adapter. (Trying to remove the virtual adapters from the MAC bridge when VMWare was no longer installed). In comparision to VB, MS Virtual PC appears to be lacking features – or at least an interface, and plainly has no design to support anything but Windows with boot options of “Windows 95, 98, NT, 2000, XP, Vista and OTHER”. It isn’t surprising, given that they sell Windows, but I can’t help but wonder how effective it can really be for non-windows, which at the moment is my thing since I’m running Windows as the host OS.

Virtualbox gives a nice range of features and appears pretty fast. 2.0 is no exception, appearing to most fix a few gotchas which never bit me. My only complaint about it is that aperiodically I’ve found that the clipboard will break. This is from Windows as a HostOS to CentOS and Fedora 8 as guest OS’s. You’ll be typing along and suddenly the clipboard won’t work, for Windows or in the guestOS and you end up needing to restart the Vbox to clear it.

I’ve yet to see any information explaining what is happening, but what I suspect is happening is that an event is being lost on the client end and this ties up the entire clipboard because Windows doesn’t get the acknowledgement that the event was processed. I did once see an error message from the Xserver about it dropping events so this seems to be a reasonable guess.

My solution to this has been to work around it and instead of using X directly on the console of the Vbox to connect to it via Nomachine’s NX client. This no only gives me the equivalent of “screen” under X, with the ability to disconnect and reconnect later, but I’ve never had the clipboard cross-over screw up. Which is really handy.

So if you haven’t already tried it but you’d like to, or you’d like to try VM’s and don’t know where to start, or you’re looking to try Linux, but are too addicted to your Windows apps to be logged out of your computer, Virtualbox will be great for you.

As for choice in Linuxes, well I’ve going with Fedora 8 and CentOS 5.2. Personally I’ve been concerned about the direction of Fedora, especially with its “pump a new version out every few months” attitude, (as opposed to putting out something decent). I did try Fedora 9 from the live CD and it sucked, especially when compaired to F8. F8 has, so far, been a pinnacle in the Fedora for me. By comparison CentOS 5.2 appears to have a very strong stable base, and ever bit as usable for a desktop OS as a server OS. As a quick comparison when running under Virtualbox in order to be able to have a graphical resolution which matches my windows box (which is only 1280px by 1024px, so nothing to write home about) Fedora 8 requires you allocate 32Mb of memory for graphics, but CentOS 5.2 requires only 16Mb. I think it says something about F8.


Nomachine NX Client Times out “Negotiating Link Parameters”

I use NX Client from Nomachine to connect to one of my boxes, or more accurately, to a copy of CentOS 5.2 I’m running in a VirtualBox virtualbox that I run on my Windows box. Its kinda wierd, but cool in some respects as half of my computer is now running CentOS; pretty much literally since half the RAM can be used by it and since I connect via NX client it sits in a window which lives on a second monitor.

This is a cool setup. Its a way to wean myself from Windows, to run a test environment with yet another web browser (ok, so its Firefox, but still), while at the same time playing with VM’s (and X11 as I used to do). It also gives me a great excuse to use NX which is, it must be said, far better than the other free Xserver for Windows, Xming. I think its the compression or something, or maybe that its a dedicated protocol server and client, and Xming is implementing X11 directly. Whatever, Xming is often slow and sometimes iffy (to the point where I never felt comfortable purchasing the latest version). It is particularly bad at handling network issues I’ve found, where it will infrequently just hang the connection, causing you to lose all of your window placements.

Not so with NX which appears to be the equivalent of screen for X. Disconnect? Okay, I’ll just sit here and suspend your session and wait for you to come back. This feature alone is amazingly useful, but combined wtih the built-in compression it works very well. Part of the high quality compression is that they compress the data in the connection protocol, X11, VNC, or Radmin, instead of compressing the stream of data, as happens with say SSH compression. Although I haven’t tried it, you can apparently still use X sessions over a dialup line. I know its considerably easier to bring up my X session at home over a cable modem link with NX that it is with Xming, which crawls on anything but having a text window open.

One issue I do have with NX is that its is really complicated to setup. I spent a good couple of hours installing things and repeated logging into my box, with numerous updates to the local SELinux config to allow NX under SSH to launch various things, including being able to write a log to /var/log. That’s exactly the kinda of crap people won’t deal with in general. If you’re having this problem then I fully recommend running this command:

audit2allow -l -r < /var/log/audit/audit.log

After each failed login. This gets audit2allow to list only the allow rules which are needed for the failures since the last reload of the SELinux policy (-l) and (-r) output them with the corresponding require { } structure.

Beyond that, which I got on my FC8 system, even using FC8 RPM’s (but not on my CentOS 5.2, with both the CentOS and NX RPM’s) the only issue I’ve found with NX is that occassionally it seems to get confused. When you open your client connection it will go through the normal setup, the window will open and it will resume the session, but the final Windows dialog box will sit there saying

“Negotiating Link Parameters”

It will do this for about 30s to a minute, mean while the session is up and running and usable. At the end of what seems to be a timeout period, it seems to give up. At that point it closes both the dialog box and the entire NX client window. Once this happens you can try as many times as you like and it will just repeat.

I’ve found that the only answer to this is to open up task manager with alt-ctrl-delete, and to kill all “NX” processes. Once you do that it works again.


Bad Lunch Combination

Mountain Dew and Bananas… ick.

Its sort of my fault, well okay, completely, but I was starting to doze off in that afternoon lull, so I decided to get a soda… you know, the old coders and caffeine thing. I also decided a banana would go help perk me up too as it has lots of good stuff. A quick Google search shows that the good stuff includes Vitamin B to help calm the nervous system, and fibre to well.. “help”. Which means that they’re the idea fruit for programmers everywhere :-)

Read more of this post

Google Chrome; A second look

Following on from my previous post about Google Chrome, Googles WebKit based new browser I think I have some answers to my issues.

The first issue was that the background colours on my select lists were black. It turns out that this is due to the use of the CSS directive background-color: transparent;. Both this and background-color: inherit; appear to cause select elements to have a black background. I don’t see any obvious reason why I had this so I’ve removed it. I suspect that this might have been added for an IE fix – but if that’s the case its okay because I’m already using IE conditional comments to load IE only style sheets.

Read more of this post