Economic Indicators

State of the Internet

Websense is a San Diego based Internet Security Company with roots in web filtering.  A quick google has revealed criticism about Websense falling into two categories:

1. They serve repressive regimes in China and Yemen in their goals to censor the internet.
2. In America, where they are used widely both in Corporate and Government deployments, there are too many false negatives.  This means that sites become censored which should be available.

They have released some interesting findings from 2009 here.  Among the highlights are:

• 71% of Web sites with malicious code are legitimate sites that have been compromised.
• 95% of user-generated posts on Web sites are spam or malicious.
• Phishing lures have doubled since the first half of the year representing approximately 4% of spam email.
• US, Russia, China and Brazil are consistently in the top 5 countries hosting crimeware and receiving stolen data.
• The average time it took for anti-virus vendors to deliver a patch once malware was identified has more than doubled from 22 to 46 hours, comparing the first 6 months of 2009 with the last.

Momma don’t allow no music in here

International Unemployment

United States Bureau of Labor Statistics

Running Asterisk on Xen

We are migrating our Asterisk test environment from VMware to Xen.  We always used the free VMware (VMware Server) which worked fine other than one huge limitation: There was no way for our virtual machines to access telephony cards (eg: Sangoma or Digium T1 pci cards).  Xen provides that feature and more by allowing your virtual machines to access pretty much any device you can access from within a regular linux installation.

Here are the steps I took to add Xen to my CentOS test server and fire up my first asterisk guest complete with its own digium pri card.  For my first asterisk guest i created a server with all the latest and greatest asterisk software and appropriately named it bleeder.

1. Install Xen – This step turns your current server into the Dom0, or “the special privileged domain that is used to administer normal guest domains”

yum install xen kernel-xen
modify /boot/grub/grub.conf to boot the xen kernel by default
reboot

2. Download a 1G partition image that contains an ext3 filesystem with the linux kernel and a minimal set of CentOS packages and extend it to 4G.  Stacklet.com is a great resource for these.  I found the CentOS image i was looking for here.  This comes with the partition image and two example config files.  I copied the partition image to a directory i could remember where i had sufficient space and extended it using the following commands.  The first command (dd) extends the actual file.  This is analogous to extending a partition on a disk.

[root@fsdev images]# dd bs=1k seek=4096k count=1 if=/dev/zero of=centos.5.3.x86.img

Note that this command produces a “sparse” file. That means that though the file can grow up to a total size of 4GB, it only takes up the space on disk that it is actually using.  Here’s the proof:

[root@fsdev images]# ls -lh
total 2.1G
-rw-r--r-- 1 k3leland k3leland  4.1G Nov 15 19:33 centos.5-3.x86.img
[root@fsdev images]# du -h centos.5-3.x86.img
1.1G  centos.5-3.x86.img

The rest of the commands are to resize the actual ext3 filesystem.  Find the first available loopback device and assign our partition image to it:

[root@fsdev images]# losetup -f
/dev/loop0
[root@fsdev images]# losetup /dev/loop0 centos.5-3.x86.img

Now Resize!

[root@fsdev images]# resize2fs /dev/loop0
resize2fs 1.39 (29-May-2006)
Please run 'e2fsck -f /dev/loop0' first.

[root@fsdev images]# e2fsck -f /dev/loop0
...output omitted...
[root@fsdev images]# resize2fs /dev/loop0 4G
resize2fs 1.39 (29-May-2006)
Resizing the filesystem on /dev/loop0 to 1048576 (4k) blocks.
The filesystem on /dev/loop0 is now 1048576 blocks long.

Lastly unassign our file to the loopback device:

[root@fsdev images]# losetup -d /dev/loop0

Here is an extra command that may come in handy when dealing with partition images. This allows you to mount the image and explore the contents:

[root@fsdev images]# mount -o loop -t ext3 centos.5-3.x86.img /mnt
[root@fsdev images]# ls /mnt/
bin   dev  home  lost+found  mnt  poweroff  root  selinux  sys  usr
boot  etc  lib   media       opt  proc      sbin  srv      tmp  var

3. Copy the pygrub config to /etc/xen/bleeder and make some slight modifcations to it.  I gave it its very own ip address and indicated i wanted it bridged at the ethernet level by adding this line:

vif = [ 'ip=xx.xx.xx.xx, bridge=xenbr0' ]

I updated the disk directive to reflect the new location that i moved the image to:

disk = ['file:/var/asterisk/xen/images/centos.5-3.x86.img,sda1,w']

And lastly I assigned the virtual machine the digium T1 card using the pci directive.  Note: I found the pci identifier in the output of lspci.

pci=['0a:01.0']

4. Unbind the pri card from my Dom0 so that i will be able to boot my bleeder guest by loading the pciback kernel module with the hide option:

modprobe pciback 'hide=(0a:01.0)'

If this worked you will see some messages in dmesg:

pciback 0000:0a:01.0: seizing device
PCI: Enabling device 0000:0a:01.0 (0310 -> 0313)
ACPI: PCI Interrupt 0000:0a:01.0[A] -> GSI 20 (level, low) -> IRQ 21
ACPI: PCI interrupt for device 0000:0a:01.0 disabled

If this command doesn’t work it will not give any indication other than you will not see those messages in dmesg. This command will not work if you currently have a driver loaded that is binded to that device. That means you may have to:

service zaptel/dahdi stop

and try again:

rmmod pciback
modprobe pciback 'hide=(0a:01.0)'

5. Now we are ready to boot our guest for the first time using the xm command.  The -c option indicates we want a console on the new vm, and the name of the vm, bleeder, corresponds to the name of the config file in /etc/xen.  If everything works you will eventually get a login prompt (root/password by default)

[root@fsdev ~]# xm create -c bleeder
Using config file "/etc/xen/bleeder".

One error that prevented booting for the first time was:

Error: pci: improper device assignment specified: pci: 0000:0f:00.0 must be co-assigned to the same guest with 0000:0f:06.0, but it is not owned by pciback.

I resolved this by moving my pci card to a different slot in the system. I believe this is a limitation in Xen but if you have the flexibility to move your card it beats waiting for a bug fix;)  Here is the output of lspci and lspci -t before and after the move:

[k3leland@Dom0 ~]$ lspci | grep Digium
0f:06.0 Ethernet controller: Digium, Inc. Wildcard TE120P single-span T1/E1/J1 card (rev 11)
[k3leland@Dom0 ~]$ lspci -t
-[0000:00]-+-00.0
           +-01.0-[0000:01]--
           +-1c.0-[0000:09-0a]--+-00.0-[0000:0a]--
           |                    \-00.1
           +-1c.4-[0000:0d]----00.0
           +-1c.5-[0000:0e]----00.0
           +-1d.0
           +-1d.1
           +-1d.2
           +-1d.3
           +-1d.7
           +-1e.0-[0000:0f]--+-00.0
           |                 \-06.0
           +-1f.0
           +-1f.1
           +-1f.2
           \-1f.3

[k3leland@Dom0 ~]$ lspci | grep Digium
0a:01.0 Ethernet controller: Digium, Inc. Wildcard TE120P single-span T1/E1/J1 card (rev 11)
[k3leland@fsdev ~]$ lspci -t
-[0000:00]-+-00.0
           +-01.0-[0000:01]--
           +-1c.0-[0000:09-0a]--+-00.0-[0000:0a]----01.0
           |                    \-00.1
           +-1c.4-[0000:0d]----00.0
           +-1c.5-[0000:0e]----00.0
           +-1d.0
           +-1d.1
           +-1d.2
           +-1d.3
           +-1d.7
           +-1e.0-[0000:0f]----00.0
           +-1f.0
           +-1f.1
           \-1f.3

6. Now we can proceed to configure and install software on our new virtual guest as it was a physical server. The output of lspci in the guest should produce a single line with our digium T1 card. The system we got from Stacklet.com provides the bare minimum so the first step is to bring it up to date and install the prerequisite tools:

yum update
yum install vim-enhanced gcc gcc-c++ subversion make kernel-xen-devel libtermcap-devel

Checkout Asterisk and Friends from svn and make and make install asterisk, dahdi-linux, dahdi-tools, libpri.

Deviations from boring ‘configure;make;make install’ routine included a couple of things:

When configuring asterisk i chose to disable xmldoc:

./configure –disable-xmldoc

After making and installing dahdi-linux be sure to modify /etc/dahdi/* to your needs, or use dahdi_genconf.

TODO in Future:

• test performance of virtualized asterisk
• install asterisk and dahdi-linux on vm from binaries using asterisk xen pacakges at packages.asterisk.org.
• install thirdlane, trixbox, and asterisknow a xen guests

Recommended book and primary reference for this project:

before you can resize the filesystem formatted on top of the partition

Upgrading Asterisk on trixbox

For whatever reason trixbox is not releasing Asterisk updates in their repository for their 2.6 versions.  (see rant at bottom)  Luckily, where trixbox slacks digium delivers.  With little trouble I was able upgrade a  trixbox distribution so that I can get the latest updates of the asterisk software direct from digium, while continuing to keep my trixbox software up to date through trixbox.  Here is the rundown:

Bring your system up to date with the trixbox repository

yum update

Modify the repository settings.

trixbox by default has the centos repos, and its own trixbox repo.  We need to add the digium repo and remove the kernel exception from the centos repo.

wget http://packages.asterisk.org/centos/5/current/i386/RPMS/yum-repos-asterisk-1.0.0-1_centos5.noarch.rpm
rpm -i yum-repos-asterisk-1.0.0-1_centos5.noarch.rpm

in /etc/yum.repos.d/CentOS-Base.repo under the section titled [base] comment out exclude kernel:

#exclude=kernel*

Update your kernel

yum update kernel kernel-headers
reboot

Replace the asterisk software from trixbox with the latest software from digium

To find all the currently installed packages that you will need to remove use the commands:

rpm -qa | grep asterisk
rpm -qa | grep zap

You will not need to remove all of these packages, only the ones that are provided by digium through packages.asterisk.org.  In my case I left both tbm-asteriskinfo, asterisk-perl installed and removed the rest.  Here are the packages i removed:

rpm -e --nodeps asterisk-sounds-1.2.1-2 asterisk-1.4.22-4 asterisk-addons-1.4.7-2 zaptel-modules-1.4.12.9-1_trixbox.2.6.18_128.1.10.el5 zaptel-1.4.12.9-1_trixbox

This order of operations left some driver cruft that I had to manually remove:

rm -Rf /lib/modules/2.6.18-164.el5/weak-updates/zaptel/*

Now we can install the latest asterisk software from digium’s repo:

yum install asterisk14 dahdi-tools asterisk14-addons

Now this new asterisk system will use all the same old configuration files that are still in place, except for 2 which we will modify now.  Both of these modifications are related to the name change from zaptel to dahdi.

/etc/dahdi/system.conf

This is really just a new name for what was /etc/zaptel.conf.  Simply copy /etc/zaptel.conf to /etc/dahdi/system.conf and you’re done.  If rpm moved your zaptel.conf then copy /etc/zaptel.conf.rpmsave to /etc/dahdi/system.conf.

/etc/dahdi/modules

This is a new name and syntax for /etc/sysconfig/zaptel.  Open it up and comment out the modules you will not be needed, based on the hardware you have installed.  Compare against your /etc/sysconfig/zaptel if you are at a loss.

Lastly, modify /etc/asterisk/asterisk.conf by adding this directive to the [options] section:

[options]
dahdichanname=no

Now reboot and voila!

Rant

trixbox doesn’t respond to bug reports, doesn’t maintain their changelog, has little in the way of developer support, doesn’t integrate bugs fixes of opensource software that it repackages.  I am currently testing asterisknow as an alternative.

http://www.trixbox.org/changelog

Economic Indicators

NJ showed up as the 15th highest unemployment rate (9.7 which is also the national average) on the latest Bureau of Labor Statistics.

Top 5:

1. Michigan
2. Nevada
3. Rhode Island
4. Oregon
5. California

Bottom 5:

50. North Dakota
49. South Dakota
48. Nebraska
47. Utah
46. Virginia

The average price of a home in Detroit is under 20K and the median house price is under 10K!

Yikes!  References:

• Chicago Tribune
• http://www.tribbleagency.com/?p=3598

Fedora Core Live USB

I am really excited about live linux on usb flash drive,  and the persistent storage feature in particular.  It basically means instant linux on any computer.  Prior to this tool I had been trying to fill this gap in two ways:

1. Dual Boot Windows and Linux on my pcs.
2. Live CDs

My new plan is to add this flash drive to my physical keychain.  The persistent storage feature means that you can easily customize your live distribution and load it with tools and drivers.  This task previously would require building a custom live distribution and burning it to cd, updating would require you to repeat this process.

Hardware:

• 4 GB USB Flash Drive – IOCELL Network NetDISK
• Laptop – Dell Latitude E6400

Software:

• Windows Vista Home Edition
• Fedora Core 11 Live iso
• liveusb-creator
• Broadcom Linux Wireless Driver
  

Potential Limiation:

• Some machines don’t support booting from usb.

Accessing your windows partitions from inside your Live OS:

1. Identify your file system types with ‘fdisk -l [hs]d[a-z]‘
2. mkdir /mnt/windows
3. mount -t ntfs /dev/sda /mnt/windows

or if you want to automatically mount that partition every time you boot modify your /etc/fstab with the above information.

ex: /dev/sda1     /mnt/windows   ntfs   defaults,gid=0    0 0

Great Summer Movies

Quick Facts

• Food Inc – Documentary about failures of American policy with respect to the food industry.

Rotten Tomatoes – 97%

IMDB – 8.2

• Moon – Coherent Science Fiction with a beautiful outer-space set on the moon.

Rotten Tomatoes – 90%

IMDB – 8.3

• Away We Go – Dramatic/Romantic Comedy.

Rotten Tomatoes – 67%

IMDB – 7.9

• Bruno – Sacha Baron Cohen’s (Ali-G, Borat) latest Comedy and Social Commentary.

Rotten Tomatoes – 69%

IMDB – 7.1

Skinny Jeans

Times are changing!! Yayee!  Its finally my turn to criticize a younger generation whilst secretly envying their carefree confidence and lack of regard for convention.  The age of grossly oversized clothes as a fashion manifestation of non-conformity and youthful rebellion seems to finally be passing!  For a couple years now I have been noticing heterosexual young adult men wearing shockingly tight pants walking around in my home town of Red Bank.

Exhibit A: Nick, an 18 year old employee at clothing store Metropark, a Los Angeles based specialty store chain.  Here he is in my local Starbucks (didn’t have to go far for the inspiration for this article) sporting Kill City jeans and a New Era (still oversized) fitted hat which in this context seems to be old-hat;)

Naturally the first couple times I wrote them off as isolated incidents.  However, this trend seems to be gaining speed and attention.  50 cent, naturally bitter about the movement,  stated on his latest freely downloadable mixtape War Angel, “I think these n***as is f***ots.”  Harsh words 50!  (See the full interview here.)  Fashion must be moving fast for 50 cent to come off as the trapped in the last century grandpa on the porch yelling “Kids these days!! Pull up your pants and have some respect!!”  Over at AskMen.com, a harsh review of skinny jeans generates a wave of comments from men, extolling the virtues of their new fashion choice.  Hilarity in the comments section ensues!

Alas, I don’t see myself jumping aboard this skin-boat.  As my babycakes knows, I already have a hard enough time not scaring little kids with my frequent erections.  I am undoubtedly a transparent person, but i am almost positive skinny jeans would take this transparency to a level neither I nor my associates would be comfortable with.  In closing, I hail the new generation of youngsters for their ability to bewilder me!  Rock out with your cock out!