techblog

World Upside Down

2006-11-07T07:06:00Z

Gah. The world has gone mad. I have installed IE7 and my site now renders better on IE than it does on Firefox. Actually they both display the same; however in firefox the tabs under the banner only have a very small clickable area, whereas on IE7 the whole tab is clickable… Answers on a postcard…

Where's the middle ground?

2006-11-03T07:00:00Z

I finally started updating the styling of my MT blogs to give a more personal feel to the sites and almost straight away I have a question: Where is the middle gound? At the simple "point and click" end of things we have Style Catcher (and taking it even further the non-customizable themes in vox). At the DIY end we have styles-site.css. Where is the solution for when you want to start with a basic layout and make gradual changes until you hit your sweet spot? My original thought was to use the "minimalist" theme and then make a few simple overrides; except that it duplicates a lot of stuff and you end up having to recode most of the sheet just to override the font… What about base-weblog.css? That's what the official themes use as a base, so it must be a good beginning, right? It certainly saves effort over fully redisigning from scratch but a few fundamentals are missing; like the fact that the two-column layouts don't display as two columns… What I have ended up doing here is importing base-weblog.css and defining the alpha and beta divs for my chosen layout (two-column-right). It would have been nice if the default stylesheet took this approach rather than containing most of base-weblog.css making modifications a pain. I know; I have spotted a niche and I should fill it. Unfortunately lack of motivation coupled with lack of intellectual property rights to my own code make that a non-starter. A bit about the style. This was someting I was thinking about for a beekeeping blog, but I'm doing that over at vox and they don't have customizable themes over there. The altruistic nature of a single honey bee has a number of parallels with individual developers in open source projects or individual routers in large networks so I thought the theme idea could be applied here. The logo is five interlocking hexagons representing the comb structure build by the bees for raising young and storing winter provisions. The colours represent the standard marking colours for honey bee queens used to make it easier to spot her as well as indicate her age. The first colour should actually be white but because the honey bees visible spectrum is shifted further into the blue than ours I've used violet (kind of an in-joke for beekeepers I guess). Currently the style fails miserably in internet explorer. Not sure if I will fix that or not.

Design thoughts

2006-09-29T18:05:00Z

Need to finish laying out meanderings and need to do a layout here too. I want to put tabs under the main banner, meanderings, then here and then vox. Layout customisation on vox is minimal so linking back will be a pain. Should the vox be for family friendly posts? News about Lex, etc? Still not sure.

The split

2006-09-29T16:52:35Z

I've decided to split my blogs due to creative differences. My tech posts will now be made here so that they don't get lost amongst the background noise over on Random Meanderings. Most of my posts will still be on meanderings. Every now and then I'll also be posting on my vox blog too. Haven't quite decided on a theme over there yet.

How do I hate thee Microsoft, let me count the ways

2006-09-06T07:20:00Z

Who made the arbitrary decision that new motherboard=new pc? It's not even as if its consistent, I've changed mbs in the past and its just installed the new drivers and away. But not last night.

After the swap over the pc wouldn't boot, would reset before any screen output. Refresh install time thinks I. In goes the original media. Type in my original product key. All seems ok: great I think; job done. And then I log in to check for updates… Wtf? I'm not activated?

So now I find myself with another reinstall in the works. I do have another key I can use for this pc, but its for a different install cd and won't work with the oem cd I used to repair last night.

I guess thats my point. I did a repair last night, not a full install on a new pc. It kept all my other settings, why not my activation?

I'm glad I only run one windows box on the network at home. don't have any of these issues with the OSX, Debian or Ubuntu boxes.

Microsoft, I know you are not listening, but here's a suggestion. The main reason you have such a stranglehold on the os market is because your OS has the apps support, and your own apps are a large part of that. Make windows free. You'd kill Linux as a desktop contender just like making IE free killed Netscape as the dominant browser.

Of course, as a longterm Microsoft hater I don't want this to happen; I love that modern linux distros such as Ubuntu or SuSE make an open source desktop viable for non unix geeks; however in my mind it seems like a plausible option for them to take and a surefire way of killing the opposition. Sure they'd lose the revenue from new pc installs, they'd still have their apps though, they could still get revenue from the specialised variants (embedded, server, 3+ Cpu) and most of all they would get rid of the headaches of having to figure out new ways to stop OS piracy without generating extra support overhead when it breaks existing customer installs. It'd get rid of almost all of the bad press about MS too; very little of the bad press is about their office productivity apps. A lot of it is about oppressive os licensing. They'd still catch flack for their DRM stance and the crappy standards compliance in Internet Explorer (I gave up trying to make my sites display properly in IE ages ago; why should I work harder because MS don't read the standards properly before writing their code?). IE7 is supposedly more standards compliant. I don't want to get started on that though, I'll just say this: Why does fixing a bug require a major upgrade? Would it really be that hard to backport the fixed standards compliance as a critical update for 6 so webmasters don't have to wait years for everyone to update?

I was going to do some reading on the train this morning after a quick post. I seem to have got carried away...

Chasing Ubuntu

2006-08-26T20:07:42Z

I've been hearing a lot of good things about Ubuntu Linux for a while now.

I'm a debian boy and have been for years (I can't remember whether it was bo, rexx or buzz that I first installed… whichever was earliest). I am plenty happy with my etch box, and have no problem keeping up with the various packages, etc directly using apt-cache and apt-get; however I share the PCs at home with my wife and son and have recently started wondering whether the Debian based Ubuntu distro was worth a shot.

]]> I've done two installs of Dapper (Ubuntu 6.06) now, both under vmware (workstation and server). The workstation install I did first was an absolute breeze; I was thoroughly impressed both with the ease of install and the default selection of desktop packages. Blimey, I thought, the hype's true. And mostly it is. I found way they have tuned GNOME gives a similar feel to MacOS X.

I was running the first test on my work PC (left it installing in the background while working in my etch vm). Once it finished the install I could more or less switch everything straight over. I found that a few packages I use were a bugger to find (pretty old git-core and no cogito, found it with some tweaking of the active repositories). Found that the evolution and nautilus installs were a breeze for working with the corporate windows network.

Installing on my home etch box under a vmware server vm was trickier, didn't realise the memory requirements of the desktop live cd. The 128M VM I was running under just wasn't up to the job. Eventually after some googling I found that I needed the alternative CD, and the text based install went fine.

I now need to do some serious thinking. I've been a debian evangelist for years; I think it was in 97 when I suggested to the boss that the slackware distro wasn't up to much and we should look for a change. He couldn't get his head around dselect, but I immediately saw the power of the strong dependency tracking in the deb package format and was hooked. Now I'm seriously considering moving my primary home pc away from Debian. Although at least it's still a distro based around deb and apt suite at its core.

Going to be away from the computers for the next week at my grandad's place in Wales. I'll use the time to consider the options very carefully.

Private AS Peerings

2006-08-24T18:28:41Z

Cisco and Juniper both provide an option to easily strip private autonomous system numbers from outbound advertisements.

This article was started because I thought this aproach was flat out wrong; however during the research I managed to convince myself that it is the almost the right thing to do; just needs a couple of knobs to tweak to make it flexible enough to always do the right thing.

]]> Public AS numbers are generally only available to organisations with public IP addresses and connectivity to the Internet via multiple providers. In an ISP network the only reason to carry routes with a private origin in the global routing table would be where a customer has some provider independent addresses and is multi-homed only to your network.

Ok, so we have our reason for the network eatering the table. What will happen if we just pass the network unchanged? Depending on the policies of your peers they will either drop the route at their boundary, causing lack of global reach for your customer, or they will pass it on, and it'll eventually be spotted, your network will be ridiculed, your peers will lose respect, your wife will run off with the circus and you'll be left broken and alone with nothing for company but a broken toaster. Don't do it. Burnt toast is bad.

We have a prefix originating from a private AS. It would be bad to pass that on to other peers. So what do we do?

A quick look at the documentation provides us with a contender: remove-private-as on cisco, remove private on Juniper. Both statements have the same effect: they strip private autonomous system numbers from outbound advertisements.

Brief interlude from RFC4271

5.1.2 AS_PATH

When a given BGP speaker advertises the route to an internal peer, the advertising speaker SHALL NOT modify the AS_PATH attribute associated with the route.
When a given BGP speaker advertises the route to an external peer, the advertising speaker updates the AS_PATH … [by] prepend[ing] its own AS number…

RFC4271 section 5.1.2 as I read it explicitly disallows modifying the as path when advertising to an ibgp peer; however there is nothing I could find in the standard that explicitly disallows such modifications when advertising to external peers. This gives the vendors the loophole they need.

The problem is that in order to set up a private as peer you need to configure all other peers to remove private as numbers. While this works, and seems to be the generally accepted RightThing™ to do, it just doesn't quite sit right with me; I like policy to be applied once at the entry to the network, not at every exit point.

Another problem comes when you have multiple private as peers.

The whole reason for storing the as path in BGP is to prevent loops (not as a distance vector, even if that is how implementations use it). The reason we are considering the implications of removing part of the as path in the first place is because the customer is multi-homed. Turning off a safeguard when you have exactly the topology it was designed to protect is a bad idea.

What about other private as peers? Remove-private doesn't allow fine tuning. If you allow one private as you allow them all, so if you have multiple customers connected and you advertise their private as numbers to each other you are violating the principals of keeping the numbers private. If one of the customers is using private as numbers internally then routes may get dropped due to non existant loops, and the support desk get calls due to connectivity problems. I admit it isn't likely, but its possible so will probably happen.

A route-map/policy would help:

router bgp 1234
  neighbor 1.2.3.4 remote-as 65534
  neighbor 1.2.3.4 remove-private-as route-map as65534-out
!
ip as-path access-list 1 permit ^(6553[234])_
!
route-map as65534-out deny 10
 match as-path 1
route-map as65534-out permit 20

Conclusions.

Peering with customers using private as numbers is a useful tool and has a number of valid applications, but starting it is like opening pandoras box. Be aware that you are operating in a grey area outside the standards. Here be dragons.

Feed tagging in MT3.3

2006-08-22T17:05:31Z

For some reason the default method of setting tags in outbound atom feeds stores the numeric tagid in the term attribute. Certainly caused me some confusion to see that the Technorati profile for this blog said that my top tag was "10"

Modified the MTIfTagged section of the atom.xml template to match the following:


  
    "         
              label="<$MTTagName encode_xml="1"$>" 
              scheme="http://www.sixapart.com/ns/types#tag" />

Implementing a ranked cloud list

2006-08-22T11:16:41Z

So I installed MT, I used StyleCatcher to pick a theme. Nice one.

Hang on... All my tag clouds are actually bulleted list without any weighting. Surely there must be a way to fix that?

]]> Looking at the source of the output of the tag cloud (sidebar) widget I saw that the entries have a "taglevel" class on them, but the entry-tag list items don't. First change, in any templates with an entry-tag-list, add the following class to the list entries:

taglevel<$MTTagRank$>

Now to style it. I have used a scale of font sizes from 75% up to 200% with 25% steps for the tag ranks. Other attributes would be easy enough to fix (font-face, color, etc).

Add the following to the styles-site.css template:

.module.module-tag-cloud .module-list, .entry-tags {
  list-style: none;
}

.taglevel1  {
  display: inline;
  background: none;
  padding: 0;
  font-size: 200%;
}

.taglevel2 {
  display: inline;
  background: none;
  padding: 0;
  font-size: 175%;
}

.taglevel3 {
  display: inline;
  background: none;
  padding: 0;
  font-size: 150%;
}

.taglevel4 {
  display: inline;
  background: none;
  padding: 0;
  font-size: 125%;
}

.taglevel5 {
  display: inline;
  background: none;
  padding: 0;
  font-size: 100%;
}

.taglevel6 {
  display: inline;
  background: none;
  padding: 0;
  font-size: 75%;
}

The Travelling BPDU Problem

2006-08-22T09:31:37Z

In the aftermath of a spanning tree failure I found myself revisiting the IEEE ethernet standards documents. Specifically 802.1d and 802.1q. As I write this both are available as part of the Get IEEE 802 program, ymmv.

While reading the standards, and some related websites about tuning spanning tree parameters, I realised that there were a number of references to network diameter; however there was no precise definition of this term.

]]> Superficially it seems a pretty self explanatory term — surely it's just the number of switch hops between the entry and exit of the spanning tree domain. A more precise definition is: The network diameter is the maximal trail through the layer 2 domain, including the entry and exit switches.

I am using graph theory terms in this article, I got these from Wikipedia. If any terms are unclear you should be able to get a definition there.

So what is the maximal trail, and how do you calculate it?

Take a look at this example from cisco. Cisco frequently change URLs, hopefully this one won't break too soon...

Essentially this is a variation of the travelling salesman problem. The travelling salesman problem requires that you find a route that passes through every node exactly once. Our requirement isn't quite that strong; we just need to find the longest route through the network that touches each switch in the path only once. Unfortunately the TSP is an NP hard problem, and while there are a number of elegant solutions to reducing the amount of brute force needed to crack it, there is no clean simple algorithm that can solve it. The easiest method is to just get out the paper and use the problem cracking abilities of the human brain.

Examples:

What is the maximal trail from C to F in this network? There are a couple of contenders: C-A-D-B-F and C-A-E-B-F, so the network diameter here is 5.

What is the maximal trail from C to F in this network? C-D-B-A-E-F. Although this network contains the same number of switches, it has a larger network diameter (6).

My conclusion from this is: don't build loops in switched networks. Feel free to decide otherwise, but my opinion is that the reduction in the number of ports required for the infrastructure isn't worth taking the network a step closer to the assumed maximum network diameter of 7 used for calculating the default spanning tree timers in the 802.1d standard.

Can I take my network beyond the recommendation of 7?

Sure, and in most cases it will probably hold together OK; however even though the timer values in the standard look pretty conservative, they are chosen to maximise the stability of the network under load. Your network may run stably under normal load situations, but under heavy load (i.e. when you most need stability) you may find that your spanning tree calculation becomes non-convergent and you get a spanning tree failure causing loops in your network. Switches may seem expensive when you have a stable network but when you have experienced the instantaneous meltdown a spanning tree failure can cause you'll understand that the extra cost involved in reducing the network diameter is well worth it.

Is cricket-95 still needed?

2006-08-21T17:08:03Z

A few years back I wrote a collection script for Cricket that calculated the 95th percentile data rate on an interface. I called it cricket-95.pl. Since then a PERCENTILE function has been added in the core rrdtool code. This article is my investigation on whether this function meets my needs.

]]> I started with a brief look at the code, and found that the PERCENTILE function is only available to the grapher as a VDEF, it can't be used as a CDEF for updates. Not a promising start: Plotting the 95th percentile on a graph is only one part of the requirements for usage based traffic monitoring. Not a show stopper though; just because the grapher is based on dynamic calcs doesn't preclude using a background script (such as cricket-95.pl) to make a seperate calculation of the 95th percentile at scheduled intervals.

So how do the graphs look? I ran a few graphs using rrdtool to compare the output.

Monthly Comparisons

While the final calculated 95th percentile is similar in both cases, the internal function gives no visibility on the evolution of the 95th percentile over time, which makes it pretty much useless for trend analysis.

Weekly Comparison

The weekly graph shows a larger discrepancy, due to the fact that cricket-95.pl always calculates on the monthly figures, whereas the internal function graphs based on the sample set to be presented (i.e. only on the week's values)

Conclusions

There's still life in cricket-95.pl. I have developed it beyond the script available on my site and it looks like it's still worth continuing that development. It's just a pain that I can't release any versions newer than the one already on my website due to contractual issues with my employer :(

Appendix: The command-line used

Below is the command-line used to generate the cricket-95 monthly graph

rrdtool graph cr95-month-2hr.png -s 1153436400 -e 1156114799 \
    -S 1800 \
    DEF:in=peer-linx-gw1.rrd:ds0:AVERAGE \
    DEF:out=peer-linx-gw1.rrd:ds1:AVERAGE \
    DEF:pc95=peer-linx-gw1.rrd:ds2:AVERAGE \
    LINE1:in#00ff00:"Input\n" \
    LINE1:out#0000ff:"Output\n" \
    LINE1:pc95#ff0000:"95th Percentile\n" \
    COMMENT:"Cricket 95, 2hr resolution, 1 month"

Below is the command-line used to generate the internal 95th percentile monthly graph

rrdtool graph cr95-month-2hr.png -s 1153436400 -e 1156114799 \
    -S 1800 \
    DEF:in=peer-linx-gw1.rrd:ds0:AVERAGE \
    DEF:out=peer-linx-gw1.rrd:ds1:AVERAGE \
    CEF:max=in,out,MAX \
    VDEF:pc95=max,95,PERCENT \
    LINE1:in#00ff00:"Input\n" \
    LINE1:out#0000ff:"Output\n" \
    LINE1:pc95#ff0000:"95th Percentile\n" \
    COMMENT:"95,PERCENT 2hr resolution, 1 month"

Are you 2.0?

2006-08-21T14:34:19Z

I've spent too long focusing on the back-end of the Internet, how the routers and switches connect together, MPLS, SDH, WDM; and all the other alphabet soup acronyms. Recently I've been spending more time as an Internet user and have come across a number of tools which are apparently Web 2.0. Some of these I love, and I'll mention a couple of them below, others I've tried and to be honest they do nothing for me. Seems I'm not alone in this regard, found this post by my old mate Dan over on vox. Am I Web 2.0? Maybe. Or maybe I'm just too old...

]]> Tools I do like:

last.fm — Using their audioscrobbler technology for collecting information about who's listening to what they've put together a front end that can track what you're listening to and allows you to tag tracks. They also have a collection of music available that they can stream to create a custom radio station. Their selection seems to be more limited than Pandora but pandora has no community aspect - it's all based on raw musical similarities and musical tastes aren't about raw data. This has helped me find a number of bands I didn't know about, so it's certainly doing it's job there :)

Hiveminder — Online todo-list from the people who put together the Request Tracker issue tracking system. I've been a big fan of RT for a long time - but it can be a bit cumbersome for todo-list management (I use it for exactly that tat work). Hiveminder is a collaborative public todo-list manager. It's only just launched, so there are bound to be teething problems, but so far I like it.

http://del.icio.us/ — One of the definitive 2.0 apps community bookmarks. Essential.

Technorati — Got a blog? Get a technorati account. automatically find out who is linking to your blog, and let people know you are linking to theirs. Essentially this is community trackbacks, but more than that.

Commuter Blogging: The Return

2006-08-21T10:40:04Z

Well it's been quite a few years since I blogged on the train. Of course, back then it wasn't called blogging; it was an online journal or diary. Things have come on leaps and bounds since then, and left me way behind. Back then venting to the Internet was a good way of helping me deal with my depression, maybe it still will be, hence the return. Movable Type The original site was hand-crafted HTML (actually, to begin with it was managed in Frontpage, but I regained my senses and went back to vi after a while); the next step was blosxom, an excellent small open-source blogger. The version I was using wasn't very flexible though, and the code was a bugger to get running under mod_perl; mainly because it was written to be backwards compatible with Perl 4. I attempted a couple of times to make blosxom mod_perl compatible ; I even started a project to recode blosxom from scratch using HTML::Mason (I called the project flotsxam, but it never got very far). I never managed to finish any of these as it's hard to maintain enthusiasm for open source projects when the IP clauses in your employment contract mean that you can't share the benefits. So: I've made the switch to MT3.3. I had considered migrating to MT a number of times in the past; however I always felt put off by the limitations on the free personal use version (restricted number of blogs / authors). With 3.3 they've made it fully free to use without restrictions for personal bloggers; and now I'm willing to experiment with it. So now I have a decent system backing up the site, XML-RPC support, and a mature plugin API; so look for some forthcoming integration with a few of the other sites I use. I am already pulling in some RSS feeds from last.fm and Hiveminder which are two of my current favourites. I have also set up a Technoriti account so I can see how un-influential my blog is ;). Still unsure whether I should run multiple blogs or try and consolidate them down into one. I need to keep a seperate work blog (run on SocialText Open, so it's more of a Bliki) because there are some things I'm not going to release on a public blog (internal documentation updates, outage reports, etc), and I've gotta keep this one, it's the grand-pappy of them all. Do I keep a seperate blog for tech stuff? I probably should becuase there's a different tone in my pure tech posts and they're probably a lot more interesting to the outside world than my general meanderings posts (like this one). That sort of split can be handled by categories though... Still leaves my non-self-run blogs. I'd prefer any music related blogs to go on my last.fm journal, because that'll help build my neighborhood; and I like the look of vox.com; seems like a cool way of building virtual communities, but it's yet another blog to maintain (I'm currently waiting for my invite, so I haven't tested vox personally yet). There needs to be a higher level of blog synchronisation, kinda like RSS in reverse - one master site, and it pushes posts to subordinate blogs based on categories / tags. Does this exist? Have I just invented the next big thing? I doubt it - surely this must be available somewhere? Somehow I've managed to avoid talking about the trains so far... My current commute has three sections. The first section is run by First Capital Connect (was formerly run by Thameslink, but they lost the franchise). This section is no problem at all; trains usually on time, and rarely cancelled. At the far end South West Trains run a fairly tight ship on the Richmond to Egham line; main problem is that they bunch the trains up and run 2 every half hour, rather than running every 15 minutes; this means that if you miss one it's a long wait to the next, and given the reliability of the last contender that's not an infrequent occurence. Only reason I can think of for them doing this is that there are a number of level crossings on the line, and running the trains spread out would annoy motorists; and we all know that motorists are more important than those of us that try to reduce our emissions by sharing transport... As I write this I am standing on the human cattle truck that is the Silverlink Metro line that runs between North Woolwich and Richmond; I have the singular honour to be a daily commuter between West Hampstead and Richmond. If you have a choice: use the underground. Seriously. We're running late, as usual, this morning. Hopefully they won't cancel the train when we get to Gunnersbury. That happens frequently (I probably get hit by that particular cancellation at least 3 times a month, although it's been more than that this month). Current theory held by me and a few other commuters I've spoken to is that the train operators get fined less for cancelling the train than they do for the fines for the knock-on effect of running the service late. That might help the people travelling mid-morning; but the commuters that bring in the bulk of their ticket revenue are left standing on the platform at Gunnersbury. And the announcement has just been made: This train will be terminating at Gunnersbury. So much for the announcements that we will be calling at all stations to Richmond that have been made at every previous station...]]>

UTF Hell

2006-08-19T23:19:17Z

Well the posts are now imported. The following perl one-liner was a lifesaver:

perl -C -pe 's/([^\x00-\x7f])/sprintf("&#%d;", ord($1))/ge;'

Converts non-ascii to XML numeric entity references. The MT XMLRPC daemon wasn't to keen on accepting files with UTF-8 chars (although that was probably the fault of the commandline poster I'm using...) Oneliner was found at: http://www.cl.cam.ac.uk/~mgk25/unicode.html#perl

All change

2006-08-19T20:43:25Z

I'm currently moving the blog into Movable Type (free for personal use now...) Entries may look a bit screwy for a while due to the import.