Updates, Patches and Upgrades.

Been a lot happening here that I haven't written down...time to correct that.

First off, work is BUSY. We have ten -- no, wait, twelve -- -- people starting this month. About 8 have started already, so that leaves four. Fortunately, one of them is a new sysadmin who will be helping me out. Thank whoever for small mercies.

The sheer number of people has been part of the reason I've been so busy; another has been the Windows patches this month. Three goddamn times I've been in this month patching machines: once with the unofficial WMF fix, once with the out-of-band official WMF fix, and once with the two regular patch Tuesday patches. I am sick and tired of Windows problems.

However, I have managed to cobble together Windflower, a small-and-so-far-stupid Perl wrapper around the Microsoft Security Baseline Analyzer. So far it will run MSBA on the target computer and come up with a list of fixes it would like to see applied. It'll run over SSH, which is a blessing; I envision this as a way of automagically applying Windows patches remotely without getting a copy of SUS and IIS. It's called Windflower because it's heavily influenced/inspired by Daisy and Ivy, two programs released by Virginia Tech. (It was originally gonna be called Sunflower, but it turns out VT has already released a program with that name...I had no idea 'til now.)

Why not stick with Ivy (which worked better for me than Daisy)? Ivy's great, but it needs a GUI and its UI is irritating (keeps stealing focus, new logs overwrite old logs, etc). I've long wanted something that can work over SSH, and this looks like it should be able to. Plus, Ivy was written in Winbatch, which I don't know and don't have a compiler for. Windflower is written in Perl, which I do know pretty well.

Version 0.1, in all its completely unfinished glory, is available here. GPL'd for open-source goodness!

There's also Amanda, which has been giving me grief. First the estimates were taking hours to finish, which meant that even if backups started at 9pm they wouldn't finish 'til noon the next day. This was fixed by upgrading to 2.4.5, which uses calcsize, quicker-but-slightly-more-inaccurate estimator of the Elder Gods.

Then I ran into another problem: estimate requests, including all the exclusions for each directory, were taking up more than 32KB -- so they were split up into more than one packet by the requesting process. Unfortunately, the receiving process still ignores all but the first packet. Patches, as they say, are welcomed; in the meantime, the workaround is to make the packets smaller. The easiest way to do that is to have one big list of exclusions, rather than specifying each item in that list for each backup. The problem with that is that leads to problems where you (say) want to exclude certain stuff for everyone, plus allow people to specify their own list of exclusions: only the first list gets accepted. My own special workaround, hereby released under the GPL, is:

for i in `ypcat passwd.byuid | awk -F":" '{print $1}'` ; do
    cat /path/to/onebiglist >> $i/.exclude_from_backup
done

Arghhh.

One thing that has helped with work is Time Management for System Administrators, by Tom Limoncelli. I just got this last week, but it's already helped a lot. The sample chapter gives a good overview of The Cycle, the system that TL advocates. The book irritates me in a couple places -- the odd buzzword, and an illustrative anecdote about a friend who was late reviewing a chapter that, frankly, makes TL sound like a bit of an ass. But these are pretty minor complaints, and I recommend getting it.

One of the things he recommends is either a PDA or a PAA (personal analog assistant, aka DayTimer(tm)). I decided to hunt around Ebay for a PDA, thinking I would pick up a used Handspring or some such; instead, I got a Sharp Zaurus SL-5500. Woohoo! Should be arriving next Wednesday.

Finally, I managed to spend a couple hours last night hacking on the NWR04B. I got the driver for the ADM5120 switch compiled; however, it hung when it came time to initialize the switch. A liberal sprinkling of printks showed that the kernel was hung in register_netdev at the call to rtnl_lock. Just for fun, I tried taking that out, and the initialization continued...though other networking drivers complained about RTNL_ASSERT failing, and the ethernet interface didn't actually work, since it couldn't mount its home directory via NFS. Still, progress of a sort.