Bend in the Weather

Recently Jeremy Visser blogged about his frustrations that the http:// URI being dropped off addresses.

To be honest, I don't see it as a big problem.

Like it or not the Joe Six-Pack uses the following apps in this order:

1. Web Browser
2. Email Client
3. IM Client

Other items like an IRC client, FTP client or even Gopher or SSH Client are few and far between (Joe Six-Pack that is)

It's not merely web site addresses that have suffered that fate. Take a look at this random string:

user1@host1.com

Is that an SMTP address or the credentials to an SSH server? Could it even be an IM user?
Most people would read it as an Email address.... and most would probably be right.

Context has much to do with addressing.. .we all don't run around writing out mailto:user@host1.com everytime we wish to write down an email address.

Whilst it's fine for completeness, it's unnecessary.

I also note that many sites advertise as www.myhost.com. Notice the www aspect? That's an indication that it's a website address. Much like ftp.somesite.com indicates an FTP site, and mail.host.com or smtp.host.com indicates SMTP.

It is becoming popular to drop the www hostname aspect and just refer to a website via it's domain name (ie: host.com).

This also works and seems to be a defacto now instead of www. (Hey it's 4 less chars to type!).
I find if you give the average person any random Internet string.. it's normally typed into a browser first these days. So dropping the http:// makes sense. (particularly from a marketing/advertising viewpoint -- you can have a larger font for your actual address not the protocol!).

Asterisk needs to come with a warning.

Releasing software like this to the wild is bound to just create havoc!

It's quite irresponsible of Digium to just give this software away, and not at least have some form of warning before people download it.

Let me explain...

1. Proprietary PABX/PBX makers and Telcos will loose millions of dollars with it
2. People can finally do what they like with their phones
3. For a newbie the configuration files can be daunting
4. Once bitten with the Asterisk bug, you are always tweaking and adding features.
5. Asterisk Administrators are likely to find themselves shunned in public when they mumble about trunks, extensions and dialplans.

Having said that, I totally love it!

As I mentioned in an earlier post, that we purchased some Snom phones, a Linksys SPA-3102 connected to some Panasonic cordless phones as well as a fax/modem (that runs Hylafax).

We've now have all extensions working, Voicemail, Conference Rooms, group pickup, call parking and Music on Hold taken care of.
I've even set it up that when our DID numbers are called that all the phones ring until someone picks it up.
(A very big thanks to Paul Dwerryhouse for being patient over many hours and answering my silly questions!)

I'm looking at adding iaxmodem to my Hylafax setup so we can utilise T.38 faxing, and fallback to PSTN when only required.
We receive more faxes then ever send, so it's not a real big issue.

Next, I wonder if I can integrate Nagios into Asterisk so when I am remote I can issue commands by dialling into the Asterisk PBX. I've already got 2-way SMS message alerting working on Nagios (Which I promise I'll post up one day shortly) using a range of OSS tools. I would however like a little more control on just what I can do remotely from time to time. (Ever notice Nagios only alerts when you are away from a computer!? )

Now I'm a self-confessed Asterisk-Addict™ (aka AA),

I'd love to hear some of the other neat things people are doing. I think something using ZoneMinder (front door camera, rings IP video phone to indicate someone is there) would be pretty cool.

So post your funky ways you're using Asterisk, I'm all ears!

I get my blog syndicated across on various Planets.

I enjoy reading Planets as it's a good wrap-up of what's going on.

One thing that I do find annoying however is that there doesn't seem to be a standard method when applying the timestamps on the posts.

Whilst generally they appear in 'GMT+0' time it can be hit and miss in a range of blogs it syndicates. As a result it's easy to miss posts or have one post stuck on the top for hours, knocking newer posts below it.

Hopefully jdub or someone else who has write access to the repo can look at getting some sensible time stamping on the blog posts it syndicates.

Hmm.. I shouldn't moan too loud, otherwise I'll end up being a post on Sam Varghese's blog and will give him something to bitch about Jeff again. (Honestly, I think he's got a crush on Jeff). Jaded lover anyone?

I recently posted about the lovely present my wife got me for our 10 year anniversary.

Sadly, the watch is no more.

Whilst I did really like the watch it did appear flawed.
I've had numerous analog watches over the years with day/date displays and never had a problem. This one however, just didn't wish to stay set.

As a result, everytime we set the day/date, we would find it irregular with it setting either the day or date. What didn't make matters any easier is that it had French days as well as English days. So half the time you ended up looking at MER for Wed, VEN for Fri etc. Whilst this in itself didn't bother me too much (though I would prefer an English only watch), the randomness of the day/date and also the incorrect time display made it more a piece of metal than an accurate time-keeping piece of jewelery.

Whilst away on our anniversary, we decided that it might be a good idea to return and get something that actually worked.

We weren't sure if it was the actual watch faulty or was the model in question.

Luckily, I was able to swap over the piece as Pauline purchased without me there, and was reassured that if 'he doesn't like it' I could exchange it for another watch.

Whilst I did indeed love the watch and the thought behind it. The quality I didn't.
I've had several Citizen watches over the years, and this is the first one that was of dubious quality. I like Citizen watches as they traditionally fit my wrist well and last forever.

After some reviewing and being scared off on a Day/Date combination, I decided on a Citizen Eco watch.

You've probably heard of those watches that charge themselves by swinging your wrist whilst you walk? Those are indeed Eco-Watches.
Things have moved forward in recent years, and they are now solar powered.

That's right -- solar powered!
So I have a very environmentally friendly watch now... no nasty battery chemicals.

It takes a full 12 minutes in full sunlight to charge the watch for 180 days (~ 6 months!).
The entire watch face is actually a solar panel. (Pretty funky 'eh?!).
How does it store that much charge -- there is a battery inside that stores the electrical energy - though it's not a traditional watch battery -- thus the lack of nasty battery chemicals. (So I'm told).

The watch actually fits nicely and it has a nice Fold Over Clasp with a button to release the band. This is much better then the clasp system and ensures the watch doesn't spring open. (This was a common occurrence on my pre-anniversary watch!)

For those technically inclined here's the run down:
Maker: Citizen
Model: BM6272-59P
Range: Eco-Drive 180
Casing: Stainless steel case and bracelet.
Design: Champagne dial with gold tone hands and markers.
Movement Type: Eco-Drive Solar Quartz
Crystal: Hardened mineral Crystal for Superior Scratch Resistance.
Water Resistance: Water Resistant to 100m.
Warranty: 5 Years Manufacturer
Charging features: Charges in Sunlight or Indoors, never need to change the battery. 180 Day Power Reserve. Low Charge Indicator and Time Reset Advisory.

The watch has been cleverly thought out. If the charge is low the second hand will only move every 2^nd tick for 4 days (giving you an indication that the charge is low). After that, the time will stop, however once you return it to some form of light, it will return the time back. (I haven't tried this so I can't comment -- it seems pretty damn hard to not charge the watch!

It will even provide a full day charge under normal fluorescent lighting when exposed for 2 hours.

Previous generations of the Eco-watches were quite expensive, some still are. However if you're selective in your choice you will find that you can pick up one for around the same price as a good watch. (I picked this up for under $200!).

So if you hate the idea of having to change watch batteries (I always seemed to have one watch that had a dead battery at any given time!) take a look at an Eco-watch.

Well it's coming up to the end of financial year, and like many businesses we needed to make a few purchases. (That or pay more corporate tax -- hmmm let me think.. more toys or more tax? )
Generally we don't make many purchases throughout the year and then buy up large near the end of the financial year. (well unless something fails!)

As such we decided to get a decent VOIP phone. We currently use a LinkSys SPA3102 with our cordless phone, but wanted to get a phone with a decent headset so we could talk hands free easily.

We spoke to a few people, did the research and settled on a Snom VOIP phone. In particular, we elected the Snom-300 as the phone of choice for us. Whilst it claims it's the 'base phone', unless you're mega-boss or a telemarketing guru I doubt the snom-320 or snom-360 phones are really required. (They basically have a lot of additional buttons and few features added to the base functionality).

You can configure the phone via the LCD menu system, or use the built in web based configuration. The web-based configuration is very well laid out and easy to navigate and locate what you need.

Upgrading the phones firmware is extremely easy and quite painless. You can watch the progress of the phone being flashed, and it's quite novel to see items like chroot, mount appear on your phones LCD.

Chroot, mount you say?! Yup, at the heart of every Snom is a Linux kernel. Whilst this wasn't the sole reason for buying the device, it's handy to know that with a bit of time I could in theory hack the phone.

I unfortunately get stuck is long boring teleconferences far too often, so I wanted to ensure I also had a phone that was able to plugin in a headset. Not all IP VOIP phones we looked at seemed to have that feature.

The Snom phones do, however they use an RJ-11 headset connection instead of a 2.5mm or 3.5mm jack that people are most familar with. (Many cordless phones also use the 2.5/3.5mm jacks).

As such, we decided to purchase them. They don't come cheap but are worth it. It's a much better solution than getting 'neck cramp' attempting to hold the phone under your chin, or even speaker phone (which seems to pickup more background noise), which can annoy anyone else within earshot.

With the headset, I'm able to easily keep working on my computer; punching away on the keyboard, and those on the other end are none the wiser! (Well besides being too distracted to really keep up with the conversation; dang! I think I just let my secret out....and to think -- people just thought I was vague on the phone!)

Our current setup has me registering both the ATA and the Snoms devices registering directly to our VOIP provider. This works fine, and allows multiple out going calls at the same time, but means only our ATA rings for incoming calls (we have two DIDs).

It makes sense, as the ATA picks up the incoming request and responds... well before the Snoms do. How to resolve?

Easily -- Asterisk to the rescue!

I can setup Asterisk as our local PBX (or PABX for those in Australia!), and have all devices register to it. Then the Asterisk server registers with our Voice Provider.

A bit of Asterisk config and I should be able to get all the phones to ring. In addition, it will allow me to use T.38, add MOH, and voice mail. I also like the ability to have local extensions so we can forward calls between various devices. Currently both Pauline and I share an office, but in our new house we'll be up other ends of the house. So call transfers make sense. I think it would be great to also create an IVR application that puts telemarketers into a loop of endless questions. (randomly generated of course -- so they aren't aware!) Though I think Paul Dwerryhouse's idea is probably the solution.

I'm a newbie to Asterisk (though I've been aware of it for a while -- I just haven't had a need for it)... so I imagine it might take me some time to configure it all up as we desire.

Once done, the only thing Telstra will be getting out of us will be the cheapest line rental we can pay. (They overcharge for that as well!) Though, there is not much getting around it whilst stuck on an ADSL1 connection.

Another purchase we made for the upcoming house was a nice 48-port managed Gigabit switch that contains 12 POE (Power over Ethernet) ports. These will be used to power our phones in the future, saving the need for the current power-pack.

The switch we went for is a D-Link DGS-3100-48P. Like most large switches it's full of fans and sounds like a DC-7 taking off. As a result, it's safely packed back in it's box and will be used after the house move!

We also purchased to UPSes (the old ones had dead batteries) -- strangely it's cheaper buying new UPSes than batteries.
So we ended up with 1 x 1500VA UPS and a 1 x 2200VA UPS.
It appears we'll probably need one more 1500VA.
I went with Powerware UPSes as their is reasonably good local support (and hopefully battery replacements!), and nut seems to work well.

All in all it's been a good month for hardware toys to play with.
Shame a fair bit of this new gear is a few months off until we get into the new house!

Now if only those Intel 8-core Xeons were out.... (my desired replacement server that will consolidate everything down!) If you wish to view a demo of what's coming.. take a look at the Intel demonstration.

I recently read an interesting page entitled '80 of the Best Linux Security Applications'.

Whilst the page looks like a typical 'Digg top 10 list page' (aka Digg-Whoring) it does indeed list some good tools.

It did remind me of the great little tool Nikto; a very handy webserver security scanner.

Nikto does quite a good job of automating and detecting various web-server misconfigurations, as well as known vulnerabilities in web applications.

It's well worth running over your own host just to ensure there is nothing there that the script kiddies will find and play with.

One thing you will notice is that many public web-servers leave the TRACE method open by default. This isn't a bad thing when developing... but probably best avoided on a public web server. (Trace is defined in RFC2616).

Many people write that the way to disable it is via the following snippet of code:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* [F]

Whilst this does indeed remove some of the TRACE methods, it doesn't remove all instances.

The preferred way to actually stop it comes from a recently added directive to your httpd.conf.
The EnableTrace directive was added in Apache 1.3.34, 2.0.55 and 2.2.x).

So basically using the following block will disable the trace method:

EnableTrace off

For those using Apache on a public IP address, it's recommended to disable the TRACE method.

If you require more information on how to harden Apache, I would recommend you take a read through the book 'Hardening Apache'. The author Tony Mobily is actually a fellow Aussie!
He's probably best known as the founder and Editor of the Free Software Magazine.

Many people use ClamAV with their Email server to filter out viruses. This is indeed a good idea!^(tm)

However, by default it doesn't pick up Scam, Phishing or even Malware Emails.

You can add some unofficial 3^rd party databases to beef up the amount of 'bad' data that ClamAV can detect.

•SaneSecurity produce a ClamAV database that holds such information.
•SecuriteInfo also creates a ClamAV database that contains information on Malware.
•MBL also produce lists in various formats, one of these is in ClamAV signature database format.

You can even automate the process easily by using a script to grab these lists at regular intervals (once per day is recommended). Throw it in cron to run once daily, and you're set.

You'll see something like this in your maillogs:

2008-05-08 01:41:14 1JtllZ-0002Ok-5x H=61-228-171-106.dynamic.hinet.net [61.228.171.106] F= rejected after DATA: This message contains a virus or other harmful content (Html.Spam.Gen2942.Sanesecurity.08040202.zip)

Whilst clamd reports it like:

Thu May 8 01:41:14 2008 -> /var/spool/exim/scan/1JtllZ-0002Ok-5x/1JtllZ-0002Ok-5x.eml: Html.Spam.Gen2942.Sanesecurity.08040202.zip FOUND

You'll be surprised at just how much it picks up, outside that of your usual spam/virus scanning and even greylisting processing.

How time flies.

Tomorrow (2^nd May) Pauline and I will have been married for 10 years!
It only seems like yesterday that we were two scared kids wondering what the hell we were getting ourselves into.

We can honestly say that it's been a great 10 years. Whilst like every couple we have our ups and downs, we generally have more ups then downs. We've both grown together and stronger as individuals.

This year, is a big year for us. We are building our first house, and potentially may start a family after that. So life moves on, always throwing more challenges and adventures.

To celebrate the milestone, we're heading away for the weekend.
I'm taking a few days off work to extend the stay. We're not heading too far, but enough so that we're out of mobile phone range and the hum of computer power supply fans for a few days.

We've decided to head up to Healesville. For those unaware, it's located North-West of Melbourne in the Yarra Ranges.


View Larger Map

There is tonnes to do there, and we indeed to make good use of our time! We're hoping to get to Healesville Sanctuary (Pauline is an animal loving nut - this is a must stop for us!), The Hedgend Maze, The Yarra Valley Railway (time permitting), as well as visiting a bunch of wineries in the region (Map here) (I wish to stock up the ever diminishing supply of good Australian Red/White wine I have.)

It will be good to get away for a quiet retreat and leave computers, mobiles, television and most of the usual suspects that distract us.

As I've already blogged, I got Pauline an eternity ring to mark the occasion. Pauline returned the favour by surprising me today with my own present!

She came home with a lovely watch. My existing watch had been banged up quite a bit and was in need of a new battery (though it did tell the time correctly twice every day!).

She couldn't wait to give it to me (she was planning on surprising me on the day and had to show me straight away!

It is indeed lovely, it's quite easy to read, balanced beautifully and quite an attractive piece of jewelry. I'm extremely happy with it. (I would of personally picked something like this - she has got my taste down pat!).

It's fantastic, we now both have something lasting to remember the milestone.

So we've packed our bags, getting the dog looked after and heading out early tomorrow. (Friday).
The camera has been thrown in so we will hopefully take some photos of the picturesque country that is the Yarra Valley.
Pauline's selected a lovely apartment for us to stay in, and it's been furnished in a lovely traditional Japanese style. I'm looking forward to staying there, as it looks divine.

I won't be near a computer or Internet access for half the week, so I suspect the Email will still keep rolling in.
For those of you wanting a response, please SMS me (I'm not sure when we'll have coverage), or wait for our return.

Whilst the weather forecast isn't ideal, it is strangely very similar to the weather we had on our wedding day! In any event we have a number of indoor and outdoor activities planned so I'm sure we'll have a blast.

It's amazing.. I think Scott Adams (Dilbert's creator) must have once worked at the place I'm currently employed at.

The rush on the current project and nothing holdin' 'em back attitude seems to be depicted well in this cartoon.



I love the fact that management has decided that we should proceed at all cost no matter issues there are:

• No backups
• No contingency/rollback process
• No disaster recovery process

The best statement heard in management jibberish: "We've put our name to this project, so we need to ensure it's a raging success".

Strangely, I got a blank stare from the same manager when I asked why would we put our name to such a project when the points listed above are non-existant.

- sigh Another paycheck and a little bit more of me dies inside.....

MythTV is a great Linux based DVR.
It produces excellent recordings and allows you to compress and remove commercials from your recordings using some of the post-processing commands.

One problem that has plagued me (and many others) appears to be that MythTV whilst great when recording LiveTV it has problems when attempting to schedule a recordings. This is particularly true if it's scheduled more than a few hours.

At first I thought it was a problem with the scheduler threads within MythTV, and started searching the web for a solution.
I managed to come across this solution to MythTV scheduled recordings, which appears to state that the initial video sources set-up is incorrect.
Further digging around has shown that this does appear to solve the problem for most people.

How do you undertake fixing it?

1. Use the "Delete all video sources" button in mythtv-setup to delete all video sources and then re-create the video sources.
2. Use MythTV to scan for channels.
3. Edit the xmltvid for each channel. You can use the process outlined in the Frontend Channel Editor.
4. Run a mythfilldatabase to populate your TV listings. (Tip: Use Sheperd if in Australia)
5. Check your listings after mythfilldatabase has run.
6. You should in theory be able to schedule recordings correctly now.

There are many more tips and tricks to recording under MythTV. Feel free to read more up in relation to MythTV Scheduling Recordings.

Currently I'm busily saving all the televised IPL Cricket games, so as yet, I haven't had a chance to try this out. I expect to do so in the next day or so.
If anyone does beat me to the punch, please give me some feedback as to whether it worked or not.

Hopefully this helps resolve the scheduling frustrations many people currently face.

Happy Recording!