Draconis Software Blog

I recently saw an article about the DomainKeys Identified Mail (DKIM) draft being accepted by the IETF as an official proposed standard (even though it happened back in February). I really hope the acceptance of this takes off, though the article seemed to show many large companies (who could probably benefit from it) non-committal.

DKIM is a simple means for verifying the origination of an email in an attempt to better track (and fight) spam and phishing messages. The method is simple: the sender encrypts the message body using it’s private key and stores this in the message header (non DKIM receivers, then, can safely ignore it and still deliver the message). A DKIM-enabled receiver looks up the originating domain’s record and extracts the public key. From Wikipedia: “The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail body that was received, from the point immediately following the “DomainKey-Signature:” header. If the two values match, this cryptographically proves that the mail did in fact originate at the purported domain, and has not been tampered with in transit.”

(Read the article)

Normally if I’m going to write a script to automate a task via cron, I’ll use Perl (or lately, Ruby). Recently though I needed to use PHP in order to take advantage of common code from a web application. I was expecting this to be an unpleasant experience, using PHP outside of web programming, its raison d’être. However I ended up being pleasantly surprised with the results.

There are a few cases where it may make sense to write scripts in PHP:

1. Code reuse. This was my reason for going with PHP. If a script is related to a web application written in PHP, it’s good practice to avoid reinventing as much functionality as possible. This also makes it easier to write tests directly in PHP.
2. Availability. PHP tends to be widely installed on most machines, especially those with a web server. If you’re not sure what type of system the script may be running on, PHP might be safest bet.
3. Widely known. There are a lot of languages out there nowadays, but PHP tends to a common denominator among developers due to its age and ease of learning. This is useful if the code is being written in a team that doesn’t have the same knowledge base. Even if someone doesn’t know PHP, it’s usually pretty easy to pick up given it’s similarity to languages like C, Java and Perl.

Luckily, PHP makes it very easy to move out of the web area into scripting. Recent versions of PHP include a Command Line Interface (CLI) which allows code to be run outside of a web server. The CLI also provides for parsing of command-line arguments and easy access to stdin/stdout/stderr. I had never used the PHP CLI before but was able to pick it up very quickly.

My foray into PHP scripting was also made a lot easier though various helper functions. PHP includes quite a few functions that can come in handy when writing a script or doing administration. For file I/O, the file_get_contents()/file_put_contents() pair of functions can be used to read or write the contents of a file in a single line of code, and I found them to be particularly useful. PHP’s functions for dealing with the filesystem, image parsing, string manipulation, and database processing are also helpful and may come in handy for the system administrator.

So the next time you need to write a script, consider using PHP, especially if it relates to a web application that’s written in the language. And if the decision to use PHP is forced upon you, don’t despair, as it might be a lot easier than you think.

Additional Reading:
Using PHP from the command line
SysAdmin to SysAdmin: Scripting admin tasks with PHP
System Administration with PHP

Comments (2)

I’ve generally been a fan of certification programs for systems administrators as a means for providing at least a basic idea of the competency of a potential hire. After reading this article at Linux.com, I’m not particularly surprised to see the number of certifications expected to increase (especially for GNU/Linux programs), though I have to wonder about it: the best sysadmins I’ve known didn’t have a single certification and weren’t particularly interested in getting one.

I see the whole certification process as having two main flaws (as least on the part of companies certifying their own products): (1) little pressure on the part of the certifying company to make the tests difficult or otherwise accurately prove a taker’s skills, and (2) lots of pressure on the part of the company to test the applicant’s knowledge of vendor-specific aspects. It seems to me that it’s in the interest of the certifying company to have lots of certified engineers out there who know the ins-and-outs of that company’s products and little about any competing products.

So, as someone who needs to hire a competent sysadmin, how does this help me? A potential sysadmin who’s certified as an MCSE or RHCE or whatever shows they can take a test and know the basics of that particular company’s product, but what about the millions of other things that sysadmin would be responsible for? Really, it seems these certifications are good for large companies interested in a sysadmin to manage many exact-same boxes and little else. For the majority of employers, especially startups and growing companies, I’d think someone who is more well-rounded in things they’d need to manage is much more useful (for instance, can a sysadmin fill in for a network admin should the need arise? do they understand infrastructure needs to make recommendations for expansion? etc). The best skill a sysadmin can have is the ability to learn as they go and adapt to changes. Having a certification in a particular OS doesn’t particularly help if its a heterogeneous network.

I think certification is a useful process but I’d like to see programs that are more comprehensive, easier to afford, and focus on general skills regardless of environment. What do you think? Have you gone through a certification process and, if so, how has it helped you? In the past, I’ve thought about getting certified myself, but never went through with it primarily for these reasons (as well as the cost).

As I mentioned recently, this blog is just inundated with spam on a regular basis, and keeping it from making it into comments is quite a chore. The first step in fixing the problem was to install a CAPTCHA system (in our case, we used a simple math question rather than a hard-to-read image), but it doesn’t solve all the problems. For instance, the other source of huge levels of spam was fake trackbacks. Solving this, however, was so simple I should have done it from day one.

The solution was to install a simple Wordpress plugin to check for a legitimate link to our blog - it loads the referenced page from each trackback and searches for a link. If there isn’t one, it marks it as spam. Simple - and it’s reduced the number of spam comments that reach our moderation queue to near-zero.

Between the trackback checker and the CAPTCHA, blog spam is much more manageable.

We’ve been looking for a good way to manage the myriad of projects we’ve been working on lately, with efforts spanning several clients, different developers, and all sorts of other complexity, and recently gave activeCollab a spin. If you haven’t seen it yet, it’s a great open source project management tool without a lot of the bloat (plus, it doesn’t have any of the restrictions found in BaseCamp, a tool we were also considering). I’ve been quite happy with it so far, though we’ve only just begun using it.

The idea is to allow access for many of our clients to the activeCollab portal throughout the relationship, making it easier for all of us to communicate progress. Of course, nothing will replace those good ol’ regular status reports, phone conferences, etc, but this gives clients a better understanding (and a more direct line of communication to developers) while working on their project.

My biggest concern going forward is keeping things fresh. We’ve tried using SugarCRM in the past to manage clients, contacts, projects, and other data, but it just wasn’t used as much as it could be (people just didn’t keep it updated or use it on a regular basis, myself included). Part of this could be due to it being a change in a regular routine, but I think there was something else. After all, we implemented a wiki based on MediaWiki after trying Sugar to great success. So I believe the main problem with Sugar was due to it being not quite what we needed. Incidentally, Sugar has an interesting project management module for the Sugar Enterprise product, though we’re not ready to make a purchase for a tool like this yet. Hopefully activeCollab will be a success.

GigaOM is running a great article today about the changing environment faced by network engineers - as high-performance, well-optimized Internet providers are becoming ubiquitous, and access to the Internet has approached commodity status, what is the relevance a network engineer plays in today’s new economy? The article raises the question of a network engineer’s place: is it primarily with the Internet service provider - ensuring service is available and customers have access (think a lineman for the telephone company) - or is there still a place for an experienced network engineer supporting a company’s customer-facing operations? As the article says, service-oriented Internet companies, providing services to millions of users, may no longer need network engineers on their staff to support these operations.

To this CTO, knowing the details of his network and server infrastructure was like knowing the details of the local utility electricity grid – not required. Is this a bad thing, or proof that networking technologies have succeeded?

The question posed is this: do companies building Internet-oriented products, Web 2.0 service companies for instance, need network engineers to keep their systems running? Or does it make more sense to outsource these kinds of operations to a third party (for instance, hosting everything via a virtual server or other hosting provider)?

(Read the article)

I’ve been getting annoyed lately with the deluge of spam this blog receives. For a blog without particularly regular content (and not a very large audience, too), we seem to be inundated with spam.  So, I went looking for a solution.

When it comes to fighting blog spam, there’s really two routes: setting up a comment filtering system to weed out comments that match a set of filters, or a CAPTCHA component. One of my biggest gripes with most CAPTCHA systems is the ugliness of the solution: the images are made as difficult as possible to read, making it as difficult as possible for a human to post a comment. Well, I found a different solution that I am much happier with: a simple math question, asking users to solve an equation before allowing the post to go through.

(Read the article)

RHEL 5 has just been released today, and has a number of interesting new features (here’s the announcement). The main focus of the release has been around virtualization and security, as well as doing away with the ES, WS, and AS monikers, replacing them with more generic (and less confusing) terms such as RHEL Advanced, Desktop, etc. Coming 2 years off the last release, I think RHEL is due for an upgrade.

Check it out. Though we don’t use RHEL on our production machines, a number of large IT departments do. Be sure to post your reactions here.

Thought I’d follow up to yesterday’s note about organizations shifting to Web 2.0 technologies (often called Enterprise 2.0). As this note so elegantly puts it, it’s not a matter of if, but a matter of when. Eventually, Enterprise 2.0 will be a reality in your organization, and it’s better to start thinking and planning for that than sticking your head in the sand.

I think the biggest obstacle, as I pointed out yesterday, is getting over the fear of wasting time and resources on potentially low-return projects. But on the other hand, it’s possible these projects turn into a major boon for an organization. You never know till you try, and you might as well start trying.

(Read the article)

There’s an interesting post at ZDNet today about how many traditional companies are quickly adopting Web 2.0 concepts on their customer-facing web services, while at the same time, internal services aren’t utilizing these as quickly (if at all):

More organizations shift to Web 2.0 while IT departments remain wary by ZDNet’s Dion Hinchcliffe — A couple of recent announcements from two large, very well-known organizations provides some interesting data points on how Web 2.0 is affecting the product designs and business processes of otherwise very traditional institutions. Both USA Today and the U.S. Patent and Trademark office have recently unveiled strategies for letting their users use two-way Web capabilities to contribute directly to the products and services they offer. And many other mainstream companies, such as Pepsi as well as GM and XM Radio have been exploring externally-facing Web 2.0 concepts in their products for a while now.

Perhaps the biggest issue most IT departments have (and really, the managers who juggle worker productivity concerns), is the worry users will spend too much time contributing to these social services than otherwise being productive. “Thus, the best that Web 2.0 and Enterprise 2.0 applications like blogs and wikis can do it increase the productivity of existing business processes by improving efficiency as well as allowing them to self-improve through emergent structure and behavior.”

(Read the article)