Geekularity

I can’t believe I missed this last month. Shortly after Garry Gygax passed away, Adam Rodgers of Wired Magazine posted this great op-ed piece complete with a brilliant flow chart of geek passions. The article is well worth a read, and the flow chart is a fun one to trace your own path through.

I couldn’t have said it better myself!

I spent the better part of the day and night yesterday recovering from a power failure at one of my client’s data centers; a failure that we did not have a contingency plan for. A transformer inside of the building, one that we thought was solid-state and not a concern, decided to self-destruct in the middle of a busy day, bringing down half of the office and all of the IT infrastructure.

We had battery backups and a diesel generator in the event of power loss, but the diesel generator connects to the building on the other side of the dead transformer, so once the batteries died, we were down. The only thing that could have saved our bacon would have been keeping about 1,000 feet of industrial extension cords on hand to run between the generator’s auxiliary ports and our most critical systems. I think the IT director is putting in for a purchase order this morning.

So, with this little nightmare behind me, I thought I’d try to open a thread of top lessons learned while implementing and supporting server infrastructure. These can be hard-learned lessons, or near misses that you’d like to see IT professionals think about and revisit periodically. I’ll start it off with my top 10, which I’ve picked up in my decade of IT industry experience:

1. BACK IT UP!.. AND THEN CHECK YOUR BACKUP. I’ve sent way too many hard drives to a clean-room laboratory to try to resurrect the data off of the failed media, all because the victim either didn’t back up their data, or never bothered to check that their backups were working. This is a sophomoric mistake, but it may take a $20,000 invoice from the data restoration company for a systems administrator to finally get religious about backups.
2. Get servers with redundant power supplies. Plug each power supply into a separate UPS, and each UPS into it’s own breaker, preferably on different legs of the building’s 2 or 3 phase circuit. This will allow you to swap out UPS batteries without bringing down the system and minimizes your exposure to building infrastructure problems (like I experienced last night).
3. Label every outlet in your data center. At minimum, each outlet should have the breaker number and panel location clearly labeled. You don’t want to be searching franticly for the correct breaker when your UPS units are beeping at you.
4. All electrical circuits used by your core IT infrastructure should be dedicated circuits. Do not use shared circuits, especially in locations where office tenants could plug in appliances like coffee makers and space heaters, or housekeeping could plug in a vacuum cleaner.
5. If you have more than one server, label it on the server. If the servers share the keyboard, monitor, and mouse through a KVM switch, make sure that the switch is also clearly labeled, and that the labels are correct.
6. Have a startup and shutdown procedure for bringing all of the systems down and bringing them back up again. Your data center is an organism, and there are critical services on some machines that need to be up and running before other systems can function. Make sure you know which servers or appliances are hosting DHCP, DNS, SysLog, Active Directory, etc., and make sure those devices are high on the boot order.
7. For the love of all that is good in the world, use velcro or zip ties to clean up the cabling around your servers. Keep the wires as short as possible and try to prevent any sort of rats nest wherever you can. It will pay huge dividends later when you are trying to isolate essential from non-essential power cords. Plus, clean wiring will promote air flow and will prolong the life of your equipment. If a cord hangs down below where it’s plugged in, it’s too long. If it touches the floor, it’s too long. Any loose cord that’s near the floor or at about hip level where most geeks keep their blackberry holstered, will undoubtedly get pulled out accidentally if not properly secured.
8. Disks will fail. It’s not a question of IF, it’s a matter of WHEN. So, for every RAID array you maintain, keep one or more spare drives on hand and readily available. If you use your spare, it is imperative that you order a new spare on the same day. Do not put this off.
9. Have an emergency resource guide inside your data center with phone numbers and reference information. Check and update this information regularly. Phone numbers should include electricians, HVAC, plumbing, fire sprinkler contractors and your building’s facility services hotline. Also include the cell and/or home phone numbers of any company executives that you may need to get emergency purchase approval from. Reference materials must include at the very least, all telco and ISP account and circuit IDs. If the resource guide is securable, you may want to include root and administrator login information for your critical systems.
10. I don’t drink coffee any more unless it’s in a traveller mug with a close-able lid. My son calls it “Daddy’s sippy-cup.” Even still, coffee, soda, water, or whatever should never enter the server room. I can still recall, in vivid detail, the day the CEO of the company I was working with, dropped his mug three feet in front of an open server cabinet. In slow motion, I watched as a splash of coffee arced gracefully from the shattered mug and into the front of a server’s hot swap drive bay. The result… refer to the invoice mentioned in tip #1.

So this list is just a starter. Please add your tips and tricks to the comment section below!

There may be a day in the not-too-distant future where a you need only hum a few bars before your bio-media-comm implant automatically checks all the online music stores, buys, downloads, and plays the song directly into your cerebral-cortextual-whoozawhatzit. Until then, there will be at least a few moving parts between you and your music enjoyment. Apple has made tremendous strides to reduce the number of moving parts by creating the closed system of iTunes and iPod. Outside of that system however, the amount of work required to get music into your ears increases exponentially.

Efforts to integrate other music services into the iPod music experience have come and gone, all with mediocre success. The process of transferring music from the outside into iTunes has either been too difficult to attract users or has been blocked, either legally or technologically, by Apple.

Amazon introduced their MP3 music download service this week, and so far it appears to have legs! The downloader used by this service is available on PC and Mac platforms, it integrates with iTunes and Windows Media Player, and best of all, the music is high fidelity and DRM free! The installation was a snap, and the music sounds great! Coupled with Amazon’s One-Click shopping experience, this service is poised to take a bite out of Apple’s music sales!

The Amazon MP3 service is still in beta, so there may be some additional features and UI enhancements in the coming months, but as of right now, it looks pretty good. Apple has a challenge that it will need to answer to. Possible responses from Apple may include:

• Ramping up their DRM-free music offerings assuming they can make nice with enough music labels. Perhaps they’ll even drop some prices on songs. Yay!! Competition breeds choice.
• Some technology kung fu or legal action which limits Amazon’s ability to load the songs directly into iTunes. Boo!! Apple talks the talk when it comes to openess, but can’t walk the walk as their feet are in cement shoes being poured by the ??? (RIAA?).

Fortunately, Amazon can play in the tall grass with the other big dogs, so I think we finally have another formidable player in the online music market! Game On!

For those who bought the iPhone at its original price of $600.00, Apple has released the details on how to claim your $100.00 credit. There are two tips I’d like to pass along so that you don’t pull your hair out while you sit on the phone for 20 minutes waiting for an Apple support agent to pick up the phone:

1. Do not actually try to redeem your store credit using the web browser on your iPhone. At the end of the process will be a page with bar codes and serial numbers, which you will need to print if you intend to visit a physical Apple Store. If you started the process on your iPhone like me, don’t worry, you can start over again using your computer.
2. If you are looking to put your $100 store credit towards an iTunes gift card, and you are looking to get some instant gratification, don’t redeem your store credit on the online store. The “Gift Certificate by Email” option, upon checkout, does not allow you to apply a store credit. That area of the payment page is greyed out and unavailable. You CAN order physical iTunes gift card(s) and then apply your store credit, but then you will need to wait for snail mail to deliver your cards. If you are in a hurry to turn your credit into iTunes songs, then a visit to your local Apple Store will be in order.

OpenID is an up and coming authentication standard that allows you to log into participating web applications using the same credentials for each. No more having to remember different usernames and passwords. You can authenticate with an OpenID compatible web service using a unique URL instead of a username and password. In my case the unique URL is http://seanosteen.com. Since this URL is unique to me, I do not need to worry about someone else registering the same username and blocking me. My authentication URL will always be http://seanosteen.com for as long as I own my own domain name.

Of course, right now, this standard is still in its infancy. Many more sites need to support it, and many *many* more users need to start using it in order for the technology to gain the necessary critical mass. Give it 3-4 more years, and I think most commercial websites will support OpenID authentication.

OpenID will thrive in an arena where other federated or single sign-on services have not, and here’s why:

1. OpenID is just as its name implies, an open standard. Anyone can implement an OpenID provider service, and there is no way for a big corporation to force you to use their service over another provider. They can only attract customers with better service and value-added solutions.
2. It’s easy to get started using it. You can sign up with any number of OpenID providers and receive an OpenID based on one of their accounts. With a little bit more work, you can setup a delegation to make your website or blog your own OpenID. I strongly recommend the delegating to your own custom URL as this decouples your OpenID from your service provider which will allow you to change providers at any time with a minimum of hassle.
3. It’s easy to implement on existing web applications. There are code libraries and samples for implementing OpenID on just about every web publishing platform. Some of the popular content management systems like Drupal, Joomla, and Wordpress already have plugins available to use. Most of the blog publishing services like LiveJournal & Wordpress allow you to easily setup your blog’s URL as your OpenID.
4. It’s easy to switch between providers! The OpenID standard provides for a delegation model. This means that you can make an OpenID out of any URL which you have control over and set it up using the OpenID provider of your choice! This is how I made http://seanosteen.com my OpenID. Just recently in fact, I switched between my old provider MyOpenID and my new one Personal Identifcation Provider (PIP), by Verisign; and I did so in about 30 minutes. All I had to do on my end was to copy and paste two lines of code into the HTML markup on my website. I didn’t even need to visit any of the websites, on which I use OpenID, to make changes. They automatically picked up my new delegation and authenticated me using my new provider. It’s that easy! This is of course using my custom URL as the OpenID. If you use the OpenID provider’s OpenID URL, a little more work will be involved to associate your new OpenID with an existing account.

By the way, Verisign’s Personal Identification Provider (PIP) is still in a beta testing phase. But one of their cool value added services, and the reason for my switch, is the availability of multi-factor credentials, specifically their SecureID key faubs. My only difficulty in implementing the PIP OpenID service was that they have not published how to setup delegation to their service. So, I contacted support on Saturday afternoon, of the long Labor Day Weekend here in the United States. To my surprise, I got a very prompt and helpful reply within an hour from Gary Krall, the Technical Director for the PIP project. Kudos to Gary and crew for the amazing response time on a holiday weekend.

I am very fortunate to be on the ground floor of a new coworking facility in Berkeley, CA. It has been aptly named Berkeley Coworking! We are having our open house party tonight and links to party photos are to follow. Here is a slideshow of how it’s been setup so far:

Ignoring that faint voice in the back of my head that tells me that Google may indeed be Skynet, and that our robot overlords are just a few years away from their planned invasion, I decided to hand Google the keys to my kingdom. I have moved several of my internet domains over to Google Apps. What that means is that all of my Email, Calendar, News, and soon phone calls, will be hosted (and probably indexed) by Google. In the coming weeks, I will move all of the domains I manage, both personal and professional over to this amazing service. This excludes my clients whom I manage, but do not actually host.

I’m doing this because hosting my own email is both tiring and expensive. Rather than spend countless hours being my own systems administrator and doing endless battle with the spam trolls, I decided to delegate this little bit of geekery to someone who is more proficient. When complete, this move will hopefully free up some significant mental energy (and funds for that matter as the Google Apps basic package is free) to spend on other pursuits. Besides, Gmail and Google Calendar are easy to use, easy to access, and quite a good value for the price!

Right now, I’ve only moved my professional domains, but my [family] clients and my personal domains will soon follow. When all is complete, I should no longer need to rent a dedicated server, and my monthly recurring expenses should go way down. This comes after reading Scott Hanselman’s post about doing the same thing for himself and his entire family. So, special thanks to Scott for outlining his process and his reasoning. It was a big help.

I didn’t know that RAID was a bad word, much less a bad acronym, unless you are an insect. But after reading the Drobo product literature and watching Robert Scoble’s interview with the Data Robotics, Inc. management team, it became clear that Drobo’s marketing machine wants nothing to do with the term RAID. Apparently RAID has become synonymous with enterprise-level, expensive, hard to setup, and hard to maintain. Wanting to target small businesses, small offices, and home users, Data Robotics, Inc. calls their product a Data Robot (Drobo for short); a protected storage solution which uses industry standard data protection methods. Marketing gloss aside, I think that the Drobo product embraces the best of what RAID was supposed to mean: Redundant Array of Inexpensive (or Interchangeable) disks.

The Drobo unit accepts up to 4 disks, and will take any 3.5″ form factor Serial ATA disks you already have, or purchase and optimizes them to run as one large virtualized disk. No matter what size the disks are (unlike other RAID solutions, the disks do not need to be the same size in the Drobo appliance), the Drobo operating system will build the largest volume possible while providing at least a minimum level of protection against hardware failure. Whether it’s just two disks, on which it builds a mirror (equivalent to RAID1) or three or more disks where it creates a striped set with parity (equivalent RAID 5), the Drobo OS takes care of all of the configuration for you. It will even build a redundant mirror when a single disk is inserted. However since a single disk mirror will still fail if the single disk stops spinning, I do not recommend relying on this configuration for hardware data protection. The Drobo appliance will even rebuild and resize the partitions when additional hard drives are inserted in real-time without the need to bring the volume offline.

I’ve been evaluating my Drobo unit for two weeks now, and I set it up to run attached to a Mac Mini, which acts as my office server and media center. I can then share my files with my other computers using several protocols including Samba, Apple FileShare, or SSHFS. The unit was easy to set up, and runs very smoothly. With the exception of some noise when the cooling fan ramps up to full speed, the unit is normally very quiet. I purchased the $500 Drobo appliance, but I already owned the four disks that I put into the unit, all 200GB drives. This configuration gives me a total of 550 GB of space to hold my data. The remainder of the space is reserved for data protection and for system overhead. As drives fail, or as I need to expand my storage, I can simply upgrade the disks one by one and without taking the appliance offline. I will simply slip out the oldest or smallest drive and insert the new one. After a few minutes, the Drobo appliance will have formatted the drive and resized the volume to utilize the new disks.

Although I am very happy with the data protection that the Drobo appliance provides, I do not consider it an excuse to not backup. A protected storage appliance like this will not protect me from fire, flood, or other disaster, so I still backup all of my critical files nightly to a removable drive which I swap out each week and take with me off site. In the future, I plan to setup an rsync relationship with a computer at my house and move all of the changed files across the wire each night through a cron job. But that’s a project for another day. All and all, I’m very happy with my Drobo appliance and would recommend it for individual users and small offices with large storage needs, but who do not have large throughput needs. The Drobo appliance attaches to the host system using USB 2.0 and the specifications claim that it has a sustained transfer rate of 22 MB/s. This is enough for an individual to run a video editing project on it, but it may bottleneck when I/O intensive databases try to move large chunks back and forth. At that level, you would need to build a more enterprisey RAID solution anyway.

I have joined in with a chorus of geeks who wish they could use and recharge their MacBooks while they were in the car or boat. But Apple only makes a DC adapter that is compatible with airplane power ports and not with 12V car (cigarette lighter) ports. Since the MagSafe connector is patented, and they have yet to license it to third parties, there just aren’t any commercial solutions to-date. Sure you could use a power inverter to plug your normal power brick in to your car, but the conversion from DC to AC and then back to DC is extremely inefficient, and I’ve found most devices to be rather noisy and hot. I was looking for a DC-DC conversion solution, and I figured I would have to take matters into my own hands.

I am a decent maker/hacker and I love playing with electricity. I can’t tell you how many times I’ve electrocuted myself in this lifetime… all in the name of science and discovery of course. Nevertheless, I am out of practice, and when I looked at the four or five pins at the end of of the MagSafe adapter, I assumed that there was some complexity to the voltage and polarity, and I had neither the time, nor the drive to figure it out. Plus, my MacBook Pro is now my primary business asset. If I mess it up by shorting it out somehow, this experiment gets very expensive very quickly. So, I put this project on the bottom of my to-do list as I waited for something better to come along.

About a week ago, I came across this link (via RubyHead) to Mike (MikeGyver) Lee’s website where he sells both turn-key solutions as well as instructions to build your own DC-DC power adapter for the MacBook and the MacBook Pro. The great thing is that I already owned one of the third party power adapters that he recommends, so all I needed was about $7.00 worth of radio shack parts. Awesome! So, I bought the do-it-yourself instructions from Mike Lee, and gave it a go last night. So far it works great!

It turns out that the polarity and the pinouts on the MagSafe Adapter are really no big deal. I won’t give away the details in this post. So if you are interested in doing it yourself, or even buying a turn-key solution, please check out Mike Lee’s information. I advise you to visit this site sooner rather than later as Apple has away of making cool and helpful things like this disappear through cease and desist orders. Anyway, I now have a road-trip worthy MacBook Pro.

[UPDATE: 2007-06-25 10:30 AM PST]

Yes, this configuration does charge the MacBook’s battery, unlike the Apple Airline adapter which just powers the laptop. It’s hard to see, but the indicator light on the MagSafe plug in the picture above is indeed orange.