If you have a good systems administrator, you’ll never know he’s there

Posted on July 8, 2011 by jpk

I recently wrote about what a systems administrator does.  I talked about how being a good systems administrator requires vigilance and foresight: to make sure that servers are always running reliably, I have to be able to predict what might go wrong and take measures to prevent problems in the future.  I also need to have redundancy and backups built in, so that if things out of my control do go wrong, there will be minimal downtime and minimal interruption for my clients.  I try to make sure that my clients never have problems with their servers, and if there are problems, that my clients don’t notice.

What this ultimately means for my clients is that if I am doing my job right, they never know I am there.  Their servers run reliably, and they can go about doing their work without ever having to give a second thought to me or their servers.

I really like this behind-the-scenes nature of my work.  You know how they say that “behind every successful man is a good woman?”  Well, behind every good technology company is a good sysadmin.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in Uncategorized | Leave a comment

Why graphic designers don’t need to code

Posted on July 1, 2011 by Morgan

There is a lot of debate in the web design world over whether graphic designers should learn how to code.  The general consensus seems to be that graphic designers should be able to code: that is, they should know HTML/CSS/WordPress/PHP and whatever else they need to turn their designs into websites.  There are lots of good reasons why designers should be able to code, and in an ideal world, I agree with all of them: it makes designers more marketable, it’s good not to rely on outside help, the design process will happen with coding in mind, and the designs will be better suited to the web medium.

However, the world is far from ideal, and in practical reality, I don’t think that designers, particularly freelancers, should feel pressured to learn how to code.

Time constraints

Freelancers are very busy people, and anyone who is working enough to earn a living is going to have trouble keeping up with all of the changes in both design and code.  The internet is a rapidly-changing world: it’s very difficult to keep up to date with all of the changes happening on the internet and to keep constantly learning new skills.  Trying to stay current with both design trends and changes in coding and languages seems unrealistic, especially for a freelancer is who busy working and finding new clients.

Left brain vs. right brain

Graphic design and coding are very different sets of skills, and use very different parts of the brain.  Both require creativity, but design requires a good visual sense and artistic skills, while coding requires logical and systematic thinking.  I know that there are some amazing individuals out there who are good at both, but it general it is unrealistic to expect one person to be highly skilled at design and coding.

Creativity vs. limitations

I work with several graphic designers: I am better at code than design, so I really enjoy taking graphic designers’ work and turning it into tidy and functional code.  Some of the graphic designers I work with know how to code, and some don’t.  One of the major arguments in favor of designers learning to code is that they will be able to create designs that work well in code: they will know what’s possible and what isn’t, what is easy and what isn’t.  In theory, this sounds like a good argument, but in reality, I have actually found that graphic designers who know how to code are less creative than those who don’t: they are held back by thinking about what is possible and easy, instead of being free to think of what will look good.

Stick with your skills and form good partnerships

People should stick with what they’re good at.  It seems much more productive to me for graphic designers and coders to form partnerships. If a good graphic designer can find a good coder, the coder can tell the graphic designer if their designs are impractical to code.  Both will work quickly and efficiently.  In the long run, the client will get a better and less expensive product if a good graphic designer and a good coder can work on it together.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in rant, web design | 2 Comments

What to look for in a good WordPress plugin: user-friendly documentation!

Posted on June 22, 2011 by Morgan

One of the things I love about WordPress is the multitude of plugins that are available: every time I think of something I wish WordPress would do, I can usually find a plugin that already does it.  There are an awful lot of plugins out there, and choosing the right one can be tricky sometimes.  Michael Fields has recently written a very good post about how to choose a good plugin.  There is one more criterion I would add to his: good documentation.

Of course, this seems like a no-brainer: obviously documentation makes a plugin easier to use and to debug.  But there are a few plugins that really go the extra mile and write the documentation into the plugin, and make the documentation extremely user-friendly, so that not only developers who know where to look on wordpress.org can find it, but less computer-savvy end-users can also find it.

I end up writing a custom manual for almost all of my clients: the manual tells them everything they need to know to update and maintain their own WordPress site.  The manual also describes all of the plugins.  Most plugins get at least a half a page in the manual, discussing what they do and how to use them.  Every once in a while, I come across an exceptional plugin where all I have to do is refer the reader to the plugin’s documentation.  That saves me a lot of time and effort, and I know that the developer will update the documentation as the plugin is updated.

I recently found a lovely javascript slideshow plugin that does this: Portfolio Slideshow.  The plugin settings page has all the instructions right there, so you don’t even have to visit the plugin website.  Another good one is the ubiquitous Contact Form 7, which has an entire website of instructions designed for readers of all levels.  These plugins both work very well, and they both provide a lot of easy-to-find documentation that makes my job and my clients’ lives a lot easier.

What do you think?

I was just about to publish this post when I noticed that I’m not the only one thinking about plugin criteria right now.  Yoast, a WordPress plugin website, currently has a survey about why people install plugins: you can go add your two cents!

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in plugins, WordPress | Leave a comment

What does a freelance systems administrator do anyway?

Posted on June 13, 2011 by jpk

Everyone who uses the internet relies on systems administrators, and yet one of the biggest challenges of being a freelance systems administrator is explaining what I do.

Well, the shortest answer is, “A systems administrator takes care of servers.  Not all companies who rely on servers have a need for full-time sysadmins, which is where freelancers like me fit in.  I work primarily with small companies who need someone to take care of their servers, but don’t have enough work to justify a full time employee. ”

But this explanation inevitably leads to two questions: “What is a server?” and “What do you have to do to take care of them?”

Photo of the inside of a server

The inside of a server

You can read the wikipedia article about servers, but in short, a server is a computer that, well, serves: that is, it gives out data. Just like a waiter in a restaurant serves you the food you order (usually), a server sends you the data you want (usually). If you want to view a website, your browser asks the appropriate web server to deliver the website to your computer. If you are using a file server at your office, your computer asks the server to let you work with certain files. If you check your email, your email client asks the server if you have any new messages. The internet is made of servers, all of them busily pushing out the data that users request of them, over the internet or over local networks.

Of course, just like a waiter in a restaurant, sometimes servers screw up. Sometimes it’s because you simply ordered the wrong thing. But sometimes they trip and spill the tray, sometimes they forget your order, sometimes they try to carry too much, and sometimes they come to work sick and just aren’t capable of doing a good job.

This is where systems administrators come in. We take care of servers to make sure they are healthy and always ready and willing to do their job correctly. There are lots of activities involved in making sure they are working correctly:

  • Make sure that the hardware is functioning properly – if a hard-drive is acting like it might die soon, a good sysadmin will detect that and replace it.
  • If a hard-drive does fail, make sure there are other hard-drives ready to pick up the job with no downtime, or if not, that there are backups available for as little downtime as possible.
  • Monitor servers to make sure they aren’t working too hard: if website suddenly starts getting twice as much traffic, the sysadmin might need to make some adjustments to make sure the web server can handle the traffic.
  • Install updates to software to make sure the server is always running the newest, most secure versions. And sysadmins keep servers secure and safe from hackers.

Servers run lots of different software. There are many different operating systems on servers: but perhaps the best-known are Windows and Linux. I have some experience with Windows servers, but I specialize in Linux and other Unix-like operating systems such as Solaris and NetBSD.

Why a Freelance Sysadmin is a Good Choice

Many sysadmins have full-time jobs, usually working for fairly large companies.  However, not all companies who rely on servers have a need for full-time sysadmins, which is where freelancers like me fit in.  I work primarily with small companies who need someone to take care of their servers, but don’t have enough work to justify a full time employee.  For some of my clients, I do regular monitoring (checking on the status and health of the server) and updating, to make sure their servers are constantly happy and healthy.  Some clients ask me to set up a server and get it running, and then they take care of it themselves.  And some clients call me in for special projects such as upgrades or disaster recovery.

Being a good sysadmin requires a lot of vigilance, foresight and experience.  It involves careful monitoring of servers, and preventing problems before they happen.  If a sysadmin is doing his job well, you will never know he is there: servers will run smoothly and quickly, and always be available and responsive when you need them.  This is why we can all rely on sysadmins without ever knowing who they are or what they do: they work quietly behind the scenes, making sure that your internet experience is speedy and seamless.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in sysadmin | Leave a comment

June Fremont Geek Meetup!

Posted on June 8, 2011 by Morgan

Fremont Geek Meetup! In conjunction with the Fremont Chamber of Commerce and Nautilusnet, we are delighted to host another Fremont Geek meetup. Techies of all types are welcome to get together to network, meet like-minded geeks, and hang out. James of Nautilusnet always provides lots of wonderful home-made food, and we provide beer and beverages.

Learn more and RSVP!

Thursday, June 30 from 7pm to 9pm at History House, 790 N 34th St.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in events | Leave a comment

Server problem detection: IO problem on old Linux kernel

Posted on May 23, 2011 by jpk

As a freelance Linux systems administrator, I see a lot of odd problems come up. Some I can easily solve using just the things I know (making it appear to be magic), and others require a lot of sleuthing work, which is the part I usually enjoy!

Recently one of my client’s Linux servers was performing poorly – very slow webpage load times, and a load average that had crept to over 20.00! There was nothing obvious slowing it down; CPU use was nominal, there weren’t too too many processes, and memory usage wasn’t unreasonable. However, this wasn’t my server (it was a dedicated server from a hosting company) and their custom Linux kernel did not have some key components I usually use when diagnosing a problem (namely per process IO accounting). It took some clever detective work to figure it out: I eventually traced the problem to a WordPress plugin being used by someone else on the server. I thought I would document my detective process, in case any other systems administrators run into similar problems.

There weren’t any extra processes running, apache seemed normal enough, no DOS attacks were present according to the log files, no SYN attacks, nor even slow loris that I could determine. Plus, there was a significant load present–that shouldn’t happen with SYN or slow loris attacks. There was enough load that apache eventually stopped responding to requests, and required a restart to serve pages again. After the restart, the load average dropped drastically for a few minutes, but then started to climb again.

One of the problems I had seen with this server in the past was apache running out of IPCs, so during one attempted restart, apache didn’t start with error:

No space left on device: Cannot create SSLMutex

To clean up the leftover IPCs, I ran:

ipcs -s | grep apache | awk '{ print $2 }' | xargs -n 1 ipcrm sem

but unfortunately that didn’t help.

I looked at the already running muninmonitoring agent to see that spikes started the day previously at about noon. I saw that in addition to a slightly higher number of apache processes than normal, there were a great many more interrupts, and, ta da!: IO load.

Next came trying to find where the IO load was coming from.

The custom kernel that the hosting company provided did not have the necessary per-process IO accounting support compiled into their kernel, so running the really handy iotop wasn’t an option.

I found a few posts detailing alternatives; the most promising was having the kernel log all the IO work it does to the dmesg log. I needed to first clear out the dmesg log:

dmesg -c > /dev/null

Then I enabled the IO logging and recorded all the logs to a file (as dmesg only has a limited size):
echo 1 > /proc/sys/vm/block_dump
while true; do sleep 1; dmesg -c >> /var/tmp/diskio; done

After letting the kernel log all the IOs for a few minutes, I disabled the IO reporting

echo 0 > /proc/sys/vm/block_dump

and sifted through the findings:
cat /var/tmp/diskio | \
 awk -F"[() \t]" '/(READ|WRITE|dirtied)/ {activity[$1]++} END {for (x in activity) print x, activity[x]}'| \
 sort -nr -k2

After some initially misleading results pointing at the too little memory (the processes and xfsbufd being responsible for all the IO) that were causing the problems (leading me to tune the swappiness (how much the system aggressively tries to cache files versus keeping programs in memory) of the system to try and lower the memory usage for cached files so things wouldn’t be paged out) I found that it was apache that was responsible for the extra IO.

That’s great, except without per process IO accounting, I still couldn’t follow in real time where the problem was.

Eventually, I stumbled upon htop, which I found while searching real-time IO monitoring. Because of the aforementioned problem with the kernel, I could not use that part of it, but it does have very convenient strace capabilities built in. When I ran into an httpd process that was with a particularly high CPU usage, I would quickly select it & run strace on it (by pressing ‘s’). By doing this often enough, I was able to watch what files the process was opening and thus find one particular web client that generated a much larger number of file open calls than other clients. After a quick look at the logs & backup files, I found that he had recently installed a couple new WordPress plugins, including W3 Total Cache. I have used this plugin to great success several times before, but the authors of W3 Total Cache do say that you need to be careful when configuring their plugin! In this case, the CDN portion of it was not configured correctly and it was constantly checking every single file in his large site and that was the cause of the huge IO load.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in detective work, linux, servers, WordPress | Leave a comment

Adapt an existing solution, or code your own from scratch?

Posted on May 10, 2011 by Morgan

A question we are asked often is “Should I use existing software and adapt it to my needs, or should I hire someone to code it from scratch?” We have been asked this under a variety of circumstances. When making WordPress sites, clients often want to buy a pre-made WordPress theme from somewhere like ThemeForest, and then change some of the appearance and function. Clients making complex websites that need unusual forums or e-commerce sometimes want to take existing software and adapt it to their unique needs.

This is a tricky question, and obviously the answer is going to depend on a lot of factors, such as time, budget, the expertise of the people involved, the scale of the project, and just how much needs to be changed. We have been involved in projects that took both approaches. It seems that adapting pre-existing code would be easier and cheaper than writing something from scratch, but in our experience, that is not always the case. I have bought WordPress themes only to find that they didn’t have all of the files I expected and I had to generate my own page templates, or that the code was locked down so that I had to create weird work-arounds to be able to make any changes. Sometimes adapting something that already exists can take a lot more time, and make a much worse end-product, than just writing it from scratch. Our experience has taught us a few extra things to consider when answering this question.

First of all, if at all possible, take a detailed look at the code for the pre-packaged solution. Unfortunately, this is rarely possible in cases where you have to buy the software or code. But if you can get access to the code, it is worth spending an hour or two to see how adaptable it is really going to be. Some software has such poorly-documented code that it takes more time to figure out how to change the code than it would to just start from scratch. Sometimes once you look at the code you realize it is written in such a way that it will be very difficult to add the features you need.

Secondly, if you do need to take something pre-packaged and adapt it to your needs, the most important lesson we have learned is this: always take something simple and add complexity to it, instead of buying something complex and simplifying it. It is almost always easier to add complexity than to take it away. If you can start with something minimal, and add more functionality to it, your result will be cleaner and work better. If you use something complex and try to simplify it, you will end up with bloated code, unexpected dependencies, strange work-arounds and hacks, and hours of frustration.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in Uncategorized | Leave a comment

SSH public keys, or, how not to expose a password

Posted on April 29, 2011 by jpk

As an independent Linux/Unix consultant, I am often asked to work on machines that I have never used before, and so I need a password to log in. While I can be given a password over the phone, that frequently starts a rash of “was that a b-as-in-boy, or a d-as-in-dog” stops. Seeing the password in the text is much easier, but you should not ever email a password: email is usually transferred over the internet at large in clear text and can easily be sniffed by anyone in the middle, or even someone who has a server next to yours in a rack! You could use PGP to encrypt your email before you send it, but PGP just doesn’t get used all that often, and often people don’t know how to use it.

SSH has a great, but infrequently used feature called public-key authentication, that allows a user secure access to a SSH-based Linux or Unix server that they have never accessed before. It works by utilizing public-key cryptography, which is a great topic for a late-night read!

In a nutshell, there are two halves to a key: the private key and the public key. They are connected in a way that if you encrypt something using the public key, only the private key can decrypt it, and if you encrypt something with the private key, anyone with your public key can decrypt it (this is how PGP signed emails work). The SSH daemon on most servers can also use this concept by allowing users to authorize their own public keys, which then allows them to log in without having to type a password, or even without having a password! (So always remember to change a disabled user’s shell when you disable their password.)

Public-key authentication can also be used as a handy way to log in to your server without having to type your (hopefully long & complicated) password every time.

In practice, it is almost as easy as the nutshell. Here, I am on a unix-based machine (a mac) and I am going to create a new public/private key pair.

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/jpk/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/jpk/.ssh/id_rsa.
Your public key has been saved in /Users/jpk/.ssh/id_rsa.pub.
The key fingerprint is:
19:9d:f5:11:46:dc:b2:69:f5:b6:09:1b:a7:c3:f4:49 jpk@pellinore.alchemycs.com
The key's randomart image is:
+--[ RSA 2048]----+
|            .o=o |
|         . o oo.o|
|        . o   .=.|
|         o   ++Eo|
|        S   o.O.+|
|             = = |
|              .  |
|                 |
|                 |
+-----------------+

Note where it asks for a passphrase above. It is a really good idea to provide one: that way, it encrypts the private key so that if someone ever steals your laptop (and you don’t have your filesystem encrypted) they won’t instantly be able to log into any machine you have trusted that key on. This also requires you to type the passphrase each time you want to log in, but there are “ssh-agent” programs that let you type the passphrase once, and it stores it in memory until you close the agent (this is something that recent versions of MacOS X does).

When you generate a key, two files are created: .ssh/id_rsa file is the private key, and .ssh/id_rsa.pub file is the public key.

If you look at the file “id_rsa.pub”, it has a bunch of gibberish:


ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv1ARfiMlaUk3b5KBRTvfwmjrchpBAJrbyUlrQGJLK4/V0+qEquIvHiLrrMkT265dDE1Qadzlz0RTgmSgj+ubJZ2bKf0H8ZAzMbmyzcYblhtlGJYN7ZD1g5nUWANIj2U2FP7GMKC69pbquxZCJTZpK95Y3fVcHWFyb+3jt0Ex4bjI6TwW6fr0REQngOsqSU+h1rlnEOLZKKPoKcv5BkZ0y2r1RlPVnJtbjRdqt7SAiw0bUbBkiigII/L6+LFBJYzCp1jEZUw9wfIqjVUiKndKmOIdozt0Gg2c8Be0rpyez6IhlDvyRbLzk4grf1rkt6Odn/3+vrSr4eQ6tY3MbrkJuw== jpk@pellinore.alchemycs.com

On the server, the contents of the id_rsa.pub file need to be put into a file called “authorized_keys” that is under the “.ssh” directory for the new user.

Assuming I have copied that file to my current directory to the server using the root account, I can then set up the new account and include the file:

newserver# useradd -m newuser
newserver# mkdir ~newuser/.ssh
newserver# mv id_rsa.pub ~newuser/.ssh/authorized_keys
newserver# chown -R newuser ~newuser/.ssh

From there, you can log in to the server.

home$ ssh newserver.alchemycs.com
Enter passphrase for key '/Users/jpk/.ssh/id_rsa': 
newserver$

A bit more about the ssh-agent I mentioned above. Typically you run ssh-agent with whatever is going to use the ssh public key file (eg, Terminal.app in MacOS). Then you would run ssh-add to add the passphrase to the ssh-agent.
Here, I will run ssh-agent on screen so I can have multiple logins to the server at once if I need.

home$ ssh-agent screen
...(screen starting)
home$ssh-add
Enter passphrase for /Users/jpk/.ssh/id_rsa: 
Identity added: /Users/jpk/.ssh/id_rsa (/Users/jpk/.ssh/id_rsa)
home$

I could also add multiple ssh key files by specifying a separate key file to ssh-add.

home$ ssh-add .ssh/id_rsa_2ndkey
Enter passphrase for .ssh/id_rsa_2ndkey:
Identity added: /Users/jpk/.ssh/id_rsa_2ndkey (/Users/jpk/.ssh/id_rsa_2ndkey)
home$

SSH public key authentication is a great way to securely log onto new servers, as well as ease frequent logins to known servers.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in encryption, linux, Secure Shell, security, servers, sysadmin | 1 Comment

Working from home with pets – guest blog post

Posted on April 24, 2011 by Morgan

Morgan wrote a guest blog post for the Trupanion Pet Insurance blog about the pros and cons of working from home with pets. Go take a look!

Morgan and Jonathan's pets: Archibald, Adeen, and Pangur Ban

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in Uncategorized | Leave a comment

The value of a humanities education

Posted on April 19, 2011 by Morgan

This might seem a little off-topic, but bear with me.

Someone sent me a link to an article about modern education written by Scott Adams of Dilbert fame. Adams’ main point is that the world has gotten really complex, and that the education system basically needs to focus on teaching information with a practical application:

“…the best way to expand a student’s mind is by teaching more about the practical complexities of the real world and less about, for example, the history of Europe, or trigonometry…Some of you will argue that learning history is important on a number of levels, including creating a shared culture, understanding other countries, and avoiding the mistakes of the past. I agree. And if the question was teaching history versus teaching nothing, history would be the best choice every time. But if you compare teaching history with, for example, teaching a kid how to compare complicated financial alternatives, I’d always choose the skill that has the most practical value. You get all the benefit of generic mental training plus some real world benefits if any of it is retained.”

Maybe I shouldn’t rise to Adams’ bait (he has apparently been writing a bunch of inflammatory things lately). But as a successful business owner and web developer with advanced graduate degrees in history and no education outside of the humanities, I have to refute Adams here. This is exactly the kind of attitude that scares the willies out of me.

A little bit of background about me and my education. I triple-majored in college: English, Musicology, and Medieval History. I took a few math and science courses to fulfill requirements, but they were really easy courses like musical acoustics and astronomy, and I certainly didn’t take anything remotely related to business. I went on to get a Master’s Degree in Medieval Studies, and I am within spitting distance of finishing my PhD in Medieval History. I have never taken any classes in web design, business, computer science, or anything even remotely related to what I do for a living. And yet here I am, successfully running a business, doing my own bookkeeping, learning new web-related skills all the time, creating websites, and earning a living while still working from home.

My humanities education has made it possible for me to get where I am today. My coursework in history and other humanities has taught me invaluable skills: good writing and communication, critical thinking, intellectual flexibility, assessing the validity of arguments, analyzing evidence and drawing conclusions from it. Most importantly, my grounding in the humanities has taught me how to learn. Give me any topic and 24 hours in the library, and I can tell you the current state of knowledge on that topic: I know how to get to the best information quickly. I also know how to store information that I might need later so that I can get back to it quickly and easily. In the rapidly changing world of web technology, it is of vital importance to be able to discern what information is important right now, to have lots of information readily-accessible at my fingertips, and to learn quickly.

A degree in business, or even in computer science, would not be useful to me without a humanities background. Anything I could learn in school today about business or web development would be obsolete in a few years. Our world is, as Adams says, incredibly complex. So we shouldn’t be teaching students a set of tasks that may or may not be useful in 5-10 years. We should be teaching them how to learn, how to evaluate data, how to think for themselves, and how to teach themselves. This is what a good humanities education does. Adams says we should, for instance, teach kids how to compare financial alternatives. But the critical thinking skills a student will learn from a humanities education will give him the ability to compare financial alternatives. It will also give him the ability to assess the validity of political candidates’ arguments, buy the car best suited to his needs, and choose a good career path. It is exactly because the world is so complex that a good grounding in the humanities is more important than ever!

(You might be wondering why a person who almost has a PhD in Medieval History is pursuing a career in web development instead of history. University administrators often seem to agree with Adams these days: when universities need to cut funding (which they all do these days), history is usually one of the first things to go. Consequently, the job market for medieval history professors is brutal: there are hundreds of applicants for the few job openings every year. I have loved every minute of graduate school, but I also enjoy web development, and it’s a much more viable field.)

Okay, that’s the end of my rant. Thank you for your patience.

Share:
  • Twitter
  • Facebook
  • StumbleUpon
  • Google Bookmarks
Posted in education, history, rant | Leave a comment
This website uses a Hackadelic PlugIn, Hackadelic Sliding Notes 1.6.5.