TechOpsGuys.com Diggin' technology every day

October 5, 2011

Cisco: the future was here 40 years ago

Filed under: Random Thought — Tags: — Nate @ 2:27 pm

Just read this from our friends at The Register

“You may not agree, but I believe video will be the basis of all communication going forward,” he told attendees at the Oracle OpenWorld conference in San Francisco. “It’s where we see ourselves going – we no longer make devices that aren’t video-capable.”

I don’t know myself, I personally do not like video calls, the other caller can’t see that your playing a video game, or on the toilet, or driving in your car or whatever. Then there’s the compatibility/interoperability issues,  Apple has this face time thing, then there is Skype, and I think several of the IM clients do video. Skype seems the closest thing to a de facto standard. I use skype all day every day but it’s for text chat (99% of it is work related), maybe a couple times a week do a voice conference call, but video, few times a year at best, for me anyways.

Then I can’t help but think back to all of those Star Trek episodes where the enterprise is struggling to communicate with someone else either over video or over voice, I want to scream JUST SEND A TEXT MESSAGE AND REPEAT IT 5000 TIMES FOR REDUNDANCY! It will take less bandwidth and you’re almost certain to get the message across.

I remember back in my BBS days I came across an archiver called UC2 Ultra Compressor 2. It had some pretty crazy redundancy tricks in it, my memory is very foggy as this was about 20 years ago but there was a couple of times when my modem connection was really bad and my modem program registered literally hundreds of errors uploading and downloading data, but UC2 was able to recover it for me. Send your messages with that kind of redundancy, keep it simple, you don’t need to fill your 140″ flat screen TV on your ship’s bridge with garbled video hoping to get the message across.

“Captain! Please repeat, your last transmission was garbled  … DO YOU READ, Come in captain! We’re not reading you!”

Not only that, but text can be more secure, how many times have you seen Star trek episodes where the crew is talking really softly into their communicator so they aren’t heard by the bad guys. A nanosecond of time used to broadcast a text message is also probably harder to trace than a big burst of data used for video or voice.

Looks like AT&T had their first video phone booths back in the 60s, and slowly companies have tried time and again to do video but it’s never caught on, it’s a solution looking for a problem that really isn’t there. There are times when video is nice, but I don’t see a time coming when video communications will dominate over regular voice, or text or whatever.

September 19, 2011

BOOM! What was that noise?

Filed under: Random Thought — Tags: — Nate @ 9:24 am

It was Netflix shooting themselves in the other foot.

Seems they can’t get enough of pissing off their die hard fans. I’ve seen a lot of people try to claim that the DVD by mail business is dragging them down (really I think it’s the opposite these days) because it’s so expensive to mail DVDs. I don’t think it’s too expensive — if there are some abusers out there (the ones that rent, rip and return) Netflix should target those users and have them pay more or cut them off, much like consumer internet services do for people that abuse the service.

One good comment from the Netflix blog (which has around 12,000 comments at this point) sum’s it up pretty good (I’d link to it directly but don’t see a way to do that, it’s near the top of the list though) –

Thanks for the explanation and apology. That helps, but your arrogance is still so thick it’s palpable. The “I’m sorry if you were offended” is no apology at all. It just makes things worse.

I have been a Netflix customer and fan for many years. Have been a Netflix evangelist, turning on many friends to your service. I am still a customer but no longer a fan — I feel betrayed.

(I feel similarly about VMware at this point)

Though it sounds more like they are going to try to grab onto more hype and spin off the DVD by mail service and stick to streaming. In any case it seems like their remaining customers lose from pretty much any angle you look at it. I think the jig is up for streaming – I mean if Hulu can’t pull it off with such big content producers as investors – who can? I don’t think anyone, not for a while at least. Which is too bad.

The upside is maybe by the time the licensing and legal stuff is worked out the internet architecture will be to the point where it can better support streaming (I’m looking at you multicast over IPv6 assuming your ever widely deployed and assuming you work on a large scale).

This is obviously a panic move for them to take in response to the plunge in the stock price(the least they could of done is announce this last week with their other news since the change won’t be happening for several weeks seems this decision was made in the past few days), otherwise they would be taking their time and making the sites inter operable with each other (whether or not one of them is spun out).

Netflix predicted losing as many as a million subscribers recently, I would expect this change to increase that number significantly.

OK no more posts about Netflix for a while – there just isn’t a lot of things in the tech industry happening that interest me these days (enough to write something on).

September 15, 2011

Netflix in a pickle

Filed under: Random Thought — Tags: , — Nate @ 7:53 pm

I wrote on why I canceled my Netflix subscription when they jacked up their rates, it all came down to content – or lack thereof. I see people tout Netflix quite frequently, claiming to be willing/able to “cut the cord” to cable or sattelite or whatever and go Netflix/Hulu/etc. I’m in the opposite boat myself, I’m more than happy to pay more to get more content. Netflix is too little content for obviously too little money. They haven’t achieved the balance for me (and it’s not as if they had a more expensive tier that had more content).

They announced today they expect to lose a million subscribers over this, compound that with them losing a content deal with Starz recently things are not looking so hot for Netflix, if I were a betting person I’d wager their best days are behind them (as in now their content costs are skyrocketing and their growth will likely slow significantly vs past years). Their stock is down roughly 41% from the recent high when they announced the change.

I understand Netflix had to raise rates because their costs have gone up and will continue to rise, they just handled the situation very poorly and are paying for it as a result. It is too bad, at one point it seemed Netflix could be ‘the thing’ as in having a model where they could be potentially the world leader in content distribution or something(and they had the market pretty saturated as far as types of devices that can talk to Netflix to stream — except of course for WebOS devices) – but at least with the way their negotiations are going with the content producers that seems unlikely at this point. As a side note, I read this about Netflix as well and that made me kind of chuckle at their operations as well. Though I’m sure in the grand scheme of things pissing a few million down the tubes for “cloud services” is nothing compared to their content costs.

Something I learned in the midst of these price changes and the uproar about them that I really didn’t know before is that streaming titles come and go on Netflix, what is available today may not be available tomorrow (for no obvious reason – unlike losing a content deal with Starz for example). Could it be that they have rights to put up only x% of someone’s content at any given time ? I don’t know. But I was kind of surprised when I read(from multiple sources) claims that the same titles can be available, then not available then available again. There apparently is some means to get a gauge as to how long something might be available(don’t remember what it was), just goes to show how far we have to go until we ever get to this.

Next up – the impact of the vSphere 5 licensing fiasco. This will take longer to unfold, probably a year or more but I have no doubt it will have a measurable impact (dare I say significant impact) on Vmware’s market share in the coming years. I was talking to a local Vmware rep not too long ago about this and it was like talking to a brick wall – sad really.

I’ve spent more $ buying old movies and tv shows that I want to have copies of in the past week than a year’s netflix subscription would of cost me(I went on somewhat of a spree I don’t do it all that often). But at least I know I have these copies they aren’t going anywhere, I just have to rip them and upload them to my colo’d server for safe off site backup.

Delaying IPOs..

Filed under: Random Thought — Tags: — Nate @ 7:31 am

It seems the other major social media companies are delaying their IPOs, first Zynga, now Facebook. Even Groupon delayed though it seems they may be going forward now. I know it’s a different situation but every time I heard news of these delays it reminded me of a brief(3 month) time that I had at freeinternet.com, as the bubble was bursting the company was in a hotel meeting hall and the CEO was talking about stuff, the only thing I remember from the meeting was that their investors were delaying their IPO due to “market conditions”, that their investors wanted their “quality companies” to wait till things improved (this was about July 2000 if I recall right).

The conspiracy theorist in me thinks that Groupon is doing anything they can to get their IPO out the door because their model is by far the most shaky and they need to cash out before it’s too late. Zynga not far behind.  Facebook makes some real money at the moment, though the hype doesn’t hold water and I’m sure they hope in 2012 or 2013 they may be luckier.

Joke’s on them though, the economy is still going to be in the crapper in 2012, and 2013, and 2014 and 2015 and probably 2016 and 2017 too.

One thing these IPOs do seem to have an impact on is the local housing market in the bay area, a lot of folks (especially in Palo Alto) are apparently wanting to sell their houses but are holding off until these IPOs to try to get some executive to buy them for big bucks.

Life without a bubble is tough..whether it’s social media, or cloud computing, or the government trying to re-inflate housing (and other assets with low interest rates and stuff) there’s a lot of interest in building another massive bubble.

September 8, 2011

What an outage..

Filed under: Random Thought — Tags: — Nate @ 10:32 pm

I’ve caused my share of outages, whether it’s applications, systems, networking, storage. My ratio of fixing outages to causing outages is quite good though, so overall I think I do alright.

But every time I am the cause of an outage it’s hard not to feel guilty in some way right? Even if it was an honest mistake. Was just looking at the local news and they were reporting on the power outage in southern California and Arizona and mentioned an Arizona power company believes an employee working at a sub station is what triggered the cascading failure causing:

  • Power outage for up to 5 million people in two states
  • Killed the commute for those in San Diego tonight
  • Shutting down a San Diego airport
  • Closing schools in San Diego tomorrow
  • Even a nuclear reactor was taken off line for safety

I’m not sure what kind of person this employee is of course, it may of just been an honest mistake, or they may of not been a mistake maybe they were doing exactly the right thing and something failed, who knows. But I certainly do feel for them, the sheer level of guilt has got to be hard to bare.

But at the same time how many people can brag that they single handedly took out a nuclear reactor?

I suppose the bigger issue is the design of the grid how one fault can cascade to impact so many, it’s reported that the outage has even spread to the northern portion of Mexico as well. Stuff like this really makes me fear the wide scale deployment of the “smart grid” stuff, which I believe will make the grid far, far more vulnerable than it already is today.

August 31, 2011

DOJ files to block AT&T T-mobile deal

Filed under: General,Random Thought — Tags: , — Nate @ 7:49 am

Wow, I didn’t expect the government to do this, hopefully it sticks, but apparently the DOJ  has filed to block the merger between T-mobile and AT&T. Just a couple of hours ago some AT&T exec was on CNBC touting how good of a deal it was, how they’d bring back jobs etc, I couldn’t bring myself to watch or listen to him talk.

What I’m sure they didn’t mention was the leaked emails showing the public AT&T position was pretty much the exact opposite from what they were portraying internally. Some folks did calculations and determined that actual investment was going to go down with AT&T buying T-mobile, rather than up (don’t have a reference for that handy right now).

I didn’t like the deal to begin with of course, so hopefully it’s dead, and T-mobile will get a few billion in break up fees as a result (and some free spectrum! I forgot about the spectrum AT&T has to give them). I know some folks at T-mobile apparently internally they were convinced it was going through, and already started doing a bunch of stuff to prepare for it.

I can’t believe that some folks believe that actual investment would go down if the deal was blocked, in fact the same Wall street investors are buying up shares of cell tower companies like American Tower in response to the DOJ deal, speculating that investment will go UP. AT&T and T-Mobile of course will have to continue to invest regardless, it’s not as if AT&T is going to stop spending if they don’t get T-mobile, they still have to compete against the other carriers in the space.

The DOJ said in a speech earlier this morning, among other things:

As can be seen in the Department’s complaint, AT&T felt competitive pressure from T-Mobile.   One example cites an AT&T employee observing that “[T-Mobile] was first to have HSPA+ devices in their portfolio…we added them in reaction to potential loss of speed claims.”

Combine that kind of claim with the leaked emails and a little bit of common sense and it’s not hard to see how this deal would hurt consumers. Now there’s speculation again that Sprint may go after T-Mobile. I kind of hope they don’t, since their technologies are not compatible (CDMA & GSM). The Sprint Nextel deal was a real mess I think in good part because the handsets and networks were not compatible.

AT&T will have to rely on organic growth it seems – oh no, the world is coming to an end.

I say this as a new AT&T customer – somewhat forced to take the leap off of Sprint (after being with them for 10 years) onto AT&T in order to get GSM service so I can run more WebOS phones including the Pre3 by swapping SIM cards between phones.

August 29, 2011

Farewell Terremark – back to co-lo

Filed under: General,Random Thought,Storage,Virtualization — Tags: , , , — Nate @ 9:43 pm

I mentioned not long ago that I was going co-lo once again. I was co-lo for a while for my own personal services but then my server started to act up (the server was 6 years old if it was still alive today) with disk “failure” after failure (or at least that’s what the 3ware card was predicting eventually it stopped complaining and the disk never died again). So I thought – do I spent a few grand to buy a new box or go “cloud”. I knew up front cloud would cost more in the long run but I ended up going cloud anyways as a stop gap – I picked Terremark because it had the highest quality design at the time(still does).

During my time with Terremark I never had any availability issues, there was one day where there was some high latency on their 3PAR arrays though they found & fixed whatever it was pretty quick (didn’t impact me all that much).

I had one main complaint with regards to billing – they charge $0.01 per hour for each open TCP or UDP port on their system, and they have no way of doing 1:1 NAT. For a web server or something this is no big deal, but for me I needed a half dozen or more ports open per system(mail, dns, vpn, ssh etc) after cutting down on ports I might not need, so it starts to add up, indeed about 65% of my monthly bill ended up being these open TCP and UDP ports.

Once both of my systems were fully spun up (the 2nd system only recently got fully spun up as I was too lazy to move it off of co-lo) my bill was around $250/mo. My previous co-lo was around $100/mo and I think I had them throttle me to 1Mbit of traffic (this blog was never hosted at that co-lo).

The one limitation I ran into on their system was that they could not assign more than 1 IP address for outbound NAT per account. In order to run SMTP I needed each of my servers to have their own unique outbound IP. So I had to make a 2nd account to run the 2nd server. Not a big deal(for me, ended up being a pain for them since their system wasn’t setup to handle such a situation), since I only ran 2 servers (and the communications between them were minimal).

As I’ve mentioned before, the only part of the service that was truly “bill for what you use” was bandwidth usage, and for that I was charged between 10-30 cents/month for my main system and 10 cents/month for my 2nd system.

Oh – and they were more than willing to setup reverse DNS for me which was nice (and required for running a mail server IMO). I had to agree to a lengthy little contract that said I wouldn’t spam in order for them to open up port 25. Not a big deal. The IP addresses were “clean” as well, no worries about black listing.

Another nice thing to have if they would of offered it is billing based on resource pools, as usual they charge for what you provision(per VM) instead of what you use. When I talked to them about their enterprise cloud offering they charged for the resource pool (unlimited VMs in a given amount of CPU/memory), but this is not available on their vCloud Express platform.

It was great to be able to VPN to their systems to use the remote console (after I spent an hour or two determining the VPN was not going to work in Linux despite my best efforts to extract linux versions of the vmware console plugin and try to use it). Mount an ISO over the VPN and install the OS. That’s how it should be. I didn’t need the functionality but I don’t doubt I would of been able to run my own DHCP/PXE server there as well if I wanted to install additional systems in a more traditional way. Each user gets their own VLAN, and is protected by a Cisco firewall, and load balanced by a Citrix load balancer.

A couple of months ago the thought came up again of off site backups. I don’t really have much “critical” data but I felt I wanted to just back it all up, because it would be a big pain if I had to reconstruct all of my media files for example. I have about 1.7TB of data at the moment.

So I looked at various cloud systems including Terremark but it was clear pretty quick no cloud company was going to be able to offer this service in a cost effective way so I decided to go co-lo again. Rackspace was a good example they have a handy little calculator on their site. This time around I went and bought a new, more capable server.

So I went to a company I used to buy a ton of equipment from in the bay area and they hooked me up with not only a server with ESXi pre-installed on it but co-location services (with “unlimited” bandwidth), and on-site support for a good price. The on-site support is mainly because I’m using their co-location services(which in itself is a co-lo inside Hurricane Electric) and their techs visit the site frequently as-is.

My server is a single socket quad core processor, 4x2TB SAS disks (~3.6TB usable which also matches my usable disk space at home which is nice – SAS because VMware doesn’t support VMFS on SATA though technically you can do it the price premium for SAS wasn’t nearly as high as I was expecting), 3ware RAID controller with battery backed write-back cache, a little USB thing for ESXi(rather have ESXi on the HDD but 3ware is not supported for booting ESXi), 8GB Registered ECC ram and redundant power supplies. Also has decent remote management with a web UI, remote KVM access, remote media etc. For co-location I asked (and received) 5 static IPs (3 IPs for VMs, 1 IP for ESX management, 1 IP for out of band management).

My bandwidth needs are really tiny, typically 1GB/month. Though now with off site backups that may go up a bit (in bursts). Only real drawback to my system is the SAS card does not have full integration with vSphere so I have to use a cli tool to check the RAID status, at some point I’ll need to hook up nagios again and run a monitor to check on the RAID status. Normally I setup the 3Ware tools to email me when bad things happen, pretty simple, but not possible when running vSphere.

The amount of storage on this box I expect to last me a good 3-5 years. The 1.7TB includes every bit of data that I still have going back a decade or more – I’m sure there’s a couple hundred gigs at least I could outright delete because I may never need it again. But right now I’m not hurting for space so I keep it there, on line and accessible.

My current setup

  • One ESX virtual switch on the internet that has two systems on it – a bridging OpenBSD firewall, and a Xangati system sniffing packets(still playing with Xangati). No IP addresses are used here.
  • One ESX virtual switch for one internal network, the bridging firewall has another interface here, and my main two internet facing servers have interfaces here, my firewall has another interface here as well for management. Only public IPs are used here.
  • One ESX virtual switch for another internal network for things that will never have public IP addresses associated with them, I run NAT on the firewall(on it’s 3rd/4th interfaces) for these systems to get internet access.

I have a site to site OpenVPN connection between my OpenBSD firewall at home and my OpenBSD firewall on the ESX system, which gives me the ability to directly access the back end, non routable network on the other end.

Normally I wouldn’t deploy an independent firewall, but I did in this case because, well I can. I do like OpenBSD’s pf more than iptables(which I hate), and it gives me a chance to play around more with pf, and gives me more freedom on the linux end to fire up services on ports that I don’t want exposed and not have to worry about individually firewalling them off, so it allows me to be more lazy in the long run.

I bought the server before I moved, once I got to the bay area I went and picked it up and kept it over a weekend to copy my main data set to it then took it back and they hooked it up again and I switched my systems over to it.

The server was about $2900 w/1 year of support, and co-location is about $100/mo. So disk space alone the first year(taking into account cost of the server) my cost is about $0.09 per GB per month (3.6TB), with subsequent years being $0.033 per GB per month (took a swag at the support cost for the 2nd year so that is included). That doesn’t even take into account the virtual machines themselves and the cost savings there over any cloud. And I’m giving the cloud the benefit of the doubt by not even looking at the cost of bandwidth for them just the cost of capacity. If I was using the cloud I probably wouldn’t allocate all 3.6TB up front but even if you use 1.8TB which is about what I’m using now with my VMs and stuff the cost still handily beats everyone out there.

What’s the most crazy is I lack the purchasing power of any of these clouds out there, I’m just a lone consumer, that bought one server. Granted I’m confident the vendor I bought from gave me excellent pricing due to my past relationship, though probably still not on the scale of the likes of Rackspace or Amazon and yet I can handily beat their costs without even working for it.

What surprised me most during my trips doing cost analysis of the “cloud” is how cheap enterprise storage is. I mean Terremark charges $0.25/GB per month(on SATA powered 3PAR arrays), Rackspace charges $0.15/GB per month(I believe Rackspace just uses DAS). I kind of would of expected the enterprise storage route to cost say 3-5x more, not less than 2x. When I was doing real enterprise cloud pricing storage for the solution I was looking for typically came in at 10-20% of the total cost, with 80%+ of the cost being CPU+memory. For me it’s a no brainier – I’d rather pay a bit more and have my storage on a 3PAR of course (when dealing with VM-based storage not bulk archival storage). With the average cost of my storage for 3.6TB over 2 years coming in at $0.06/GB it makes more sense to just do it myself.

I just hope my new server holds up, my last one lasted a long time, so I sort of expect this one to last a while too, it got burned in before I started using it and the load on the box is minimal, would not be too surprised if I can get 5 years out of it – how big will HDDs be in 5 years?

I will miss Terremark because of the reliability and availability features they offer, they have a great service, and now of course are owned by Verizon. I don’t need to worry about upgrading vSphere any time soon as there’s no reason to go to vSphere 5. The one thing I have been contemplating is whether or not to put my vSphere management interface behind the OpenBSD firewall(which is a VM of course on the same box). Kind of makes me miss the days of ESX 3, when it had a built in firewall.

I’m probably going to have to upgrade my cable internet at home, right now I only have 1Mbps upload which is fine for most things but if I’m doing off site backups too I need more performance. I can go as high as 5Mbps with a more costly plan. 50Meg down 5 meg up for about $125, but I might as well go all in and get 100meg down 5 meg up for $150, both plans have a 500GB cap with $0.25/GB charge for going over. Seems reasonable. I certainly don’t need that much downstream bandwidth(not even 50Mbps I’d be fine with 10Mbps), but really do need as much upstream as I can get. Another option could be driving a USB stick to the co-lo, which is about 35 miles away, I suppose that is a possibility but kind of a PITA still given the distance, though if I got one of those 128G+ flash drives it could be worth it. I’ve never tried hooking up USB storage to an ESX VM before, assuming it works? hmmmm..

Another option I have is AT&T Uverse, which I’ve read good and bad things about – but looking at their site their service is slower than what I can get through my local cable company (which truly is local, they only serve the city I am in). Another reason I didn’t go with Uverse for TV is due to the technology they are using I suspected it is not compatible with my Tivo (with cable cards). Though AT&T doesn’t mention their upstream speeds specifically I’ll contact them and try to figure that out.

I kept the motherboard/cpus/ram from my old server, my current plan is to mount it to a piece of wood and hang it on the wall as some sort of art. It has lots of colors and little things to look at, I think it looks cool at least. I’m no handyman so hopefully I can make it work. I was honestly shocked how heavy the copper(I assume) heatsinks were, wow, felt like 1.5 pounds a piece, massive.

While my old server is horribly obsolete, one thing it does have even on my new server is being able to support more ram. Old server could go up to 24GB(I had a max of 6GB at the time in it), new server tops out at 8GB (have 8GB in it). Not a big deal as I don’t need 24GB for my personal stuff but just thought it was kind of an interesting comparison.

This blog has been running on the new server for a couple of weeks now. One of these days I need to hook up some log analysis stuff to see how many dozen hits I get a month.

If Terremark could fix three areas of their vCloud express service – one being resource pool-based billing,  another being relaxing the costs behind opening multiple ports in the firewall (or just giving 1:1 NAT as an option), and the last one being thin provisioning friendly billing for storage — it would really be a much more awesome service than it already is.

August 23, 2011

Running your own mail server pt 2 – the humor

Filed under: Random Thought — Tags: — Nate @ 7:30 am

Running your own mail server also has it’s humorous points, mainly around SPAM. I love it when people spam me acting as my email administrator (which is obviously me as well) saying my email is about to be cut off unless I download the attachment and run the virus or whatever is in there (compound that with the fact that I run linux and would have to jump through a few hoops to run their virus inside wine or something for it to do anything).

This morning I got a pair of LinkedIn security alerts(addressed to an address LinkedIn has no knowledge of no less) –

LINKEDIN

 Your LinkedIn account has been blocked due to suspicious activity.
 Please Follow this link [1] for details. 

 Thank you for using LinkedIn! 

--The LinkedIn Team
 http://www.linkedin.com/ [2]  

? 2011, LinkedIn Corporation

The ironic part here is Sanitizer ripped out whatever url they were trying to insert to spoof the LinkedIn site – so not only is the text to click on accurate, the link itself is accurate as well, there is no malware site to be seen.

I have Sanitizer attach a log as to what it is doing and this is what it said it did

Sanitizer (start="1314091520"):
 SanitizeFile (filename="unnamed.html, filetype.html",
mimetype="text/html"):
 Match (names="unnamed.html, filetype.html", rule="9"):
 Enforced policy: accept

 Note: Styles and layers give attackers many tools to fool the
 user and common browsers interpret Javascript code found
 within style definitions.

Rewrote HTML tag: >>_div_>_p__DEFANGED_div_>_table style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border="0" cellpadding="0" cellspacing="0"_>_table DEFANGED_style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border=0 cellpadding=0 cellspacing=0_>_h1 style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_h1 DEFANGED_style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" DEFANGED_style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_p style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_>_p DEFANGED_style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_>_div_>_p__DEFANGED_div_>_table style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border="0" cellpadding="0" cellspacing="0"_>_table DEFANGED_style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border=0 cellpadding=0 cellspacing=0_>_h1 style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_h1 DEFANGED_style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" DEFANGED_style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_p style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_>_p DEFANGED_style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_

Links:
------
[1] http://roundcube.linuxpowered.net/linkedin-report.com
[2] http://www.linkedin.com/

So, quite a bit of stuff. Roundcube is a new webmail client I am playing with, so far it’s ok, looks nicer than Squirrelmail in general though not as good as SM in other ways.

The [1] link above I assume might be the malware site – linkedin-report.com. But if I were to click on it I’d just get back to my webmail client.

And just a few minutes ago I got one of those emails that poses as myself threatening to cut off my email – oh so funny!

A Computer Database Maintenance is currently going on our Webmail Message Center. Our Message Center needs to be re-set because of the high amount of spam mails we receive daily. A Quarantine Maintainance will help us prevent this everyday dilemma. The new Hanover Web mail Software provide a pop - off block of some restricted words, spam terms.

To revalidate your mailbox Please Fill the link below:

UserName: ....................................
Old Password:.......................................
New Password:.......................................  

WARNING!!! E-MAIL OWNERS who refuses to upgrade his or her account within
Five days after notification of this update will permanently be deleted
from our data base and can also lead to malfunctioning of the client or
user's account and we will not be responsible for loosing your web mail
account. 

Your response should be sent to admin manager
Email: accountuserhelpdesk@mhost2.net

August 9, 2011

How hard is it to run a mail server

Filed under: Random Thought — Tags: — Nate @ 11:23 pm

I read slashdot quite often, mostly for the comments, I post (as AC) maybe once every 3 years, but find the discussions interesting on occasion.

One such discussion was here, where someone was asking for advice as to how best to migrate off of gmail onto their own hosted platform. To me it seemed simple enough, but honestly I could not believe the negative response towards running your own mail server.

First off I’ll say I haven’t run a “corporate” mail server for almost a decade now, I have run several mail relays for companies for applications and stuff. I have been running my own mail server for my own personal (and some family) use for more than a decade, and I run another mail server that has maybe a dozen people on it, left overs from when I ran a small ISP in Washington.

So nothing major. I didn’t get the impression that the poster on slashdot was asking for anything major. But I was seeing people talk about massive headaches with blacklisting, anti spam, having to worry about disaster recovery, data replication, and the constant hand holding and patching of the system to keep it running.

I just didn’t get it. I mean sure it took some effort to set up the system I have which is pretty basic, it really requires minimal maintenance, I have never been blacklisted, really have minimal spam problems (very manageable anyways for me).

My setup is basic as I mentioned:

  • Postfix for SMTP – I setup quite a bit of anti spam stuff many, many years ago but really haven’t touched it much at all since.
  • SpamAssassin – for – duh – spam. I took some time to integrate this into incoming postfix email and it flags messages as **** SPAM ****  in the subject when something hits the spam filter, I have server side mail filters that move that to a dedicated folder. In all my years I have never noticed a false positive and have never had anyone complain that they can’t email me for a reason related to Spam Assassin flagging their email as Spam. My biggest potential issue with Spam Assasin is I probably get 150 spam (that get past the filters) for every real email I get (I don’t get a lot of email at home excluding mailing lists that I occasionally participate in). So I don’t have much “ham” to train SA with. I haven’t recently tried to determine how much spam is blocked at the various levels but last time I did (many years ago) it was quite a bit.
  • Anomy Sanitizer – this does quite a few things such as stripping HTML email, stripping bad attachments etc. I’m sure it goes overboard in a lot of cases, and most users probably wouldn’t like it, stripping HTML email probably causes the most usability issues for me as some emails don’t come in with plain text as well as HTML, so some times I  get email that says “Hey click on this link to unsubscribe (or do some other action – e.g. rate Netflix quality back when I used their stuff)” only to find Sanitizer stripped the html so there is no link to click on, and no url I can copy/paste to the browser. But IMO at least it’s a small price to pay
  • Cyrus IMAP 2.1 for IMAP – I started using Cyrus back in 2000 when I migrated a company off of UW IMAP onto Cyrus because it had some more advanced functionality vs Courier at the time (don’t remember what). I’ve stuck to it because it seems to work for me. I create different email addresses for pretty much every organization I deal with and have those go to dedicated IMAP folders (server side – not using filtering, postfix delivers directly to the mailbox), so most of the time I am unsubscribed to 85% of the IMAP “user accounts”, and only subscribe when I need to, email collects silently in the background in the meantime. User accounts is in quotes because I use a single account to access all of the other IMAP accounts (which can be problematic for some email clients because they make certain assumptions that don’t apply to me)
  • Squirrelmail for webmail – The UI is basic, hasn’t really changed much since – you guessed it – about 2000 when I first started using it, I have, on occasion looked for alternatives but have not found one (until this slashdot discussion that is) that looked interesting enough to try. One big feature I like about squirrelmail is the ability to have many, many “From” email addresses, and select them from a drop down box. I have upwards of 100 different email accounts(view from the outside world – from my view it’s a single account), I maybe need to send mail “From” from maybe 10-20. So when I compose an email I select which email address to send “From”. Squirrelmail is smart enough if I hit reply on an email someone sent, say to my linkedin@ address, the mail client will automatically select the right “From” email address to use without me having to think about it. Since Sanitizer strips out html from emails I don’t believe I have to worry about XSS bugs in Squirrelmail because it’s all stripped out (but I could be wrong I’m not sure). As a result I haven’t upgraded in eons..

The last time I did major changes to my system was probably 5-6 years ago, those were introducing Spam Assassin to the system, and the more painful process of upgrading from Cyrus 1.x to 2.x (it was an ugly upgrade process).

I don’t use anti virus, never needed it(I integrated anti virus with Sendmail at the one company that I did manage the corporate email servers for back in 2000-2002). A lot of my habits and practices were set up a long time ago and there may very well be better ways to go about things these days(one thing would be to investigate using spamd for anti spam instead of spawning a separate SA process for each message), but what I have works, it doesn’t cause issues, I just don’t understand what some of those people were complaining about when running their own personal mail server.

I also don’t do any sort of calendaring system – never really needed it for personal use.

Sure it requires some setup, and you need to be smart (forward & reverse DNS, you want clean IPs that aren’t blacklisted (easy ways to check that are out there). I saw one guy say the person should get a block of 30-40 IPs and put the mail server in the middle of the block! I mean are you kidding me?

Even back when I ran an ISP with maybe 50-60 users (yes it was a small ISP – back in late 90s mostly), we never had blacklisting or spam problems. Maybe we were lucky I don’t know.

I just couldn’t believe the experiences some of these people were posting. Sure I can understand having those kinds of issues if your running a big mail system for a lot of users, but the impression I got was the original poster was looking to run a setup sort of like mine – a small number of users – or maybe just themselves.

I’ve even gone through the process of migrating my mail system from:

  • Office with dedicated T1 lines to..
  • Home with DSL connection to ..
  • Temporary office with T1 lines while my DSL is moved to ..
  • Home with DSL connection to ..
  • Co-location to..
  • Terremark Cloud (where it runs now) and this weekend to..
  • Co-location

And all of the DNS changes and stuff associated with it, for the most part the migrations are pretty painless.

A couple of my users were wondering how I went about moving all of their data and stuff from Washington to Miami in a matter of minutes without them noticing anything, it takes some moderate planning but in the grand scheme of things it’s not that difficult from a technical perspective. Next weekend I’ll be migrating them again from Miami to California – their data resides on a different system from mine.

I just wanted to write about my experience – sure it does take some work – depending on how much functionality  you want  – to initially set  up the system. But in my experience once it is setup, the amount of work to maintain it is minimal.

I like the privacy and control I get with running my own stuff. I sure as hell don’t trust google with my data, they could pay me $100/mo for hosting my email with them and I wouldn’t do it. But for others it may be a good option.

I did use Gmail at the last company I worked at, their corp email was Gmail. I really didn’t like it – but what surprised me the most was how slow the search was. I was expecting anything I searched for would be returned in a fraction of a second but it took much longer (not forever but 10-20x longer than I was originally expecting). I never got used to how they organize their mail, with the tags and stuff. Even after using it for ~8 months I never warmed up to it, probably because there was mini demons in the back of my head screaming at me not to like it because I don’t trust Google, I’m sure that had something to do with it.

But for others maybe it’s the best way, or hotmail, or yahoo, or whatever.. I’ve been hosting my own email for so long I never really used anything else.

The most annoying problem I think I ever came across running my own mail system was not granting Spam Assassin enough memory – sometimes it would puke causing the email to get garbled – it would happen maybe once every 150,000 emails or something (which means maybe 2-3 times per year), I ignored it for a few years finally decided to look into it and found that SA was running out of memory so I gave it more(I think I went from something like granting it 32MB to 128MB), hasn’t happened since.

Do I have disaster recovery? No – don’t need it. If my server goes down for a few hours or a day or whatever, mail is likely queued at the other end (mail is often queued for up to what – 5 days before being dropped from the queue?). What happens if I lose an email? Really not the end of the world. I have had a few times when people say my system rejected their message – and sometimes it does, I wrote (again a long time ago) a lot of regular expression checks to try to detect spam, and sometimes it gets a false positive, so I fix it and move on, it’s rare though(again a few times a year at most). If the email is THAT CRITICAL then if they really can’t get through to me they’ll call. And if I don’t answer(or don’t return the call) and it’s THAT CRITICAL – they’ll call again later.

Of course my co-location/cloud stuff doesn’t run just email – it runs this blog, my basic web sites, DNS, and my new co-location serves as my off site backup with ~3.5TB of usable disk space on the system, I brought the system home last weekend and sync’d up 1.7TB of data to it.

Moral of the story is – if you really want to run your own mail system, don’t be afraid – it’s not THAT hard.

July 12, 2011

Netflix jacks up rates – I cancelled

Filed under: Random Thought — Tags: — Nate @ 2:58 pm

All that trouble tracking down why my Netflix HD streaming was not working for nothing? I guess so. Netflix sent me an email a short time ago said they were going to increase the cost of my plan from $10 to $16. So I closed my account. They raised the price by a buck from $9 to $10 last November.

I normally wouldn’t mind the increase in charges if I was using the service, but I checked my email archives I’ve had the same DVD sitting waiting to be played since May 31st, and the last time I streamed a “full” movie or tv show from their streaming service looks to be January 2010 based on the “How was the quality of X?” emails. I didn’t think it was that long ago. I have streamed short segments of a bunch of stuff over the past year but always got bored of what I was watching so never watched more than a few minutes at a time.

If they had a better selection …..especially on the streaming side, I swear every time I’ve gone there in the past 6 months I have not noticed a single thing I wanted to stream. I suppose part of that is having a Tivo for so long I really don’t keep track of what kind of things come out, frequently coming across TV shows for the first time long after they had been canceled.

I have a week to return this DVD that has been sitting here for almost 2 months, I guess I will go pop it in the mail because I likely won’t get around to watching it in the next week.

What would of been nicer of course is if Netflix was better at being able to bill based on actual usage, if so my bill probably should of been $0.99/mo 🙂

Netflix’s content costs are apparently about to skyrocket so they need to get ready for that by raising rates..

[..] Barclays analyst Douglas Anmuth: He figures Netflix will have a total streaming commitment of $2 billion by the end of 2011.

Let me know when we have a video streaming service that is fulfills the dream of this Qwest commercial. I’m not holding my breath.

I’m more than happy to pay for premium services or products, in this case I was just paying them for the convenience that I might use it. I’ve rented 11 DVDs (10 of which I have watched) so far in 2011 through Netflix, and 17 in 2010.

« Newer PostsOlder Posts »

Powered by WordPress