GreenO

We were having problems with default TCP probes on port 22 from our Cisco ACE Load Balancer showing up in our logs as bad SSH connections. I modified a Cisco TCL script for checking SSL to send a greeting to a SSH server and check that a SSH greeting is returned. It by no means does a complete login, but it does check to make sure the SSH service is alive. Tested on RedHat and Ubuntu. Let me know if this works on other services.

Ubuntu

root@***:/var/log# uname -a
Linux ***2.6.31-19-generic-pae #56-Ubuntu SMP Thu Jan 28 02:29:51 UTC 2010 i686 GNU/Linux
root@***:/var/log# ssh -V
OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007

Redhat

[root@*** root]# uname -a
Linux *** 2.4.21-63.ELsmp #1 SMP Wed Oct 28 23:15:46 EDT 2009 i686 i686 i386 GNU/Linux
[root@*** root]# ssh -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

sshProbe.tcl
SSH_PROBE_SCRIPT.tcl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

#!name = SSH_PROBE_SCRIPT
########################################################################################
# 
# Description :
#    Script connects sends a connect request to a SSH server to see if its alive.
#
# ACE version :
#   1.0+
#    
# Author :
#   Chris Greenough (Chris.Greenough@nau.edu)
#
# Parameters :
#   [debugFlag]
#     debug  - default 0. Do NOT turn on while multiple probes are configured
#
# Example config :
#       probe sshProbe script
#           script SSH_PROBE [0]
# 
########################################################################################
#-------------------------------------------
# debug procedure
# set the EXIT_MSG environment varaible to help debug
# also print the debug message when debug flag is on
#-------------------------------------------
proc ace_debug { msg } { 
    global debug ip port EXIT_MSG
 
    set EXIT_MSG $msg
    if { [ info exists ip ] && [ info exists port ] } { 
	set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
    }  
    if { [ info exists debug ] && $debug } { 
	puts $EXIT_MSG
    } 
} 
 
#-------------------------------------------
# main 
#-------------------------------------------
 
ace_debug "initializing varaible"
set EXIT_MSG "Error config:  script SSH_PROBE  <debug(0|1)>"
 
set ip $scriptprobe_env(realIP) 
set port $scriptprobe_env(realPort)
 
## if port is 0 , use default port 22
if { $port == 0 } {
    set port 22
} 
set debug [ lindex $argv 0 ]
if { $debug == "" } {
    set debug 0
} 
# open connection 
ace_debug "opening socket"
set sock [ socket $ip $port ]
 
ace_debug "setting fconfigure to binary"
fconfigure $sock -translation binary 
 
ace_debug "sending ssh client hand-shake message"
# Sending SSH-2.0-SecureCRT_6.5.0 (build 335) SecureCRT??
set ssh_hello "5353482d322e302d5365637572654352545f362e352e3020286275696c642033333529205365637572654352540d0a"
 
set ssh_length  [ string length $ssh_hello ]
puts -nonewline $sock [ binary format "H${ssh_length}" $ssh_hello ]
flush $sock
 
#  read frist 100 bytes from server
ace_debug "receiving response"
set lines [ read $sock 100 ]
 
#  close connection
ace_debug "closing socket"
close $sock
 
#  parsing the 1st 3 bytes from the ssh headers 
#  if it is not a ssh hand shake successful message. failed the probe with exit 30002
# If the server responds with its SSH info then it must be alive
set ssh_header "SSH"
 
ace_debug $lines
 
if { ![ binary scan $lines "@0a3" res ] } { 
    ace_debug "probe fail : ssh server response parsing failure"
    exit 30002
} 
ace_debug $res
if { $res != $ssh_header } { 
    ace_debug "probe fail : ssh hand shake failure with $res !"
    exit 30002
} 
 
#  Everything went fine. probe exit with success exit_code 30001
ace_debug "probe success"
exit 30001

Was looking into backup solutions for a big oracle database and ran across a plugin to RMAN to backup directly to s3! http://www.oracle.com/technology/software/tech/cloud/index.html Seems like a very interesting option.

“As Cloud Backups are done over the public Internet, their performance is highly
dependent on Internet network throughput – typically less than 1 MB/Sec per
connection. Additionally, Cloud vendors may also throttle sessions to prevent
individual users from consuming disproportionate amounts of resources.
According to internal tests conducted at Oracle, Amazon S3 limits an individual
session’s read/write throughput to around 2-3 MB/Sec. However by using the right
Oracle Database Backup in the Cloud Page 9
combination of parallelism and compression, backup speeds of up to 40-50
MB/Sec were attained. ”

Plenty fast for a great offsite backup solution! Can get a little pricy for terabytes of data, but a cheap for 100’s of gigs. May be a good solution for people in need of off site backups.

I have know for a long time that the + operation for Strings in Java is horrible for performance. Because Strings are immutable in Java another String object is created for each +, not so good! I did notice the other day that there is a String.concat() operation. I wondered if it would run faster then + or even as fast as a StringBuilder. The following is the test.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

import java.util.Date;
class st{
	public static void main(String args[]){
		// Test the + operator. We know this one is bad.
		// Its good to know its still bad in Java6
		long t = new Date().getTime();
		String x="";
		for(int i=0;i<100000;i++)
			x = x + " ";
		long e = new Date().getTime();
		System.out.println("Time to use the + operations on a string: " + (e-t));
 
		// Test the String.concat method. 
		// Is it any faster?
		t=new Date().getTime();
		x="";
		for(int i=0;i<100000;i++)
			x = x.concat(" ");
		e=new Date().getTime();
		System.out.println("Time to use the concat method on a string: " + (e-t));
 
		// Finaly out baseline. We know StringBuilder is(was)
		// the fastest way to build Strings.
		t=new Date().getTime();
		StringBuilder sb = new StringBuilder();
		for(int i=0;i<100000;i++)
			sb.append(" ");
		String xx=sb.toString();
		e=new Date().getTime();
		System.out.println("Time to use a StringBuilder object: " + (e-t));
	}
}

And the results are!

abc:~ def$ java -version
java version "1.6.0_15"
Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219)
Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, mixed mode)
abc:~ def$ javac st.java
abc:~ def$ java st
Time to use the + operations on a string: 29464
Time to use the concat method on a string: 7075
Time to use a StringBuilder object: 2
abc:~ def$

So, what did we learn?

After a bunch of trial and error, the following packages are needed to Install cx_Oracle for Python and the required Oracle Instant Client for Red Hat Enterprise Linux 4. Its not that this is too difficult, its that RHEL4 is old. Getting the two to place nice took a sec to figure out. This will install cx_Oracle for python that comes with RHEL4, which as of this writing is Python version 2.3.4 for Red Hat Enterprise Linux AS release 4 (Nahant Update 8). I am sure you can use the newer libraries with the a new install of Python, but I wanted to stay as close as possible to the versions supported by Red Hat. For better for worse!

1. Download the cx_Oracle library.
wget http://prdownloads.sourceforge.net/cx-oracle/cx_Oracle-4.3.1-10g-py23-1.i386.rpm?download

2. Install cx_Oracle
rpm -i cx_Oracle-4.3.1-10g-py23-1.i386.rpm

3. Download Oracle Instant Client from the URL below. Must be logged in so do this from a browser.

http://download.oracle.com/otn/linux/instantclient/10204/oracle-instantclient-basiclite-10.2.0.4-1.i386.rpm

4. Install Oracle Instant Client
rpm -i oracle-instantclient-basic-10.2.0.4-1.i386.rpm

5. Add the path to the instant client libs to LD_LIBRARY_PATH.
echo “export LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.4/client/lib/:\$LD_LIBRARY_PATH” >> /etc/profile

Thats it! Want to be sure?

[xyz@pdq ~]$ python2
Python 2.3.4 (#1, Jul 16 2009, 07:01:37)
[GCC 3.4.6 20060404 (Red Hat 3.4.6-11)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import cx_Oracle
>>> oraConn=cx_Oracle.Connection("username/password@server/SqlNetAlias")
>>> curs = oraConn.cursor()
>>> curs.execute("select 1 from dual")
[]
>>> rows = curs.fetchmany(curs.arraysize)
>>> for row in rows:
... print row[0]
...
1
>>> oraConn.close()
>>>

The more I learn about cx_Oracle and Python I will try to update this space. All I know right now is that it is FAST!

We had a great time at Adult Prom 2009 at the Orpheum in Downtown Flagstaff, AZ. Link to the pics.

We went camping in the White Mountains this last weekend. It was great! A little wet, but still fun. Pics below. The Winn Campground is excelent! I recomend to anyone! It was amazing how much dead and down wood there was. Did not need much dry wood to get started, although it was available from the camp host. Broke out my new dutch oven and it worked great. I was my first time using a dutch oven and I will never (car) camp without it. Made some excelent food! Used receipes from Byron’s Dutch Oven Cooking and everything was very tasy and turned out great. The Pineapple Upside Down Cake was especally good! Flickr pictures.

Meet my new dog Addy. Friends of mine (Thanks Joe and Les) found her running on the streets and saved her. They tried to find her home with no success. Unfortunatly for them and to my great forture they could not keep her! She is now chipped, spayed, and a very healthy black lab.

Look at that Face!

Get the Rope

The Rope Got Her

Found a solution for Bluetooth keyboard and mouse issues with my Mac Book Pro using boot camp and Windows 7 beta.

1. Click the Bluetooth icon in the task bar.
2. Go to add device
3. If you device is discoverable you should see it listed, right click and go to properties
4. Put a check in the box next to Mouse, keyboard drivers (Something like that).
5. Continue to add as normal.

Hope that help some other people! It drove me crazy!

Here is a Slide Show of pictures I took at the Grand Canyon Marathon. These photos were taken at Hermet’s Rest, aid station 2.

I just happened to have my Camera on me and a photographer bailed so I decided to try to get everyone coming by the aid station. Let me know what you think! Chris@ChrisGreenough.com

All of the pictures are also on my Flickr account.

And you can also get all the pictures in a zip format here.