Poor scheduling has been the bane of several projects with which I have had involvement. Ever since the one-month estimate that I gave for my first independent software development project, a shopping cart, a statement by Fred Brooks resonates continually in my mind. In The Mythical Man-Month, Brooks states, “More software projects have gone awry for lack of calendar time than for all other causes combined.” There are many things that are detrimental to projects, and Brooks suggests that the lack of time is the most significant factor that hampers a project and overshadows the total damage inflicted by all others.
Having learned and relearned the importance of good reality-based scheduling, I become squeamish when receiving a seemingly groundless estimate on project duration. In particular, I am very pessimistic about schedules that call for an entire project to be completed within a month. Conceptualization of a nontrivial system can easily exceed two weeks. Design will most likely require more than a week. This leaves implementation and testing with less than a week in a one-month schedule.
Two approximations to a feasible solution for the software procurement problem with a constraint of one month are the minimization of the product feature set and the minimization of system quality. These have served as candidates, though with strong resistance from project members, in the past. Betting against optimistic or baseless schedules is betting with the house.
Brandon Hutchinson provides a concise howto for chrooting SSH. For recent distributions of Red Hat Enterprise Linux (like CentOS), the following may also be needed in addition to Hutchinson’s Fedora Core procedures:
$ cp /lib/ld-linux.so.2 /chrootedpath/lib/.
$ chmod 666 /chrootedpath/dev/null
$ chmod 666 /chrootedpath/dev/zero
Running ldd on the sshd binary executable will display the executable’s shared library dependencies. The first item on the list addresses a possible dependency that was omitted in Hutchinson’s howto. The absence of this file is a possible cause for a “/bin/sh: No such file or directory” error message to be displayed when connecting as the chrooted user.
Attempting to SFTP as the chrooted user may result in the connection being immediately closed. After logging in as the chrooted user, executing /usr/local/libexec/sftp-server may also result in a “Couldn’t open /dev/null: Permission denied” error message to be outputted. This is fixed by applying the second item of the preceding list.
Hutchinson’s shell script can be modified to incorporate the additional steps that are presented above.
A personal copy of the howto for future reference is found
here.
I have dealt with multiple dedicated hosting and colocation service providers within the last three years. I maintain the servers at the colo where stevedoria.net is hosted, and I assist clients who do not receive their hosting services from me. Dealing with demanding clients and their always very restrictive budgets gave me experience in configuring software to push available hardware to its limits.
Having managed computers at colocation sites for multiple companies and being humbled multiple times through personal experience, I have never felt so annoyed by the problems that arose with hosting companies. I recently assisted a client transition their site from a third-party hosting company to another. I was naive to believe that there were two basic forms of hosting: dedicated and shared. The client signed up for Verio’s Managed Dedicated Server hosting. First off, they attempted to bilk the client by providing hardware that was inferior to the client’s previous server. Upgrading servers with the hope of gaining improved performance was a key motivator for the transition. I discovered Verio’s “mistake” after careful prodding around the system. The server used a crippled version of FreeBSD, and a lot of the common tools that readily provide information about the server was stripped.
I believed that the handicapped version of FreeBSD was also a mistake and the correct server would provide a version of FreeBSD that is fully functional. I was wrong. Installing server monitoring applications, which would allow independent review of bandwidth usage among other things, could not function on the server. Information regarding the number of bytes and packets being transferred that is usually found in ifconfig was removed. Network diagnostic tools such as Wireshark and tcpdump did not work either. It seemed that the server was missing device nodes that were needed by these tools, and either the recompilation of the kernel or the loading of kernel modules was necessary. Unfortunately, the programs to load kernel modules were removed, so compiling a new kernel seemed like the only feasible option. Lo and behold, the kernel could not be found.
I called up Verio’s technical support line to seek help with recompiling a kernel on their server. I thought I would be able to at least gain information on where the kernel was located in the case that Verio’s operators were unable to provide active assistance. The support line number that was listed on their site connected me to their sales office, which had a recorded message about their office being closed. I was frustrated enough to require technical support, and hearing sales pitches for additional services was the least desirable thing to hear. After digging through my email, I found a technical support number that worked. It took a great deal of constraint to communicate with Paul, the Verio technical support representative who answered my call.
I discovered through Paul that the kernel was totally inaccessible to all users, including root. At this point, I concluded that the supposed dedicated server is nothing more than a virtual machine with a convoluted version of a respectable operating system as a thin facade for an actual dedicated server. Verio Managed Dedicated Server just isn’t. Methods that increase resource usage visibility that would enhance Verio’s accountability are prevented. Security measures like FreeBSD’s firewall cannot be deployed. There is no telling of how the resource demands of other customers hosted on the same physical machine will affect the client’s Internet presence. There is no telling of how Verio’s restricted FreeBSD server will hamper a power administrator’s ability to diagnose and rectify future server problems.
I find myself making the most of what is provided to meet a client’s demanding needs once again.
Although I’ve been busy with a lot of work lately, I have been thinking during my commute to work about what I would like to do if I had more time. Here’s a list of things that I would like to accomplish in the first half of 2007:
- Investigate the use of Logical Volume Manager (LVM) for the Linux operating system to create consistent snapshots of secondary storage volumes that can be readily backed up
- Deploy a backup system that minimizes the loss of personal data that is stored on all computers within my home network
- Read Richard Stevens’ Unix Network Programming to validate the way that I use the sockets API
- Find and help an open source project to practice reading code written by others
- Check out Python or reinforce skills in Javascript
- Learn more about common practice in administering GNU/Linux and Unix-like operating systems
I do not allow people to use Telnet on servers that I manage, because usernames and passwords are transmitted over the network as clear text. As concerned about security as people are, I am surprised at peoples’ insistence on using FTP. FTP, a network protocol that also transmits password information as clear text, continues to be widely used. Problems arise in the use of FTP when firewalls are set up between clients and servers. For example, giving clients the option to use either active or passive modes creates more headaches for network administrators who may already have configured FTP servers to listen on specific ports that firewalls are configured to expose. Even more problems are apparent when trying to use FTP over a tunnel.
FTP is broken. Stop using it and adopt secure file transfers with SFTP. FileZilla is an open source SFTP client for Microsoft Windows. Other graphical SFTP clients that support other operating systems are also available.