Category Archives: Projects

Nagios on OpenBSD: Web UI Timezone

Everywhere on the internet you’ll see a reference to setting the TZ environment variable in your Apache config. Except I’m using OpenBSD HTTPD, not Apache HTTPD. Furthermore, I’m using slowcgi to run the CGI scripts. Well it turns out the solution is pretty simple. Copy the zoneinfo files into httpd’s chroot directory:

# cd /
# tar -cf – /usr/share/zoneinfo /etc/localtime | (cd /var/www; tar -xf -)
tar: Removing leading / from absolute path names in the archive

Then at most you restart the services and the UI should have the correct timezone.

HTTPS Support

It took quite a bit of trouble but I’ve added HTTPS support to this site. As an aside, most of my work has been on infrastructure projects and preparing to move to a new content platform. I’ll discuss that separately when I am closer to making it happen.

Exciting Times

We live in exciting times. Myself especially. I’ve been working recently on a number of projects. I’d like to post a good summary of everything, but I hesitate to since I’d also like to deprecate this blog engine. So I’ll write some stream-of-consciousness type babble and then move on with my life.

WordPress is on my bad side. It seems to be under active development, and they have gone full nagware on me. That is to say, that every time I log in to the admin panel, there is a banner stating there’s a new version. I had to go so far as to write up an instruction guide as to how to do the upgrades since I could never remember and I needed to do them so frequently. Also, Matt Mullenweg’s concept of how the GPL works and how it interacts with commerce doesn’t sit well with me and therefore I don’t want to inflate the usage statistics of his software. Instead I’ll probably develop my own blog engine, using some BSD-licensed framework that I can develop to my own taste. Then no one needs to hear about my eccentric ideas.

My Kerberos/LDAP Auth project was a failure. Not a complete failure, but enough of a debacle that I gave up on it. It turns out that Windows 7 is broken in some way that I have not been able to remedy, specifically in how it requests/retrieves/generates Kerberos tickets for samba share access. I’ve set it to use only the arcfour cipher, but it still requests aes256 cipher. Then it kills its samba connection and spits out an authentication error. There are no logs or events. I plan to replace this setup with a Samba4 AD PDC, at some point when I fix my application hosting platform.

My virtualization initiatives have been a wash. The hypervisor hardware I have is all garbage and I have zero budget for new hardware. There is some progress on the Virago, in that I’ve taken it apart and got the original stator out. I haven’t put the new one in yet. Work on the ’88 Corvette Transmission overhaul has been slow going. I keep needing specialty tools that I don’t have.

Owncloud has some promise but I am unhappy with the software. It is far too fragile to update without risking data. I really don’t like that. It seems to stem from a lack of a decent database library and perhaps no reliable ORM layer. I don’t know enough about the internals to tell. I just know that I had to brute-force the upgrade from 4.0.7 to 5.0.10.

FusionPBX Provisioning

I got FusionPBX Provisioning to work on my beta HomePBX system. Turns out that you must specify only one of TFTP or FTP provisioning directory, or else the system will not be able to write out all of the files. This is because it unsets one of the variables ($file_name) after writing out the file once, but will still try to write out the file a second time in the FTP directory anyways (with an empty filename). Fun times. Because the system writes out all of the files to this directory, I was able to cobble together an nginx config that allows my Polycom phone to provision and push logs to the provisioning directory. Still no luck getting it to register though.


One thing I feel I’ve learned in the world of systems administration is that although there is such a thing as good documentation, it’s much like good food. It’s only good right after you make it, or if you take very good care of it. Depending on how you made it, it might not keep very well. All this to say, FreeSWITCH’s documentation left me lost and confused. The documentation seemed to me to be very fragmented, in that the valuable parts were scattered amongst various wiki articles and blog posts about how someone got FreeSWITCH working with specific hardware for specific purposes. It would have been nice to have seen an overview about some general conventions and a thorough description of what happens when you turn up FreeSWITCH out-of-the-box.

Compare this to Elastix (which is really just FreePBX + addons) where you can dig around in the GUI and get most of the configuration figured out fairly quickly. It’s not an apt comparison or a very fair one, but it describes my predicament. I am attempting to use FusionPBX with FreeSWITCH but it seems like FusionPBX doesn’t really take the bumps out of FreeSWITCH, rather just simplifies access to the configs.

In any case, here’s what I have on FreeSWITCH so far:

  • It’s very important to understand that the XML configuration files are all interpolated into a single file at runtime. This file is located at /var/log/freeswitch/freeswitch.xml.fsxml on FreeBSD. I had problems with redundant tags and nesting that were happening because documentation and HOWTO snippets weren’t explicit in how to specifically apply each example. (in other words Copy & Paste fail.)
  • When configuring POTS hardware, it’s important to note that DAHDI drivers instruct you to configure your analog ports with the signalling you expect to see from the far endpoint (on an FXO port, you would configure FXS signalling, as the CO side will use that signalling.) FreeTDM does the opposite — you configure the port with the signalling that the port will use. (On and FXO port, you would configure FXO signalling.) I didn’t see this in any of the documentation until after I found it mentioned in an e-mail to the freeswitch-users mailing list. I then found it on an FAQ/troubleshooting page. I lost two days to figuring this out. Mostly because I was doing this at 3am those days.
  • Internally, FreeSWITCH seems to refer to endpoints using a nomenclature like this: module/instance/counter. For example, (FreeTDM/trunk/1) or (sofia/internal/ There also seems to be an alternative nomenclature which causes some sort of internal resolver process to be used to identify the specific endpoint: “extension dialplan_type dialplan_context“. For example “1000 XML default”.¬†Examples in the documentation didn’t appear to explain this at all. I had lots of trouble getting my FreeTDM extensions to work properly, to an extent that I began to believe that I wouldn’t be able to use my hardware under FreeBSD. It turned out that I was putting them in the configuration wrong. I had “FreeTDM/1/2” or “FreeTDM/exten/1/2” (meaning module/span_number/channel_number” or “module/span_name/span_number/channel_number” instead of the correct nomenclature above.

I’m sure there’s more, but I’m more interested in getting this posted for now, and getting something more formalized up later. I’ve been working with FreeSwitch more over the past few days since I started writing this post on the 30th and things are coming along, slowly. I at least have the PSTN stuff fairly well down, and got voicemail and SIP registrations partially working as well. The next steps are to smooth eveything out and get some better logging and UI in place (e.g. error reports when lines are busy, etc.)

Brave New Worlds

I’ve been doing a lot of exciting things lately — too many to go into great detail right now.

  • FreeSwitch / FusionPBX as a replacement for Elastix. This is allowing me to roll all of the services provided by the Elastix box into another already built system.
  • URL Shortener. Still in progress, but hopefully coming soon.
  • Anti-Spam stuff — site-wide SpamAssassin with Spam-folder support.
  • XMPP Server with Conferencing

Additionally, I have been pipe-dreaming up more projects to keep me busy.

  • ClamAV for the anti-spam stuff, plus a web-based quarantine manager
  • Debating breaking down and installing a IMAP-backed webmail package
  • Diaspora seeds
  • lighttpd or nginx as reverse proxy / static host to replace Apache
  • Django as a replacement for WordPress and gateway to many more things for the site.

I have been forced to budget my time somethin’ fierce, but here and there I’ve made some great progress. Hopefully I’ll be able to document it all here at some point.


I’ve made some progress on my MicroStorage project. Some day I’ll have to document it in a page here. I managed to get the storage server and my XP workstation log in using Kerberos credentials and be able to talk to each other. The downside is that Windows 7 is not cooperating. I’ve taken a quick peek at having my Mac talk to the storage server but that may prove to be troublesome as well.

The Windows 7 issue seems to be related to intricacies of the newer MS kerberos implementation.

Handyman Bill

I came up with this crazy idea related to politics. I need to start writing stuff down about it, so I’m starting by putting something out here. The inspiration came from my vague understanding of a couple of aspects of the complex structure of politics in the US, specifically:

  1. Individuals and households largely do no participate in governance or politics, sometimes even in their own communities.
  2. Many pieces of legislation are not generated by legislators, instead they are provided to legislators by interested parties.
  3. Individuals can become deeply invested in governance and politics when it come to specific issues that are important to them.

I had the idea to apply some principles I’ve seen applied in other fields to the “problem” of disinterest in governance and politics. I mention governance separately and distinctly from politics because while I believe it is important for citizens to be engaged in issues and questions of governance, I don’t believe that should necessary entail involvement in politics in general. I suppose I might have to elaborate on that further at some point, but I digress.

So my idea is this: Create a system/framework/template that can be used to essentially “crowdsource” support for particular issues of governance so that individuals can have the same effect in politics as a larger interest group — but on the scale of individual issues. Initially I had the idea for a single website, named something akin to “Handyman Bill” which would allow for individuals to submit a request — like a helpdesk trouble ticket — for a specific issue and have that reviewed and contributed to by the public at large, and ultimately to have that followed through by the network of individuals who participate in the site. It is not necessarily a novel idea but I feel it’s important to get it out there. I will continue to work on it and polish it.

Fixing a Firebird

My sister owns a 1990 Pontiac Firebird with the 3.1L v6 motor. It had been sitting for a few months because rather suddenly it couldn’t hold an idle. It would crank and fire immediately but run really rough, and stall both if you let it run or if you gave it any throttle. I managed to pull two codes from the computer: 33 (MAP sensor high) and 35 (IAC valve failed).

The first code to show up was the MAP sensor code. I checked the sensor and the lines figuring that it could be those rather than the sensor itself. The vacuum line was in fact broken and so I replaced it. No dice. I then replaced the sensor. Still no dice. I replaced the MAP sensor. That caused code 35 to show up.

I pulled the IAC valve off and it looked bad. It was all caked up with carbon and I figured that maybe it just needed to be cleaned. Didn’t help. I decided I wasn’t going to dump any more cash into the project at the time so I let the car sit a few more months. After finally replacing the IAC valve there was still no progress. At this point I grew anxious. I was out of ideas. After scouring the ‘net for a few hours I decided to pull the manifold off and check the injectors. Bingo. 4 of the 6 injectors had a resistance of 12 ohms, One had 6 ohms, and one had 8 ohms.

After a trip to two different Advance Auto Parts, I replaced the injectors and put the car back together. Initially the engine loped between racing and a rough idle — but it ran. Eventually it stabilized and I was able to drive the car around the block. At which point it blew the O2 sensor out of the fitting on the exhaust pipe.


Systems Work

I’ve been working to consolidate and replace older, lower powered systems that I use with newer and better hardware. As part of this I acquired some Dell PowerEdge 2850’s. I recently built out one of them with FreeBSD 8.2 in an attempt to stage a replacement for my HP ProLiant DL380G3 that I use to host mumble, and another white box server that I run Asterisk on.

The asterisk side of that equation hasn’t worked out so well. I finally figured out how to get the DAHDI drivers to try to attach, and the system panicked. It didn’t automatically reset either. I’ll have to add that to my checklist. The mumble side of the equation did work out though, and I had already replicated a lot of the files off of the system so I ended up doing the cutover this morning.

The net result is that I’ve managed to power down the most noisy server in my rack and quiet down the house a bit. At some point in the future I want to follow up with more details on the kernel panic in the hopes that I can spare some agony for others.