This series is from the weekend – mostly the castle itself as the walk along the seafront gave few opportunities.
Through The Gate
Through The Gateway
Two Of Them
Two Of Them
Outside The Walls
Outside The Walls
At Rest
At Rest
Jan 142011
Jan 132011
Sarah Palin has recently made a speech on the recent shooting spree in Arizona where a congressperson was shot (and probably targeted by the shooter) in relation to the media noise about the aggressive and combative attitudes in US politics at the moment. In it she claimed the media was launching a ‘blood libel‘ against the right-wing in US politics in its criticism of the political debate.
Whether or not she has a point to make, the use of the phrase ‘blood libel’ here is grossly inaccurate and an example of exactly what the media is talking about. Blood libel is the phrase used to describe the hysterical accusations of anti-semites accusing Jews of sacrificing Christian children and draining the blood for some religious purposes – if it hadn’t been used as the excuse for slaughtering Jews throughout history, it would be ridiculous. I am hardly an expert on the US media, but I find it extremely unlikely that anyone from the US media is likely to hunt down any right-wingers, kill them, and drink their blood.
Sarah Palin’s remarks are merely a hysterical over-reaction to a perceived attack on the right-wing. To be fair I should point out that apparently others have used the phrase in US politics recently. Which just goes to show that US politics is little over-heated. Interestingly a conservative commentator has pointed out that the use of this phrase is an indication that Sarah Palin just isn’t of presidential material – presumably presidents are expected to behave and talk in a slightly more dignified fashion.
Did the US media attack the right-wing ?
The US media did comment after the shootings that there is a considerable level of aggression in US politics today, and used an example showing certain US congressional areas targeted with rifle cross-hairs which was published by the right-wing. This could be said to be unfairly criticising the right-wing except that the reason that example was used was that the congressperson who was shot (Gabrielle Giffords) had previously complained about that very publication in which she was targeted.
Personally I don’t believe the right-wing was specifically targeted in the various suggestions that US politics can be a little aggressive. There is a lot to be said for lowering the temperature in US politics – opposition, criticism, discussion and debate are all a part of politics and essential in any healthy democracy. But there’s no need to go too far, and throwing around inappropriate phrases like “blood libel” is certainly an example of that.
I have no doubt that there are Democrats who go too far too.
We have no way of knowing how much the current atmosphere in US politics had an effect on the shooter, and will probably never know. After all he is clearly a deranged individual and he probably doesn’t know himself. The naysayers who claim it had no effect have no way of knowing that. If it did have an effect, it does not make those making inflammatory comments responsible for these shootings – not even to the extent of inciting murder.
But the current state of US politics could have an effect on deranged individuals even if it did not in this case. As such it is worth considering whether toning it down is worthwhile. Say “she’s an idiot” rather than “she’s a traitor”, say “he should be fired” rather than “he should be put in the chair and the switch thrown”. It doesn’t ruin the debate and it might just save someone’s life – isn’t that worth it ?
Jan 112011
This one is from a while back during the mid-winter break, and made on the beach at Southsea.
Signs Of The Sea
Signs Of The Sea
Turns out on this trip to the seafront, I could only get one image I was happy with but again battery life was limiting me although I’ve recently fixed that by rescuing some elderly batteries.
Jan 112011
First of all, read the disclaimer.
This section is all about small changes that are not important or tricky enough for a blog posting on their own. As such it is likely to grow as I encounter things.
Turning Off Spanning Tree
STP is kind of a noisy protocol, and on small and simple networks it probably is not really needed. To make packet sniffing easier, it may be worth turning off the protocol on all the interfaces … or VLANs :-
router# configure terminal router(config)#no spanning tree vlan 101 router(config)#no spanning tree vlan 102
Turning Off Cisco Discovery Protocol
For security reasons, or simply because it is unnecessary noise on a network with very little in the way of Cisco devices, you may want to turn off CDP :-
router#configure terminal router(config)#no cdp run
Autotuning Buffers
According to the documents out there, there is a dark and mysterious art of tuning buffers to optimise performance of your routers. It also says that it isn’t recommended in most situations which must disappoint aspiring übergeeks. However what is less often said is that there is a little option to instruct the router to automatically tune the buffers for optimal performance.
It is likely that it will not make a dramatic improvement, but it is worth turning on :-
router#configure terminal router(config)#buffers tune automatic
Warm Reboots
Normally when a Cisco router reboots it goes through the whole process of starting up as if it were just powered on (a cold start). This can take quite some time so any option to speed it up is worth considering. Turns out that there is such an option, which instructs the router “just” to reload IOS and restart that way.
It takes effect under two conditions – when the router restarts because of a fault, or when you restart the router manually with the “warm” option (reload warm). To enable this simply turn it on with :-
router#configure terminal router(config)#warm-reboot
Jan 092011
First of all, please read the disclaimer.
This section is all about maintaining some level of revision control on the configuration file that configures the Cisco router. This is obviously coloured by my prejudices which include using Subversion as a revision control package. You might like this or might not, but you may wish to consider it if you have not encountered something like Subversion before as being able to travel backwards in time through previous versions of your router’s (or anything else) configuration can come in very handy.
You may be thinking that you can do this already with a backup mechanism whereby you can restore previous versions of the configuration from tape, and undoubtedly thinking that in practice you don’t use it. Indeed I have found that even with very convenient access to the restoration mechanism, restoring files from tape is just too much work to do for anything less than serious – certainly trivial questions like “why did we turn on ‘warm-reboot’ and when?’ just don’t get answered. However they can and do get answered when using a revision control mechanism.
There is also the built-in archiving mechanism on the router itself, which is an option. However this option does not quite match Subversion for convenience, features, and indeed efficiency. But if you choose the archiving option, at least use an archive location not on the router itself!
The section on turning on warm rebooting has been moved to a new “tweaks” blog posting.
Copying Configuration Files
To make use of any Unix tools such as Subversion, we need a mechanism to copy files from the Cisco router to the Unix machine (and visa-versa). My chosen method is SSH (and “SCP”) although there are many other possibilities including the traditional option of TFTP. However using something a little less 1980s such as SSH is worth considering.
Before attempting to copy any configuration anywhere, we need a few details :-
- The name of the server providing the SSH service. In the example below, the server is called “hemp-chocolate” (and is in the same DNS domain as the router).
- The username on that SSH server which is roocfg in the example below.
- And finally the password for that user account.
To copy the configuration :-
router#copy startup-config scp://roocfg@hemp-chocolate/router.cfg Address of name of remote host [cotton]? Destination username [roocfg]? Destination filename [router.cfg]? Writing router.cfg Password: ! Sink: C0644 3255 router.cfg 3255 bytes copied in 3.400 secs (957 bytes/sec)
Anyone surprised at the use of host names in the command above should be aware that my router quite happily uses the DNS.
There is a chance you may get a “protocol error” when performing that copy. This may be due to the ssh server and client not supporting a common set of ciphers; it seems that Cisco supports a limited set of ciphers. When this interacts with a server that supports a different limited set of ciphers (certain unsupported versions of Solaris), you may have issues. In which case switching to the real openssh software package (see OpenCSW) solves the problem.
Preparing The Repository
The first task is to create the repository – assuming you have already installed Subversion of course! The following instructions assume that the place in the filesystem for all repositories is /repositories.
# svnadmin create /repositories/router-configuration # chown -R roocfg /repositories/router-configuration
The permissions changes are my way of ensuring that the user:roocfg will be able to use Subversion without permissions problems. There are different ways to handle this, but this one works for me. After creating the repository, the next task is to check out a working copy of the repository which we will use to copy configuration files into.
To do this, we switch to the user:roocfg, check out a working copy, move all of the contents of the new subdirectory into the user’s home directory, and check in the first version of the configuration file.
# su - roocfg $ svn co file:///repositories/router-configuration Checked out revision 0. $ mv router-configuration/.svn . $ rm -rf router-configuration $ svn status ? .bashrc ? .sh_history ? router.cfg ? .subversion ? .profile $ svn add router.cfg A router.cfg $ svn commit
The commit command drops you into an editor to write details of what you are committing. These details are important for future reference in the sense they describe the change you are making. Subversion can show you the actual differences between two different versions; the log entry that you write when committing a change tells you why the change was made – or perhaps logs a change control system ticket to refer back to.
At this point we can commit a change to the Subversion repository by :-
- Copying the configuration to the repository server.
- Logging into that account and committing a new version to the repository with an appropriate comment.
This is of course a manual process so is not ideal. When it should be done is up to you, but during pre-production, it is useful to commit a change at every significant milestone … but not every tiny tweak. Whereas in production, every change should be committed so it can be reverted.
Final Word
Not!
There is plenty more that could be done here, which I may return to in the future.
- It would be nice if the router were to automatically copy the configuration to the repository server in case someone forgets to perform the manual process. If the repository were reachable via TFTP, this could be setup with the router’s Kron facility, but a different method will be necessary for an SCP reachable repository.
- We need to be able to use the contents of the repository to configure the router. This is possible in various ways, but which one works best ?