Jim Rome and respect for the arts

I’ve not made a big deal of linking to Jim Rome’s band tweet and the articles about it. The dude is a “shock” celebrity, so this kind of press is what he thrives on. Though in this specific case, he got a bit more than he expected.

Still, I have thought a bit about it. For reference, here’s Jim’s tweet:

“Is there anyone not in a marching band who thinks those dorks running around with their instruments are cool?”

To anyone, and I mean anyone, who has been in a marching band or the arts in school, this attitude is NOT new. Aside from name calling people geeks or dorks, there is a definite class idea here. In high school I remember the perplexed discussion with a football player that I had a letter (for music) on my letterman. Even if it was in a different color from the sports-based letters, he thought that I shouldn’t have it. Sports are superior to things like music, dance and visual arts, you see.

Most of the responses to Jim focused on being called a “dork” or “not cool.” And also at the implied triviality of band. A few responses also referenced the implied idea that band was less work or effort than sports. Because, in certain contexts, marching band is just as hard as sports. To anyone who thinks that sentence is insane, here’s a warmup from the 2007 Phantom Regiment as an example:

I think they are stepping 5-to-5 (a one-yard stride) at the speed you would sprint at. And they’re playing the final chords from the Firebird Suite there, the loudest/strongest part of their show. And at the end, the instructor has them turn around to do it again. They are doing a drill any football player knows: windsprints. And they’re doing it carrying instruments, in formation, and while playing.

But I think making this discussion into “band is as tough as a sport” is wrong. They’re two different things, and turning this into a “we’re tougher than you” argument is silly. Band can be tough, yes. But that’s not the argument here.

Here’s Jim’s no-pology that he issued once his twitter stream exploded:

“Band nation – I hear you. I was out of line. I apologize. I do not condone bullying of any kind and that was not my intent.”

Do you notice that Jim is trying to re-frame the discussion? Thankfully the brevity of twitter makes it obvious. He’s saying this is about “bullying” now. We can talk about how “bullying” is wrong and move on, right?

This tweet bothered me way more than the original one. And I was trying to figure out why. Was it the blatant attempt at manipulation? Or is it because I’ve heard a million variations on the first one and ignore it?

(And I have heard the “band geek” stuff a ton. Maybe there is just something in that drunk-bro-mentality of football that makes it ok for the fan to insult the band. I recall one Marshall University game where a drunk fan bellowed to us – the visiting team’s band – to “Look! Our color guard is coming on the field! Now you’ll know why we’re called the thundering herd.” – misogyny at the top of your lungs about your own band? It got a laugh from other Marshall fans.)

I realized this morning that it wasn’t either of these. It was who Jim was. More specifically, what he does as a profession, that bothered me. He doesn’t get to re-frame this discussion as bullying. His first tweet was a deliberate dig for reaction. This is about using the bully-pulpit for profit, not bullying between jocks and geeks.

And it’s that bully-pulpit, that is, his profession, that is where the focus should be:

Let’s take the band for a moment as Jim frames it: A bunch of geeks and dorks filling out half-time while the players rest. And making noise for the fans during the down times. Peeling back his offensive language, that is what he is saying: A band can contribute to a football game, but aren’t core to it. They’re like the overpriced beer, the cold weather, the bench seats, and the drunken fans yelling at the teams: they are part of the event. They are ambiance for fans in the stadium.

Ok. Got that, Jim. But what are you?

Jim is a sports commentator. Not a stadium announcer. Not a sportscaster calling the game on radio. His job is to be an offensive smart-ass to help provide commentary on the game. Even in the harshest framing Jim might give a marching band, it is contributing more to the event than he is. I have never heard of anyone talk about how good the sports commentary of a game was. I know of no-one who tunes in to see a game because of the sports-commentary. I know a LOT of people, myself included, that wishes the commentators would get the hell off the screen, shut up, and get out of the way of the telecast of the game. You and your job, at best, is to fill dead-air and/or be a pest in the way of watching a good football game.

Jim: Is there anyone not in TV broadcasting that thinks these dorks hired to fill the dead TV air are cool?

So, I’ll be over here with my band geeks and dorks, who tend to be cool people and successful from the lessons they learned in music. Oh. And here’s Phantom Regiment playing that passage in performance. And yes, they are basically running the whole time, and this is at the end of 15 minutes or so of this. The insanity starts at 1:30, it’s impressive:

I’ll have an “Old Man Bishop”

So as with many drinks there is a competing claim to who invented the “Long Island Iced” tea. One of the oldest comes from the land of whiskey: Kentucky.

Ransom Bishop refers to the drink his grandfather “Old Man Bishop” put together in the 1920s. As a prohibition-era drink, it was a handy way to get a fair amount of alcohol in a visually inconspicuous drink.

One fresh Lemon half
One fresh Lime half

Squeeze both into a pint glass

½ oz. Rum
1 oz. Vodka
1 oz. Whiskey
½ oz. Gin
½ oz. Tequila
½ oz. Maple Syrup

Mix Thoroughly Then pour in 4 to 5 oz. Soda Water (Coca-Cola, Pepsi, or RC Cola) without stirring.

Updating mailman on Centos 5 due to DMARC

Recently, some major service providers (notably Yahoo, Comcast and AOL) decided to bounce email that did not conform to the DMARC standard. As a side effect, this broke many long-standing configurations for mailing lists. Full details on this can be read elsewhere:

If you’re like me, you have a CentOS 5 machine running mailman. Newer versions of mailman do have patches for this issue, but they seem to be unported to the CentOS 5 line. Version 2.1.9 of mailman is what is available in yum. I do not have the luxury to completely upgrade this box at this time.

So the solution seems to be upgrading mailman by hand. As there don’t seem to be any FAQs on this out there, here is how I did it:

Step 1 – Backup Mailman Content

Stop email and backup your mailman content. Thankfully mailman saves all the “important” stuff is saved in a directory structure that is portable and easily backed up:

service postfix stop
service mailman stop
cd /var/lib/mailman/
tar cvf ~/mailman-archive.tar lists archives data
tar cvf ~/mailman-config.tar /etc/mailman /etc/aliases

If you have made a custom apache configuration for your mailman by editing the mailman.conf dropped into apache’s cond.d directory, you will want to back that up too.

Step 2 – Remove existing mailman

Here’s where I say “have a backup” and you nod your head without listening. Yum will remove the outdated version of mailman and its configs. But it will leave all the list data in place.

yum remove mailman

In my case, nothing depended on mailman. So it only removed mailman.

If this is not true for you and it want’s to removed other things
, I would use rpm with “–nodeps” as the removal command.
Be very careful with nodeps. It is an antipattern. Make sure you know what you are doing.

Step 3 – Download and install mailman

Newer versions of mailman have a dependency on dnspython, and that is not available as a yum package. So you will need to download and compile it:

yum install unzip wget
wget --no-check-certificate https://pypi.python.org/packages/source/d/dnspython/dnspython-1.11.1.zip
unzip dnspython-1.11.1.zip
cd dnspython-1.11.1
python setup.py install

Download mailman; compile and install it with CentOs-like settings:

wget http://ftp.gnu.org/gnu/mailman/mailman-2.1.18.tgz
tar xzf mailman-2.1.18.tgz 
cd mailman-2.1.18
./configure --prefix=/var/lib/mailman/ --with-cgi-gid=apache --with-mail-gid=nobody
make install

This installs ALL of mailman into /var/lib/mailman.

Previously, CentOs put the binaries in /usr/lib and a few other places and /var/lib/mailman was only the content of the lists. I am putting it everything in /var/lib/mailman so it will be easier to remove if they ever upgrade the yum version of mailman and I want to use that.

So, symlink the old path so everything still works out fine:

cd /usr/lib
ln -s /var/lib/mailman

Step 4 – Permissions, Init.d, and Cron

Check file permissions using mailman’s provided utility:


If there are file errors, you can use the same util to fix them:

/usr/lib/mailman/bin/check_perms -f

Install and configure the init.d script:

cp -v /var/lib/mailman/scripts/mailman /etc/init.d/
chkconfig mailman on

Install and configure the cron jobs:

cp -v /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman

Step 5 – Configure Apache
Edit /etc/httpd/conf.d/mailman.conf to look something like this:

ScriptAlias /mailman/ /var/lib/mailman/cgi-bin/
<Directory /var/lib/mailman/cgi-bin/>
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all

Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all

# Uncomment the following line, replacing www.example.com with your server's
# name, to redirect queries to /mailman to the listinfo page (recommended).

# RedirectMatch ^/mailman[/]*$ http://www.example.com/mailman/listinfo

Step 7 – Log in and configure your lists for DMARC

Restart apache to pick up the new config:

service apache restart

At this point you should be able to access your lists, see archives, etc from the web interface.

As with some mailman upgrades, your admin password may have been reset. You can set it by using the command line:

/var/lib/mailman/bin/mmsitepass NEWPASSWORD

You will need to log into each list’s admin page, and for the option of “from_is_list” select “Munge From.” This will change how the mailing list handles the “From” of each email. Rather than making it appear like the person sent the email as the list, it will say something like “Person Name as List Name” or such. Which is accepted as legal as it does not mangle the DMARC checksum.

Step 6 – Restart mail

Restart mailman and your MTA:

service mailman start
service postfix start

At this point, your mailing list should be functional. Send a test message and watch maillog to see if it is delivered to any Yahoo receipients.

I hope this helps.

Unbuckling the safety belts

In the last year or three, many programming languages, libraries, browsers and applications have been getting stricter and stricter about how they handle and accept SSL certificates.

Of course, this is due to more and more exploits showing up in the wild. So now, formerly acceptable actions are getting warnings, and former warnings are causing code exceptions.

This pain is especially felt with self-signed certificates. Many products, or systems just generate a generic self-signed cert that is not necessarily signed to the full hostname of the end system. Almost universally, these updates outright refuse to accept this situation.

This is a regular headache for the overworked operations engineer and sysadmin. Many of the management consoles on modern equipment are inevitably a java application or a web interface. And many companies do not have the money to sit there and purchase full SSL certificates for each machine. And that assumes that you can change the certificate out.

I realize that is a long preamble, but I want people to realize the situation that is at hand. In many cases you are stuck from being able to automate or access the consoles or controls of your own servers by these changes.

It’s a long way to explain that there are times and places you find yourself needing to disable SSL validation. And for the other folks who have run into this, this is why I am writing this out.

If you’re really sure this is your only option. Here’s how to do this.

Java Applications

For Java, the answer was buried in Oracle’s documentation: http://docs.oracle.com/cd/E13222_01/wls/docs70/secmanage/ssl.html

When they started to require hostname validation, they also provided a way to turn it off. On the command line (or in app server settings) you can set the following parameter:


Java Web Consoles

When you launch a console from something like a UCS Manager or an IBL Bladecenter it often provides you with a JNLP file that is associated with the “Java Web Start” binary “javaws.” Usually your web browser downloads this file and opens it with javaws as an external viewer. Or it uses a plugin.

To force this to work, save the JNLP file onto your file system. And edit it in your favorite text editor. It is basically an XML file that describes how to launch the application and with what resources.

In the “j2se” section of the “resources” block there is a command line option called “java-vm-args.” These are the exact same command line type arguments you would pass to the standard java binary. Just add the same parameter as above. Save the file, and launch it with javaws.

Perl Applications

I do a lot of automation work in Perl. Often I am using high-level libraries like WWW::Mechanize, LWP, Soap::Lite, etc that is doing a lot of the basic web work for me. They, in turn, call the libraries that handle the SSL validation as part of that work.

As with everyone else, SSL implementations in Perl have begun refusing self-signed certificates. Thankfully, there is a way to work around this issue without having to deal with any intermediate modules that are calling SSL. You can set environment variables that are then read by the SSL modules when instanced.

Setting the following variable at the beginning of your program may solve any validation problems you have:


I had to say “may solve” in the above example because there are several SSL implementations available in Perl and not all of them check for this variable.

Personally, I ran into this at one point with Soap::Lite, which uses LWP for it’s web work and LWP can work with several different SSL libraries, depending on what is available in the OS.

To make things functional, you can tell LWP which SSL driver you wish to use. And they do this via another environment variable:


Setting those two lines seems to clean up all the situations I have run into in Perl.

As with any solution someone blogs about, “your mileage may vary.” But hopefully this helped someone else out.

A killer business idea

I think I’ve had the best business idea I’ve had in years.

It’s simple. I want to make a DNS registrar.

Yeah, I know there are dozens of them. But this is the difference:

It will be a ZERO UPSELL registrar. I will charge you what is the basic price I can to make the business profitable, and that’s it.

You register your domains with me and I will leave you alone. At no point will I ever try to sell you any other service such as hosting, DNS protection, email accounts, address masking, SSL certificates. I will not email you newsletters, offers on new services.

I will make the UI as clean and as simple as possible. I will also publish a rest API so you can automate your transactions.

You will have the option of yearly, or monthly aggregate billing of your domains. And domains may be marked as autorenew or left manual.

That’s it. No fuss. No muss.

Think you’d pay an extra buck or two to never have to click through an “Add 5 mail boxes for $1.99” again?

About that concert

Yeah… it rocked.

I hope to post the music links soon.

That is one of the best concerts I’ve played.

Upcoming Concert

I don’t necessarily publicize all the concerts I play in.

I do this for a few reasons. #1 I recognize that not all concerts that are fun to play are necessarily fun to listen to. (Especially for some modern works.) And #2 I would be posting lots of times because I tend to play in several groups.

Which is all a round about way to say this: This next concert is going to be AWESOME!

No really! The good band: the Ohlone Wind Orchestra will be presenting a fall concert on Sunday, November 10, 2013 @ 2pm, that is an absolutely smoking lineup of tunes.

We are performing things like the transcription of Bernstein’s Overture to Candide, and some great programmatic pieces like The Sword and the Crown and Scenes from the Lourve, as well as a monster of a piece by Frank Ticheli: Blue Shades. It amazes me that the “light” pieces for this set (Symphonic Fiesta No. 3 and Jager’s Third Suite) are “only” standard band repertoire pieces.

This is going to be a rocking concert of serious and fun literature.

If you’re on the fence: This year, the California education system cancelled all recurring classes in the secondary schools. That means that all the arts and sports programs at Ohlone were effectively ended. We converted our class to a community-education offering, and we are now self-paying for all facilities.

So if you want to show up at a GREAT band concert, please do! Or if you want to help a struggling arts program that needs only a few concert tickets to break even, please do that too!

“DevOps” washing…

I work for the professional services division of a company that is mostly a storage reseller. (VAR)

What this means is there is often a desire to package up services that people like me can provide along with the hardware that we sell. The professional services side is often a nice add on. Think of this as a short-form of a sales pitch:

“I tell you what. If you buy the blade-center, storage and VMware license through us, you’ll get our bulk discount from the list prices and we’ll toss in a week of “jumpstart” team training from our licensed professional trainers.”

It works fairly well. I have a strong sysadmin and programming history, and the other folks on my team are all strong players. I am often augmenting companies to do something difficult that they don’t do often: array migrations, implementation of virtualization, automation of processes, integration of systems, etc.

So basically, I’m a DevOps engineer for hire.

Whenever you have a cool new idea or concept, like “DevOps” or “cloud” or “Agile” or “Extreme” or … you get the idea, there is a tendency for people to want to jump on the bandwagon.

When I was at DevOps days in Silicon Valley, one of the keynotes commented about wanting to avoid “DevOps washing.” Which is where people brand everything “DevOps” and sell it as “the new thing.”

Imagine the mix of reactions that hit me when this grade-A raw version of the idea landed in my mailbox. A sales-lead sent the following out to the various professional service heavies:

Could/Should we try to put together productized Dev Ops in the box platform (hardware/software with minimal to no customization), that would/could support multi-tenant environment – as in, same company but people working on different projects (or clients) that can’t touch each other and have no inter dependencies.

For a while I mused on how to react to this. For a lot of things that bridge areas of expertise (sales vs tech is a good example) I often find a good metaphor helps.

The one I though of was “Zen.” He just wrote and email that said, “I want to sell Zen in a box.” And I need to explain to him that while you can sell a rock garden, rakes, gongs, robes, prayer wheels, and even a whole monastery, you can’t “sell” someone Zen. Zen is a collection of beliefs, priorities and actions. You can TEACH Zen.

And even worse, if you advertise you are selling “Zen in a box” it outright labels you as not knowing what you are doing.

I’m curious? Can you think of a better way of plainly explaining that DevOps is not a product that can or should be sold as a line item? And telling them to “read the Phoenix Project” doesn’t suffice as a serious answer?

I really hate using “Zen” as an example to explain with because of the religious overtones. Is there a better way to state this?

Today’s mischief – ROMAN DEATH!

Today’s mischief is brought to you by the line-noise that you can compile: Perl!

You can add this code ANYWHERE in an executing perl stack. (a module, a referenced library, an inherited base class, etc) Then at any point the perl application warns() or dies() and shows the accompanying error, the line number is shown roman numerals.

  my $roman = sub {
    my $message = shift @_;
    chomp $message;
    my $file = __FILE__;
    my $line = __LINE__;
    my $roman;

    while ( $line >= 1000 ) { $roman .= 'M' ; $line -= 1000 }
    while ( $line >=  900 ) { $roman .= 'CM'; $line -=  900 }
    while ( $line >=  500 ) { $roman .= 'D' ; $line -=  500 }
    while ( $line >=  400 ) { $roman .= 'CD'; $line -=  400 }
    while ( $line >=  100 ) { $roman .= 'C' ; $line -=  100 }
    while ( $line >=   90 ) { $roman .= 'XC'; $line -=   90 }
    while ( $line >=   50 ) { $roman .= 'L' ; $line -=   50 }
    while ( $line >=   40 ) { $roman .= 'XL'; $line -=   40 }
    while ( $line >=   10 ) { $roman .= 'X' ; $line -=   10 }
    while ( $line >=    9 ) { $roman .= 'IX'; $line -=    9 }
    while ( $line >=    5 ) { $roman .= 'V' ; $line -=    5 }
    while ( $line >=    4 ) { $roman .= 'IV'; $line -=    4 }
    while ( $line >=    1 ) { $roman .= 'I' ; $line -=    1 }

    print STDERR "$message at $file line $roman\n";
    exit 0;
  *CORE::GLOBAL::die  = $roman; 
  *CORE::GLOBAL::warn = $roman;

This is especially effective on large OO deployments and mod_perl setups!
It’s great for driving your friends into homicidal rage! 🙂


die "foo";


foo at mydie.pl line VII

And yes, it passes “use strict” without notice.

DevOps Days – Silicon Valley 2013

I let the whole journaling thing go for a while, so I think I should fill a few key things back in.

Most of my work of late has centered around the DevOps movement and related technologies. In many ways, it’s providing terms and frameworks for stuff that I have long know was “the right way” to do things.

A big turning point in understanding was when I attended the local DevOps days conference back in September.

I work as a professional services consultant, and we tend to share knowledge a lot. After the conference, I wrote several emails back to my team explaining the conference. (There were aimed at an audience included both tech and non-tech folks.)

It gives a neat mental snapshot of me walking in on this whole movement:

Continue reading DevOps Days – Silicon Valley 2013 →