IFR Magazine: Danger Below MDA?

AvWeb has a chilling reprint from IFR Magazine on US airlines intentionally descending below the approach plate MDA …

“Flight inspection noted that a GPWS alert was received at the reported location if the aircraft continued to follow the published Vertical Descent Angle (VDA) below MDA. The airline (and several others) reported that it was their SOP to do so, pointing to the benefits of stabilized approaches and the use of a continuous descent angle.”

(In layman’s terms, often an airplane is supposed to descend from the clouds, level out, then fly at the FAA minimum descent altitude until the runway is in sight. Airlines admitted they were continuously descending almost into obstructions every day to avoid leveling out first – completely crazy.)

Descending below the MDA into terrain would void insurance policies and likely result in the airline company folding.

In the Polish state visit to Russia accident, the captain similarly made up his own approach procedure. He descended below MDA and used an on-board radar altimeter over uneven terrain at treetop height. The resulting crash killed 1/3 of their government and military leaders.

Posted in Tech | Leave a comment

Why Can’t ISPs Handle SPF Records?

I’m always appalled when I need to setup a Sender Policy Framework (SPF) record using ISP zone file editors.

It took ThePlanet (now owned by IBM/SoftLayer) 5 years to fix their web interface to handle valid SPF records (re-edit and save) – and that’s *after* I reported the bug.

I had to make an official visit to their CEO as their #109th largest customer to actually get somebody to look at the ticket. Their engineering staff was in disbelief, until they actually tested it and said, “Oops!” :)

GoDaddy currently has 3 oddities in their new and classic DNS zone editor web programs:

  1. the SPF wizard does not show double quotes, required for records with spaces, as all SPF records have. It silently inserts the quotes, doubling them if you also add them, causing an invalid record.
  2. their SPF wizard wildly flails around, making the longest SPF records I’ve ever seen. That means problems, like more DNS lookups and possibly truncation issues
  3. it refuses to allow domain names in the left-hand column, forcing the origin (@ symbol). That works for most people, but I hope you’re not the exception.

Can you spot more bugs? :)

Register.com’s new zone editor UI for their partner site, rcomexpress.com, removed the TTL option. The default is now 60 minutes, with no way to change that. I have a feeling they wanted to make a mobile-friendly simpler UI.

Notes:

  • Regarding #3, for those people not familiar with SPF, rules apply to domain names and subdomain names, usually mydomain.com or mail.mydomain.com, the latter of which @ will not match.
  • SPF clients match the SPF or TXT record with the FQDN in the Return-Path header. If you don’t want to add a SPF record for each host (like www0 and www1), then email server masquerading can be used. In sendmail, that’s
    FEATURE(masquerade_envelope)dnl

openspf.org: Common mistakes when creating an SPF record

Posted in Open Source, Tech | Leave a comment

How to Make mod_rewrite Do What You Mean

A Yahoo! engineer once said to me, “The most important feature of Apache httpd is mod_rewrite. It allows large sites like ours that have frequent content structure changes to be controlled with redirects.”

But mod_rewrite seems as stubborn as a mule sometimes …

A technique that I use is to take a cookbook entry and work backwards. Instead of trying to make everything work at once, hard-code in a result I want and then gradually generalize the rules to handle more matches

Posted in Open Source, Tech | Leave a comment

Developing Twitter Apps with Perl

Most of the Twitter-related blogs and sample code on the web are obsolete, so I wrote this overview for 2015.

The most important things to know are:

  1. Twitter API 1.1 is required using OAuth and SSL
  2. your must register with Twitter for two sets of tokens:
    1. consumer credentials (API key).
    2. Twitter-approved OAuth tokens. To register for these, you need a Twitter account with an associated mobile phone number. Since Twitter has a unique constraint on mobile numbers, that means you have to register a new phone number or move an old phone number from an existing account. To move your phone number, just SMS “Start” to 40404 and answer the messages sent back. You need to know the password of the new Twitter account, but not the old account.
  3. The Perl CPAN module I use is Net::Twitter
  4. to do multi-tenant tweeting, use the same consumer key as above but request the OAuth tokens from each client.

The Net:Twitter API calls I use are:

  1. update (tweet)
    use Net::Twitter::Lite::WithAPIv1_1;
    
       my $nt = Net::Twitter::Lite::WithAPIv1_1->new(
           consumer_key        => 'abc',
           consumer_secret     => 'def',
           access_token        => 'ghi',
           access_token_secret => 'jkl',
           ssl => 1,
       );
    
       my $status = 'Hello, world!';
       my $o $nt->update($status);
    
       my $status_id = 0;
       if (defined $o) {
          $status_id = $o->{'id'};
          print "status id=$status_id\n";
       }
    
  2. destroy_status (delete tweet)
       my $o = $nt->destroy_status($status_id);
    

To delete a tweet, you must save the status ID of the tweet. (Likely that means inserting the status ID in a database.) Also, only the account who tweeted can delete the tweet.

Posted in API Programming, Tech | Leave a comment

Upgrading Percona Server 5.5 to 5.6 on CentOS

Percona LogoI like using Percona Server for some projects because you get to see what their clients feel is important for operating MySQL at scale, as reflected in the features that Percona adds. Some examples are fast Innodb log replay and transportable Innodb tablespaces.

A drawback of Percona Server is that they do limited QA on packaging, so I find that the grant tables get in a bad state after using yum update a few times. So I recommend periodically doing a fresh install.

Here’s the steps I used for upgrading from 5.5 to 5.6 on CentOS this weekend. It’s helpful as a checklist for non-DBAs, and as a pre-flight for DBAs so they will know what to expect in advance.

(Nearly all of this applies to upgrading to Percona XtraDB Cluster (Galera) as well. Just change the package names and start the first server with the pxc command.)

  1. read changelog and decide if your app will work with 5.6. For example, timestamp formats have changed since 5.5.
  2. stop apps and monitoring.
  3. backup old databases with mysqldump and capture the old grant commands.

    To mysqldump the MySQL grant tables, you may need the –skip-lock-tables option:

    # mysqldump -h host -u root --skip-lock-tables -p mysql >grants.sql
    
  4. remove Percona packages:
    # yum remove Percona-Server-client-55 Percona-Server-server-55 \
    Percona-Server-shared-55
    
  5. You must rename my.cnf so that yum install will generate the mysql grant tables:
    # mv /etc/my.cnf /etc/my.cnf.old;
    # rm -fr /var/lib/mysql
    # also, comment out deprecated option like table_cache or
    #    the new server will not start
    
  6. Find and remove any files that should have been removed:
    # find / -name Percona
    # find / -name mysql
    
  7. Install new packages:
    # yum install Percona-Server-client-56 Percona-Server-server-56 \
    Percona-Server-shared-56
    
  8. Can move my.cnf back now:
    # mv /etc/my.cnf/old /etc/my.cnf
    
  9. # service mysql start # if it doesn't start, read mysqld.err
    
  10. if the grant tables were not created, you can do this:
    # chown mysql:mysql /var/lib/mysql
    # chgrp mysql /var/lib/mysql
    # mysql_install_db --user=mysql --ldata=/var/lib/mysql
    
  11. if you use replication, add grant on master now:

    mysql> grant replication slave on *.* to 'repl'@'slave-ip' identified by 'pw';
    mysql> flush logs;
  12. Post-install commands which only need to be run once on the master:
    mysql -e "CREATE FUNCTION fnv1a_64 RETURNS INTEGER SONAME 'libfnv1a_udf.so'"
    mysql -e "CREATE FUNCTION fnv_64 RETURNS INTEGER SONAME 'libfnv_udf.so'"
    mysql -e "CREATE FUNCTION murmur_hash RETURNS INTEGER SONAME 'libmurmur_udf.so'"
    
  13. If you use replication, on the slave:
    mysql> change master to master_host='master-ip',
       master_user='repl',
       master_password='pw',
       master_log_file='my-binlog-prefix.000002',
       master_log_pos=4;
    mysql> start slave;
    mysql> show slave status\G
    
  14. restore your database backups (not the mysql database tables, as their format changes over time. Use GRANT statements instead.)
Posted in Linux, MySQL, Open Source, Oracle, Tech | Leave a comment