can’t sa-update after a recent SpamAssassin upgrade?

I got bitten by this bug after upgrading to SpamAssassin 3.2.4 recently. It seems that the GnuPG key shipped with SA precludes the verification of signatures from updates downloaded using sa-update, due to some esoteric defect with the OpenPGP design. Anyway, the point is that attempting to download new signatures using sa-update results in the following error:

error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification failed.
channel: GPG validation failed, channel failed

(How many times can one say the word “failed” before I get the message?)

Anyway, it looks like the SA folks have corrected the problem with their key but it’s only available in SVN trunk so you have to perform the following magic incantation:


$ sudo gpg --homedir /usr/local/etc/mail/spamassassin/sa-update-keys --delete-key 0x5244ec45
$ wget -O - http://cvs.apache.org/viewvc/spamassassin/trunk/rules/sa-update-pubkey.txt?revision=610699 | sudo gpg --homedir /usr/local/etc/mail/spamassassin/sa-update-keys --import -

That assumes you’re using FreeBSD — adjust your paths appropriately.

The bug is still open and will be fixed in the next version (boy, if I had a nickel for every time I’ve heard that from vendors…)

this is where I pretend to be a CBC Radio News host

I’ve been on training the past 2 days at an internal CBC course called “CBC Radio 101” – it’s intended for those people who need to support CBC Radio staff in their daily jobs, so that we can get a better idea of their day-to-day workflow and process. It was a really interesting course and I really would love it if other IT folks were able to attend – seeing in-person how shows are put together gives a new meaning to the words “deadline” or “urgent”. Continue reading

faxing over IP networks: there must be a better way!

Faxing over IP networks does not work reliably. There are many technical reasons why; I won’t go into them here. This page provides a pretty detailed explanation about why trying to transmit analog modem signals over an IP network will not work — variable jitter, insufficient bandwidth, silence suppression and many other factors in VoIP call handling will work together to destroy your faxes. There are two main solutions in the FoIP (Fax over IP) space:

  • T.37 (store-and-forward): Use e-mail as the IP transport medium. T.37 defines a protocol by which faxes are converted to an e-mail message and then delivered to a T.37 endpoint – whether that is someone’s email box, or a device capable of translating the attachment into a fax image and then sending it to the target fax machine using the PSTN.
  • T.38 (real-time fax): Use either “Internet-capable” (T.38) fax machines, analog telephone adapters, or a combination of T.38 aware/compatible devices to transmit faxes using special UDP packets.

Neither of these mechanisms is particularly elegant. In fact, the adoption rate of T.38 is quite low among ATA makers, and many implementations are buggy. Also, the fact that T.38 must be implemented on both ends of a call is another nail in the coffin.

Let’s step back a moment here and reconsider what we want to do. Suppose I am a business owner considering (or having switched) to a VoIP network, but I still have my old (non-T.38 capable) fax machine. I want to send faxes to any other fax device in the world, and I don’t care whether the receiver’s equipment is T.38 capable or not. I am willing to invest in a T.38 ATA, and assume that I can do so without too much cost or effort, and that it will work reasonably well. What do I do? Continue reading

AutoRun in Windows considered harmful

Recently I started taking a basic course in Computer-Aided Design (CAD) at George Brown College – mostly for interest’s sake, although it’s partly because my day job at CBC is exposing me more and more to the engineering side of things, and I imagine it’ll only be a matter of time before I’ll have to start looking at technical drawings. The instructor recommended on day one that we all purchase USB memory keys to save our work, because there are no personal home directories on the George Brown network. Thus begins the sorry tale of how I managed to get a virus on my CBC-issued Windows laptop – thanks Microsoft! Continue reading

gopher site up and running

Forget WordPress, Facebook, Google, and all that Web 2.0 crap… remember Gopher? Actually, I never got a chance to really use it, which is why I set up my first Gopher home, perhaps 15 years too late. For those of you so inclined, and still armed with a Gopher client, go to Gopher site sdf.lonestar.org, path /users/keymaker. Those of you with newfangled "World Wide Web Browsers" like NCSA Mosaic, you’ll have to use this ugly URL.

Long live obsolete Internet technologies!

DECT and SIP

I haven’t had much of a chance to write about technology issues recently; quite frankly, not a lot has been happening that has interested me. Sure, Apple has announced a new MacBook that’s really thin, but, as usual, it has the 100% Apple markup over anything sensible. I mean, $3,000 for a notebook? I know that $1,000 of that is probably to pay for the solid-state drive, but I’m not even convinced that such technology is really necessary. I contrast this to a $500 Acer Eee laptop that would more than meet my needs! (Too bad the name is retarded, kind of like the Nintendo Wii)

Enough about Steve Jobs’ latest money printing scheme; I want to talk about telephony again. I went to a TAUG meeting tonight on the topic of integrating DECT with SIP. DECT is one of those technologies that has been around for a generation but has largely been ignored in North America; only recently has there been any uptake. Most people (myself included, at least up until about 4 hours ago) don’t even know that cordless phone systems that you can buy at Best Buy use DECT – okay, the example I linked to is a bit unfair since it says “DECT 6.0” right in the headline, but you get the idea. My friend Brian had a set of these in 2005 but I wasn’t any the wiser that it wasn’t just a regular WDCT set on the 2.4 GHz spectrum.

Continue reading

re-implementing Cacti

Earlier this year, we were forced into decommissioning our Cacti installation after the server it was hosted on suffered a catastrophic failure (it literally melted down). The server was an ancient Compaq Proliant DL320 with an older HP SmartArray RAID controller, so we had no feasible way of recovering the RRDs off it, nor the MySQL database.

Nevertheless, we figured our trending needs would be met by the implementation of another trending solution whose name I will withhold. It does the job of monitoring devices over SNMP just fine, but this product cannot get data from external scripts. This is essential for us to monitor things such as the thread states on our Apache servers. Consequently, we have decided to rebuild an instance of Cacti for these needs.

Continue reading

recovery procedure for VoIP PBX

My VoIP PBX (built on an embedded Linksys NSLU2) blew up tonight with a bad hard disk. Here’s the cheat sheet on how to recover it should it do the same next time.

  • Replace the hard disk and reboot the NSLU2. Since the network settings are stored in flash, it will come up on the old IP even if the hard disk has failed.
  • Format the new hard disk and partition it using fdisk. Swap space is recommended. Format it using mkfs.ext3.
  • Run turnup disk -i /dev/sda1 -t ext3 to move the rootfs to the disk.
  • Reboot NSLU2 and install Optware as follows:

    cd /tmp
    wget http://ipkg.nslu2-linux.org/feeds/optware/slugosbe/cross/unstable/ipkg-opt_0.99.163-9_armeb.ipk
    tar -zxvf /tmp/ipkg-opt_0.99.163-9_armeb.ipk
    rm /tmp/debian-binary
    rm /tmp/control.tar.gz
    tar -ztvf /tmp/data.tar.gz
    cd /
    tar -zxvf /tmp/data.tar.gz
    rm /tmp/data.tar.gz
    cd /opt/etc
    sed -i “s//stable//unstable/” ipkg.conf
    /opt/bin/ipkg update

  • Restore old packages – namely, xinetd, net-snmp, asterisk14, tftp-hpa, esmtp, and all the things that asterisk recommends you install
  • Reconfigure /opt/etc/xinetd.conf to allow connections from the local LAN.
  • Restore data from backup – namely, the contents of /opt/tftpboot and /opt/etc/asterisk
  • Create a startup script for Asterisk because it’s missing in the default package:

    #!/bin/sh

    if [ -z “$1” ] ; then
    case `echo “$0″ | /bin/sed ‘s:^.*/(.*):1:g’` in
    S??*) rc=”start” ;;
    K??*) rc=”stop” ;;
    *) rc=”usage” ;;
    esac
    else
    rc=”$1″
    fi

    ASTERISK_DAEMON=/opt/sbin/asterisk

    case “$rc” in
    start)

    echo -n “Starting asterisk: ”
    $ASTERISK_DAEMON 2>/dev/null &
    echo ok
    ;;
    stop)
    if [ -n “`pidof asterisk`” ] ; then
    echo -n “Stopping asterisk: ”
    $ASTERISK_DAEMON -qrx ‘stop now’
    sleep 1
    echo ok
    fi
    ;;
    restart)
    “$0” stop
    sleep 1
    “$0” start
    ;;
    *)
    echo “Usage: $0 (start|stop|restart|usage)”
    ;;
    esac

Nokia N800 Internet Tablet and WPA2-PSK

A few weeks ago, my friend Brian lent me his Nokia N800 Internet Tablet, because he has gone and purchased an Apple iPhone and no longer needs it. I was hoping to try and use it as a SIP client on my VoIP network, so that I could wander about the house and still make calls. (Unfortunately, the N800 isn’t actually a phone, which makes it somewhat limited in functionality.) For the life of me, though, I can’t get the damn thing to talk WPA2! Continue reading