For the last few years everytime I’ve decided to look at implementing a CMS I’ve got stuck.  It’s not because there isn’t a good CMS out there – but that I’ve yet to find one that scratches all my itches.

I’m about to setup a new website, which will require multiple end-users to update the site, each with a varying level of experience.  Ideally I’d like to pick a ‘popular’ CMS, so that if they get into difficulty there’s probably someone else that has also got into difficulty with the same problem.  I’d also like to be able to take advantage of extra content-creating plugins that the end users may find useful.

However, I also want the ability to add a few ‘custom touches’ – such as easy to modify CSS, widget-able features (such as a couple of twitter streams that’ll appear only on certain pages).

I also want to run multiple sites which both share the same theme, and user database – but have different content.

If anyone can make a suggestion as to what I should look into, I’d be more than happy with some feedback.

I logged onto facebook earlier and a poll popped up on the right hand side – which sport could you not live without?

• Football
• Rugby
• Cricket

I selected Rugby – and the following were the results:

• Football – 73%
• Rugby – 18%
• Cricket – 9%

Of course, it was limited to the three sports, Rugby includes the League/Union split, and there are probably many other options.  I’d hypothesis though, that Cricket is the second favourite sport of Rugby Fans and Football fans.  Therefore moving the poll to an AV setup, rather than the FPTP that it is currently – would provide an interesting insight – and probably move cricket above Rugby – but not affect Football?

There’s only one way to find out – and that is to run the poll and get the stats for both answers.  I won’t delude myself and pretend I can get enough readers of this blog to vote in order to generate a fair sample – so instead can anyone devise a method of collecting this information that would get us a fair sample?

Andy

I’ve recently been playing with FreePBX and Asterisk and have upgraded my Gentoo setup to:

We have a slight nuance with the way we initially setup FreePBX. In order to split users/physical devices, I set up all users starting at 1000, and physical devices at 5000. My personal extension is 1013. I manage my follow-me via the Web Interface, which I set to my deskphone, 5108. I also set the follow-me on 1013 to my mobile on 07777777777# (not my actual number).

This has worked well for about 4 years, enabling us to add more phones and more locations. However, today I hit a new problem.

At around lunchtime, my boss called to say people that call up our number are getting our IVR, (where they can either enter an extension, or are forwarded to a queue) and are simply being put into the queue (5200) and it’s ringing out. I attempted a call and looking at the verbose logs that is exactly what was happening.

With some help from the #freepbx IRC channel (especially [TK]D-Fender), I was advised to run ‘queue show 5200′. This showed all our user extensions as (unavailable) – which they were, as they are all forwarded on to follow-me.

comms*CLI> queue show 5200
5200 has 0 calls (max unlimited) in 'ringall' strategy (0s holdtime, 0s talktime), W:0, C:0, A:17, SL:0.0% within 60s
   Members:
      Trevor (Local/1004@from-queue/n) (Unavailable) has taken no calls yet
      Michael (Local/1001@from-queue/n) (Unavailable) has taken no calls yet
      Bob (Local/1012@from-queue/n) (Unavailable) has taken no calls yet
      Carlos (Local/1002@from-queue/n) (Unavailable) has taken no calls yet
      Andy (Local/1013@from-queue/n) (Unavailable) has taken no calls yet
      Steve (Local/1007@from-queue/n) (Unavailable) has taken no calls yet
   No Callers

It was pointed out to me that because they were unavailable, they would not receive the calls. That makes some kind of sense. In reality they’re permanently disconnected SIP devices, which simply forward on to their follow me.

At this juncture, I should point out that there is an option in the Queue Management page in FreePBX called ‘Agent Restrictions’, which specifies the following:

When set to ‘Call as Dialed’ the queue will call an extension just as if the queue were another user. Any Follow-Me or Call Forward states active on the extension will result in the queue call following these call paths. This behavior has been the standard queue behavior on past FreePBX versions.
When set to ‘No Follow-Me or Call Forward’, all agents that are extensions on the system will be limited to ringing their extensions only. Follow-Me and Call Forward settings will be ignored. Any other agent will be called as dialed. This behavior is similar to how extensions are dialed in ringgroups.
When set to ‘Extensions Only’ the queue will dial Extensions as described for ‘No Follow-Me or Call Forward’. Any other number entered for an agent that is NOT a valid extension will be ignored. No error checking is provided when entering a static agent or when logging on as a dynamic agent, the call will simply be blocked when the queue tries to call it. For dynamic agents, see the ‘Agent Regex Filter’ to provide some validation.

I therefore expected the extensions there to adhere to the follow-me. This was not the case.

The next step was to add a physical device to the list of SIP extensions in the queue, one that would show up as available. I added my deskphone extension (5108) and it showed up in the queue as the following:

APL-DESK (Local/5108@from-queue/n) (Not in use) has taken no calls yet

So I now dialed the queue and expected just extension 5108 to ring, but to my surprise now every extension listed in the queue now rang their follow me. It was as if adding a physical extension to the queue ‘bumped’ asterisk into respecting the follow-me of the (unavailable extensions). True enough I then removed 5108 from the queue only to return to the same behaviour as before – no phones ringing.

What confuses me is that if the phone is marked as (unavailable) and therefore that is the reason why it doesn’t ring, then why when only one phone in the queue is marked as (not in use) does it then ‘make’ asterisk respect the follow-me of the (unavailable) extensions?

Please let me know your thoughts

I’ve recently diversified into preparing for a new role with my current employer. I’ve really enjoyed my time here so far; it’s coming up to 5 years this June, and up until these last few months I’ve really felt as though I was stretching myself – both learning new things and working pretty hard.

So this new challenge is a bit of excitement for me, it’s something a little bit different and challenging. I’m still in the preliminary stages at the moment, where we work out whether or not the ideas and strategies I’m coming up with have potential, or if I’m in way too deep.

One of the most interesting exercises I’ve done so far is the creation of a business plan. Now, having watched Dragon’s Den (and studied a BA in Business), I’ve got a fair idea of what makes a good business plan. Interestingly, outside of the hypothetical scenarios we’d discussed at University, I’d not actually completed one.

The bit I’ve enjoyed the most so far is the market analysis. It’s incredible to find that only ~2% of the UKs output (GDP) is created by the IT sector. Another ~2% is generated by the telco industry. Finance counts for 10% of GDP, and industrial output is up at 23%. Thanks Wolfram Alpha!

The interesting thing though is that nearly 45% of British GDP is described as Misc. I don’t know what makes that up, that’s what Misc means to an end user accessing the data. Can anyone fill in the blanks?

The other interesting analysis was that of the North West. 1 in 8 legal professionals work up here. 130,000 people are employed in finance/insurance, there are 3,000 individual accountancies and the market for Management Consultancy has grown from £6.3bn in 1998 to £14.05bn in 2006.

It’s all interesting facts, but going back to Wolfram Alpha – if you can provide tips on how to get more out of it I’d love to hear it.

I’ve now moved my Registrar to gandi.net, and setup my own nameservers with bitfolk providing my secondary ones.  As of now I consider myself ipv6 friendly.  Let me know if you spot anything which is ipv6 unfriendly, and I’ll try and fix it!

One of the things I like to publish the least are my politicial leanings. Not because I’m ashamed of them, but because I’ve yet to reach ‘political maturity,’ that is, the firm believe that what I believe is the right and only course of action. I agree and disagree with policies from all the main political parties, and like most view the UK’s political system with a healthy dose of cynicism.

I can’t get into facts and figures on this blog, for that is not my expertise, and I wouldn’t want to waste your time in reading my analysis when there are far better analysts out there. All I seek to share is my opinion.

My view of the HoC and HoP probably doesn’t fit with what the system has become, and not having studied it, I’m sure that I’m making assumptions and observations that are incorrect. Please either bear with me or point out my mistakes.

Here are my assumptions:

Therefore, where we stand at the moment is a Coalition Government where the Liberal Democrat and Conservative parties have had to alter their core policies in order to promote a stable Government that can operate for the length of their tenure. Unfortunately for the Lib Dems, this has meant having to concede on matters of principal, such as tuition fees.

The bashing the LibDems have got in the press I believe to be very unfair. Had they ended up forming the LibLab Coalition, then there would have been many other matters on which they would have had to concede – and tuition fees would appear to have still been one of them.

Had there not been a Coalition, we would have either struggled along with an unstable Government (not a good message to send out to the markets who want a solid political ‘path’ to chart their forecasting against) or another vote. If we’d have had another vote, then I should imagine due to the swing to the right after 12 years of Labour government, we would have ended up with either a very small Tory/Labour Majority (with the Liberals squeezed out by votes choosing either Lab/Con). This would have lost the Liberal voice completely – so by acting has he did, Nick Clegg was able to ensure the Liberals had influence. I doubt very much that the Liberals would have built on their progress in a second vote.

So that’s where I believe us to be now. I’m not in agreement with the policies of the current Government, but don’t like to constantly hear the complaints against the LibDems. They’re having to partner with a party who they’ve got less synergy with than the party they’re opposing.

As for the tuition fees debate, there’s a much larger topic that is outside the scope of this article; I’ll hopefully have that one written soon.

Comments and ideas appreciated.

Addendum

In January this year, I decided that my old pink phone would no longer cut the mustard. I’d had it for over 15 months, since I’d stupidly smashed my o2 XDA device 1 month into an 18 month contract. Here’s to the stupidity of not buying insurance.

Well, I decided to go with the Xperia as it seemed to have the best hardware. I fancied an Android phone, as I quite liked the possibility of developing an app on it, and as I did not have any apple hardware (my iTouch was unfortunately stolen whilst abroad) – getting an environment setup where I could develop for iOS would have been prohibitively expensive.

After purchasing the phone, I was massively impressed. It looked great, had a very clear screen, and integrated very well with my Google account. Perfect for backing up contacts and calendar appointments. I was massively impressed with the syncronisation between the google servers and the phone – even when in low bandwidth areas. All I have to do is add a contact to my phone, and it appears in my Google contacts online. Yes, this is how tech should work.

However, there was one major bugbear – battery life. Whilst I’d been used to 3+ days between charging using my older SE phone and the iTouch, this Xperia X10 was lucky to get 10 hours. My flatmate told me I should have left it on a 36 hour charge when I bought it, and therefore the blame was left at my door. Thinking him right, I decided not to pursue the issue with SE, but just let it annoy me quietly.

Whilst cycling across the peak district in September, a disaster befell me. After taking a nice pub lunch as a break from a 36 mile cycle, I dropped my phone onto the concrete car park whilst unlocking my bike. It landed right on the corner and left the screen smashed, but usable. It took me about ten minutes to remember that this time I had bought insurance, so spent the day quite pleased with myself; also pleased that the new phone would get the 36 hour trickle charge it deserved.

When the new phone arrived I decided to do it properly. I read through the manuals, had it delivered to work, and left it on charge for the 36 hours required, as to avoid the poor battery life from the previous phone. Suffice to say, that only three days later the battery life seemed to reflect that of the old device. Ok, maybe it was a little bit better, but that may have been down to me not installing so many applications onto the phone – an attempt to improve battery life in anyway possible.

When the announcement that the Xperia was going to receive an upgrade from 1.6 to 2.1 I was pretty pleased, as one of the core ‘improvements’ was meant to be to battery life. Despite the delays, when I finally got my hands on 2.1, battery life was about 10-15% better.. but 10-15% of 10 hours was not significant enough to be usable. If I went to work, and headed out straight from work, I could consider myself ‘phoneless’ from about 7pm.

On Sunday night this week, I lay in bed playing ‘Angry Birds’ – what every ‘cool’ 24 year old bloke does these days I believe. When I got stuck on level 3-7. It really wound me up, so I quit the game and had a look on the android market for alternatives. Not being one to look in the right place, I found myself browsing the ‘top free apps’ rather than top free games, when I noticed z4root. It claimed to be a way to root your phone using a single click. Tired, and fed up, I decided to do it.

The phone went black.

5 minutes later the phone came back up, and it appeared as it was before. I was thankful nothing had broken, and with an early start the next morning, I set my alarm and went to sleep.

At work on the Monday, I decided to take a browse on the net at lunch to find out what the benefits of a rooted phone were. I still didn’t quite believe that I had actually got it rooted, but was interested all the same. I found the following article which claimed to speed up the phone by removing timescape. So I did.

Thinking nothing of it after the 20 minutes or so it took me, I didn’t believe I’d seen a massive speedboost on the phone. The second thread talked about it just being a placebo, so I was quite sceptical of whether or not it had actually helped the speed. Needless to say I installed a couple more apps (QuickBoot), attempting installing OpenVPN and failed, and also failed with Barnacle WiFi tethering.

The next day I came into work, had a pretty hectic day, and didn’t manage to look at my phone until about 3pm. I’d left the house at 7am, unplugging the phone at 6.50am at the latest, and at 3pm, with 8 hours I had only used 8% of my battery. I was so chuffed that I posted the following to twitpic:

Incredible!

So there you have it, I didn’t want to root my phone, and ended up doing it by accident. But if what you get is a phone with a battery life that far exceeds expectation – then it’s worth it surely. Hopefully SonyEricsson will see the light and remove their apps to make the phone work better. Either than or I’m going to have to switch back to a phone with fewer ‘features’ and a better battery life. Simples.

Over the past three years, I’ve been gaining plenty of experience in managing Gnu/Linux systems. One of the most interesting projects I’ve worked on over the last three years has been the PCI DSS requirement set for companies holding credit card data.

When I first came across these PCI requirements, I was still very much ‘wet behind the ears’ and ended up having a fairly backseat role in the System Design and implementation. However, we successfully went live with the systems, and since then it was pretty much left to me and a couple of others to keep the systems running smoothly.

Since getting back from India, over 50% of my time has been spent working with a larger team on PCI compliance. The hardest thing about making a previously non-compliant business into a compliant business isn’t just about technical details, but making sure all the processes and procedures are effectively audited to make sure that none of them break compliance. For a medium sized organisation this takes effort, and kudos must go to the people in the organisation for allowing previously valid methods to be scrutinised and broken; all in the name of compliance.

The best thing about the PCI compliance though, was that we’ve been able to achieve it using 100% open source software. At time I’ve been tempted to suggest that maybe our efforts are best placed in getting some commercial software that can do the management of our logging, can do our alerting and reporting, and make sure that our time isn’t spent doing that. However, in relying on a third party service, we realised that would just make us complacent. If we were to manage the systems, we needed to know every bit, thus we came up with a solution together.

It’s been awesome working on this for the last 11 months. We’ve had our highs and lows (as any team has), but we’ve also been able to deliver a pretty stable system. We’ve got a LogViewer setup (which I wrote in django – probably going to be another post later on), our IDS and Application Firewall, and Nagios and Munin for spotting trends in our growth and alerting us to any problems with the systems.

The biggest bonus though, is that we have a team that are 100% committed to success. It’s something that you can’t buy. When I’ve fallen short, they’ve been there to stand in ad finish off a job, and we’ve got a real good camradarie. It’s got so good that we’re even writing each others documentation!

So I’d just like to post a public Thank you! The guys know who they are and I look forward to continuing my work with them for the foreseeable future.

I recently had to install a Comodo SSL certificate onto a Zimbra Server. Unfortunately, if you already have a certificate there is no simple way of installing a SSL certificate that you’ve already purchased, hence the need for these instructions.

When you purchase a SSL cert from Comodo, you’ll end up with three files:

Once you have these three files, copy the first to to your /tmp directory, and copy the key file to:

/opt/zimbra/ssl/zimbra/commercial/commercial.key

Once you’ve done that, you need to download an extra couple of certs from Comodo, depending on when you purchased your certificate. I used the pre-March 2009 version, from here Comodo Downloads.

Once you’ve downloaded them, add them to the end of your ca-bundle file.

With that done, as root, run

/opt/zimbra/bin/zmcertmgr verifycrtchain comm /tmp/$hostname.crt /tmp/$hostname.ca-bundle 

Providing that doesn’t error out, then you’re good to deploy.

/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/$hostname.crt /tmp/$hostname.ca-bundle

Switch to the Zimbra user:

su - zimbra

Then restart all zimbra services:

zmcontrol restart

Your new certificates are now installed!