The Reign of the Lord’s Anointed – Psalm 2

February 19th, 2013

Sermon preached at Grace Church of Philly (Feltonville) on February 3, 2013. Audio is available here

A MESSIANIC PSALM

The psalms are a collection of individual songs and poems that were preserved for use in Jewish worship.  They often don’t sound like songs when translated into English, but the psalms are a hymnbook, and many churches throughout the centuries have written music and used them as songs in their worship services.

This, by the way, is why we call it Psalm number two, or the second Psalm, instead of saying Psalm chapter two.  The chapter and verse numbers in other books were added later on to make it easier to find your place in one long text, but each of the psalms in many ways stands by itself.

Each psalm can have a different author, a different historical context, a different style, and a different purpose.  Scholars have debated the context, authorship, and purpose of Psalm 2, because unlike many other psalms, there is no heading to guide us. Many commentators call this is a royal psalm, thinking that it was written for the coronation of a new king in Israel. If you read the notes in the ESV Study Bible, which is my absolute favorite study Bible, and strongly recommended, this is the view you will see.

But my big question about Psalm 2 is this: instead of an earthly king of Israel, does this psalm primarily speak of Jesus, Israel’s promised Messiah?  When the psalm says the “Lord’s Anointed,” the word in Hebrew for anointed is “Messiah,” which translated into Greek is “Christ.”  It could be referring to one of the anointed kings of Israel. But the scenes and the promises portrayed in the psalm are bigger than what any human king of Israel could expect – even David and Solomon were not promised all the nations for their domain, and neither are declared to be the begotten Son of God. So we consider, is this primarily speaking of Jesus?  I think the answer is yes, absolutely.

Read the rest of this entry »

Scripted Restart of a Hanging Windows Service

November 15th, 2012

I’ve been having trouble lately with Adobe ColdFusion 9, in particular an ODBC connection to an Oracle 10g database.  The ColdFusion ODBC Server (the swsoc.exe process) is hanging under load, not only failing to return some queries, but permanently hanging one of its threads. Once they are all hung, the service doesn’t respond at all, and ColdFusion hangs as well.

Temporary solution (until I rewrite the app to use SQL Server) is to restart the ODBC Server service. I’ve been doing that manually when my monitor informs me the site is not responding, maybe 3-4 times per day. But I want to see how it performs if I proactively restart the service every hour. For that, we require some scripting.

The biggest issue is that Windows’ service start/stop/restart interfaces, whether the traditional “net stop” or the PowerShell “Stop-Service” commands, has a very long timeout for stopping a service (looks to be 60 seconds). In the manual case, if it doesn’t stop right away, I go kill the swsoc.exe process and the service restart continues very quickly.  But how to script this?

The trick is to put the restart request in a background job (idea found here), and check on it in the foreground to see if it was successful.  After waiting a shorter period (10 seconds), if it is still in the “stopping” state, then we can kill the process outright and let the restart commence.  Double check (after 5 more seconds) that the service has started, and if it is stopped (the restart failed), specifically start it again.

Start-Job -ScriptBlock {Restart-Service -Name "ColdFusion 9 ODBC Server" -Force }

#give it 5 seconds to stop
Start-Sleep -Seconds 10

$SERVICESTATE = (Get-Service | where{$_.Name -eq "ColdFusion 9 ODBC Server"}).Status
if( $SERVICESTATE -eq "Stopping" -or $SERVICESTATE -eq "StopPending")
{
    # still stopping so force process stop
    Stop-Process -Name "swsoc" -Force
} 

#give it 5 seconds to start before we try it again
Start-Sleep -Seconds 5

$SERVICESTATE = (Get-Service | where{$_.Name -eq "ColdFusion 9 ODBC Server"}).Status
if( $SERVICESTATE -eq "Stopped" )
{
    Start-Service -Name "ColdFusion 9 ODBC Server" -Force
}

Save it as a .ps1 file. Make sure PowerShell allows execution of local scripts (in PowerShell, run “set-executionpolicy remotesigned”).

To schedule this to run, create a new scheduled task:

  • Triggered daily at a particular time, repeat every hour for 1 day.
  • Action is to run a program:
    “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”
  • Arguments contain the script name: “-File c:\Path\To\Script.ps1”
  • Set to run as Administrator, with highest permissions

Better books for Kindle

May 10th, 2011

My Kindle version of the venerable JFB commentary. Better than the other slop on Amazon.

I got a Kindle from my mama and papa for Christ­mas, and I absolutely love it for reading — and only for reading. Light in my hand, reads with natural light, not the glow of a com­puter screen, and is purpose-focused on just one thing: reading.

One of the biggest dis­appoint­ments, however, is that many of the books available from Amazon are abso­lutely horrendous in their digital format­ting. The text often looks like it was OCRed and not corrected. Words are mis­spelled, missing, or run together. And these issues are horribly worse with the public domain materials, which seem to be, for the most part, sloppy auto­mated re­packag­ing of Inter­net Archive output. There may or may not be the nec­essary links to navi­gate the book (table of contents is a must, and an index is often helpful).

Amazon at least gives this slop out for free, but there are a slew of shady publishers on the store who like to charge for it. All of which gives a very bad experience for a user who actually likes to read, and cares about things like text, format, and setting.

I can’t save the world, but I can contribute better things. So I figured out how to make Kindle eBooks and distribute them in Amazon’s store. I’ve done two books so far: a short one of the Westminster Confession of Faith, with integrated Scripture proofs, and the longer Commentary Critical and Explanatory on the Whole Bible, by Jamieson, Fausset, and Brown.

I think they are two great resources for Kindle, and are pleasant and useful in a properly formatted ebook. If you have a little spare change, I’d be honored for you to buy them from Amazon (99 cents and $3.99, respectively). If you’re hard up for cash, let me know and I’ll send you the book files directly.

Another publisher who cares about such things and seems to have invested significant effort to make usable Christian resources is OSNOVA. Don’t know the guy, but he is a conscientious guy and I think you’ll appreciate his materials.

Best Bible Ever

April 14th, 2011

Cambridge Pitt Minion ESV Bible

I’m picky when it comes to Bibles. Binding has to be good, cover has to be perfect, margins can’t be too small, font can’t be some stupid modern nonsense, and the paper can’t be too thin or transparent. So this is just a quick note to plug an amazing good Bible, the Cambridge Pitt Minion.  You can even pick from major translations: mine is the ESV, my sister’s is the NIV, and there are also NKJV, NASB, and NLT options available.

Having used this as my primary Bible for two and a half years, I have to say this is the absolute best Bible I’ve ever owned. Quality leather that feels and looks nice and handles well. Sewn binding that is strong and permits the Bible to lay open flat (without holding) pretty much from beginning to end. Clear and crisp text, nice formatting and layout. The Bible has held up excellently.

One caveat for the potential buyer is that it is smaller than one might expect. I’m young, I can afford small text. But if somebody made this Bible just like it is, only 25% larger, I’d jump for it in a heartbeat.

I’m not getting paid for a review. I just really like my Bible!

Dirty Solutions to Tricky Problems

April 14th, 2011

So a client has an Exchange 2003 server that routinely gums up after BackupExec does its work. This thing has defied all manner of troubleshooting, with regard to antivirus, disk location, server utilization, etc., so the only remaining solution is to restart the information store service every morning. (Yes, I know, we really should figure out what the problem is.)

Instead of making the IT person get up every morning at 7 am to do it, how ’bout a little scripting magic? Windows is no UNIX, but we can try.

First, some useful commands to stop and start a service:

net stop MSExchangeIS /y
net start MSExchangeIS /y

Works peachy if the service is actually responding. When it’s stuck, it doesn’t stop on request. You have to kill store.exe in Task Manager. But how do you script that? With PsTools, silly!

So in between that stop and start request, we add:

pskill store /accepteula

Make sure pskill is somewhere in the path of the user executing the batch file. The /accepteula switch is to prevent it from sticking at the EULA which pops up on first use, and perhaps again? — but since this is automated, you’d never know that it stuck, just that your information store never restarted.

Important here, by the way, is to try to stop the service before you kill it. That way if the thing is responding, we don’t send it the shock of a rough shutdown. Pskill will fail gracefully if the service is already stopped.

Put these bad boys in a batch file and run it after the backup completes. Presto change-o, an information store that is ready for the business day.

A side note: It seems that running Exchange on a Domain Controller is a bad idea. But this is Windows Small Business Server, so that’s exactly what we have. One major problem is that shutting the system down takes a full 30 minutes, because Windows kills Active Directory before Exchange and it sits spinning its wheels not knowing AD will never respond. Possible solution (not tested yet) is to script an Exchange shutdown by group policy before Windows itself starts shutdown. This one is for implementation another day…

Our Only Deliverer

April 3rd, 2011

(Sermon preached at Wyoming Ave. Baptist Church, April 3, 2011)

Introduction

A. The story

John 6:16-21

When evening came, his disciples went down to the sea, got into a boat, and started across the sea to Capernaum.  It was now dark, and Jesus had not yet come to them.  The sea became rough because a strong wind was blowing.  When they had rowed about three or four miles, they saw Jesus walking on the sea and coming near the boat, and they were frightened.  But he said to them, “It is I; do not be afraid.”  Then they were glad to take him into the boat, and immediately the boat was at the land to which they were going.

B. Immediate context – it’s a sandwich!

The text we are considering is a relatively short passage, just 6 verses.  Whenever we begin a study, we examine where a section fits in the narrative, in the larger study of the particular book, and in the Bible, in God’s story as a whole.

Right before this passage is the story of Jesus feeding the 5,000.  Right after this passage is the sermon that explains that particular miracle.  Jesus explains how he is the true bread from heaven – not just the new provider of manna, but the manna itself.  So the story of Jesus walking on water fits between the miracle of bread and the sermon on bread.  In effect, it’s a sandwich!

So how does this particular “meat” speaks to the “bread” that surrounds it.  I’ll tell you right up front.  In the miracle of the new manna, Jesus demonstrates to the crowd that he is indeed the prophet like Moses that God had promised.  But what he reveals to his disciples is that he is more than a bigger Moses – he is almighty God.

Read the rest of this entry »

Martin Luther, Guarding the Church

February 3rd, 2011

This is from Martin Luther. Found part of a quote in Christianity Today, and went looking for some context. The imagery of the sarcasm here is (to coin an oxy-moron) forcibly subtle — read it slowly and then read it again, and make sure you get the sarcasm and understand his point in the second paragraph.

A thousand years ago you and I were nothing, and yet the church was preserved at that time without us. He who is called “who was” and “yesterday” had to accomplish this. Even during our lifetime we are not the church’s guardians. It is not preserved by us, for we are unable to drive off the devil in the persons of the pope, the sects, and evil individuals. If it were up to us, the church would perish before our very eyes, and we together with it (as we experience daily). But it is another who obviously preserves both the church and us. He does this so plainly that we could touch and feel it, if we did not want to believe it. We must leave this to him who is called “who is” and “today.” Likewise we will contribute nothing toward the preservation of the church after our death. He who is called “who is to come” and “forever” will accomplish it. What we are now saying about ourselves in this respect, our ancestors also had to say, as is borne out by the psalms and the Scriptures. And out descendants will make the same discovery, prompting them to join us and the entire church in singing Psalm 124: “If it had not been the Lord who was on our side, let Israel now say,” etc.

It is a tragic thing that there are so many examples before us of those who thought they had to preserve the church, as though it were built on them. In the end they perished miserably. Yet such fierce judgment of God cannot break, humble, or check our pride and wickedness. What was Munzer’s fate in our day (to say nothing of old and former times), who imagined that the church could not exist without him and that he had to bear it up and rule it? Recently the Anabaptists reminded us forcefully enough how mighty and how close to us the lovely devil is, and how dangerous our pretty thoughts are, impelling us to pause and reflect (according to the advice of Isaiah) before any undertaking, to determine whether it is God or an idol, whether gold or clay. But it is no use — we are so secure, without fear and concern; the devil is far from us, and we have none of that flesh in us that was in St. Paul and of which he complains in Romans 7:23, exclaiming that he cannot deliver himself from it as he would like, but that he is captive to it. No, we are the heroes who need not worry about our flesh and our thoughts. We are sheer spirit, we have taken captive our own flesh together with the devil, so that all our thoughts and ideas are surely and certainly inspired by the Holy Spirit, and how can the Spirit be found wanting? Therefore it all has such a nice ending — namely, that both steed and rider break their necks.

But this is enough of such lamentations. May our dear Lord Christ be and remain our dear Lord Christ, praised forever. Amen.

(From “Martin Luther’s basic theological writings,” some pages of which are available on Google Books.)

Promise VessRAID 1840i

January 27th, 2011

I just installed two Promise VessRAID 1840i units for a client, each one loaded with 8 x 1TB Seagate Enterprise drives. With 8 more drive bays, we can easily take each unit to 24TB without replacing drives, and you can add up to 3 more expansion enclosures, 16 bays each, for a maximum total of 128TB. Impressive, to say the least.

My major issue with purchasing these units is that there is no good review information online for any of the Promise gear. No user forums, either. So you don’t know what you’re getting in to, and have to trust the word of the sales guy (did I mention these things are generally only available through reseller channels?). To perhaps help the next guy, I wanted to provide some feedback on my experiences.

Load

I got my units empty, which I hear they won’t be doing anymore. Came with all the necessary trays and screws to load drives. SATA drives work with no adapters (unlike some Dell arrays), haven’t tried SAS drives. Simple as pie. Biggest trouble was dealing with all the trash: boxes, bubble wrap, and clamshells for the hard drives from CDW.

Power Up

The dual power supplies are rated at 450W each, 900W total, and a max draw of 9A on 100V. So I was worried about overloading my 15A circuit with two of these starting up. From experience, however, the half-loaded unit draws far less. A CyberPower UPS (very nice unit, by the way) shows a peak wattage at startup of 225W, which is only 2A at 110V. Wattage once the fans have gone to normal speed is under 150W. (This is one expensive light bulb!)

UPS Compatibility

The VessRAID has two USB ports on the back to connect the unit to an Uninterruptible Power Supply. (The second one is for an un-defined support mechanism to upload config or debug files via flash drive.) Given that there’s a pretty well-developed UPS standard for using USB HID interfaces, and I figured just about anything new should work. Nope.

The hardware compatibility list provided by Promise lists only two compatible units: APC Smart-UPS 1500, and APC Smart-UPS 3000. My guess is they’re using an antiquated APC protocol. Important note: you cannot use the cheaper SC line from APC, because they only include a serial port, not a USB port, which you get at double the price on the non-SC units. So you probably don’t want to stray from the hardware compatibility list, particularly when buying a UPS.

If, however, you’re creative, you can make something work. If you have a regular server attached to any other UPS, you could use SSH or telnet scripting to login to the VessRAID CLI and initiate a shutdown. I tested it using the Telnet Scripting Tool by Albert Yale (widely available, including at an unauthorized archive of the guy’s software).

Initial Configuration

Initial config, particularly for the network settings, is best done via the serial console port. The units include a RJ-11 to DB-9 cable, but you’ll need a working serial port on your PC or laptop. Given that most laptops don’t have one these days, you might want to invest in a USB to Serial adapter. The Trendnet TU-S9 was cheap and seems to work well.

Management through the web interface must be done on the management port, so configure it in a subnet that you can access from your other machines. NAS and iSCSI will happen through the iSCSI ports. NAS should be on the same network as the clients; you might want to isolate iSCSI traffic in a different subnet (or even a separate physical network).

Configuration (NAS)

All the “i” units of the VessRAID 1000 series (i.e., the 1840i) are mainly intended to be used as iSCSI devices, and have 4 x Gigabit ports for that very purpose. However, they also have a built in Network Attached Storage system that can be used to provide Windows sharing, FTP, and NFS access.

The pros of this arrangement:

  • The VessRAID units operate as their own distinct servers, and need not rely on any other machine to do their storage work. Particularly useful on a smaller network, or for a very particular storage task.
  • The units will sync themselves automatically, using a customized version of rsync. You can easily configure this backup from one unit to another in the web configuration software.
  • Multiple clients can access the same file system at the same time. Remember that with iSCSI, the array is presenting the low-level data blocks to the initiator on the client (a Windows server, for instance), so there is no way that multiple clients could use one file system at the same time — unless you share it through the client.

The cons of this arrangement:

  • Active Directory support (available via a firmware upgrade) is poorly implemented. Getting the NAS connected to your domain is a touchy matter, requiring an exact combination of case-sensitive domain and user names that I got to work, but couldn’t figure out.
  • Active Directory permissions are even worse. Instead of specifying which users or groups should be used in the ACL for a particular share, the NAS web configuration presents ALL of your users and groups, with default full access permissions.  If you want to include only a few users, you have to click “Deny” on every other users. If you want to include a group, you can’t effectively, because the Deny permissions on individual users will override Allow permissions on a group. This implementation is absolutely useless.
  • Poor support for Windows permission lists. This is true in any SAMBA implementation, because the underlying Linux-based file system only supports the user/group/all permission scheme. So the NAS can’t handle fine-grained permissions on folders or files within a share.
  • Speed. Access through iSCSI is much faster.

Configuration (iSCSI)

I originally configured the units in NAS mode, but the client wanted to put some Windows user shares on the array, which require fine-grained folder permissions. So I reconfigured the logical disk for iSCSI use.

The simplest approach is to use Microsoft’s iSCSI Initiator (included in Windows 2008 server, and available to download for Windows 2003 server). There are good instructions available in the VessRAID documentation and from Microsoft on how to get this to work. Especially helpful for best practices is Microsoft’s step-by-step guide.

After connecting the client to the logical disk using iSCSI, you format it in the Windows Disk Management utility. To enable use of partitions larger than 2 TB, you have to convert the disk to use GUID Partition Tables (GPT). Once done, the whole space should be available to format using NTFS. I won’t discuss it here, but make sure to consider the types of files being stored, and other requirements (such as Shadow Copies or NTFS Compression), when choosing an appropriate cluster size.

Benchmarking

I used PassMark’s Performance Test software to obtain some basic benchmark numbers for the VessRAID’s performance. This is using a standard Broadcom Gigabit interface on a Dell Poweredge 1900. All arrays are RAID5.

Local Array
3 x 160GB
Dell PERC 5/i
Sequential Read 61.8 MBps
Sequential Write 92.5 MBps
Random R/W 7.2 MBps
WriteThru WriteBack
VessRAID 1840i
8 x 1TB
Gigabit iSCSI
Sequential Read 105.8 MBps 105.8 MBps
Sequential Write 27.9 MBps 90.6 MBps
Random R/W 12.4 MBps 31.9 MBps
ReadyNAS NV+
4 x 500GB
SMB/Gigabit
Sequential Read 12.0 MBps
Sequential Write 4.5 MBps
Random R/W 5.9 MBps

Note the very significant performance difference between the WriteBack cache setting the WriteThru cache setting on the VessRAID. WriteThru writes the data directly to the disks when it arrives. WriteBack holds data in cache before flushing it to disk, which is far more efficient, as sectors can be written together and larger chunks at a time. To safely do this, however, requires a battery backup for the cache, so that if power is cut suddenly you don’t lose that data (which hasn’t yet been written to disk). The problem is that Promise does NOT include the battery with the units. It’ll cost you an extra $100. You’d figure on larger units like this they wouldn’t nickel-and-dime you, but they do.

Correction: I had reversed the WriteThru and WriteBack terms. I have corrected it in the text above, after the feedback from the commenter below.

That Navy internship finally paid off…

July 7th, 2010

The big air conditioner at church wasn’t working right. The second compressor wasn’t turning on, and we couldn’t figure out what it was. Pressing the contactor on the relay powered it right up, so it was wired right. And Loran bypassed the low and high-pressure cutoff safety switches, but it still wouldn’t turn itself on.

So we found the wiring schematics from Carrier. The high power stuff was wired correctly. Problem had to be in the low voltage. So we traced compressor 1’s control wiring from the thermostat connections through the pressure switches, and did the same with compressor 2 (minus the now-disconnected switches). Everything seemed to be correct, except that the incoming low voltage for C2 wasn’t powered.

So we traced a little further, and found a broken jumper in the economizer unit that was constantly calling for outside air, and also thus not energizing the second compressor. My father the soldering gun guru did a little magic on the resistor wire, and C2 powered right up.

Back in the summer of ’95, I had a crazy little summer internship for NAVSSES, the Naval Ship Systems Engineering Station, at the Philadelphia Navy Yard. I worked for the boiler control division, doing electrical diagrams for steam boiler and turbine control systems. And now, 15 years later, it finally pays off. Turns out I can read an electrical diagram.

Forgiveness

June 30th, 2010

Wess Stafford, the president of Compassion International, was abused as a child in a boarding school for missionary children in Africa. His story in Christianity Today (“A Candle in the Darkness,” May 2010) is an amazingly moving account that is worth reading.

More important, I think, is Stafford’s followup response in this month’s issue (the Letters section):

Ever since my story appeared in Christianity Today, the most common question I’ve heard is, “How did you move from pain to deliverance?”  My reply to readers is a single word: forgiveness.

At age 17, I realized that those who hurt me would never apologize. They weren’t even sorry. But I could no longer bear carrying the pain of my past, so I chose to forgive them anyway. “Get out of my heart. Get out of my mind. Get out of my life!” I remember saying. “What you did to me will not define me. You stole my childhood, but you cannot have the rest of my life. Get out — I forgive you!”

Since then I’ve learned that while God always requires us to forgive, forgiving isn’t saying that what happened was okay. It doesn’t release someone from the consequences of their actions. And it doesn’t require letting someone back into your life. It does mean giving up the right to seek revenge.

So, here is my counsel to those who have suffered: If you have never been able to forgive, you are allowing the person who hurt you to live rent-free in your heart. It’s costing him nothing and costing you everything. Perhaps it’s time for you to evict him through forgiveness.