A Django site.
January 7, 2009

Jeremy Robb
scothoser
Scothoser's Corner
» Autism and Monosodium Glutamate: The Theory and The QuestionsIncr

In the 1950’s and 1960’s, the food industry found that if they added a special additive to their processed food, the favor was enhanced.  This additive was monosodium glutamate.  Also about that time, other additives, pesticides, chemical compounds, and vaccinations have been introduced to the populace, with the goal of making our lives better.  

Recently, I read an article online regarding a “new” theory that places the blame of Autism on monosodium glutamate.  This little additive has been pegged as the smoking gun, now that the argument against vaccinations is losing steam.  Keep in mind that I have a specific bias toward genetic brain cell development, and I want to be sure I state that right at the beginning of this analysis.  

The research into monosodium glutamate and the brain actually started back in the 1950’s, with a resurgence of that research in the 1970’s.  It seems that glutamate is a chemical compound that surrounds the neuron before it fires its synapsis through the neurotransmitter.  The presence of too much glutamate in the brain can cause neuron death, which leads to a number of neurological disorders.  In all the articles in Google Scholar that I have read, there is no mention of metabolizing glutamate within the body, the levels of glutamate that would be necessary to cause such damage, or anything like that.  Just that it is possible, and has been proven in post-natal lab rats.  

Okay, so glutamate is in fact an important compound for brain function.  From the research that has been done, there is ample evidence that it would effect pruning, and cause damage to the neurons through overloading those neurons.  But I’m not convinced that there is a definite link between consuming monosodium glutamate in the real world and the development of an autistic brain. 

As you all know (those that have followed my blog, at any rate), I assert that autism is caused by increased gray matter and decreased white matter in the brain, and by the lack of or delayed pruning in the brain by age 6.  This means that autistic children have increased communication within their brain because of an increase of neurons, which causes sensitivity to any incoming stimuli.  This has been proven through MRI scans of the brains of autistic children and comparing them to their control, or “normal” children (see previous blog entries for the resources). 

In order for monosodium glutamate to be somehow responsible for this overgrowth of neurons at such a young age for some children and not for others would require the following: 

  1. The increased presence of monosodium glutamate within some children’s diet rather than others.  As most families have a mixture of autistic and “normal” children, this would mean somehow an unequal portion of glutamate would have gone to the autistic child. 
  2. Levels of monosodium glutamate high enough at such a young age to cause such a transformation.  As of yet, I have been unable to find the actual research data outlining the proportion and dosage of glutamate used in laboratory rats for the oft-cited study.  
  3. The source of the monosodium glutamate.  Children are typically diagnosed at age 2, or have regression around age 6.  For the 2-yr old, it would suggest that the monosodium glutamate would be in either the formula being consumed, or the baby food being consumed.  Most children are not on “people” food by this time, or at least not in a significant quantity.  For 6-yr olds, this is possible, though it still brings up the problem of some children showing autism tendencies, and some not, though both may have a very identical meal. 
  4. Cultures that do not use monosodium glutamate as a food additive also have children that are autistic, which brings the whole theory into question.  

Now, I don’t want to sound closed minded about this theory, because there is a kernel of truth regarding glutamate and its effect on the brain.  I would love to see actual clinical research that outlines the dosages of monosodium glutamate used, the duration, and the results compared to the “placebo” effect.  Unfortunately, as with most theories about autism, such information is never available, only anecdotal evidence.  

So, if there are any neurobiologists that are familiar with the proposed theory and have research either fore or against it, I would be happy to read!  Remember, I want to know the details of the research, and not just the conclusions.  Much of the research I have been able to find so far is from the 1950’s and 1970’s, about the same time when it was determined that cancer was caused by cranberries, eggs, water, and various other compounds when taken in humanly impossible doses.

by Jeremy at 10:52 PM under analysis , analysis theory , autism , brain , glutamate (Comments)

Hans Fugal
no nic
The Fugue :
» Subnet-to-Subnet Routing

This is a note to myself, since I always seem to get this wrong and spend an hour or two racking my brain over it, and yet it's so simple.

Consider the following network:

172.17.77.0/24 -- A --+-- B -- 172.17.82.0/24
                      |

                      S

A: 172.17.77.1/24 and 172.17.0.77/24
B: 172.17.82.1/24 and 172.17.0.82/24
S: 172.17.0.1/24

It is instructive to watch a tcpdump on A, S, and B while you ping between these three hosts. In particular, S sees nothing when A and B ping eachother. Well, not nothing—S will see the arp requests—but if you were running tcpdump icmp you wouldn't see anything. Now, if A is the gateway for its subnet and B is the gateway for its subnet, and you put a route for 172.17.0.0/16 via S on both A and B, the two subnets can find each other. But what if you instead put a route for 172.17.0.0/16 via the interface alone, and try to leave S out of it? A will not respond to ARP requests for 172.17.77.42, and so packets from B's subnet for A's subnet will fall off the edge of the network at B.

I hope that makes sense. It's rather simple when you look at it that way and not much to sing about. But when I make this little modification my brain always seems to go on vacation:

172.17.77.0/24 -- A      B -- 172.17.82.0/24
                   \    /
                    tap0
                     |
                     S

Now A, B, and S are connected by OpenVPN using TAP. TAP is like a virtual switch (Layer 2), so in reality it's the exact same setup. But for some reason whenever I set this up I tend to think that a route on A and B for 172.17.0.0/16 via dev tap0 will work. And so it does, when pinging just A and B. Then when I finally get around to hooking up their subnets, they can't see the other side of the VPN and I get confused. Then I fire up umpteen tcpdumps and having forgot to look for ARP traffic I get utterly flabbergasted. My mind thinks that since S is the VPN server that I should see ping traffic from A to B (or A's subnet to B's subnet) on S, if it's making it through the VPN. Then I assume that OpenVPN is doing something funky. At this point I get confused by the client-to-client option, and things go downhill fast.

So lets set things straight once and for all. OpenVPN's client-to-client option, when used with TAP, makes the VPN behave like a true switch. When it is set, A can see B's ARPs, and vice versa. When it is not, they can't. Think of it as S having one NIC for each client and they're all bridged together on tap0, or not, depending on the setting of client-to-client.

If you set routes for 172.17.0.0/24 via 172.17.0.1 then A can reach B anyway, but S will helpfully send ICMP redirects which won't work if followed. I suppose you could turn off this "helpfulness", but if you want to get from A to B just turn on the aptly-named client-to-client option.

The next important thing is to remember that when client-to-client is set and you're using TAP, the VPN behaves like a true switch. Packets direct from A to B will not show up on tap0 as far as external programs like tcpdump are concerned. That also goes for packets from A's subnet to B's subnet. Of course, they are still running through the VPN, and so S is playing the middleman as far as bandwidth, firewall, and encryption go. But you won't see it with tcpdump. (It makes me wonder if tap0 is behaving like a switch in that traffic from A to S never travels to C at all—I think this is probably the case.) Switch, not hub.

Finally, the important thing to realize when doing TAP is that the network looks like this:

A -- + -- B
     |

     S

not like this:

A -- S -- B

And the final take-home lesson is, use tcpdump icmp or arp to avoid confusion and hair loss.

There. hopefully that straightens me out, if nobody else.

by Hans Fugal at 5:57 PM under arp , bridge , ethernet , hub , icmp , linux , openvpn , route , switch , tap , tcpdump , tun , vpn

Steve Dibb
beandog
wonkablog
» lcd tvs

I was really bored the other night, so I went over to RC Willey (a rare experience) to look around.  I of course ended up in electronics pretty quickly, looking at the TVs.  They had a lot on sale there, and most all of them were LCDs.  For the life of me, I can’t figure out why people buy these things.  It might just be me, but the picture looks crappy on almost all of them.

I could only find one that looked decent, but even that one I wouldn’t get if I had a choice.  I don’t remember exactly what it was, but I know it was a Sony Bravia 40-something inch with the newer display engine, about 9000:1 contrast ratio and running at 120hz.

Everything else, they were all fuzzy.  I had to stand far, far away (about 24 feet) so I couldn’t see it, but any closer than that and it just stood out horribly.  On one 40″ I looked at, they were playing a standard-def DVD of National Treasure 2, which should have looked nice (since it’s a recent film),  but even that, all I could notice was the fuzziness.

I imagine it’s probably just me… I’m pretty picky when it comes to my TVs and I have a real eye for picking up even the smallest artifacts.  For my recommendation, though, if you want a TV, either get a rear projection (they all look gorgeous) or a regular CRT tube TV.

Actually, there is one area the LCDs do start to look nice — if they are small.  Anything 22″ or less actually looks decent.

by Steve at 4:33 PM under hardware (Comments)

Aaron Toponce
atoponce
Aaron Toponce
» rm -rf /

DISCLAIMER: This works on Debian testing, Debian unstable, Ubuntu 8.04 and Ubuntu 8.10. I have not verified it to work on other systems. If you hose your box, because you gave it a try, and it didn’t work, don’t blame me. You’re the stupid one for trying it out on a production machine. If you’re curious, but unsure, just take my word for it, or install a virtual machine.

I came across an interesting post today, so I thought I’d give it a go on a virtual machine that I didn’t mind thrashing. The subject of the post is in the title, namely as root, running ‘rm -rf /’. Have you tried this on the Ubuntu or Debian? It won’t work:

root@host ~# rm -rf /
rm: cannot remove root directory `/'
root@host ~# echo #?
1

If you’re nervous about running the above command, then pass the interactive switch to rm, (rm -ri /) to force rm to ask you on every last item to remove (you can answer no, or cancel with Ctrl-c). Why is rm refusing to remove the root directory? From the man page:

–no-preserve-root
do not treat ‘/’ specially

–preserve-root
do not remove ‘/’ (default)

Running ‘rm -rf /’ is the same as running ‘rm -rf –preserve-root /’, which of course makes no sense. Has this always been the case for rm? No. First off, Solaris made this a standard in Solaris 10. Second, –preserve-root as default has been the default of Ubuntu since 8.04, as it came upstream from Debian, and I’m guessing further upstream from GNU coreutils (probably v6.10, although I can’t verify).

Preserving root as default prevents easy mistakes, such as missing the assignment of variables:

root@host ~#: FOO="/home/aaron/tmp" rm -rf $FOO/
rm: cannot remove root directory `/'

Notice, I forgot to end my variable statement with a semicolon, so FOO never got assigned, and rm proceeds forth with removing / instead of /home/aaron/tmp like it should have. How about another example:

root@host ~#: rm -rf / tmp/*
rm: cannot remove root directory `/'

In this case, I wish to delete all the contents of the /tmp directory, but I typed too fast, and put a space between / and tmp/*, and thus, rm attempts to remove the root directory which is not what I wanted at all!

Good to see this implemented in the latest versions of Debian and Ubuntu.

by Aaron at 2:39 PM under linux , ubuntu

Phil Windley
pjw
Phil Windley's Technometria
» Good Advice for Switchers

Apple store in Boston

Image by windley via Flickr

Todd Ogasawara has some good advice for Mac Switchers that might keep you from lamenting your move. I switched in 2002 but had never really been a Windows user (Sun mostly) and I knew Unix cold, so switching wasn't such a big deal for me. But if you've been a long time Windows user and think a Mac might be fun, read Todd's advice first. I love number two:

2. If you do go cold turkey, don't drag your wife, girlfriend, significant other, parents, child, best friend along for the ride until you begin get comfortable with Mac OS X yourself.
From A Brief Guide for Mac Switchers/Try-ers
Referenced Wed Jan 07 2009 07:32:21 GMT-0700 (MST)

Wait until they ask. That's the best way. And they will ask if they see you having fun on your new Mac.

Related articles by Zemanta

Tags: osx windows switching

2:34 PM under osx , switching , windows

Hans Fugal
no nic
The Fugue :
» Putting OpenVPN in its place

Update: I had some errors and oversights in my general config that didn't have any direct bearing on the main message of this post. I have fixed them below and I beg you to pretend they never happened.

OpenVPN is a fantastic piece of software. No, it's an essential piece of software. A godsend.
But it has this tendency to try to be all that and a bag of chips.

My primary gripe with OpenVPN over the years has been what I call "psuedo-DHCP". It pretends, poorly, to be a DHCP server. If you have the audacity to prefer a real DHCP server you find very little help and sometimes even resistance from the tools and the community. I once tried to get it working and failed.

This week I was refreshing my OpenVPN setup and reading through the manpage for version 2.1, and saw a few references to people actually using DHCP. Still no explicit documentation, but it gave me hope. So I duly tilted at that windmill. Now I will show you how to get DHCP working with OpenVPN. What's more, we'll get rid of ifconfig and route options (for the most part). In short, we'll put OpenVPN in its place: as a secure tunnel manager.

The important paradigm shift here is that you aren't required to do anything from withing OpenVPN to configure the interface. You can just bring up the tunnel and your TUN/TAP device will be alive but unconfigured. At that point you could do something like this:

ip link set tap0 up
ip addr add 172.17.0.1/24 dev tap0

You could do this manually, or in an up script, or whatever. Or you could let your distro do it. Ah, so we can have a tap0 stanza in /etc/network/interfaces (Debian-based distros) that will configure tap0 when we ask it to. Let's look at a client example:

# in /etc/network/interfaces
iface tap0 inet dhcp
    hostname falcon
    # dhclient doesn't pay attention to this, so if you use dhclient (you
    # probably do) see /etc/dhcp3/dhclient.conf
    client falcon

# in the openvpn config
dev tap0
route-delay 10
cd /etc/openvpn
up "up.sh"
down-pre
down "down.sh"
…

# up.sh
#! /bin/bash
ifdown tap0 2>/dev/null
ifup tap0 &

# down.sh
ifdown tap0

There's some subtlety here, let's talk about it. Note that we're specifying both the DHCP client id and the DHCP hostname—more on that later. We use an external script because of the way OpenVPN's up option works, so that we can background the ifup call. This is important because the tunnel isn't fully up at this point, so your DHCP client won't succeed unless we background it (I tried up-delay to no avail). I have the ifdown bit in there as a safety measure—if for whatever reason Debian thinks the interface is already up it won't start the DHCP client and that would be bad. But hopefully this doesn't happen much thanks to the down option. Finally, the route-delay option gives the DHCP negotiation a chance to finish before any routes are applied (and in my setup there is one important route that I push to clients).

On the server side, we need to set up the DHCP server. ISC DHCP (dhcp3-server on Debian) isn't very intelligent about interfaces that materialize out of nowhere, so we'll need to set up a persistent TAP device. 

# in /etc/network/interfaces
auto tap0
iface tap0 inet static
    address 172.17.0.1
    netmask 255.255.255.0
    pre-up openvpn --dev tap0 --mktun

# in openvpn config
dev tap0

Now tap0 will be brought up automatically at boot, and will stay up even if you restart OpenVPN (you can bring it up now with ifup tap0). Notice that no ifconfig option is needed in the OpenVPN config. Now you can configure your DHCP server for the subnet:

# in dhcpd.conf
subnet 172.17.0.0 netmask 255.255.255.0 {
    # example options for VPN hosts
    option domain-name "vpn.example.com";
    option domain-name-servers 172.17.0.1;
    option netbios-name-servers 172.17.0.1;
    option ntp-servers 172.17.0.1;

    range 172.16.0.100 172.17.0.199;
}

host falcon {
    option dhcp-client-identifier "falcon";
    fixed-address 172.17.0.77;
}

Observe the dhcp-client-identifier option, and its matching entry in foo's /etc/network/interfaces (or /etc/dhcp3/dhclient.conf). This is important because TAP MAC addresses don't persist—you get a new one every time. dhcpd will use the client identifier to match a host, but alternatively you could spoof a static MAC address in foo's /etc/network/interfaces config. I think the client identifier is cleaner. Even if you don't use static leases, this way dhcpd will know it's the same client and give him the IP address he had before. Of course if you don't need (semi-)static leases you don't need to worry about client identifiers. You'll have some cruft leases but they should expire and disappear.

Unfortunately dhcpd doesn't use the client identifier for dynamic dns updates (one of the big reasons I wanted to use real DHCP in the first place), which is why I specify the hostname option in foo's /etc/network/interfaces. dhclient (as configured on Debian) sends the hostname whether or not you specify it in /etc/network/interfaces.

Other DHCP clients that do honor /etc/network/interfaces are available. See interfaces(5). I'm kind of partial to udhcpc, especially for hand-testing, though I usually end up sticking with dhclient.

Caveats: I haven't been able to get DHCP working with an OS X client. I tried initiating DHCP on the TAP interface with ipconfig set tap0 DHCP but it didn't work and once locked up my machine. So for this situation, or for any other reason you may have, you can still push ifconfig and route options in the client configuration directory entry for that client.

I haven't tried DHCP over OpenVPN on Windows clients yet but I see no reason why it wouldn't work.

Finally, I tried briefly to do it with a TUN device and though I can think of no obvious reason why it shouldn't work, it didn't. I like TAP better anyway.

Now after all this I can see some of you shaking your heads wondering what the point of all this is. "Surely this is more complicated than ifconfig and route in OpenVPN." Yes, it's more complicated, but it's more powerful. If all you need is pseudo-DHCP, then by all means use pseudo-DHCP. But if you are a sysadmin serving a gaggle of clients you soon find yourself pining for a real DHCP server. Or perhaps you want dynamic dns updates, or proper DHCP option support. (You do realize DHCP options sent by OpenVPN's dhcp-option are not applied on linux unless you do so manually by reading the environment variables in an up script, don't you?)

When you realize OpenVPN can just set up the tunnel and get out of the way, you realize that all your fancy networking knowledge and tools can come into play to create the ultimate VPN tailored exactly to your needs. Plus, I think it snaps things into focus so that things just make more sense in your head.

And now, I present my OpenVPN configs (sanitized) for the server (frodo) and a client (falcon):

## frodo (server)
dev tap0
mode server
tls-server

cd /home/fugalh/vpn
ca cacert.pem
dh dh.pem
cert frodo.pem
key frodo.pem

keepalive 10 60
comp-lzo
client-to-client
# this new option is nifty
passtos

client-config-dir ccd

# See /etc/network/interfaces for interface configuration and routing.
# (reproduced here for our web audience)
# auto tap0
# iface tap0 inet static
#         address 172.17.0.1
#         netmask 255.255.0.0
#         pre-up openvpn --dev tap0 --mktun
#         up ip route add 172.17.64.0/24 via 172.17.0.64
#         up ip route add 172.17.77.0/24 via 172.17.0.77
#         up ip route add 172.17.82.0/24 via 172.17.0.82
#         up ip route add 172.17.83.0/24 via 172.17.0.83
push "route 172.17.0.0 255.255.0.0 172.17.0.1"

#verb 3
mute 2
status /var/log/openvpn.status 60


## falcon (client)
dev tap0
client
remote frodo.fugal.net
nobind

cd /etc/openvpn
ca falcon-cacert.pem
cert falcon-cert.pem
key falcon-key.pem
tls-remote frodo.fugal.net

comp-lzo
passtos

route-delay 10
cd /etc/openvpn
up "up.sh"
# (reproduced here)
# #!/bin/bash
# ifdown tap0 &>/dev/null
# ifup tap0 &

down "down.sh"
# (reproduced here)
# #!/bin/bash
# ifdown tap0

mute 2
#verb 3

In my setup the 172.17.0.0/24 subnet is for the OpenVPN server and clients, and each client is a gateway to a 172.17.x.0/24 subnet for his LAN. Assuming a static route on the LAN for 172.17.0.0/16 via the OpenVPN client, frodo will route everything so people on one LAN can find people on another.

I also have dynamic dns updates for both forward and reverse DNS in my vpn.fugal.net zone.

One thing I haven't set up which is feasible is for the LAN DHCP servers to do ddns to frodo.

OpenVPN is in its place, and our relationship is that much stronger. Good luck with yours!

by Hans Fugal at 8:02 AM under ddns , dhcp , dns , dynamic , ip , iproute2 , linux , mac , openvpn , osx , pseudodhcp , tap , tun , vpn

Aaron Toponce
atoponce
Aaron Toponce
» New Job

Well, today was the completion of Day 2 on the job. As many of you are aware, I was laid off from my job as a Linux instructor for Guru Labs last month. There is no doubt in my mind that being a Guru was the best job in the planet, so losing that job has introduced depression into my life. It doesn’t matter the job, but it will always rank second to Guru Labs.

However, let me not put my new job in a bad light. It might be second place, but it’s trailing first by mere inches. However, as with a close friend of mine, I would like to keep this job anonymous. This will give me a little freedom to post topics that are close to my heart, and share stories and experiences without putting my employer in the spotlight, or putting my job at risk. Don’t get me wrong- I’m not going to post sensitive information, or any of that. Rather, I’ll be able to keep my opinions as my opinions, and not those of my employer.

However, with that, I’ll tell you that I am now working as a contractor to do system administration. I am a Red Hat / HPUX / Solaris system administrator. My job duties include those of most standard system administrators- rotating backups, installing new systems, configuring software, writing scripts, adding accounts and so forth. I administer around 35-40 servers for a semi-large development team, a database team and a number of configuration managers. My team is rather small, which encompasses a team lead (my boss), 3 system admins and 2 configuration managers. Today, my task was updating a RHEL 4 box with the latest versions of Python, Apache2 and PostgreSQL to power Trac.

With my new job, I’m happy. Very happy. This job seems to be at a reasonable pace, the team is very friendly, and the duties that I’ll be covering are vast. I’ll be able to get my hands dirty in many aspects of administration, such as storage management, networking, databases, installation, configuration, security and other things. Everything I taught to my students as an instructor, I’ll be able to put to practice. Setting up LDAP with Kerberos? Sure. Customizing SELinux policy? You bet! Playing with tape robots? Of course. If the contract stays in play, or the company I’m contracting for picks me up, I could see myself staying there for some time. When a job is fun, it’s hard to let go of the job.

by Aaron at 5:37 AM under personal

Dave Smith
no nic
Dave Smith's Blog
» Best bash prompt. Ever.

I have the best bash prompt ever. It took a lot of hacking and googling, but here she is: Notice that the smiley face and text colors change depending on the exit code of the last run command (red = failed, green = happy). This is handy, for example, after a ...

12:28 AM
January 6, 2009

Andrew Jorgensen
no nic
Andrew Jorgensen
» DialCentral

If you’re lucky enough to have a GrandCentral account and use Linux you’ll likely be very pleased with a little application called DialCentral.  Originally written for the Nokia Internet Tablet, DialCentral lets you use your GrandCentral account to make calls to arbitrary numbers.  You can already do that through the web interface but a dialer is much more convenient, especially on an Internet Tablet or Netbook.  It also supports your GrandCentral and Evolution contact lists and your call history.

DialCentral

If you use openSUSE there are packages of DialCentral available in my home repository in the openSUSE Build Service.  If you use Ubuntu or Debian the Maemo package should work for you.  Source code is also available, of course.

And because everyone loves speculation: I think Google intends to integrate GrandCentral with both GoogleTalk and Android some day. It’s odd that the only VoIP supported by GC for now is GizmoProject, but this is clearly just an artifact of the pre-google years. Some day soon you will be able to make POTS phone calls from Google Talk, and probably from Gmail.

by Andrew Jorgensen at 6:53 PM under opensuse , technology (Comments)

Gary Thornock
no nic
Gary Thornock's Weblog » Technology
» FreeBSD 7.1 Released

Just in time for the new servers I'm about to set up, FreeBSD 7.1 is out. Release notes here. Significant changes in this release include availability of DVD-sized install media on the download mirrors, and making the ULE scheduler the default in the i386 and AMD64 kernels (ULE was available before as an option, but the default was the older 4.4BSD scheduler). The new scheduler improves performance significantly for many workloads on multi-processor systems.

,

by Gary at 6:47 PM under bsd , freebsd , open source , technology (Comments)
January 5, 2009

Jordan Gunderson
jordy
Jordy Blog
» Got Contract Work?

Gabe and I want to be sure that our start up company, Izeni, has a cash runway that’s long enough to ensure that we can have a proper lift off. To that end we’ve been doing some consulting and contract work (mostly low-hanging fruit) to slow our burn rate, and it’s worked fairly well because we’re in bootstrapping mode and our expenses are relativity low. So, although we’ve never really sought contract work, we do like it; and I thought I’d do a quick post officially soliciting it.

So without further ado, Izeni will be accepting all kinds of technical consulting and contract work. Our specialities are Python coding; website development (particularly using the Django framework); Linux systems administration (Apache, *SQL, Postfix, Mailman, IPtables, Samba, Bash, etc.); and VoIP-based telephony (Asterisk and Freeswitch).

We can also do general computer and network support, online marketing, and a myriad of other technical and business odds and ends.  :)

Izeni is based out of Utah, but we can also telecommute.

Please let me know if you have any contracting and consulting opportunities or know of any companies looking for web guys, programmers, or other technical contractors. Otherwise, feel free to repost this (pass the word along), or just keep us in mind.

by Jordy at 11:48 PM under asterisk , bootsrapping , business , contract work , custom website developement , django , entrepreneurship , freeswitch , fundraising , izeni , linux , programming , python , systems administration , tech contractors , technology , utah , voip (Comments)

Stephen Weeks
nonic
Stephen Weeks
» Parrot Speaks Your Language

I recently finished digging through the cleanups necessary to allow Parrot languages to exist in their own separate namespaces. Before this when you tried to run code from, say, Ruby and Perl 6 in the same interpreter, they would both try to define a Hash class, for example, and step on each other's toes in a variety of ways. Now you can load as many languages as you want into the same interpreter.

I also added a hackish implementation of the :lang parameter to Perl 6's eval that loads up the appropriate compiler to use instead of the Perl 6 compiler. This means that Rakudo can now do things like this:

eval(q<VISIBLE "O HAI GUYZ">, :lang<lolcode>);
my $x = eval(q<10×5÷2>, :lang<APL>);
my $rubysub = eval(q<do |i| puts "ruby got " + i; return i + 10 end>, :lang<cardinal>);
my $schemesub = eval(q<(lambda (msg) (write "scheme got " msg "\n"))>, :lang<pheme>);
$schemesub($rubysub($x));

The output of that is:

O HAI GUYZ
25
ruby got 25
scheme got 35

The extra '25' is there because the APL spec says that any non-assignment results in a print as a side-effect.

I haven't added support for this to any of the other Parrot languages yet because I don't know what the API should look like for any other language.

I haven't added support for loading foreign libraries to Perl 6 yet because there are a couple of awkward semantic issues to work out, and I haven't added support for loading foreign libraries to any other language yet because I don't know what the API should look like.

This is where you come in, my opinionated Internet friends. If you have suggestions for the API for evaluating foreign code or loading foreign libraries in any of Ruby, Python, LOLCODE, PHP, or any other Parrot language, please speak up here or on the social news site of your choice.

Thanks go to my employer for sponsoring my work on Parrot. Most of what I've done wouldn't be possible without their support.

by Stephen Weeks at 9:48 PM under parrot

Jeremy Robb
scothoser
Scothoser's Corner
» Journey to the Centre of the Earth: A Review

This is another one of those books that I thought I had read, but never got around to it.  Finally, after my older brother gave me a copy for Christmas, I sat down to read “Journey to the Centre of the Earth”.  

Jules Verne has a very unique style.  He’s not fettered down by absolute facts, and loves to sport myriad theories of his time.  But first and foremost his books are travel logs.  While fantastic voyages, travels, and even technologies are introduced, the basic premise is the journey itself.  You are transported to other countries, cultures, and places so easily with his books.  

Another enduring and fascinating piece of his writing is his hero, the narrator, who is fundamentally flawed.  He either lacks fortitude, courage, resilience, or some other ideal that is instead reflected in another character.  I love it, because he can then explore the faults in humans in a way that brings sympathy instead of condemnation.  

Finally, there is the science!  Much of the “facts” he presents in his books are theories of the time, many of which have either been proved right or wrong.  Also, there is the way problems are surmounted, usually by the application of some technology that is either real, experimental from the time, or completely non-existent.  At any rate, it gets the juices flowing in the mind, if only to puzzle a way to make it work.  

The Journey was fabulous, as I have seen just about every version made for film, whether big or small screen.  The book, as always, outshines each presentation, and makes for interesting comparisons.  I just can’t help comparing versions with the original story, trying to find reason in their changes. 

If you have never read Journey to the Centre of the Earth, I would highly recommend it.  The story is fascinating, making for a great story even before they enter the cave marked by Sarcaris.  The prose is reasonable for a translation, though it does make me wish I had a better grasp of the French language, so I could read the original.

by Jeremy at 7:40 PM under review (Comments)

Scott Morris
nexangelus
OpenSUSE Linux Rants
» Shelbi Kay Elwell, Age 6, Passed Away December 30 From a Sudden Illness

This family’s loss breaks my heart. They are friends of ours, and live in our neighborhood. Here is the obituary:

Shelbi Kay Elwell

“Shelbi Kay Elwell 2002 ~ 2008 Our little princess, Shelbi Kay Elwell, age six, passed away from a sudden illness on Dec. 30, 2008.Shelbi was born to her loving parents, Rian and MeLea Elwell on Feb. 26, 2002. Shelbi loved princesses, Barbies, playing with her cousins, her brothers, and her many friends. She was a happy and fun loving little girl. She shared hugs and kisses with her family. She attended Pony Express Elementary School where she was in the first grade. Survived by her parents, her brothers, Cameron, Nathan and Carter, grandparents, Brad and Debra Sheppard, Ted and Roxene Kresser, Jack and Marsha Elwell, great grandparents, Grant and Karen Stubbs, RueLeen Sheppard, Susan Elwell, Frankie Barney, aunts, uncles, and many cousins. Funeral services will be held Saturday, Jan. 3, 2009 at 11 a.m. at the Eagle Mountain East Stake Center, 4506 E. Pony Express Parkway, Eagle Mountain, Utah. Viewings Friday evening from 6-8 p.m. at the church and Saturday 9:30-10:45 a.m. prior to the funeral. Burial, American Fork Cemetery.”

I went to the viewing on Saturday morning, and to her funeral. She was a beautiful little angel of a child.

If you can, please donate to help them with the mounting hospital, funeral, and burial costs. To make a contribution, go into any Zion’s bank branch, and state that you would like to make a donation to the account under the name of Shelbi Kay Elwell. You will then be able to make your contribution.

Here is the original obituary

Another way you can help is to post this same message on your blog or website, or send it to those in your address book. If you do, please include the information about her donation account. Let’s all help the Elwells as they work through their grief during this difficult time.

by Scott Morris at 4:59 PM under elwell , shelbi , uncategorized (Comments)

Phil Windley
pjw
Phil Windley's Technometria
» IT Conversations Needs Web Editors

As you're probably aware, IT Conversations, and other Conversations Network Channels, are made possible through the efforts of a small army of Web site editors and audio engineers.

We have a terrific team of people who help out and Doug's put together a great system for managing the workfow of producing shows Now, with a bit of attrition in the ranks of both our website editors and series producers and a new channel on the way, it's time to add to the team once again.

If you'd like to help us write descriptions for our programs, track down and crop photos and sync the occasional slideshow, here's your chance. The word "volunteer" isn't quite right since in fact Web editors are paid (thanks to donations from our paid members), but you're not going to get rich. You'll get a whopping US$15 for each description you write - US$25 if you also sync a presentation's slides to the audio.

You'll find details on TeamITC (as we call it for historical reasons) and our Apprenticeship Program on The Conversations Network web site.

Tags: itconversations

3:56 PM under itconversations
» Pricing Bulk Cold Storage and Real Engineering

disks up close

Image by penguincakes via Flickr

James Hamilton has put together an analysis of the cost of bulk cold storage. That is, the cost of storing data, including the fully burdened cost of power in a data center, without the associated transport fees. The answer: $0.80/GB/year.

Wow--that's cheap. And of course it's getting cheaper. When James did a similar analysis using numbers from two years ago, the cost was $2.50/GB/year.

One thought I had as I looked at James' analysis is that we don't teach enough people to do these kinds of calculations. Not that there's anything particularly difficult about the math, but there are things to know and techniques to use.

I often say, quoting Pat Taylor, one of my professors in my undergraduates days in metallurgical engineering, that an engineer is some one who can do for a dollar what any fool could do for two. Of course, building performant, efficient code is part of this, but so is understanding the cost of bulk storage and other resources and using that in the trade-off.

Related articles by Zemanta

Tags: storage s3 amazon aws engineering

3:26 PM under amazon , aws , engineering , s3 , storage

Dennis Muhlestein
nonic
All My Brain
» Upgrading to Wordpress 2.7

I just updated all my blogs to Wordpress 2.7. I like the new admin interface. The upgrade was pleasantly easy and quick.

by Dennis at 2:06 PM under system administration , upgrade , wordpress
January 3, 2009

Lamont Peterson
Peregrine
Peregrine
» Dropping XFS from My Workstation

My dual Opteron workstation has been around for nearly 5 years now. It’s had some bumps and bruises along the way (some of which were due to my own actions), but has been a great machine. It still has very good performance, especially given it’s age.

When I first built it in May of 2004, Fedora Core 2 was barely out and was the first Fedora to sport an AMD64 (x86_64) 64-bit version. That was the first and last time that I installed Linux on this box, from scratch. Since then, I’ve upgraded it to FC3, FC4, FC5, FC6, F7, F8 and now F9 (I will upgrade to F10 in a week or so).

When I installed FC2, I used the ext3 filesystem for the root volume (I use LVM). I "converted" the root volume to the XFS filesystem on 2006/08/03. I also created a few volumes using XFS and reiserfs (v3.6) filesystems.

Over time, I’ve had a few minor problems with XFS. Recently, those problems grew in regards to the root volume to the point where I needed to convert it to something else, which I did the other day. The root volume is now on reiserfs. That leaves just 3 volumes that are still XFS.

After upgrading to F9 and installing updates, there were a couple of weird issues that I was dealing with. I also kept seeing some filesystem corruption messages (on the terminal, in the logs) for XFS volumes (but they don’t tell you which one). That’s it, I’m done with this XFS thing, so I’m going to convert those filesystems over to something else and get rid of XFS on this workstation.

The three volumes are for /usr/, /var/ and /var/log/. I could just drop to single user mode and convert /var/ and /var/log/ without any difficulty. For whatever reason, on Fedora and derivatives (including RHEL, CentOS, etc.), I have never been able to umount /usr/ successfully once it’s mounted. So, I’m using a rescue environment (to convert all 3) like I did for the root filesystem conversion, just so I don’t have to muck with it.

I haven’t had one problem at all with the two XFS volumes I have on my home file server (one for /music/ and one for /video/). That server is running openSUSE for a few years now. It’s also a much more complicated setup on that hardware, which I’ll talk about more in a later article.

For those who want to post comments that I’m an idiot for using reiserfs, please, don’t bother. I’ve heard every reason why this filesystem or that filesystem sucks and you should only use, “the other one,” instead. Look, it’s this simple: since the filesystem is the one piece of software where we just don’t tolerate buggy software, when something does go wrong the stories live on for years. I’ve heard horror stories of kinds that you might never be able to imagine describing data loss at the hands of ext2, ext3, reiserfs, XFS, JFS and many other filesystems. I’ve only experienced data loss with ext2 and ext3. XFS has given me problems, but thankfully not with files that I couldn’t easily replace. I haven’t hardly used JFS, but I do have a volume or two on my home file server that are JFS and there’s been zero trouble there.

Here’s my philosophy about filesystem type selection: use the right tool for the job.

It’s not always easy to say with perfect definitiveness that you should always use this filesystem here and that one there. Benchmarks show all 4 of ext3, reiserfs, JFS and XFS as having statistically equal performance for general use cases (like workstations). There are some rules by which I can say, from experience, that one of these will outperform the others for a particular use. I’ve been meaning to run another series of performance benchmarks on as many viable Linux filesystem types as I can. I’ll post results and talk about use cases then. For now, here are some basic tips from my experiences:

  • Always check the “expiration date” on the horror stories that people tell you. It’s more likely to be old, as reiserfs, ext3, JFS and XFS have all been quite stable for many years now.
  • ext3 will almost never outperform the others for a specialized task.
  • reiserfs, JFS and XFS will almost always have roughly equal performance for most specialized tasks. This is primarily due to the fact that they share the very similar basic filesystem design concepts, though, obviously, the implementations vary. I’ve thought for many years that XFS was derived, in part, from reiserfs (due to some very hard to discount coincidences in XFS structures and code) but also shares some design elements in common with MacOS filesystems.
  • If you’re going to have lots of files, big or small, then move away from ext3. Newer versions of ext3 (that are not backward compatible with older ext2/3 drivers) implemented some features (like hash-indexing) from reiserfs in order to improve performance in this area. Still, more than about one thousand files or so in a directory and ext3 starts to bog down quickly (when working in that directory). So, for example, ext3 is a really poor choice for spooling directories on busy servers or for proxy stores or any other application where tens if not hundreds of thousands of files will be created.
  • ext3 has the worst file deletion performance of the group. Thus, for applications like print and mail servers, ext3 is a very poor choice. I have personally seen anywhere from 7 to 9 times better performance for print servers and from 10 to 23 times better performance for mail servers by simply converting the spool (and log, in the case of the mail servers) directories from ext3 to reiserfs.
  • XFS and JFS have some specialized features that are very useful in high throughput applications. XFS has a bandwidth guarantee feature that is very useful with large media operations (like audio/video editing, compositing, etc.) and streaming. JFS has some sustained high throughput features that provide excellent performance for some types of databases (not database servers, but data operations by the servers).
  • When it comes to databases, it’s very hard to predict which of these 4 will provide the best performance. It is very rare that ext3 is the winner, but it does happen. The only way to really know has been to create 4 volumes formatted with each filesystem type and run some benchmarks against the same DB on top of them. If you’re going to do this, make sure to use the database structures for the DB you want to test that you will be using in production. You don’t have to have “real” data, but make sure it is representative of the types and sizes of records that your database will be working with. Also, be sure the benchmarking test run “real” queries in the “right” ratios that you do (or expect to) see in your production environment. After all of that testing, you’ll probably see that one of the filesystem types outshines the rest.

Once, while I was consulting with a Fortune 500 company that will remain nameless, we saw that certain tables experienced huge performance benefits on one filesystem and other tables were significantly better on another. They actually reworked the application code to work with splitting the database into two databases, that were then stored on two different filesystems in order to take advantage of this.

Basically, each of these filesystem types have their advantages and disadvantages. There are other journalling and log filesystems available for Linux that are worth looking at for some applications. If you have a strong bias towards just one filesystem type and won’t even look at the others, then you are very likely missing out some benefits that you could have. If nothing else, it’s certainly an interesting topic … to some of us geeks.

by Peregrine at 4:00 PM under linux (Comments)
January 2, 2009

Lamont Peterson
Peregrine
Peregrine
» Block SSH Cracking Bot-Nets with Netfilter

A few weeks ago, I was looking through some Netfilter documentation, just poking around, looking at some modules I’ve never seen/played-with/hear-of and I came across the recent module. I decided to try it out on one of my servers that gets anywhere from zero (0) to tens of thousands of crack attempts via SSH per day and see if I could weed out some of these bot-nets. It also occurs to me that this could help fight email SPAM-bots, too.

Of course, it’s very important to have good, strong password security practices. If you have poor passwords, none of this will matter, as you’ve probably already been compromised whether you know it or not. This means that all users have to have strong passwords. Techniques for helping users to create and use strong passwords are beyond the scope of this article, but I will write articles about these things in the near future.

Here’s the configuration that I put into place. I’m showing this as the the iptables commands that you would run on the command line, adapt to however you persist your Netfilter configuration. Also note that these lines should replace anything that you now have in there for SSH. I’m also including the additional ESTABLISHED,RELATED rule here for completeness:

# iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i $OUTSIDE_INTERFACE -p tcp –sport $UNPRIV_PORTS –dport 22 -m state –state NEW -m recent –update –seconds 10 -j REJECT –reject-with icmp-host-prohibited
# iptables -A INPUT -i $OUTSIDE_INTERFACE -p tcp –sport $UNPRIV_PORTS –dport 22 -m state –state NEW -m recent –set -j ACCEPT

These three rules mean:

  1. Accept traffic for “conversations” that are already in progress. This rule works for traffic in both directions and will handle everything in the ongoing connection.
  2. If an IP packet matches these criterion:
    1. -A INPUT -i $OUTSIDE_INTERFACE” — coming in on the Internet connetion (I create a variable with the value “eth0” or whatever it is and use that in my firewalling scripts);
    2. -p tcp” — carry TCP (for Layer 4) in the IP packet payload;
    3. –sport $UNPRIV_PORTS” — coming from an unprivileged TCP port (legitmate clients should only come from source ports 1024 through 65535, inclusive);
    5. –dport 22 — destined for TCP port 22;
    6. -m state –state” — the state module doesn’t have a record of this packet as being part of an existing connection;;
    7. -m recent –update –seconds 10” — the update module has a record of another connection attempt matching this one within the past 10 seconds.

    Take these actions:

    1. -j REJECT” — throw the packet away;
    2. –reject-with icmp-host-prohibited” — return an ICMP host-prohibited response to the client who tried to initiate this connection.
  3. The last rule is essentially the same as the second, except for:
    1. -m recent –set” — make a note of the time that this connection attempt occurs at;
    2. -j ACCEPT” — if all criterion match, accept the packet (which will stop further rule processing here, BTW).

Basically, what we’re trying to do here is to limit the number of failed connection attempts that are allowed.

Let’s say that human being tries to connect via ssh lamont.example.com and they don’t have an account or the mis-type their password several times to the point where sshd cuts off the connection, so they re-run their ssh command to try again. It will probably work and let them in, as it probably took them longer than 10 seconds from the first packet of the first TCP connection until the first packet of the next TCP connection.

However, the cracker-bot-nets don’t work like humans. They automate the process of trying to connect as fast as they can, so they will try only 1 or maybe as many as 3 or 4 passwords before closing the TCP connection and starting another. Since they don’t have to be as slow as people, they’ll usually be coming back again in under the 10 seconds. Most of them actually try to establish multiple connections (2-20ish at a time) in order to try more passwords.

Once the crack-bot starts seeing TCP connection failures, they usually skip your IP and go on to try and find softer targets. If they can’t connect to SSH, then why bother wasting time trying.

After setting up this configuration and letting it run for a week, I can report that it works marvelously. I’m getting under 10 break-in attempts per day, now. If you’re going to have SSH visible to the world (and why shouldn’t you?), then I would recommend adopting these Netfilter rules in your firewall configuration.

by Peregrine at 7:26 PM under internet , linux , security (Comments)
January 4, 2009

Clint Savage
herlo
Sexy Sexy Penguins » Tech
» WordPress Plugin: Order by Popularity

Ever wanted to have a blog ordered by the number of visits, comments, and such?  It would seem to me that this might be useful.  So I wrote a plugin to accommodate just that.

To be honest, I really shouldn’t take that much credit for it, since Alex King wrote most of the functionality for determining popularity as his plugin is required for mine to work.  All I really did, was stand upon his giantness and make it so people could sort their blogs by popularity.

Feel free to Download It

Cheers,

Herlo

Related Posts

by herlo at 8:33 PM under plugin , tech , wordpress (Comments)

Pat Eyler
pate
On Ruby
» New Year's Road Trip

In December, we heard that the Sahpeech chapter was going to hold a Fellowship with a Brotherhood ceremony in Gunnison on January 2-3. Since we had an Ordeal candidate and a Brotherhood candidate just waiting for the opportunity, we decided to take a road trip. On Friday afternoon, we packed up our gear (and lots of warm clothes) and dinner to eat on the road, and we headed off. The youth

by pate at 4:25 PM under brotherhood , fellowship , ordeal , sahpeech chapter

Hans Fugal
no nic
The Fugue :
» What is my IP?

"What is my IP?" A frequent question while we all remain under the oppression of NAT. Of course most of you are familiar with whatismyip.com and friends, but did you know you can do the same thing yourself very easily? All you need is a webserver (across the NAT in question, of course).

Here's a CGI version:

#!/bin/sh
echo "Content-type: text/plain"
echo
echo $REMOTE_ADDR

If CGI is a pain but you have PHP:

<?php
  header("Content-type: text/plain");
  echo $_SERVER['REMOTE_ADDR'];
?>

Both of these are suitable for scripting, e.g.

#!/bin/bash
URL=http://fugal.net/ip.cgi
echo Your IP address is `curl -s "$URL"`

by Hans Fugal at 1:32 PM under address , bash , curl , ip , linux , nat , php , remote_addr , sh
January 3, 2009

Joseph Hall
no nic
blog.josephhall.com
» Pork Enchiladas

I love enchiladas. I remember my dad making them when I grew up. Of course, his were a little different than mine. For instance, he used corn tortillas. And he seemed to like cheese-only enchiladas. I kind of liked 'em like that. But I've discovered that my wife doesn't seem to like cheese-only enchiladas. And I got fed up with corn tortillas long ago. They crack when you try to roll them, they... well, they crack. Isn't that bad enough?

Lately I've been playing with enchilada sauce. Really, isn't it just a thinned out tomato and chile sauce? I decided to try a little experiment: canned tomato sauce plus taco seasoning. Hey, it's actually not bad. It's a little thick, but it's very close in flavor to some of the store-bought enchilada sauces.

So bearing all this in mind, let me share with you an enchilada recipe that my family has been eating on occassion lately. It's not exactly traditional, but we like it. But if you want to go back to corn tortillas or something, go for it. You won't hurt my feelings.

First off, you'll need your enchilada sauce. Whether you use the "real" stuff or you do it my way, it helps to heat it up. I like to use a wide frying pan, to have enough room to dip the tortillas in later. With my version, you need a can of tomato sauce and a couple of Tablespoons of taco seasoning.

Stir it all together and heat it up to about a simmer. You don't need to boil it or anything, it just needs to be heated a little. If you want, you can thin it out with a little bit of liquid. Water would be fine, but broth would be better. Once it's ready, put it together with the rest of your ingredients and equipment.

We have cheddar cheese, chopped pork, sliced olives, red bell peppers, an 8x8 baking pan, four 8-inch flour tortillas, and a pan full of enchilada sauce. Just a note: about one enchilada in, we put the baking pan next to the enchilada sauce. Step one, coat a tortilla with sauce:

Move it to the baking pan and add a hanful of chopped pork:

Olives go in next:

Chopped red bell peppers:

And of course, some cheese:

Roll it up and repeat with the rest of the tortillas. You'll want to use all of the pork inside, but be sure to save some of the olives, peppers and cheese for the top. At some point, it's going to look kind of like this:

Go ahead and cover it with a bit of cheese:

Add the remaining olives:

And the remaining peppers:

Slide it into the oven at 350F, until the cheese starts to bubble. It'll probably take about 15 minutes or so.

Oh, so tasty.

by Joseph at 9:20 PM

Elijah Newren
no nic
Elijah's Blog
» GNOME DVCS Survey results

The GNOME DVCS (Distributed Version Control System) Survey completed
about a week and a half ago, with responses from 579 different people with
svn accounts. (There are 1083 people with commit access to
GNOME SVN, so this is about a 53% response rate.) The survey was
intended to collect data related to a possible move for the GNOME
project from SVN to a distributed version control system in 2009, thus
questions about svn were included despite the fact that it is not
distributed. The results of the survey are shown below.  (I got the data from Behdad; the scripts I used to generate the plots can be found here.)

Bias

The plots of the data I present simply cover all the questions –
twice. Once to show the percentages of respondents with each answer
for the specific question, then again to contrast how those who
answered a given question differently had differing rankings for the
various VCSes. So the plots are as neutral as I think is possible.

I also add some commentary of my own, analyzing the data and noting
items that surprised me (I had several predictions about how the
survey would turn out; many of my predictions were right but there
were a number of surprises for me too). I don’t think it’s possible
to make such commentary unbiased. In fact, since I noticed a clear
front-runner in looking at the results, I thought it most useful to
look at that particular system, so the majority of my comments focus
on it. If you do not want my bias, ignore my comments and draw your
own conclusions from the data.

Survey Questions

First, let’s remind everyone what the survey questions were:

  • Your GNOME SVN user id
  • Do you currently maintain any GNOME modules in SVN?
    • Yes, I maintain multiple modules
    • Yes, I maintain a single module
    • No, I am not a maintainer
  • Do you currently develop any GNOME modules in SVN?
    • Yes, I develop multiple modules
    • Yes, I develop a single module
    • No, I do not develop any modules
  • Do you commit to GNOME SVN?
    • Yes, I regularly commit to GNOME SVN
    • Yes, I sometimes commit to GNOME SVN
    • No, I do not commit to GNOME SVN myself
  • How do you best characterize your current GNOME SVN contributions?
    • I develop code
    • I write documentation
    • I test
    • I translate
    • Other

    (Edit: I wish the question, “In which ways do you characterize
    your current GNOME SVN contributions?” had also been asked.
    It would be really interesting to see the results of such a
    select-all-that-apply question.)

  • Which of the following distributed version control systems are you familiar with? (select all that apply)
    • bzr
    • git
    • hg
  • How do you best summarize which DVCS systems you use *regularly*? (select all that apply)
    • bzr
    • git
    • hg
  • How do you feel about GNOME changing version control system to one of bzr, git, or hg in 2009?
    • Not again! We just switched systems, like, yesterday (no)
    • No strong feeling, I’d use whatever is provided
    • What’s wrong with SVN? (why?)
    • I do not care
    • Please do! Anything is better than svn (except for cvs of course)
    • Other
  • Which one do you prefer? Please rank the following:
    • anything other than svn (no preference)
    • bzr
    • git
    • hg
    • svn (no change)

Basic stats

Contribution statistics

Why do we attract so few people that self-identify as primarily being
documenters? Is it because people who get involved in documentation
then also get heavily involved in other areas and thus put themselves
in the “Other” category (most of the documenters I can think of
probably did this)? Are distros more likely to attract this kind of
volunteer? Do we just have a fundamental shortcoming somewhere?

DVCS familiarity statistics, and should we switch

Wow…we have an awful lot of people already familiar with other
VCSes. Over 60% familiar with git, and nearly half the people already
use it regularly? I knew there were a lot of people out there, but I
didn’t know it was that many. bzr and hg also have fairly strong
representation among the community (there’s even 31 people who are
familiar with all three systems, and one person who regularly uses all
three — no I’m not that person). The number of people who regularly
use git still leads the other two systems by quite a bit; I thought
they (or at least bzr) would have caught up more by now but I guess
not.

The lion’s share of the votes for whether we should switch were either
for those that wanted to switch or those that didn’t have a strong
feeling. Although only a small percentage (less than 3%) voted “no”,
that may have been due to the wording; for purposes of counting, the
“why?” column should be lumped with the “no”s. It’s a lighter no, but
still a no. The “other” column is a bit of a wildcard and represents
a somewhat significant cross-section of the community. As can be seen
in the next section, among this group who chose “other” in answer to
the question of whether we should switch, there was a preference for
git over the other systems.

VCS rankings

Note that I’ve created an extra plot derived from the other five, ‘Average rank’, which shows the average rank of each VCS (the number in parenthesis for this extra plot is the number of people whose rankings were averaged). If the community were evenly divided, or if no one cared which system we used, then every VCS would have a rank of 3. So the relevant question in the average rank plot is how far from rank 3 each system is.

Note that the different graphs have different y-axis ranges, as was true with previous plots too. Sorry.

This set of plots really surprised me. I have often thought of git as
polarizing and expected it to have the most first place votes and the
most last place votes. It definitely got the most first place votes,
was close on second place votes, and significantly lagged all other
systems in second-to-last and last place votes. I was floored by
this.

Average rankings for different demographics

One question I was really interested in was which version control
system various demographics preferred. For example, there were a
significant number of people who selected “other” for whether we
should switch to another system. What’s their preference? Do
translators or testers have a different favorite system than coders?
Do maintainers of multiple modules have a different outlook than
non-maintainers? So, in this section I try to look into this
question.  Note that in each plot, the number in parentheses are the number of people across whom the average was taken.

Average VCS ranking by maintainence/development load

It looks like VCS preference doesn’t change much relative to
maintainence and development load. However, I found it interesting
that bzr had its highest support among maintainers/developers of a
single module and that git had its highest support among
maintainers/developers of multiple modules. (Mercurial had more
support among non-maintainers and non-developers, though that may just
be a reflection of the latter demographic having less strongly held
opinions.) That matched my intuition about design choices of bzr and
git, what they were optimized for, and how it has reflected in their
usage. However, although I was correct about the trend, the size of
the trend turned out to be nearly negligible.

Average VCS ranking by commit frequency

Not much variance here either. As expected, it looks like regular committers have stronger opinions (average rankings further from 3) than occasional or non-committers.

Average VCS ranking by contribution type

I was surprised by these plots. I expected support for git
to be found almost exclusively among coders, but apparently that is
not the case at all. git is ranked highest by all groups other than
documenters. Documenters, though, do rank git dead last.

Some might suggest we discard the last plot given the tiny sample size
(only 4 people self-identify as being ‘primarily’ documenters!).
While there’s some merit to that claim, I find it to be the most
interesting plot (as a bit of a VCS junkie) since it is the only
non-VCS related demographic for which git does not come in first
place.

I also find the translator plot interesting (as a VCS junkie), as it’s
the only other such plot for which git does not have a commanding
preference lead over all other VCSes. Honestly, though, I was quite
surprised that git was even close to svn for translators, let alone
that it had a small lead.

Average VCS ranking by DVCS usage/familiarity

No real surprise here as far as the favorite goes — users who are familiar with or regularly use a certain system tend to prefer that system. However, git enjoys positive support in all cases and at least comes in second? I found that somewhat surprising. I thought it would get a average ranking lower than 3 by those familiar with or using bzr/hg — much as bzr, svn, and hg did among those familiar with or regularly using git.

Average VCS ranking by propensity to switch systems

Those who think we should switch want to go to git. Those who have no
strong preference or selected other, also had a preference for git.
Those who don’t care whether we switch, wonder what’s wrong with
subversion, or think we just shouldn’t switch, all prefer subversion.
Even among the latter group, git came in a positive second for the
“why?” and “I don’t care” groups.

Final thoughts

It looks like there’s a strong preference in the community toward
switching, and that git has a strong lead in preference among the
community, followed by svn, then bzr, then mercurial.

Among the non-VCS-related demographics, there was only two in which
git did not have a commanding lead: testers and documenters. Among
testers, git was still the preferred system, but it only marginally
lead svn (and these two strongly lead bzr and hg). Among documenters,
git came dead last by a large margin (while bzr came in a commanding
first). It would be interesting to find out why; perhaps we should
poll the 4 relevant people.

Among the VCS-related demographics, people familiar with or regularly
using a certain system tended to prefer that system. git always came
in a positive second, though. Also, those not wanting to switch
systems or not caring *at all* whether we switched strongly supported
subversion, while everyone else (including those with no strong
feeling about the switch) strongly preferred git. Even among the “why
switch” and “I don’t care” groups that preferred subversion, git came
in a positive second. Among the tiniest switch preference group,
those that don’t want to change systems at all, bzr was second
followed fairly closely by git.

I spent a lot more time discussing git than bzr or hg in my comments
here, but that was mostly a reflection of where it appeared in the
stats. As shown in the survey results, the other systems don’t appear
to be nearly as preferred in the community, so I simply didn’t discuss
them as much. I apologize if that makes my analysis looks biased; as
I said at the beginning, feel free to ignore my analysis and draw your
own conclusions from the stats.

by Elijah at 6:07 PM under bzr , general , git , hg , svn , version control (Comments)

Jeremy Robb
scothoser
Scothoser's Corner
» Sugar Bowl

31-17…  What a good game.

by Jeremy at 4:59 AM under uncategorized (Comments)

Aaron Toponce
atoponce
Aaron Toponce
» Distributed.net Ubuntu Team

For those looking to put their CPU to work on their computer, I have the perfect job for you: Distributed.net! There’s no doubt that many of you already are participating in some distributed computing project, such as SETI@home, or Folding@home, BOINC, or others. I have joined different distributed computing projects in the past, and currently, I’ve rested on the RC5-72 project on distributed.net. The reason for joining the project is simple: I’m a math geek, and I wanted to join a distributed computing project that is math related. RC5-72 is the perfect fit. Further, there’s $1,000 up for grabs to the person who finds the right key.

Which brings up the question, what is RC5-72? Back in the day, RSA Labs created a challenge. The challenge was to show the weakness of the DES algorithm and bit strength. So, they cerated a string of text, encrypted it with DES, then set aside $10,000 for the first person or group to crack it, revealing the private key that was used to encrypt it. The EFF created a computer they called Deep Crack for this very purpose, and set off brute forcing the key. In less than 9 months, they found the key, and won the prize. Meanwhile, RSA Labs created more challenges, this time using the RC5 algorithms, and also setup $10,000 for each successful crack of the private key. Distributed.net was born, and began brute forcing.

Because there are so many keys to check, it made sense for the developers to set it up as a distributed computing project. RC5-56 was started, and the private key found, awarding distributed.net the money. Distributed.net then divvied out the money to the winning participant, group and donated the rest to the top voted project. They also won RC5-64. Currently, we’re hammering on RC5-72. However, if you visit the stats page, you’ll see that we have a ways to go. At the current rate, it’s going to take us roughly 750 years to search every key in the keyspace. Now, we may find the key before that point, but it still could take us 300 years to find it! There’s no reason for this! A PlayStation 3 with Linux installed can burn through the keys. Add 1,000 of those, and we’ll seriously knock out some keyspace! Sony has sold over 5 million PS3s, so surely 1,000 isn’t too much to ask! Plus, add up all the dual core and now quad core machines in existence, and RC5-72 could be done in a single year. We just need more people donating CPU time.

So, this is where you come in. If you have a spare computer that needs to flex its CPU muscles, then join the RC5-72 or OGR-26 project, and sign up to be a member of Team Ubuntu! We are the largest and most popular distribution in the world, so there is no doubt in my mind to achieve the top 100 in the stats rankings. Heck, we could be #1! All you need to do is download a client for your operating system and architecture, configure it per the documentation, and your off!

One drawback with the client, however- it’s proprietary software, not FOSS. I’m not proud of this, however, I make this one exception in that you’re furthering mathematics and science by participating. In other words, you’re making the world a better place. If you’re a FOSS zealot, and refuse, I understand completely. There are some FOSS distributed computing projects out there that would be a better fit for you.

by Aaron at 4:21 AM under ubuntu
January 2, 2009

Steve Dibb
beandog
wonkablog
» another mythfrontend, part two

I managed to solve my little sound card problem from the other day with my new frontend.  Well, actually, I solved the problem of which box to use and what hardware to get at the same time.  I just asked myself what would be the simplest, cheapest way to get something working, and the answer was to pick up a  $15 SoundBlaster card at the used parts computer store … so that’s what I did.

I popped it in my amd64, and I already had most of myth installed, so I was up and running in no time.  I lugged the little bugger into my bedroom, anxious to see how noisy it would be.  It turns out that it was actually very quiet.  I keep forgetting that I bought a really nice PSU a long time ago for the case (thanks, Josh), and it is near silent.  In fact, hours later, I forgot it was on completely, and went to power it up only to find it was already running.  So I might not even need to get a Mini for now.

I also picked up a USB sound device from Craigslist today for $10.  I’m gonna try that on my Mini-ITX and see if there’s any latency issues.  Of course, that means building a new kernel and rebooting my box, and that makes me cranky.  Rawr.  No wanna touchy!  Maybe I should look into using kexec.

by Steve at 11:16 PM under computers (Comments)
» the day the earth stood still

I went and caught The Day the Earth Stood Still in theaters while I was on Christmas vacation.  I really wasn’t expecting that much — the acting looked horrible, but the special effects looked awesome.  I liked it, though.  I’d give it a nod.

This is a remake in a loose sense .. it’s really nothing like the original from oh-so-many years ago.  I saw the classic recently for the first time, last year, I think, and I was expecting it to be epic awesome, but it was instead pretty meh.

The new one was decent.  I figured it would be nothing more than a good popcorn movie, and I was right.  I’d give it three stars.

The acting was alright.  Certainly better than Twilight, that’s for sure.  It was weird seeing Keanu be so stoic the whole time.  It really made it kind of dull, actually.  But it also surprised you when he’d do something unexpected since there weren’t any kind of physical cues.

I dunno.  I’d place this as one of those that is just interesting to watch, but not much more than that.  Worth watching, at least once.

by Steve at 11:03 PM under entertainment (Comments)

Hans Fugal
no nic
The Fugue :
» Root on RAID+LVM

This stuff is documented out there, but I thought I'd give a brief summary and anecdotal evidence that it works.

I wanted to move falcon onto a RAID1 array, including root. Falcon was already using LVM for everything but root, and I wanted root on the RAID as well and so it made sense to just go all the way.

I had a bit of a hairy time, primarily because I wasn't as prepared as I thought I was. This is in part because I was doing all this without internet, in part because of stupidity and lack of foresight, and in part because some vital things that I thought were in order, were not. But really it's not that bad if you know what you're doing. Having learned my lessons I did the same thing for gwythaint without incident in just a few minutes (not counting time spent copying files).

Let's begin as all good chefs do, with mise en place.

You need a good boot disk with grub and LVM/RAID support. This is harder to find than you might think. Ubuntu's Live CD doesn't have LVM support (not sure about RAID). Debian Etch's installer has RAID and LVM support, but its grub facilities are sorely lacking, and it takes forever to boot. Now would be a very good time to get familiar with the PLD Rescue Disk. This puppy is an absolute gem and no sysadmin should be without it. It supports LVM, RAID, every important filesystem, has a full suite of tools, super grub disk, GRUB4DOS, and more. I can't sing enough praises for PLD's rescue disk, so I won't try. Just get it.

You naturally need to install the lvm2 and mdadm packages.

You need a kernel that supports RAID and LVM. Most stock kernels will, but make sure! Also, regenerate the initrd after installing the lvm2 and mdadm packages. You can do this with dpkg-reconfigure linux-image-`uname -r`. I got bit by an initrd generated by yaird that didn't like being moved, so you should make sure you have initramfs-tools installed when you regenerate the initrd.

Grub2 reportedly has RAID and LVM support but I didn't have grub2 and didn't want to press my luck. So I made a boot partition (not on the RAID or in LVM) and copied over /boot.

Now set up the new RAID and LVM. In my case it was as simple as creating the RAID with one disk (the disk that currently hosted my system was eventually added too) then making a physical volume out of that array (pvcreate), adding it to the virtual group (vgextend), creating a new logical volume for root (lvcreate) along with its filesystem, and moving the already-existing logical volumes over to the new physical volume (lvmove). Then reboot into the rescue disk so you can safely copy over the root filesystem (PLD has rsync which makes this a snap).

PLD doesn't automatically assemble RAID arrays or activate volume groups, so you need to do this manually. Something like this:

mdadm -A /dev/md0 /dev/sdb2
vgchange -ay

Now for the fun part: getting things to boot. First, you need to modify the new /etc/fstab to reflect the new location of /. That is, /dev/vg1/root (or whatever you called it). Also put in /boot.

Reboot and choose super grub disk at the PLD boot. At first I played with the menus but after a dozen boots (literally, I told you it was hairy) I was an expert at the grub command line and was doing things by hand. Hit c to get the grub cli, then type something like this:

find /grub/menu.lst
root (hd0,0)
setup (hd0)
kernel /vmlinuz-2.6.18-6-k7 root=/dev/mapper/vg1-root ro
initrd /initrd.img-2.6.18-6-k7
boot

Let's analyze that. First we find /grub/menu.lst which just tells us what grub calls the boot partition: (hd0,0) in this case. (I had a heck of a time with grub not finding my boot partition and I don't know why. Maybe fdisk or BIOS issues. I still don't know. I eventually was able to get a partitioning that worked, hopefully you don't have any issues.)

Next we tell grub to use that partition as root. The setup line installs grub on the MBR so we won't need to use the rescue disk in the future.

The kernel and initrd lines are normal grub fare. The important thing here is the root option. You must use the /dev/mapper/vg1-root path, not /dev/vg1/root. At least this is true on Debian Etch stock kernels, but it seems like a good idea in any case. The reason is that the /dev/mapper paths are there from the kernel but the /dev/vg1 symlinks are added with boot scripts.

You should boot right up. After boot, issue mount to verify that things do look like they ought to. Edit /boot/grub/menu.lst and run update-grub, then try booting without the rescue CD. You're in business!

In summary: read the RAID and LVM howtos, LVM goes on top of RAID, get PLD, make sure your kernel and ramdisks are in order, leave /boot off the RAID/LVM, don't forget to change /etc/fstab, and use the /dev/mapper/${VG}-${LV} path in the kernel root option.

by Hans Fugal at 8:23 PM under boot , grub , initramfs , initrd , linux , lvm , pld , raid , rescue , root , yaird

Joseph Hall
no nic
blog.josephhall.com
» Fun at Work

I'm afraid of being found out.

Seriously, I don't know that I've ever had so much fun at work. Don't get me wrong, I loved working at Guru Labs, but the situation is different here. Let me explain.

At Guru Labs, my bosses seemed to have very realistic expectations of me. They hired me, fully knowing that I had gaps in the technical knowledge that they needed me to have. The promise was that they would help fill those gaps, and I would be ready to teach by the time I needed to. If I was not, then they would give me the opportunity to work elsewhere.

I met the challenge, and before long I was knee-deep in Linux knowledge that I never expected to obtain. There were always new things to learn, and I was always surrounded by people willing to teach me. At the same time, I got to be that person for about a couple dozen students a month. I was having a blast, and I wasn't sure I ever wanted it to end.

There was just one problem. As much as there was to learn, it sometimes seemed like there was never time to learn it. There were always classes to teach, and there was course ware to write, work to be done. I was constantly surrounded by cool new technologies that often felt barely touchable. And suddenly, it was gone, and I was left to look for another job which could never hope to be as much fun.

Fortunately, I had prospects in the queue. By the end of the first week I had applied at close to two dozen companies, interviewed at three of them, and had an offer from one of them. By the end of the second week I had already started work at my new company, and was still politely turning down interviews.

I had actually turned down an offer from this company at the same time I originally accepted an offer from Guru Labs. I had a friend that worked there, but I still had to get hired on my own. When I started, I think the idea was for me to watch my new coworkers and get a feel for what needed to be done. They were programmers who had been doing system administration when it was called for, but it wasn't their thing. Thanks to Guru Labs, I was well-trained in system administration and I just kind of took over.

This is a company who was small (maybe 20 employees) when I first interviewed, and who is now in the process of growing into a larger company (60+ employees at this location, plus the warehouse, plus the call center in Chicago, etc), but who still has the kind of server setup that one might expect at a small company. I have taken it upon myself to make the servers enterprise-grade.

This means I get to play with all of the technologies that I didn't really get to play with before. Well, not all of them, but increasingly more. One of my current projects involves four RHEL 5.2 virtual machines installed on my notebook using KVM, which I am using to test out different MySQL Cluster configurations. This week I also started playing with Cacti, and Nagios is on the horizon.

One day I looked at our current backup server and decided that it needed more hard drive space. Really we needed a brand new backup server, but I was willing to settle for a new hard drive. My boss came in to talk about it, and by the time he left I was pricing out components for a brand new backup server. This is not the first time I've had a boss that knew less than me about what I did, but it's definitely the first time a boss has not only admitted it, but taken my suggestions on what needs to be done.

To be honest, I'm not used to this. I was hired based on technical merit and experience, and then given what feels like free reign to do whatever I want. I don't really have free reign, but it feels like it. My boss realizes that I know what needs to be done, and he's willing to let me do it. He doesn't have some kind of personal agenda, he's not caught up in a power struggle, there's none of that. He's trusting to me do what he hired me to do, and his only concern is that I stay focused on the best interests of the company.

It's so weird. Nearly every day when I drive home from work, I am elated about what happened that day and what's going to happen the next. Actually having my opinion listened to on such a regular basis makes me feel like a rock star. And yes, I'm a little worried that I'm going to be found out. Every so often I wonder if my boss is going to realize how much fun I'm having actually doing my job, and start charging me admission.

I still miss Guru Labs. I certainly wouldn't be in the position I am now without the expert training and unparalleled opportunities that I received there. But I guess fate (if you believe in that sort of thing) decided that it was time for me to cut my teeth elsewhere. I guess it truly is bitter-sweet.

by Joseph at 8:17 PM

Steve Dibb
beandog
wonkablog
» new year’s predictions

I thought it might be kind of fun to see what kind of predictions I can set for myself for the upcoming year.  I’m a creature of habit, so this shouldn’t be too hard for most of them. :)

  • I’ll finally cancel Comcast and switch over to watching Netflix movies (in the mail and on demand on my Tivo) a