Planet Sysadmin               

B1.1 of Agile Web Development with Rails, 3rd Edition is out.  Unless you have an deep interest in the migration function, there isn’t much new content here — the primary focus on this update is addressing the errata and forum comments received to date.

This effort has turned out to be both harder and more rewarding than I would have ever anticipated.  Harder in that Rails has changed so much, there has been so much to learn (in terms of Rails 2.0, SQLite3, and also in terms of working with a different publisher, operating system, and toolset).  But I can’t begin to express how much I like the beta books program — the readers that this book has attracted so far have been great and their comments, questions, and feedback have been most appreciated.

Also, while this book has always had ample source code provided, I’m continuing to look for ways to both expand and automate.  Rerunning the code on rails edge, for example is now something I can repeatedly do in a matter of minutes.

AMD released their new roadmap today. Several references to the Barcelona delays (AMD Quad Core, delays which have impacted Sun's release schedule) are scattered throughout and positioned as a major setback for AMD to overcome in the next several years. Whether you follow the news or not its obvious to anyone in or around IT that AMD has given up a tremendous lead over Intel in the last 2 years and Intel is continuing to pummel 'em. Lets hope that AMD can really pull it together and stay in the game.

Related Articles

• UFW (Uncomplicated firewall) For Ubuntu Hardy (14)
• Share your Ubuntu Desktop Using Remote Desktop (12)
• Securing SSH Using Denyhosts (8)
• Securely Administer Your Ubuntu Server Remotely (1)
• scponly - limited shell for secure file transfers (1)
• Rescue an encrypted LUKS LVM volume (0)
• Policykit - Gaining visibility in the administrative user interfaces (0)
• Mount a Remote Folder using SSH on Ubuntu (8)
• List of Security Tools Available in Ubuntu (5)

JavaOne wrapped up on Friday. We hosted individuals from across the globe, and from every industry: consumer electronics and gaming, to enterprise IT, space exploration, factory automation, the automotive industry, academia - like the network itself, Java delivers something for nearly everyone, everywhere.

This year's biggest announcements centered around Java's role in the future of rich internet applications (or RIA's). What's a rich internet application? It depends on your perspective - from mine, it's any network connected application that persists in front of a user, typically outside a browser, that can operate when disconnected from the network.

On the one hand, I'd claim Java's always been a RIA platform - before the world really wanted one. Early Java applets delivered interactivity, but at the expense of development complexity and, in the early days, performance - when a browser, and more recently Javascript, would suffice.

But browser based applications are hitting complexity and performance limits, and content owners are striving for higher levels of engagement (via high definition video, or advanced interactivity). Developers are demanding something new - the browser's a wonderfully accessible programming model, but it's a weak deployment model for rich/disconnected applications.

An unspoken driver of RIA is also business model evolution - many companies behind rich applications are seeking independence from browsers and search engines, whose default settings and corporate parents present a competitive threat. There's a growing appetite for locally installed applications that build rich, direct and permanent engagement with consumers. No one wants to pay a toll to meet their own customers.

With that in mind, as we looked to reinvent the Java platform, we heard a consistent set of requirements. And not just from coders, but from sports francishes seeking to directly engage their fans, media companies wanting to bypass browser defaults, to artists and businesses and device manufacturers - everyone's looking to uniquely engage consumers via the network. These audiences have nearly identitical requirements for a RIA platform - they want technology that:

• Reaches every internet consumer - on desktops, mobile, and new devices, too.
  
• Delivers high performance - and the ability to engage creative professsionals in the design process.
  
• Leverages existing skills and enterprise infrastructure.
  
• Is totally free, and open source.
  
• Provides content owners with control and ownership of their own data.
  

At JavaOne last week, we addressed every one of those issues - here's how:

First, RIA developers want to reach every consumer on earth, and on every device.

Why? Because the market is in front of consumers - no matter what screen they may be using. Desktop, mobile phone, personal navigation, digital book - you name it. The market's in front of all the screens in your life, not just a PC.

That said, on PC's alone, Java's popularity has grown in the last few years, as measured by runtime downloads - we routinely download 40 to 50 million new Java runtimes a month, and update more than a billion every year. The adoption of the Java platform exceeds the adoption of Microsoft's Windows itself - Sun's Java runtime environment (JRE) is preloaded on nearly every Windows machine (from HP, Dell, Lenovo, etc.), but also runs on Apple's Macintosh, Ubuntu, Fedora, SuSe, Solaris and OpenSolaris desktops. In addition, a JRE is present on billions - yes, billions - of wireless and mobile devices, from automobile dashboards and navigation devices, to Amazon's Kindle (did you know Amazon's Kindle is a Java platform?).

Which is to say, the Java platform reaches more people than any other software technology the world has ever seen.

Second, RIA developers want performance, functionality AND simplicity.

Why? Because content owners and application developers want to engage consumers - and want to engage artists and creative professionals in the workflow.

Java's history with simplicity isn't perfect - which is why our teams have rewritten the applet model, and focused so intently on making the new consumer Java runtime environment (download a beta version here) exceptionally fast to load within a web page, exceptionally performant for complex interactivity, and trivially accessible to consumers. We've also simplified Java with a scripting language, JavaFX script, that enables creative professionals to engage with coders to create immersive experiences, while embracing the creative tool chain (from interaction design to pixel manipulation) used by the worlds designers and digital artists.

And I'm really pleased we've solved the desktop installation problem, by making JavaFX applets separable from a web page with a simple drag and drop (click the image above to watch this demonstrated). Developers can now bypass the browser to trivially install apps on desktops - once the applet's dropped on the desktop, content owners have a direct relationship with their consumers.

You might have also seen that we're adding full high quality audio and video codecs to Java on every platform on which it runs - resolving another gap for RIA developers, support for time-based media (click here for a demo of high performance video).

Third, enterprises want to reuse their existing Java skills and assets in moving to RIA.

Nearly every enterprise employs programmers with Java skills - it's still the number one internet language taught across the world, and found pervasively in global business infrastructure. As businesses move to engage their customers via RIA platforms, reusing existing skills, and connecting RIA's to existing systems, gives the Java community a unique ability to build from what exists - rather than attempt to replace it.

This familiarity also allows businesses and developer teams to focus on engaging with consumers - rather than irritating IT with new infrastructure requirements (JavaFX developers simply link to existing enterprise infrastructure, vs. requiring new systems for RIA apps).

Fourth, RIA developers want free and open platforms.

Why free? Because developers don't want to encumber their applications with royalty bearing dependencies, or use technologies that predefine where consumers might appear. You don't build developer communities around closed source, you build user communities - and this is an instance where developer selection and adoption will define the broadest RIA marketplace. JavaFX will, like all of Sun's software platforms, be made freely available as open source, and it'll be released via the GPL (v2) license.

And lest you think free and open software is the province of those with goatees and tattoos... we're seeing a rising tide of developing nations mandating free and open software in government and academic procurement. Why? To protect choice, and build indigenous opportunity - there's no reason to build dependencies upon proprietary software if you can avoid it.

Lastly, lets face it, the real value in Web 2.0 is the data - not the app. And that data is YOURS.

If you've been watching the social media space as carefully as we have, you understand the value of instrumentation and intentionality in building a business on the web. Knowing what users are doing with your product, whether it's a fantasy cricket league or a consumer banking application, enables more innovative business models, the delivery of higher value services, placement of more valuable ads - data allows for better decisions, and better value creation (and bluntly put, higher CPA).

But most rich internet applications are built, then deployed - into a fog. Developers who leave the confines of the browser either lose access to information about what their users are doing, or have to rely upon a technology provider that's inserting itself into their data stream. And some of those technology providers compete with content developers.

With a project code named Project Insight, we'll be instrumenting the Java platform to enable developers to harvest the data stream generated by their RIA content. JavaFX developers can focus on their business models - rather than enhancing someone else's.

_______________________

With all that said, what's the success of JavaFX worth to Sun?

By definition, it's worth more to Sun than the adoption of someone else's platform (known as "positive option value") - and the proprietary infrastructure used to serve it (don't forget, RIA's have rich internet back-ends (RIBs?). And in the RIA world, all the options are going to be priced at free, anyways - this isn't a contest to be won on price.

From where I sit, the platform likely to win will be the one that sets developers free - to pursue markets, opportunities and customer experiences as they define them, not as vendors define them. Now, setting developers free - that's where we can excel. It's in the DNA of everything we do.

For developers, learn more at JavaFX.com. And be sure to check out NetBeans - like Java itself, it's starting to rock the free world...

Sometimes I need to send files to people that are too large to attach to an email. Inevitably, the solution is to upload it to an ftp or web server that I have access to and then send the recipient a download url. It's a pretty inefficient process, and unless you like your ftp server becoming an overwhelming mess of random downloads, you have to remember to go back and remove things at a later date.

drop.io is a web service that solves this sort of problem perfectly. You create a drop URL with a unique name, upload a file to it, and set an expiration time when it will be deleted, all in a single step. The drop folder can have both an access and an admin password, and you can choose what level of access (read, read/write, read/write/delete) the non-admin has. After you've created a drop folder, you can continue to add files and notes to it via the web interface or by email. Each drop also has a phone extension that will allow you to call in and record messages that are added to the drop. It's brilliantly simple.

What I like best is that aside from tracking IP for legal or terms of service violations, it's completely anonymous. You don't make an account to use the service. There is no profile. The drop folders aren't search indexable unless you choose to make them without passwords and publish the URL somewhere crawlable. You can renew the expiration period of the drop, but when it expires, it goes away along with its contents.

I like.

drop.io - Simple Private Exchange

Yesterday I drove past that place
I used to live,
on the way home to you.

I cowered behind that very window,
afraid
of the world outside,
afraid
that it wouldn't miss me,
that it wouldn't notice
that I had vanished behind that frame.

I watched, through that frame,
others living the life
I could not live,
because I was
afraid,
I knew not of what,

nor why I had been exiled
to this penitentiary
which I paid good money
to inhabit.

There, framed in that window,
another lonely soul
gazed out at me, wondering
if I saw as I went on my way,
past this refuge of those
too young to have lived,
and those done with it.

Last year, I tried very hard to write every day, and did a pretty good job of sticking to that. This year, it's been spotty, at best.I wrote a lot while in Amsterdam, and very little since I got back. Trying very hard to write, but, as Bradbury observes in the foreword of Dandelion Wine:

Like every beginner, I thought you could beat, pummel, and thrash an idea into existence. Under such treatment, of course, any decent idea folds up its paws, turns on its back, fixes its eyes on eternity, and dies.

Having met two of my very favorite authors - Douglas Adams and Arthur C Clarke - I can not think of any author I'd more like to meet than Mr. Bradbury, but I have no idea what I'd ask him, for I feel that I already know him, from what he has written. And the most important thing I've learned from him is simply to write every day, whether I have something to write or not. Of course, very very few can ever hope to rise to his level, but I imagine I have good story or two hiding away somewhere, waiting for me to write it.

Ocean asks on his blog is data an asset?

Data is certainly not like many other assets, it doesn’t depreciate, you can copy it endlessly, and it’s next to impossible to imagine a commodities market for data. Heck copying the data can either increase it’s value (think “The DaVinchi Code”) or decrease it (think passwords). People don’t pay for data as much as they pay for human attention. You can use data to get attention or you can use attention to collate, assimilate, and otherwise transform raw data into useful information, but either way data needs people to understand and interpret it to become valuable.

So at best:

data + human_understanding == value

Bruce Schenier takes it one step further, calling data the pollution of the the information age.

Data Pollution

Data sucks up space, time and human attention. But more than that, data can be parsed, manipulated, and transformed to fit various agendas. And in a world where data about all of us is “owned” by various large corporations, from Amazon, to Google, to Enron, it’s not always clear how that data will be used. Besides which millions of credit card numbers are stolen from various companies who store our data “in good faith.” Data costs money in terms of maintenance, in terms of storage, and in terms of liability. Heck, I know people who work for companies who have an e-mail retention policy — which is really more of a mandatory e-mail deletion policy.

Polluted Data

And that assumes that all that data is verifiable true, and that’s definitely not the case. I sold a car once and the new owner didn’t take it to the DMV to get it registered before his friend drove it without a license and got it impounded. And that showed up on my credit report for years. I have a friend who somehow ended up “deceased” even though she’s still very much alive and well.

All of this is to say that as software developers, IT Mangers, and companies in general need to think a lot more about data, and to invest in some better terms for the various different things we call data.

We need to differentiate between raw data, information, and knowledge. We need to help our customers think about the life cycle of the data they want us to capture. We need to educate people about the costs and benefits associated with keeping data, and ultimately we need to follow the mantra:

Think before you store

And if you’re concerned about privacy, and individual liberty, please take a few min and read Bruce’s article.

Threads may not be be best way, or the only way, to scale out your code. Multi-process solutions seem more and more attractive to me.

Unfortunately multi-process and the JVM are currently two tastes that don’t taste great together. You can do it, but it’s not the kind of thing you want to do too much. So, the Jruby guys had a problem — Rail’s scalability story is only multi-process (rails core is NOT thread safe), and Java’s not so good that that….

Solution: Running “multiple isolated execution environments” in a single java process.

I think that’s a neat hack. The JRuby team is to be congratulated in making this work. It lets Rails mix multi-process concurrency with multi-threaded concurrency, if only on the JVM. But it’s likely to incur some memory bloat, so it’s probably not as good as it would be if Rails itself were to become threadsafe.

I’m not sure that the Jython folks have done anything like this. And I’m not sure they should. It’s a solution python folks don’t really have. Django used to have some thread-safety issues, but those have been worked out on some level. While the Django people aren’t promising anything about thread safety, it seems that there are enough peole using it in a multi-threaded environment to notice if anything’s not working right.

At the same time, TurboGears has been threadsafe, from the beginning, as has Pylons, Zope, and many other python web dev tools. The point is, you have good web-framework options, without resorting to multiple python environments in one JVM.

Why you actually want multi-threaded execution…

In TurboGears we’ve found that the combination of both multi-threaded and multi-process concurrency works significantly better than either one would alone. This allows us to use threads to maximize the throughput of one process up to the point where python’s interpreter lock becomes the bottleneck, and use multi-processing to scale beyond that point, and to provide additional system redundancy.

A multi threaded system is particularly important for people who use Windows, which makes multi-process computing much more memory intensive than it needs to be. As my grandma always said Windows can’t fork worth a damn. ;)

But, given how hard multi-threaded computing can be to get right TurboGears and related projects work hard to keep our threads isolated and not manipulate any shared resources across threads. So, really it’s kinda like shared-memory optimized micro-processes running inside larger OS level processes, and that makes multi-threaded applications a lot more reasonable to wrap your brain around. Once you start down the path of lock managment the non-deterministic character of the system can quickly overwhelm your brain.

As far as i can see, the same would be true for a Ruby web server in Ruby 1.9, where there is both OS level thread support and an interpreter lock.

I’m well aware of the fact that stackless, twisted, and Nginx have proved that there are other (asynchronous) methods that can easily outperform the multi-threaded+multi-process model throughput/concurrency per unit of server hardware. The async model requires thinking about the problem space pretty differently, so it’s not a drop in replacement, but for some problems async is definitely the way to go.

Anyway, hats off to the Jruby team, and here’s hoping that Rails itself becomes threadsafe at some point in the future.

Related Articles

• UFW (Uncomplicated firewall) For Ubuntu Hardy (14)
• Share your Ubuntu Desktop Using Remote Desktop (12)
• Securing SSH Using Denyhosts (8)
• Securely Administer Your Ubuntu Server Remotely (1)
• scponly - limited shell for secure file transfers (1)
• Rescue an encrypted LUKS LVM volume (0)
• Policykit - Gaining visibility in the administrative user interfaces (0)
• Mount a Remote Folder using SSH on Ubuntu (8)
• List of Security Tools Available in Ubuntu (5)

Related Articles

• Working with Songbird and wma files (0)
• Workaround for Feisty screensaver bug (5)
• Windows NTFS Partitions Read/write support made easy in Ubuntu Feisty (32)
• Winamp Presets for your XMMS Music Player (11)
• Widescreen Resolutions for Intel Display Cards In Ubuntu Feisty (3)
• What to Expect from Ubuntu 8.04 (Hardy Heron) (13)
• What package is that file in ? (0)
• Webmin Installation and Configuration in Ubuntu Linux (0)
• Verify DNS records with Dlint (0)

Yes, you heard it right. HP (Hewlett-Packard) is to Acquire EDS (Electronic Data Systems) for $13.9 Billion, while both of them are the giants in IT Outsourcing industry. First, I must say that it’s hard to believe this. I just read the rumor of HP in talks to buy EDS for up to US$13 billion. So, [...]

So Sun are now - finally - pushing quad core Opterons in the X4140, X4240, and X4440.

The X4240 is a new one. I like it. Yes, whereas I complained before, this one does have 16 internal drives.

The Information Security Research Team, a joint research group effort of the University of PR at Mayaguez (USA) and the State University of Ceara (Brazil), has revealed a whopper of a problem for Google and for the Internet in general. The team has found a vulnerability in Gmail, Google's free mail system, that allows a spammer to send unlimited and unfiltered messages through Google's SMTP servers. Google imposes no limits on the number of messages sent through this method, and INSERT claims that any message header contents can be forged using it. The real problem here is not that you can send spam, but that it comes through Google's SMTP servers. Server-based reputation is one of the principal methods by which e-mail is filtered. Known bad servers are blacklisted and known good servers are whitelisted. Google's servers are not only likely to be assumed as good, but their high volume argues for whitelisting them so as to lower the filtering load. INSERT says that it contacted Google a week ago about it and has received no response. The disclosure omits details of the vulnerability, but that will change this weekend when the team presents at SBSEG'2008 and reveals all. Watch out for more news on this soon.

aallan posted a photo:

The prototype eSTAR interface for the iPhone sees first light.

Posted by Lorenzo Colitti, Network Engineer, and Erik Kline, IPv6 Evangelist

We care a lot about the health of the Internet. Recently, we've become increasingly concerned that IPv4 addresses — the numbers that computers use to connect to the Internet — are running out. Current projections place IPv4 address space exhaustion somewhere in late 2011, and while technologies such as Network Address Translation (NAT) can offer temporary respite, they complicate the Internet's architecture, pose barriers to the development of new applications, and run contrary to network openness principles.

That's why we're pleased to let you know that Google search is also available over IPv6 at ipv6.google.com (you'll need an IPv6 connection to view it). While IPv4 provides about four billion IP addresses — not enough to assign one to every one of Earth's more than six billion inhabitants — IPv6 provides enough address space to assign almost three billion networks to every person on the planet. We hope that by allowing every computer and mobile device on the network to talk to each other directly — an idea known as the "end-to-end principle" that was crucial to the original design of the Internet — IPv6 will allow the continued growth of the Internet and enable new applications yet to be invented.

With current operating systems such as Windows Vista, Mac OS X, and Linux providing high-quality support for IPv6, we hope it's only a matter of time before IPv6 is widely deployed. We will be doing our part.


Update: Changed three million networks to three billion networks in the second paragraph.

Fishes eyes

I’ve been following Glassfish with interest for a while now –
I want a Tomcat replacement: webapps, a connection pool and an admin
interface that doesn’t stink. Not much to ask.

Glassfish2 delivers all that in spades, plus clusters very nicely.
But it also has a lot of J(2)EE features that I’m not really interested in.

Glassfish v3s design follows a ‘microkernel’ model, which should mean its
a lot lighter, faster, and lets you mix and match the features you need.

It’s matured enough for me to give it a go.

Get it from https://glassfish.dev.java.net/downloads/v3-techPreview-2.html. The same ZIPfile runs on all platforms (I’m on a Macbook Pro).


cd ~/Applications
unzip ~/Downloads/gfv3-preview2.zip
PATH=$PATH:~/Applications/glassfishv3-tp2/bin


nice feature #1 : typo detection

hypnotoad:glassfishv3-tp2 $ ./bin/asadmin list-domain
Closest matching command(s):
list-domains
Remote server does not listen for requests on [localhost:8080].
Is the server up?
Command list-domain failed.
hypnotoad:glassfishv3-tp2 $ ./bin/asadmin list-domains
domain1
Command list-domains executed successfully.

nice feature #2 : boot time

hypnotoad:glassfishv3-tp2 $ time asadmin start-domain domain1
Command start-domain executed successfully.
real 0m1.029s
user 0m0.456s
sys 0m0.091s

nice feature #3 : not everyone needs an /admin webapp

First nice feature: open http://localhost:8080 and try
‘to manage the server, click here ‘. Glassfish gets the request for /admin,
realises it doesn’t have an admin webapp, and offers to install it whle U wait:

Once admingui.war downloads, it’s deployed and you get a login prompt.
Login as ‘anonymous’ (no password) and you get the usual admin screen -
as you can see there’s a lot less stuff in there by default.

nice feature #4 : you can deploy things to it

(In my experience, that’s not a given).

Just knock up a stub webapp in Netbeans ( here’s one I made earlier ) and deploy it:

hypnotoad:glassfishv3-tp2 $ time asadmin deploy ~/NetBeansProjects/hellonasty/dist/hellonasty.war
upload file successful: /private/tmp/gfv3/hellonasty.war
Command deploy executed successfully.
real 0m2.393s
user 0m0.288s
sys 0m0.071s

And here it is:

nice feature #5 : finally a use for that OSX 1.6 JVM

Guess you’ll need that admin webapp after all, as I couldn’t find the right
options to asadmin set-jvm-options to switch the default JDK:

 

(That starred box should say:
/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home)


hypnotoad:glassfishv3-tp2 $ ps ax|grep 1.6/Hom[e]
14709 s001 S 0:11.40 /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home/bin/java -cp /Users/dick/Applications/glassfishv3-tp2/glassfish/modules/glassfish-10.0-tp-2-SNAPSHOT.jar
….
….
….
instancename server -embedded false -verbose false -domainname domain1


nice feature #6 : documentation

is at : http://docs.sun.com/app/docs/coll/1343.7

next steps

Seems to run OK to me, even though OS X isn’t listed as a supported platform yet.
There are a few features missing (asadmin list-commands is a lot shorter than on GFv2)
but I’m pretty pleased with it.

Next on the list : hook up NetBeans and JRuby and try deploying a database-backed Rails app.

Earlier this morning I spotted (via Twitter) that Microsoft's World Wide Telescope had finally been released...


After wading through their flash based website to get to the download page I found out that the "Mac version" is a version that runs under Windows in Boot Camp. Which isn't exactly a Mac version at all, a bit of false advertising there I think...

At which point I was really interested to see Roy Williams quoted as saying,

...a beautiful platform for explaining and getting people excited about astronomy, and I think the professional astronomers will come to use it as well - Roy Williams

While it is more common in the US, I don't think I know a single British astronomer that owns a Windows box outside of the VO community. In fact someone else here at Exeter said that Roy's quote caused them an "...ironic chuckle". Which is pretty much how WWT has been received. Nobody here can try it because nobody has a Windows machine, we either run Linux or OSX.

Since the release this morning I've seen conflicting reports about WWT. The Register, which admittedly isn't generally acknowledged to be particularly pro-Microsoft, just couldn't get it to work while Stefan Geens over on Ogle Earth liked it a lot. So your milage may vary, but mine won't. It'll stay firmly at zero. I don't own a Windows machine, and I'm unlikely to go through the pain of installing Windows on my Mac to try it out...

Update: Reports of problems under Vista...

Update: Looks like I'm not the only one a bit underwhelmed by the "Mac version" of WWT.

Jonathan Ellis has a short run down of Utah Python User group where they talked about IDE's and Python.

He points to a nice write up of the Emacs and Python presentation here.

The write up for the *other* editor is here. :->

The Nairobi-Mombasa Road
For Three Word Wednesday
May 12, 2008

The highway stretches
from here to there,
shimmering with the heat
of a long season of drought.
All that lies between,
in these huge empty spaces --
empty to us, that is -- filled
with the inconsequential,
forgotten, ignored millions,
who we choose to thunder
past on the way
from here to there.
Who eke out their daily
nothing
in this place we would
never have noticed
but for a flat tire
or the call of nature
halfway between
here and there.

They, for their part,
watch us hurry
past on our way to places
they're better off not knowing,
leaving exhaust and empty
Fanta Orange bottles,
and a vague feeling that somewhere
else might be better than here,
wonder what could be so important
there, that we'd want to rush
there, from that other there,
and back again.

Question: I want to reset counters in /proc/net/dev (also shown in ifconfig output as RX and TX bytes) and thus I have to unload network interface driver. How to do it?

Answer: There are two commands in Linux CLI coming by default which would help to unload drivers: rmmod and modprobe. First of all it is necessary to find what kernel module controls certain NIC and then unload that module. For example, you have VIA VT6102 (RHINE-II) network card that is recognized by Linux as eth0 and want to disable its driver temporarily. Just execute the following:

"sudo rmmod via-rhine" or "sudo modprobe -r eth0" (or "sudo modprobe -r via-rhine"). You can use command dmesg to determine the name of kernel module you wish to unload.

Related Posts

Creative Sound Blaster X-Fi Linux driver
Linux history: 0.02 and 0.03 releases memories
Utility to install ATI or NVIDIA proprietary drivers in Ubuntu and Debian
Manage FreeBSD kernel modules on the fly
Get Wi-Fi working on Dell Inspiron 1501 with Ubuntu

Paul Fremantle: For me the core difference between Open Standards and Open Source is this: Open Standards enable companies to compete in a structured way, Open Source projects enable people or companies to collaborate in a structured way

I think Paul may be onto something.  It is rapidly becoming the case that this more than this is becoming the exemplar for open standards.  While it is popular to malign the JCP, it is worth noting that many (most?) JSRs have TCKs which actively promote the idea of multiple, independent, interoperable implementations.

This document describes how to reconfigure the default language and the keyboard layout on various distributions so that they suit your location. I made this howto for our VMware images where the keyboard layout is always set to German and a few users have problems to configure the language and keyboard layout on these images.

This article will show you how to make your Asus Eee PC secure from prying eyes by using a privacy filter. 3M Privacy Filters help block the screen view from anyone viewing the computer from a side view. Their unique microlouver privacy technology allows just persons directly in front of the computer to see on screen data clearly. Story

Unison is a file-synchronization tool for Unix and Windows. It allows two replicas of a collection of files and directories to be stored on different hosts (or different disks on the same host), modified separately, and then brought up to date by propagating the changes in each replica to the other. Full Story

In this article, learn to use Firebug, a free, open source extension for the Firefox browser that provides many useful developer features and tools. Using Firebug, you can monitor, edit, and debug live pages, including HTML, CSS, JavaScript code, and network traffic.

• Change the Font of Command Prompt Window to Consolas For More Comfortable Reading
• Data Structures in the Andrew Text Editor
• Cocotron: Cross platform Objective-C API
• python-callbacks - Google Code

By storing data in the window.name property, you can store data between page loads and across domains without ever sending a cookie to a server. Thomas Frank created the sessvars.js library which makes use of this browser quirk, allowing you to store up to 2 MB of client-side session data.

This is really powerful for a few reasons:

• client-side, you can store way more data than allowed by traditional cookies
• none of the data is transferred explicitly to the server, minimizing bandwidth used for each page request
• allows you to talk between pages in different domains

Keep in mind that anything you store via this mechanism will be visible to any other site that a person visits, so this is best for storing non-sensitive data that you want to retain between page loads. This would be great for caching returned AJAX data that you would otherwise have to refetch and reprocess.

Session variables without cookies

The above photograph was taken by our good friend Matt Nuzzaco (AKA: Nuzz). I'll be putting the photographs up on my flickr site once I have them from Nuzz, but for now that's a good teaser.

I'm now officially married. This means I can start to get back to work on the things I've basically put on hold for a while now. Mostly the two weeks or so leading up to the wedding I didn't do much of anything useful outside of wedding things. That is over now and here are some of the things I intend to do as time permits (in no particular order):

• Sync changes in keynav with the Win32 version I have (and clean up the code)
• Release keynav for Win32
• Add a couple of Win32 specific things to keynav (like a systray confiration mechanism for starters)
• Keep my ports up to date and try to be more active in PRs - I've been slacking due to the wedding.
• Get started on a libpkg for FreeBSD
• UDI/GID creation for ports (at least research if it already exists or is in a PR somewhere)
• Licensing framework for ports. I know there is work going on with this for SoC so I will check with the people involved there and see if I can be of assistance, or just do it outright and offer to give the code to the people involved.
• Look into distcc and/or ccache integration into ports
• Registration of plists so that it's possible to ask "which port installs file 'foo'?"
• One other Win32 project I'm keeping hush about until actual code is produced. :)

About the first few entires... Jordan was recently given the C# code to a Win32 port of keynav and permission to release it under whatever license he saw fit. He passed the code on to me and I'm intending to release it once I've done some of the things on the list. If you're a fan of keynav and you use Windows I'm sure you'll like this application. If you have no idea what keynav is go read up on it.

Bonus points if you know where the title of this post is from. :)

I'm supposed to be putting the finishin touches on another customer presentation this morning (in the light of one I gave yesterday). I simply had to stop doing that and get my thoughts down as I was finding it hard to focus.

Yesterday I made a comment on a colleague's blog about the earthquake, as I am also travelling in the region. I noted that I was giving a presentation to a customer at the time and actually didn't notice. I had it pointed out to me that we had had a tremor or a 'quake after I finished.

I got back to one of the offices in Beijing that afternoon and had an Australian colleague in a chat session point me at an article in an Australian newspaper about the incident mentioning a loss of life of about a hundred. This in itself was incredibly sobering, as any such loss of life is tragic.

This morning I woke up and flipped on BBC World and was utterly gobsmacked to hear 10,000 dead!

I find myself at a loss to describe my feelings. On one hand I am incredibly grateful for my own safety, but 10,000 people?

Oh my god!

This is beyond tragedy.

The loss of human life on this scale is beyond comprehension.

The China Daily lists the numbers lost in various areas. One in particluar leaps out at me. In comparison to some of the other areas the numbers are small but how can the following not tug on your heart?

Dujiangyan: Over 50 dead in a middle school. Many more are buried beneath rubble.

I almost dread going into the office today as there are certain to be people who either know that they have lost family and friends, or perhaps worse, don't know whether or not they have. My heart goes out to all of these wonderful people who have made me feel so welcome here.

I wish I knew what more to say.

Update#1

I just called my manager in Sydney to let him know that I was fine. He told me that the Australian news services are reporting on 900 kids in a collapsed school.

I am fearful that the news is only going to get worse!

Ok, so maybe not again. After all there's not much you can get that happy about when it comes to filesystems these days - a lot of the really exciting stuff has been done so far.

Like Resier[3|4], ZFS is one I'd heard about, did some research on but never considered using at all. The fact that it currently only runs on Solaris or via FUSE under Linux (which in itself can be considered to be a benefit, as the filesystem is recoverable and separate from the kernel - performance supposedly sucks though), had kind of put me off a bit.

If you're unfamiliar with ZFS and it's feature, then may I suggest taking a quick look-see at the ZFS wikipedia article. There are many pretty cool features in ZFS, such as the concept of pools (and everything that comes with them, such as growing pools with the file systems mounted - very slick), the sheer capacity, RAID-Z, etc. all which helps it to to sustain multiple disk failures in a RAID-Z2 array, much like you'd see in RAID-6, except this is acheived within the filesystem itself. Granted you might not see someone attacking your drives with a sledge, but you never know what might happen some days...



The video is certainly it's aimed at managers or some sort of technical head, but you cannot deny it. That. Is. awesome. I've been considering creating a small box, with multiple SATA hard disks in a separate enclosure (possibly attaching the enclosure to a mini, pico or nano ITX box) to create a home-grown NAS box and ZFS certainly seems interesting enough to consider as an option, considering that iSCSI, NFS and CIFS (aka SMB or Windows sharing) support is now built into the kernel (interesting decision perhaps?), plus Samba is running on Nexenta as well. My only hesitation is the work done on Nexenta - GNU tools sat on top of the OpenSolaris kernel. I'm familiar with the various tools used by this distro and it would speed up my understanding of what I'd be using, however the rate of packaging and development seems to flucutate. Playing with it in a virtual environment is going to be limiting at the end of the day, and my spares box won't cover something of this scale, so maybe I'll have to jump in with both feet Real Soon(TM)...

Does anyone have any practical experience with ZFS? Is it mature enough to trust my files and believe that I won't have to go through the pain of restorations?

Last week, I ranted a little bit about motivational meetings. Today I’ll make the opposite case.

Why have motivational meetings?

The right way to use motivational meetings is to reaffirm the purposes of the group, and help people to connect the dots between their individual efforts and the collective goals of the group, and to connect those goals with their own individual aspirations.

Basically, motivating people is easy:

• Give them work that is meaningful to them and to the organization
• Treat them with respect

Treating people with respect includes paying them a fair wage, and not doing any of these things.

Among other things it also means not letting people who aren’t contributing to the common goals of the organization hold back the group by not doing their job.

Research has shown that one of the survey questions most highly correlated with motivation and performance is:

Does my supervisor, or someone at work, seem to care about me as a person?

Which is another way of saying does your boss respect you. At the same time the single highest correlation for any question was:

I get to do what I do best everyday at work.

So, it’s really important to line people’s intrisic skills and internal long-term motivational drivers with the work you ask them to do.

If you’re not doing those two things, motivational meetings are a loss. If you are doing them you can use a meeting to remind people of how their deeper motivations are connected to what they are doing now.

P.S. My info on the top questions and their correlation to performance comes from Gallop research via the very interesting book First Break All the Rules, which is one of the best, and most evidence based, books on managing for exceptional performance I’ve read.

Posted by Mussie Shore, Product Manager

Wondering how to make your site more social? We'd like to make it easier for you, which is why earlier tonight at Campfire One at the Googleplex, we announced a preview release of Google Friend Connect.

Google Friend Connect is a service that that helps you grow traffic by enabling you to easily provide social features for your visitors. Just add a snippet of code, and, voilà, you can add social functionality -- picking and choosing from built-in functionality like user registration, invitations, members gallery, message posting, and reviews, as well as third-party applications built by the OpenSocial developer community.

Social features can generate buzz and traffic to your pages. Using Google Friend Connect on your site, your visitors will be able to see, invite, and interact with their friends from existing sources of friends, including Facebook, Google Talk, hi5, LinkedIn, orkut, Plaxo, and others. And you'll be able to more actively engage your visitors by adding social features from a growing gallery of social applications.



We've heard from many site owners that even though their sites aren't social networks, they'd still like them to be social. Whether your site sells car parts or dishes out great guacamole recipes -- like the sample site in the YouTube video above -- you can visit http://www.google.com/friendconnect/ or read more on the Official Google Blog to learn about Google Friend Connect. Right now, the preview is available for only a few sites, but soon we'll give the green light to even more. Sign up now to be on the wait list.

Posted by Mussie Shore, Product Manager

Have you ever wished you could share information and interact with friends while visiting some of your favorite websites? There are a number of great social networking sites out there that let you stay connected, but the rest of the web typically hasn't been social. Yet.

Site owners have been saying for a while that they would love to provide this functionality, but, frankly, it's been too hard to add social features. A lot of code has to be written to create a site where visitors can sign up and bring their friends along, form new friendships, and do engaging things together. And not to mention that if you're a site visitor, it's pretty inconvenient to create a new account and try to rebuild a network of friends each time you visit a site.

Enter Google Friend Connect. This new service, announced as a preview release tonight at Campfire One, lets non-technical site owners sprinkle social features throughout their websites, so visitors will easily be able to join with their AOL, Google, OpenID, and Yahoo! credentials. You'll be able to see, invite, and interact with new friends or, using secure authorization APIs, with existing friends from social sites on the web like Facebook, Google Talk, hi5, LinkedIn, orkut, Plaxo, and others. And quite simply, you'll be able to do things together.
Having faces show up at a site is not enough. Friend Connect lets site owners include OpenSocial apps made by a world of developers. We're providing a few apps, such as posts and ratings, to get the ball rolling. And many more will be provided by the OpenSocial community.

With this functionality, there's no end to the possibilities. A small site dedicated to mountain biking in Moab, for example, would be able to have members who could exchange maps, tips, and pictures of their latest rides. A stroke victims support site could help grieving family members assist one another by sharing advice. A politician's site could enable supporters to advocate their viewpoints. A musician's site could give fans the chance to interact full tilt with the band and one another.

Take a look at a few white-listed sites using Google Friend Connect: Ingrid Michaelson's official website, which includes the iLike music application, and Bible Apps, owned by an OpenSocial developer fully dedicated to his "Verses" application -- where people can post prayers and test their knowledge of the Bible as a quiz game with their friends.

If you run a website and would like to add social features, you can now sign up for the wait list and learn more by visiting www.google.com/friendconnect. We're going to keep things pretty limited at first so we can gather feedback from site owners, developers, and users, but, in the weeks ahead, we'll be reaching out to more site owners and adding more social apps to the gallery.

You can also learn more about Google Friend Connect, OpenSocial, and other social initiatives at Google I/O, a two-day developer gathering about building the next generation of web applications. It takes place May 28-29 at Moscone West in San Francisco. Register now for Google I/O at http://code.google.com/events/io/.

Related Articles

• No related posts.

Related Articles

• List of Ubuntu Based Linux Distributions and Live Cd’s (0)
• How to Install Source Files in Ubuntu (3)
• How to create a transparent terminal session as your desktop background (24)

I publish a monthly email newsletter, the Pragmatic Manager. Last month’s topic was Timeboxes Help Multisite Teams. Let me know if you like the formatting of the page the same way I format the email newsletter, or if I should not be so fancy-dancy.

Steve Berczuk (author of Software Configuration Management Patterns: Effective Teamwork, Practical Integration—I’ve only read pieces), has a great review of Manage It! One nice nugget:

This book has pragmatic advice on how to make progress and issues visible, how to plan a project, and most everything else you need to help a project come to a good conclusion. This book is unique in that while it discusses the benefits of agile lifecycles, it shows you how to make progress in a variety of software lifecycles, and gives advice on when to use the various lifecycles she discusses.

Thanks, Steve.

They say that by disabling IPv6 things get a bit smoother and faster regarding networking. I don’t really know if this is true, but I guess, if you’ve decided to disable this feature, you probably care to do it the Right Way™. As far as I know, trying to disable IPv6 through anaconda during the installation of Fedora or CentOS does not turn off the IPv6 functionality completely, but it just disables it for the configured network interface. This is not actually a problem, but, why should this network layer be enabled system-wide, if you do not use it at all? This small article assists you in disabling IPv6 in the latest Fedora and CentOS releases in an aggressive and unforgiving way.

This week is a week to end all weeks. We’ve got crappy names, we’ve got cross-gendering names, and we’ve got straight from the hood names. Let’s go!

First up, the crappy names. Aaliya is a garden-variety crappy name. I don’t think they crammed enough A’s in there. Really. Following along in the “cramming too much crap into one name” tradition, we have little Anaizya-Marley Alize-Michie Aiu-Horie. And I left out the 23-letter middle name! This is, I believe, the first triple-double in this history of the Bad Baby Names column. Congratulations!

Next up, two names for boys that really struck me as girls’ names: Shaysen and Zayde-Jordan. I suppose Shaysen is how idiots would spell Jason, so that works. But Zayde-Jordan?

And then there’s Jetson. Either the parents are fans of the cartoon, the father’s name is Jet, or they’re idiots. My money’s on the latter.

But this week’s Baddest Baby Name is a runaway winner. There’s not even any contest. Introducing little Aiz’n Soljah Boy! Can anybody in their right mind explain to me why someone would name their kid Aiz’n Soljah Boy? It’s a fine name if you’re a retarded rapper, but they even misspelled his name! And their last name is Portuguese! They’re not even asian!

Question: How can I restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm - 8:00 am on weekdays?

Answer: You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp. The syntax is the following:

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

Where:

--timestart TIME: Time start value (format is 00:00-23:59)
--timestop TIME: Time stop value (the same format)
--days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

To add the rule stated in the question use the following command:

iptables -A INPUT -p tcp -d 192.168.0.1 --dport 22 -m time --timestart 19:00 --timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP

Hope it helps!

Related Posts

Network Traffic Generator: hping
7 "must read" Linux tutorials
Prevent Brute Force Attacks at OpenSUSE 10.3
Claws Mail 3.0.0 released
Make squid to mark cache hits and misses (rpm package for Fedora 5)

I have had a busy couple of months. After wrapping up work on Solaris 8 Containers (my teammate Steve ran the Solaris 9 Containers effort), I turned my attention to helping the Image Packaging team (rogue's gallery) with their efforts to get OpenSolaris 2008.05 out the door.

Among other things, I have been working hard to provide a basic level of zones functionality for OpenSolaris 2008.05. I wish I could have gotten more done, but today I want to cover what does and does not work. I want to be clear that Zones support in OpenSolaris 2008.05 and beyond will evolve substantially. To start, here's an example of configuring a zone on 2008.05:

# zonecfg -z donutshop
donutshop: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:donutshop> create
zonecfg:donutshop> set zonepath=/zones/donutshop
zonecfg:donutshop> add net
zonecfg:donutshop:net> set physical=e1000g0
zonecfg:donutshop:net> set address=129.146.228.5/23
zonecfg:donutshop:net> end
zonecfg:donutshop> add capped-cpu
zonecfg:donutshop:capped-cpu> set ncpus=1.5
zonecfg:donutshop:capped-cpu> end
zonecfg:donutshop> commit
zonecfg:donutshop> exit

# zoneadm list -vc
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              native   shared
   - donutshop        configured /zones/donutshop               ipkg     shared

If you're familiar with deploying zones, you can see that there is a lot which is familiar here.  But you can also see that donutshop isn't, as you would normally expect, using the native brand. Here we're using the ipkg brand. The reason is that commands like zoneadm and zonecfg have some special behaviors for native zones which presume that you're using a SystemV Packaging based OS. In the future, we'll make native less magical, and the zones you install will be branded native as you would expect. Jerry is actually working on that right now. Note also that I used the relatively new CPU Caps resource management feature to put some resource limits on the zone-- it's easy to do!. Now let's install the zone:

# zoneadm -z donutshop install
A ZFS file system has been created for this zone.

      Image: Preparing at /zones/donutshop/root ... done.
    Catalog: Retrieving from http://pkg.opensolaris.org:80/ ... done.
 Installing: (output follows)
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                  49/49   7634/7634 206.85/206.85 

PHASE                                        ACTIONS
Install Phase                            12602/12602 

       Note: Man pages can be obtained by installing SUNWman
Postinstall: Copying SMF seed repository ... done.
Postinstall: Working around http://defect.opensolaris.org/bz/show_bug.cgi?id=681
Postinstall: Working around http://defect.opensolaris.org/bz/show_bug.cgi?id=741
       Done: Installation completed in 208.535 seconds.

 Next Steps: Boot the zone, then log into the zone console
             (zlogin -C) to complete the configuration process

There are a couple of things to notice, both in the configuration and in the install:

Non-global zones are not sparse, for now

Zones are said to be sparse if /usr, /lib, /platform, /sbin and optionally /opt are looped back, read-only, from the global zone. This allows a substantial disk space savings in the traditional zones model (which is that the zones have the same software installed as the global zone).

Whether we will ultimately choose to implement sparse zones, or not, is an open question. I plan to bring this question to the Zones community, and to some key customers, in the near future.

Zones are installed from a network repository

Unlike with traditional zones, which are sourced by copying bits from the global zone, here we simply spool the contents from the network repository. The upside is that this was easy to implement; the downside is that you must be connected to the network to deploy a zone. Getting the bits from the global zone is still desirable, but we don't have that implemented yet.

By default, zones are installed using the system's preferred authority (use pkg authority to see what that is set to). The preferred authority is the propagated into the zone. If you want to override that, you can specify a different repository using the new -a argument to zoneadm install:

# zoneadm -z donutshop install -a ipkg=http://ipkg.eng:80

Non-global zones are small

Traditionally, zones are installed with all of the same software that the global zone contains. In the case of "whole root" zones (the opposite of sparse), this means that non-global zones are about the same size as global zones-- easily at lea