Planet Sysadmin

What five years of PC technology changed for me

2012-02-05T07:28:44+00:00

What five years of PC technology changed for me

This fall I got a new home machine, just a bit over exactly five years after I got my previous home machine. It happens that I saved the invoice for my five year old machine, so I dug it out today in order to do a comparison about what five years of progress in PC technology did and didn't change for me.

First off, the progress of five years got me much better prices. My recent home machine cost me only about 60% of what my old home machine did. By itself, this is pretty impressive. Apart from that, running down the major components:

CPU: AMD dual core versus much faster Intel quad core. The Intel CPU was cheaper but not by a substantial amount; I think the AMD was probably closer to the high end at the time. I don't know what the benchmark results are, but I got a substantial performance improvement.
RAM: This is perhaps the most striking change on a purely numerical level; in 2006 I got 2GB of RAM for more than twice as much as what 16 GB of RAM cost me in 2011. Even in 2006, 2 GB was clearly economizing (I remember debating with myself over 2 GB versus the extra money for 4 GB and deciding that 2 GB should be good enough). In 2011, 16 GB is as much as the motherboard will take with current DIMM densities.
In short, desktop RAM has become stupid cheap.
(One index of the change is that in 2006, the 2 GB of RAM cost more than the CPU and was the most expensive single component. In 2011, the 16 GB cost only a bit over half of the CPU.)
motherboard: the modern era features more SATA, less IDE, more USB, and not even one external serial port. Motherboards are unexciting. Even in 2006 the motherboard had onboard sound and gigabit Ethernet. The 2011 motherboard probably has better onboard sound, but in practice this doesn't matter to me; my sound needs are modest.
(The 2006 motherboard was a bit cheaper than the 2011 motherboard, but neither were particularly expensive or advanced ones.)
Hard drives changed only moderately at one level; in 2006 I got 320 GB drives for somewhat over twice what 2011's 500 GB drives cost me. In 2011, 500 GB drives are nowhere near state of the art; in 2006, 320 GB drives were not that far out of it.
(This was before the floods in Thailand.)
On another level, they changed a lot. The 320 GB hard drives of 2006 were my only storage. The 500 GB drives of 2011 are only for the operating system; my data lives on a pair of 1.5 TB drives (that I had upgraded to some time ago). 500 GB is way overkill for the OS, but there's no real point in using drives that are any smaller; it's not like I'd have saved any significant amount of money.
Video card: ATI X800 GT versus ATI HD 5450 with double the memory for less than a third of the price. Toms Hardware theoretically puts these two cards in almost the same performance category, although I'm not sure that's really true. In practice, what happened between 2006 and 2011 is that graphics cards shifted to the point where a basic passively cooled card was clearly more than good enough for what I was doing, even for driving dual displays digitally.
(I don't yet have dual displays at home, but I do at work and my work machine uses the same card. In fact, my work machine is now a clone of my home machine, just as it was in 2006.)
optical drives: in 2006 a DVD burner cost about four times what it did in 2011, and I thought I would listen to CDs enough to justify having a separate CD/DVD reader (rather than put wear and tear on an expensive burner).
(I was wrong; my CD listening had already dropped off a cliff in early 2006 and never recovered. I still kind of miss that sometimes.)
Power supply: in 2006 I didn't trust the power supply that came with the case to really be a good solid one that delivered enough power so I bought a separate one as well. In 2011 I couldn't find any reason to worry about it so I didn't; the power supply you get with a decent quiet case these days is going to be quite good, more than you need (for a PC like the kind I build), and efficient.

In 2006, the most expensive components were the RAM, the CPU, the two hard drives together, and then the video card. In 2011, the most expensive components were the CPU, the motherboard, and the case (more or less tying with the RAM). Another way to put it is that in 2011, the video card, the DVD burner, the hard drives, and pretty much the RAM were all what I considered trivial expenses in the overall machine.

How to Uninstall Xcode from OS X Lion

2012-02-05T04:14:56+00:00

If you’ve decided you no longer have a need for Xcode, here’s how to completely remove it from your Mac –

Open a Terminal (located in your Applications -> Utilities folder) and enter the command:

sudo /Developer/Library/uninstall-devtools --mode=all

Enter your password when prompted.

click to enlarge

Now just sit and wait. The uninstallation process can take a few minutes to complete. Once it has, quit Terminal and you’re all done.

click to enlarge

---
Related Articles at Simple Help:

How to Install wget in OS X Lion

How to Install Xcode in OS X Lion

How to Add or Remove Desktops in OS X Lion

How to get a list of files an RPM package depends on

How to open your Library Folder in OS X Lion

How to Install wget in OS X Lion

2012-02-05T01:11:07+00:00

This quick walkthrough will show you how to install wget on your Mac running OS X Lion (10.7)

Installing wget is just a series of Terminal commands, which are listed below. However, you will need to have Xcode installed in order to compile and then install wget. If you don’t have Xcode installed, we have a tutorial on how to install Xcode in OS X Lion.

With Xcode installed, open a Terminal (found in your Applications -> Utilities folder). Make sure you’re connected to the Internet and then enter the command:

curl -O http://ftp.gnu.org/gnu/wget/wget-1.13.4.tar.gz

This will download the wget package.

click to enlarge

Now issue the command:

tar -xzvf wget-1.13.4.tar.gz

which will open the wget package.

click to enlarge

Next up, enter the command:

cd wget-1.13.4

click to enlarge

Enter:

./configure --with-ssl=openssl

click to enlarge

Almost done. Type:

make

click to enlarge

Time to install – type:

sudo make install

You’ll be prompted to enter your password. Do so.

click to enlarge

Now your wget will install on your Mac.

click to enlarge

Type:

wget

to confirm that wget did in fact install correctly. You should see the default wget response when issued without any parameters (see screenshot below).

click to enlarge

Done! You can now use wget on your Mac.

---
Related Articles at Simple Help:

How to download files from the Linux command line

How to Add or Remove Desktops in OS X Lion

How to open your Library Folder in OS X Lion

How to exit the Full Screen Mode of Google Chrome in OS X Lion

How to edit the OS X hosts file

Default to Incognito

2012-02-04T21:54:53+00:00

Patch for /usr/share/applications/google-chrome.desktop:

108c108
< Exec=/opt/google/chrome/google-chrome %U
---
> Exec=/opt/google/chrome/google-chrome %U --incognito
114c114
< X-Ayatana-Desktop-Shortcuts=NewWindow;NewIncognito
---
> X-Ayatana-Desktop-Shortcuts=NewIncognito;NewWindow

ownCloud 3.0

2012-02-04T17:49:14+00:00

The ownCloud project just released ownCloud 3.0. A feature-rich solution for personal file storage, sharing and personal information management.

ownCloud is written in PHP and uses a MySQL or SQLite backend. Setting up ownCloud on your own server or hosting-space is a matter of minutes.

ownCloud 3.0 Release Announcement

Impressions: Network Warrior, 2nd Ed

2012-02-04T15:18:01+00:00

Five years ago I reviewed the first edition of Network Warrior by Gary A. Donahue. Thank to O'Reilly I can post my "impressions" of the second edition of this great book. Although I read almost all of it, I am unable to post another review because Amazon.com has my previous review attached to the new edition.

In brief, Network Warrior, 2nd Ed is the book to read if you are a network administrator trying to get to the next level. All of my praise from the previous review apply to the new book. The book is really that good, primarily because it combines very clear explanations with healthy doses of real-world experience. Thanks to Mr Donahue for taking the time to update his book!

Impressions: Windows Sysinternals Administrator's Reference

2012-02-04T15:01:12+00:00

Mark Russinovich and Aaron Margosis have written another awesome addition to the Microsoft Press catalog, Windows Sysinternals Administrator's Reference. Per my policy, because I did not read the whole book I am only posting "impressions" here and not a full Amazon.com review.

In brief this book will tell you more about the awesome Sysinternals tools than you might have thought possible. One topic that caught my attention was using Process Monitor to summarize network activity (p 139). This reminded me of Event Tracing for Windows and Network Tracing in Windows 7. I remain interested in this capability because it can be handy for incident responders to collect network traffic on endpoints without installing new software, relying instead on native OS capabilities.

I suggest keeping a copy of this book in your team library if you run a CIRT. Thorough knowledge of the Sysinternals tools is a great benefit to anyone trying to identify compromised Windows computers.

Impressions: The Tangled Web

2012-02-04T14:23:43+00:00

Six years ago I reviewed Michal Zalewski's first book, Silence on the Wire. Michal is a security researcher who has consistently created high-quality content for a very long time, so I was pleased to receive a review copy of his newest book The Tangled Web.

I did not read the whole book, hence I'm posting only my "impressions" here. I recommend reading this book if you want to know a lot, and I mean a lot, about how screwed up Web browsers, protocols, and related technologies truly are. Because many points of the book are tied to specific browser versions, I suspect its shelf life to degrade a little more rapidly than some other technical titles. Still, I am shocked by the amount of research and documentation Michal performed to create The Tangled Web.

As always, Michal's content is highly readable, very detailed, and well-sourced. It's a great example for other technical authors. Great work Michal!

The Toughest Question in Digital Security

2012-02-04T13:35:30+00:00

The toughest question in digital security is "who cares?"

The recent Tweet by hogfly (@4n6ir) made me ponder this question. He points to an Aviation Week story by David Fulghum, Bill Sweetman, and Amy Butler titled China's Role In JSF's Spiraling Costs. It says in part:

How much of the F-35 Joint Strike Fighter’s spiraling cost in recent years can be traced to China’s cybertheft of technology and the subsequent need to reduce the fifth-generation aircraft’s vulnerability to detection and electronic attack?

That is a central question that budget planners are asking, and their queries appear to have validity. Moreover, senior Pentagon and industry officials say other classified weapon programs are suffering from the same problem. Before the intrusions were discovered nearly three years ago, Chinese hackers actually sat in on what were supposed to have been secure, online program-progress conferences, the officials say.

The full extent of the connection is still being assessed, but there is consensus that escalating costs, reduced annual purchases and production stretch-outs are a reflection to some degree of the need for redesign of critical equipment. Examples include specialized communications and antenna arrays for stealth aircraft, as well as significant rewriting of software to protect systems vulnerable to hacking.

It is only recently that U.S. officials have started talking openly about how data losses are driving up the cost of military programs and creating operational vulnerabilities, although claims of a large impact on the Lockheed Martin JSF are drawing mixed responses from senior leaders. All the same, no one is saying there has been no impact.

While claiming ignorance of details about effects on the stealth strike aircraft program, James Clapper, director of national intelligence, says that Internet technology has “led to egregious pilfering of intellectual capital and property. The F-35 was clearly a target,” he confirms.

The point of this article is to question the impact, in business and operational terms, of the cyberwar China continues to prosecute against the West.

The toughest question in digital security is "who cares" because it is usually extremely difficult to determine the impact of an intrusion. Consider the steps required to define the business and operational impact of the theft of intellectual property (as one example -- there are many others).

The victim must learn that an intrusion occurred.
The victim must determine exactly what IP was stolen.
The victim must understand the adversary's capability and intention to exploit the stolen IP.
The victim must recognize when the adversary exploits the stolen IP by using it in an operational context.
The victim must determine what countermeasures or changes in courses of actions are possible to mitigate the adversary's exploitation of the stolen IP.
The victim must synthesize most or all of the previous points into an assessment of the business and operational cost of the IP theft.

Steps 1 and 2 are largely technical, but 3-6 are more business-focused. From what I have seen, everyone who is a victim in the ongoing cyberwar struggles to conduct "battle damage assessment" (BDA) for digital intrusions. Articles like the one I cited are examples showing how difficult it is to determine if anyone should care about China's exploitation of Western IP.

How to view the passwords of WiFi Networks you’ve previously connected to in OS X

2012-02-04T13:22:13+00:00

If you ever need to figure out the password of a WiFi network that you’ve previously connected to (eg. your friend forgets their network password) – here’s how you can recover the password for that Wireless Network.

Start by launching the program Keychain Access, which can be found in your Applications -> Utilities folder.

click to enlarge

Select the login entry from the Keychains column.

click to enlarge

Type in airport in the Search field to narrow down the logins to those related to your AirPort (wireless) card.

Locate and then double-click the Wireless Network you want to retrieve the password of, from the Name column. In the example below, I have selected the Wireless Network E9Phoenix, which I believe was a Wireless Network I used at a hotel.

click to enlarge

Select the Attributes tab and then click the Show Password box.

click to enlarge

Enter your password and click OK.

Enter your password again and click Allow.

Now the password for that specific Wireless Network will be displayed in the Show Password field.

click to enlarge

You can repeat the above steps to determine the password for each of the Wireless Networks you’ve connected to – if you opted to “Remember This Network” when you connected to each one.

---
Related Articles at Simple Help:

How to Manage Your Android Wifi Connections

Home Networking 101

How to clear your browsers history (the list of sites you’ve visited)

How to enable WiFi in EeeDora

How to access your iPhone or iPod Touch from the Finder (OS X)

How to Enable Developer Mode on your HP TouchPad

2012-02-04T13:03:53+00:00

This very brief guide will walk you through the steps required to enable Developer Mode on your HP TouchPad running webOS.

In the Just Type field, enter the following string of text:

upupdowndownleftrightleftrightbastart

Tap the Developer Mode button that appears in the Launch field.

click to enlarge

Note: Yes, it is in fact the Konami code

Tap the Submit button.

click to enlarge

Confirm that Developer Mode is now set to ON.

click to enlarge

Developer Mode is now enabled on your HP TouchPad running webOS.

---
Related Articles at Simple Help:

How to Install Android on Your HP TouchPad Using OS X

How to Take a Screenshot of Your HP TouchPad Tablet

How to run OS X programs in 32-bit mode

How to Uninstall Xcode from OS X Lion

How to exit the Full Screen Mode of Google Chrome in OS X Lion

Links: 2-3-2012

2012-02-04T09:15:46+00:00

iDoneThis blog : Silicon Valley’s Productivity Secret
Really interesting, haven’t heard this one before… totally agree that spending a short amount of time thinking about what you have accomplished and what you want to accomplish in the coming day / week is a great idea… but as a substitute for meeting with a manager, not sure.
(categories: management productivity hr google gtd )

Understanding a subtle Twitter feature

2012-02-04T03:49:10+00:00

Understanding a subtle Twitter feature

One part of getting on Twitter has been following people, which led me to discover that when you follow someone Twitter doesn't show you all of their public tweets. To summarize what I think is the rule, Twitter excludes any conversations they're having that purely involve other people you don't also follow. Their tweets in the conversation will appear in their public timeline, but not in your view of their tweets.

(This may only apply to relatively new Twitter accounts, or even only to some of them. I've seen Twitter give two different interfaces to two new accounts.)

On the one hand, when I discovered this I was infuriated. If you really did want to see everything (for example, so you could find other people to follow based on who your initial people had interesting conversations with), this made having a Twitter account worse than just perusing the Twitter pages of interesting people.

On the other hand, once I thought about it more I've come to reluctantly admire Twitter's trick with this feature. What it is, from my perspective, is a clever way to reduce the volume impact of following someone and thus make doing so less risky. Without it, following someone would immediately expose you to both their general remarks and to the full flow of whatever conversations they have. With Twitter's way, you are only initially exposed to people's general remarks; you ramp up your exposure to their conversations by following more people, and ramp it down by the reverse.

My feeling is that exposure to an overwhelming firehose of updates is the general problem of social networking. Social networks usually want you to be active and to follow lots of people. But if those people are themselves active, the more people you follow the more volume descends on you, and it's especially bad when you follow very socially active users, the ones having a lot of conversations. This creates a disincentive to follow people and pushes you to scale back. Twitter has this especially badly because it has no separate 'comment' mechanism (comments are important for reducing volume). Twitter's trick here is thus a clever way to reduce the firehose in a natural way that doesn't require user intervention and tuning; you could see it as a way of recreating something like comments in a system that doesn't naturally have them.

Once I realized this, it's certainly been working the way that Twitter probably intended. When I'm considering whether or not to follow someone I don't really look at the volume of their tweets in general; I mostly look just at the volume of their non-conversation tweets, because those are the only ones that I'm going to see. Often this makes me more willing to follow people (and thereby furthers Twitter's overall goal of getting me more engaged with their service).

(3 comments.)

How to Install Xcode in OS X Lion

2012-02-03T19:51:25+00:00

This very brief tutorial will show you how to install Xcode in OS X Lion.

While this process isn’t exactly difficult, it is slightly more complicated than it should be. Note: Xcode is a 1.68GB download, and results in at least 3.97GB of used disk space. Plan your installation accordingly.

Launch the App Store on your Mac. In the Search bar, enter xcode.

Click the INSTALL APP button for Xcode

Sit and wait. Grab yourself a cup of coffee. Peruse the other Mac tutorials on Simple Help (shameless I know…). This is the part where the 1.68GB installer file is being downloaded. The time it takes to download will depend on your Internet connection speed.

Once the status changes to INSTALLED your Xcode download has completed. However, Xcode has not actually been installed, which is slightly misleading. Continue to the next step to install Xcode.

Quit iTunes if it’s open. Launch a Finder window and navigate to your Applications folder. Locate the Install Xcode file and double-click it.

click to enlarge

Click the Install button in the Install Xcode window. You may want to refill that coffee, the installation takes a while.

click to enlarge

Note: if during the installation your receive an error that states iTunes is open and needs to quit, even though it’s not open – follow these steps:
1. Open the Activity Monitor (located in your Applications -> Utilities folder).
2. Locate the iTunes Helper entry from the Process Name column. Select it by clicking it once. Click the large red Quit Process button in the upper-left corner of the window, then click the Quit button in the confirmation window.
3. You should be able to continue the installation now.
Once the installation has completed, Xcode will launch.

click to enlarge

Xcode does not install itself to your Applications folder. Rather, it can be found in /Developer/Applications/.

click to enlarge

Yes, you can delete the Install Xcode file from your Applications folder to save on disk space. You may want to back it up first – if you ever need to re-install Xcode, having that file handy will save you from having to download it again.

click to enlarge

Happy Developing!

---
Related Articles at Simple Help:

How to Install wget in OS X Lion

How to Uninstall Xcode from OS X Lion

How to Add or Remove Desktops in OS X Lion

How to open your Library Folder in OS X Lion

How to exit the Full Screen Mode of Google Chrome in OS X Lion

Setup and Configure Bandwidth Limiting Module for Apache2

2012-02-03T15:30:00+00:00

mod-bw is an Apache 2 module provided to solve the problem of limiting users’ and virtual hosts’ bandwidth usage. The current versions can set virtual hosts’ and users’ bandwidth quotas, maximal download speed, requests-per-second speed and the maximal number of simultaneous IP connections.

mod-bw Features:
* Lightweight bandwidth limiting module for Apache2
* per-user bandwidth limiting
* per-virtual host bandwidth limiting
* per-destination bandwidth limiting
Limiting:
   * Bandwidth total usage (bandwidth quota)
   * Maximal download speed (bandwidth throttling)
   * Maximal requests-per-second speed
   * Maximal simultaneous IP connections
* Support for virtual hosts
* Support for defined users

Agile Lifecycles for Geographically Distributed Teams, Part 3

2012-02-03T14:37:38+00:00

Example 3: Using a Project Manager with Iterations and Kanban and Silo’d Teams

Here, the developers were in Cambridge, MA, the product owners were in San Francisco, the testers were in Bangalore, and the project manager was always flying somewhere, because the project manager was shared among several projects. The developers knew about timeboxed iterations, so they used timeboxes. Senior management had made the decision to fire all the local testers and buy cheaper tester time over the developers’ objections and move the testing to Bangalore. The Indian testers were very smart, and unfamiliar with the product, so the developers suggested the testers test feature by feature inside the iteration.

The project manager suggested they use cumulative flow diagrams and cycle time measurements to make sure the developers were not developing “too fast” for the testers. The developers, still smarting over the loss of “their testers” were at first, peeved about this. They then realized the truth of this statement, and developed this kanban board.

You can see in this board, that four items are waiting to go into system test. Uh oh. The developers are out-producing what the testers can take. This is precisely what a kanban board can show you.

The testers aren’t stupid or slow. They are new. They cannot keep up with the developers. It’s a fact of life, not a mystery of life. The developers have to act in some way to help the testers or the entire project will fail. The reason they are working in timeboxes as well as using kanban is that they have several contractual deliverables, that management, bless their tiny little hearts, committed to. The timebox allows the team or the product owners to meet with their customers and show them their progress. (They were deciding who would meet when I last worked with the team.) The kanban board help make the progress even more transparent.

Iteration planning: The product owner and the project manager jointly work on the agile feature roadmap, and the product owner owns the roadmap responsibility for it. The product owner owns and generates the backlog. The product owner and the agile project manager present a strawman iteration backlog to the team at the start of the iteration. They have had difficulty finding iteration planning time that allows everyone to be awake and functioning, bless the senior managers’ little hearts.

Daily commitment: They do a handoff, asking each other what they completed that day and what the impediments are. If you have read Manage It!, you know I modified the three questions to “What did you complete, what are you planning to complete, what is in your way?”

Measurements: cumulative flow, average time to release a feature into the product. They are experimenting with burnup charts and impediment charts. They are still having trouble bringing the testers up to speed fast enough.

Yes, they do retrospectives at the end of each iteration. Yes, the product owners own the backlogs.

I’ll summarize in the final part, the next entry.

(Want to learn to work more effectively on your geographically distributed team? Join Shane Hastie and me in a workshop April 17-18, 2012.)

Unicode over 60 percent of the web

2012-02-03T11:52:17+00:00

Computers store every piece of text using a “character encoding,” which gives a number to each character. For example, the byte 61 stands for ‘a’ and 62 stands for ‘b’ in the ASCII encoding, which was launched in 1963. Before the web, computer systems were siloed, and there were hundreds of different encodings. Depending on the encoding, C1 could mean any of ¡, Ё, Ą, Ħ, ‘, ”, or parts of thousands of characters, from æ to 品. If you brought a file from one computer to another, it could come out as gobbledygook.

Unicode was invented to solve that problem: to encode all human languages, from Chinese (中文) to Russian (русский) to Arabic (العربية), and even emoji symbols like or
; it encodes nearly 75,000 Chinese ideographs alone. In the ASCII encoding, there wasn’t even enough room for all the English punctuation (like curly quotes), while Unicode has room for over a million characters. Unicode was first published in 1991, coincidentally the year the World Wide Web debuted—little did anyone realize at the time they would be so important for each other. Today, people can easily share documents on the web, no matter what their language.

Every January, we look at the percentage of the webpages in our index that are in different encodings. Here’s what our data looks like with the latest figures*:

*Your mileage may vary: these figures may vary somewhat from what other search engines find. The graph lumps together encodings by script. We detect the encoding for each webpage; the ASCII pages just contain ASCII characters, for example. Thanks again to Erik van der Poel for collecting the data.

As you can see, Unicode has experienced an 800 percent increase in “market share” since 2006. Note that we separate out ASCII (~16 percent) since it is a subset of most other encodings. When you include ASCII, nearly 80 percent of web documents are in Unicode (UTF-8). The more documents that are in Unicode, the less likely you will see mangled characters (what Japanese call mojibake) when you’re surfing the web.

We’ve long used Unicode as the internal format for all the text Google searches and process: any other encoding is first converted to Unicode. Version 6.1 just released with over 110,000 characters; soon we’ll be updating to that version and to Unicode’s locale data from CLDR 21 (both via ICU). The continued rise in use of Unicode makes it even easier to do the processing for the many languages that we cover. Without it, our unified index it would be nearly impossible—it’d be a bit like not being able to convert between the hundreds of currencies in the world; commerce would be, well, difficult. Thanks to Unicode, Google is able to help people find information in almost any language.

Posted by Mark Davis, International Software Architect

Links: 2-2-2012

2012-02-03T09:15:48+00:00

The Kingdom (2007) – Memorable quotes
Quote: "You know, Westmoreland made all of us officers write our own obituaries during Tet, when we thought The Cong were gonna end it all right there. And, once we clued into the fact that life is finite, the thought of losing it didn’t scare us anymore. The end comes no matter what, the only thing that matters is how do you wanna go out, on your feet or on your knees? I bring that lesson to this job. I act, knowing that someday this job will end, no matter what. You should do the same. "
(categories: quotes life work )

Understanding Resident Set Size and the RSS problem on modern Unixes

2012-02-03T07:11:21+00:00

Understanding Resident Set Size and the RSS problem on modern Unixes

On a modern Unix system with all sorts of memory sharing between processes, Resident Set Size is a hard thing to explain; I resorted to a very technical description in my entry on Linux memory stats. To actually understand RSS, let's back up and imagine a hypothetical old system that has no memory sharing between processes at all; each page of RAM is either free or in use by exactly one process.

(We'll ignore the RAM the operating system itself uses. In old Unixes, this was an acceptable simplification; memory was statically divided between memory used by the OS and memory used by user programs.)

In this system, processes acquire new pages of RAM by trying to access them and then either having them allocated or having them paged (back) in from disk. Meanwhile, the kernel is running around trying to free up memory, generally using some approximation of finding the least recently used page of RAM. How aggressively the operating system tries to reclaim pages depends on how much free memory it has; the less free memory, the faster the OS tries to grab pages back. In this environment, the resident set size of a process is how many pages of RAM it has. If the system is not thrashing, ie if there's enough memory to go around, a process's RSS is how much RAM it actually needs in order to work at its current pace.

(All of this is standard material from an operating system course.)

The problem of RSS on modern Unix systems is how to adopt this model to an environment where processes share significant amounts of memory with each other. In the face of a lot of sharing, what does it mean for a process to have a resident set size and how do you find the right pages to free up?

There are at least two approaches the kernel can take to reclaiming pages, which we can call the 'physical' and 'process' approaches. In the physical approach the kernel continues to scan over physical RAM to identify candidate pages to be freed up; when it finds one, it takes it away from all of the processes using it at once (this is the 'global' removal of my earlier entry). In the process approach the kernel scans each process more or less independently, finding candidate pages and removing them only from the process (a 'local' removal); only once a candidate page has been removed from all processes using it is it actually freed up.

(Scanning each 'process' is a simplification. Really the kernel scans each separate set of page tables; there are situations where multiple processes share a single set of page tables.)

The problem with the process approach is that the kernel can spend a great deal of time removing pages from processes when the pages will never actually be reclaimed for real. Imagine two processes with a shared memory area; one process uses it actively and one process only uses it slowly. The kernel can spend all the time it wants removing pages of the shared area from the less active process without ever actually getting any RAM back, because the active process is keeping all of those pages in RAM anyways.

So, why doesn't everyone use the physical approach? My understanding is that the problem with the physical approach is that it is often not necessarily a good fit for how the hardware manages virtual memory activity information. Per my earlier entry, every process mapping a shared page of RAM can have a different page table entry for it. To find out if the page of RAM has been accessed recently you may have to find and look at all of those PTEs (with locking), and do so for every page of physical RAM you look at.

My impression is that most current Unixes normally use per-process scanning, perhaps falling back on physical scanning if memory pressure gets sufficiently severe.

(I suspect and hope that virtual memory management in the face of shared pages have been studied academically, just as the older and simpler model of virtual memory has been, but I'm out of contact with OS research.)

How to Install Android on Your HP TouchPad Using OS X

2012-02-03T05:19:12+00:00

This step by step guide will walk you every step of the way through installing Android (the latest version) on your HP TouchPad via your Mac.

Lets jump right in. First you’ll need to install Java on your Mac. If you’re using OS X Lion, head to this page, download and then install Java. If you’re using an earlier version of OS X, you probably already have Java installed. But you should double-check just to be sure – this page has the instructions (and it’s very straight forward). It’s likely that after Java has been installed you’ll need to restart your Mac. Do so now (might want to bookmark this page first…).
Now we’ll install the required drivers on your Mac. Head over to the WebOS Quick Install page and click the Download Here link to download the file WebOSQuickInstall-4.4.0.jar. Once the download has finished, navigate to your Downloads folder and double click the WebOSQuickInstall-4.4.0.jar file.

You’ll be promptly greeted with a ‘warning’ window explaining that you need to install the Novacom drivers. Click the Yes button.

click to enlarge
The driver download will begin.

click to enlarge

The ‘installation wizard’ will run as soon as the download completes. Click Continue.

click to enlarge

Make your way through the installer (just click “Next” a few times and enter your password when prompted). Once it has finished, click the Close button.

click to enlarge

A window should pop up saying Driver installed successfully. Click OK to close that window, and exit out of/quit the WebOS Quick Install application.

click to enlarge

Grab your HP TouchPad. Make sure it’s not plugged into your Mac and in the Just Type: bar, enter:

upupdowndownleftrightleftrightbastart

as one long string of text. Side note: If it looks familiar, it is in fact the Konami Code.

Tap the Developer Mode button in the Launch field.

click to enlarge

Tap the Submit button.

click to enlarge

Developer Mode should now be set to ON as illustrated in the screenshot below. Exit out of the Developer Mode application.

click to enlarge

Now you’ll need to download a number of files. They can be found here, and save yourself some time by scrolling straight down to the Downloads: section of the page. The files you’ll need are:

ACMEInstaller2 – which is labeled as New ACMEInstaller
update-cwm_tenderloin-1012.zip – which is labeled as Clockwork Recovery
moboot_0.3.5.zip – which is labeled as Moboot
update-cm-9.0.0-RC0-Touchpad-alpha0.6-fullofbugs.zip – which is labeled as Alpha0.6 CM9 for Touchpad

If you wish to have the Google Apps (Market, Gmail, Maps etc) installed, you’ll need to download and install them separately (and we’ll have a tutorial on how to install them coming very, very soon!). The Google Apps files I downloaded from here.

Once you’ve downloaded all of the files listed above, plug your TouchPad into your Mac using the USB cable that came with your tablet. An ‘alert’ window will appear on your TouchPad asking you if you would like to put the device into USB Storage Mode – tap OK. Your tablet screen will turn into one large “USB” icon.

On your Mac open a Finder window. In the DEVICES column, you should see HP TOUCHPAD listed. Select it.

click to enlarge

Create a folder on your HP TOUCHSMART ‘drive’ titled cminstall. Copy the following four files into that folder: update-cm-9.0.0-RC0-Touchpad-alpha0.6-fullofbugs.zip, update-cwm_tenderloin-1012.zip, moboot_0.3.5.zip and Gapps ICS 4.0.3 11.12.22.zip (if you decided you want to also install the Google Apps – Market, Gmail, Maps etc). If you don’t want to install the Google Apps, the first three files are the ones you need to copy to the cminstall folder.

click to enlarge

Once you have copied the files, click the Eject button next to HP TOUCHPAD in your DEVICES list. Leave your HP TouchPad plugged into your Mac.

Now you’ll need to copy one of the files you downloaded to a specific folder on your Mac. Open up a Finder window and select “Your Hard Drive”. From there select the opt folder, then the nova folder and finally the bin folder. Locate the file ACMEInstaller2 (which you downloaded back at step #11) and copy it to the bin folder.

click to enlarge

Now you’ll need to restart your HP TouchPad. Navigate to your Settings and select Device Info.

click to enlarge

Tap the big red Reset Options button.

click to enlarge

Now you’re going to restart your HP TouchPad but also force it to start in a specific mode. Tap the Restart button and as soon as your HP TouchPad screen goes dark, click and hold down the Volume Up button on your tablet.

click to enlarge

This will force your tablet to start up differently, and a large “USB” icon will be displayed on the screen.

Back on your Mac, open a Terminal by going to Applications -> Utilities -> Terminal. At the Terminal command prompt, enter the command:

cd /opt/nova/bin

followed by the command:

./novacom boot mem:// ACMEInstaller2

click to enlarge

A whole slew of text will start flying on your HP TouchPad’s screen. Be patient :)

click to enlarge

Your HP TouchPad will now boot into Android!

Going forward, each time you start your HP TouchPad, you’ll be prompted to select which Operating System you want to boot into – webOS or Android. Use the Up and Down Volume keys to scroll through the list, and the Menu key on your tablet to click. Note: boot CyanogenMod is the default – which is Android OS.

That’s it – you’re done! Again, we’ll have a tutorial up very shortly that shows you how to install all of the Google Apps that are not included by default. Have fun!

---
Related Articles at Simple Help:

How to Take a Screenshot of Your HP TouchPad Tablet

How to Install .APK Files on Your Android Device

How to Enable Developer Mode on your HP TouchPad

How To Remotely Control Your Computer from an iPhone or iPod Touch

How to stop Android from automatically adding shortcuts on your tablet home screen

DownVerter - Free and fast YouTube downloader

2012-02-03T00:30:39+00:00

{lang: 'en-GB'}

DownVerter® is free and easy to use application to download and convert videos from YouTube.

DownVerter® allows you to choose between mkv and mp4 files to download from YouTube. You could choose to just download the file or download it convert it into MP3, AVI, 3GP, MP4, MOV or WMV format.
(...)
Read the rest of DownVerter - Free and fast YouTube downloader (105 words)

© admin for Ubuntu Geek, 2012. | Permalink | No comment | Add to del.icio.us
Post tags: desktop, DownVerter deb, install DownVerter ubuntu

Lack of IT Content Volume I

2012-02-02T18:49:00+00:00

Hey guys. No interesting and deeply technical documentation today. I've been pretty busy with work, and also going over Powershell material in preparation of teaching a Powershell Boot Camp at work. In the mean time though, here's something interesting I read today. It's a quote from Nikola Tesla written in the New York Times on the subject of Thomas Edison, the day after Edison died:

"He had no hobby, cared for no sort of amusement of any kind and lived in utter disregard of the most elementary rules of hygiene ... His method was inefficient in the extreme, for an immense ground had to be covered to get anything at all unless blind chance intervened and, at first, I was almost a sorry witness of his doings, knowing that just a little theory and calculation would have saved him 90 percent of the labor. But he had a veritable contempt for book learning and mathematical knowledge, trusting himself entirely to his inventor's instinct and practical American sense."

Reading that instantly made me think of the more popular, and now more amusing quotes from Edison himself:

"Genius is one per cent inspiration and ninety-nine per cent perspiration."
"I have not failed. I've just found 10,000 ways that won't work."

An interesting perspective on the two diametric inventors, is it not?

Work smarter, not harder, folks.

Install Zeitgeist and Zeitgeist Activity Journal Under Ubuntu

2012-02-02T17:38:51+00:00

Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations held with other people, etc.) and makes relevant information available to other applications. It is able to establish relationships between items based on similarity and usage patterns.

All of the information is stored in one central database for quick access and any application can easily add it’s own data to the mix. There are several user interfaces which show the information stored in the database, sorting it by type, date, or relevance to other files. They let users tag documents, bookmark them, and even attach custom notes to each item in the database.

Zeitgeist Activity Journal is your portal to the world of Zeitgeist. It’s an user interface ideal for easily browsing and finding every kind of user activity (files, webpages, contacts,…) on your computer.

Denyhosts for sshd – usernames dictionary

2012-02-02T17:13:46+00:00

I’ve just setup the venerable denyhosts on one of my servers, to stop the usual script-kiddies from filling up my logs (I’m not particularly worried about them getting in…).

Anyway, here is restricted-usernames.gz, a list of denied usernames from the log – handy to add to your denyhosts restricted-usernames file. There’s probably a better dictionary of usernames out there – I’ll attach it if I ~~find it~~ stumble upon it.

Wunderbar

2012-02-02T13:42:05+00:00

Clearly if you want to develop a real web application, you need a router, a templating language, ability to separate out your model, view, and controller, scalability, and much more.

However, at times this is both too much, and yet not enough. I find that I write a lot of scripts that do report generation, execution of shell commands, and the like, and in many cases would like to present a richer output than plain text: things like tables, fonts, and most importantly hypertext links. I don’t want to worry too much about DOCTYPEs, charsets, and escaping, but instead on structure, style, and content.

I’ve been extracting some of the common logic from these scripts out into a library, and recently have started refactoring that library. Yesterday, I focused on the HTML generation parts.

What I settled on was to define all methods that start with a low line character will generate a HTML tag. As with builder on which this library is based, these tags can have text content and attributes. Tags can also be nested. Logic can be freely intermixed.

Here’s an example using the library. The example will personally greet you if you provide your name. If no name is provided, a form is provided which enables you to provide one.

#!/usr/bin/ruby1.9.1
require 'wunderbar'

Wunderbar.html do
  _head do
    _title 'Greeter'
    _style %{
      input {display: block; margin: 2em}
    }
  end

  _body? do
    if $param.name
      _p "Hello #{$param.name}!"
    else
      _form method: 'post' do
        _p 'Please enter your name:'
        _input name: 'name'
        _input type: 'submit'
      end
    end
  end
end

Here’s example output from that script:

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <title>Greeter</title>
    <style type="text/css">
      input {display: block; margin: 2em}
    </style>
  </head>
  <body>
    <form method="post">
      <p>Please enter your name:</p>
      <input name="name"/>
      <input type="submit"/>
    </form>
  </body>
</html>

As you can see, by default it takes care of indenting and generation of HTML. It even knows which tags support explicit close tags and which ones do not. Not shown in this example, but these default behaviors can be overridden by adding an exclamation mark at the end of the method name. An example would be something like:

_p! { _ "Hello "; _span $param.name, class: 'name'; _ '!' }

An underbar which is not followed by a name generates text. Example output:

<p>Hello <span class="name">Sam</span>!</p>

The span can be styled using css.

If your web server is set up to execute CGI scripts, deployment is as easy as copying the script into the appropriate directory.

Links: 2-1-2012

2012-02-02T09:15:48+00:00

Happiness Takes (A Little) Magic | The Wirecutter
Quote: ".. Also, clicking the like button 1 billion times will never give you an orgasm or a hug or a high five." My new motto: life is all about hugs and high fives.
(categories: meaning culture happiness life technology )
Giving away the secrets of 99.3% email delivery – (37signals)
Some good stuff on email / smtp.
(categories: smtp email postfix )

Mind the Gap: Encouraging women to study engineering

2012-02-02T08:13:33+00:00

Women make up more than half the global population, but hold fewer than a third of the world’s engineering jobs. In the U.S., female students comprise fewer than 15 percent of all Advanced Placement computer science test takers. Even in high-tech Israel, few girls choose computer science. Not only is this a loss to companies like Google and everyone who benefits from a continually developing web; it's also a lost opportunity for girls.

Beginning in 2008, a group of female engineers at Google in Israel decided to tackle this problem. We established the “Mind the Gap!” program, aimed at encouraging girls to pursue math, science and technology education. In collaboration with the Israeli National Center for Computer Science Teachers, we began organizing monthly school visits for different groups of girls to the Google office and annual tech conferences at local universities and institutes. The girls learn about computer science and technology and get excited about its applications, as well as have a chance to talk with female engineers in an informal setting and see what the working environment is like for them.

Since we started this program over three years ago, we’ve hosted more than 1,100 teenage girls at our office, and an additional 1,400 girls at three annual conferences held in leading universities. These 2,500 students represent 100 schools from all sectors and from all over the country: Tel Aviv, Haifa, Tira, Beer-Sheva, Jerusalem, Nazareth and more; what they have in common is the potential to become great computer scientists.

The results are encouraging. For instance, some 40 percent of the girls who participated in last year’s conference later chose computer science as a high school major.

We encourage people in other countries, at other companies and in other scientific disciplines to see how they could replicate this program. You can read more at the project site. Currently, we are working with the Google in Education group to expand the program to more offices globally and get even more young women excited about computer science. The difference we can make is real: At one of our first visits three years ago, we met a 10th grade student named Keren who enjoyed math but had never considered computer science as a high school major. Last month, Keren informed us that the visit made such an impact on her, she decided to change her major to computer science. “Talking to women in the field helped me change my mind,” she said.

Posted by Michal Segalov, Software Engineer at Google’s R&D Center, Israel

ZFS and OS X meet again?

2012-02-02T02:08:18+00:00

I just came across a reference to ZEVO tonight. This appears to be an add-on package for OS X that is built on top of ZFS. I’m going to have to keep an eye on this. Snapshots, data checksumming, de-dup, compression and zfs send/recv would be pretty cool on my Laptop. :)

How to Take a Screenshot of Your HP TouchPad Tablet

2012-02-01T23:56:40+00:00

This very brief tutorial will show you how to take a screenshot of your HP TouchPad Tablet’s screen.

Navigate to the ’screen’ you want to take a screenshot of.
Press the Home button located on the bottom of your tablet and the Power button located on the top-right corner of your tablet – at the same time. You’ll know you’ve successfully taken a screenshot if the window briefly ‘flashes’.

To view your newly taken screenshot, navigate to your Apps list and select Photos & Videos.

From the list of Libraries in the left column, select My TouchPad. Now select the newly created Screen captures folder.

Inside your Screen captures folder, all the screenshots you’ve taken will be displayed. To easily copy a screenshot from your tablet, select the picture you want to send, then tap the Send icon from the bottom of the window (see image below).

click to enlarge

If you haven’t already set up an email account on your HP TouchPad, you’ll be prompted to do so now. Skip to the next step if you’ve already configured your email.

From here you should have a pre-composed email with the picture (screenshot) already attached. Just enter the recipients address (usually your own) and hit Send. Then you can retrieve the email from any device and save the attachment (the screenshot) on that device.

click to enlarge

That’s it – you’ve successfully taken a screenshot from your HP TouchPad tablet and sent it/copied it from your device.

---
Related Articles at Simple Help:

How to Install Android on Your HP TouchPad Using OS X

How to stop Android from automatically adding shortcuts on your tablet home screen

How to transfer files from your Mac to your Android Tablet

How to clear the browsing history on your Android Tablet

How to Enable Developer Mode on your HP TouchPad

A ZFS pool scrub wish: suspending scrubs

2012-02-01T16:38:21+00:00

A ZFS pool scrub wish: suspending scrubs

Like sensible people, we scrub our pools periodically in order to turn up latent problems. Because pool scrubs have a visible impact on responsiveness (at least in the lightly patched Solaris 10 update 8 that we're running), we only run scrubs on weekends (and only scrub one pool per fileserver). However, we've recently started running into problems where pool scrubs slow the fileservers down enough that backups have started failing.

The obvious way around this is to switch things to only doing scrubs when backups aren't running. Except there's a problem: we run backups every day, they run for a fairly long time every day, and some of our pools take up to fifteen hours to scrub. If we only scrub when backups aren't running, there just isn't a fifteen hour gap that our biggest pools need.

(It's possible that they would scrub somewhat faster if they never overlapped with backups, but that's only a vague possibility. And as the pools get more data, they'll take longer and longer to scrub.)

Which brings me to my wish: I wish you could suspend ZFS pool scrubs. Not stop them and start them again from the start, but just put one to sleep by telling the pool to remember where the scrub was but do no further scrub IO for now, then later resume the scrub from where it left off. This would allow us to do even big scrubs around the backups, and in fact we could schedule scrubs much more liberally than we do right now. For example, we might have a couple of hours in a weekday early morning after backups have finished that we could use to get some scrubbing in.

(I'd be perfectly happy if this was only an in-memory pause, so that if you rebooted your system or exported the pool you lost it and had to start from scratch. As an in-memory pause it ought to be relatively simple to implement.)

PS: I checked and this doesn't seem to be in Illumos, at least based on the current Illumos zpool manpage.

Why an Agile Project Manager is Not a Scrum Master

2012-02-01T16:01:29+00:00

A reader asked why the lifecycle in Agile Lifecycles for Geographically Distributed Teams, Part 1 is not Scrum. It’s not Scrum for these reasons:

The project manager and product owner start the release planning and ask the team if the release planning is ok. The team does not generate the initial draft of release planning itself. In Scrum, the team is supposed to generate all of the planning itself.
The checkin is different from the Scrum standup and the objectives of the checkin are different. I did suggest to the teams that if you want to create a cross-functional team where the functions are separated, if you ask people how they are working together, you might help them work together. Sometimes those questions work, and sometimes they don’t. It depends on the team and whether the people want to work together.

I didn’t mention retrospectives or backlogs in my examples so far, because I took them for granted. Yes, both examples of these teams do perform retrospectives and have product backlogs. They also have agile feature roadmaps, which are on my list to blog about.

The real difference is the difference between a Scrum Master and an Agile Project Manager. A Scrum Master is not a project manager. A scrum master does not manage risk by him or herself. A project manager will take on the risk management responsibility without asking the team.

A Scrum Master has only allegiance to the team. A project manager has responsibility to the team and to the organization. That means that the project manager might feel torn when the organization pressures the project manager to do something stupid. (Although, I just downloaded the Scrum Guide, and the Scrum Master’s responsibilities have grown considerably since I took my CSM with Jeff way back in 2006.)

But agile provides transparency when the organization asks the agile project manager to do something stupid, so it’s easier to retain your integrity as a project manager.

Want to move a feature higher in the backlog? Change the feature roadmap with the product owner and then change the backlog with the product owner. I expect the agile project manager to collaborate on the feature roadmap and the backlog with the product owner.

Want to change the velocity of the team to please some crazed manager? Both the Scrum Master or the agile project manager protects the team in these ways:

Explain that velocity is not a productivity metric
Say No and explain why
Play the Double Your Velocity schedule game
Or choose some other way to remove this management obstacle.

Agile makes it easy to protect the team. The question is this: does the Scrum Master have other responsibilities in addition to protecting the team or is the Scrum Master full time? An agile project manager tends to be full time on a geographically distributed team. Even on a geographically distributed team, a Scrum Master is not seen as a full time position. Bless their tiny little hearts, managers don’t seem to understand that transitioning to agile, especially for silo’d distributed teams with different cultural norms is non-trivial. They will make room for a project manager, but a Scrum Master? Oh no. Makes me nuts.

Cut corners on quality? I don’t see how. The team doesn’t meet the acceptance criteria on the stories and doesn’t meet their criteria of done for an iteration, and can’t show a demo. How does that serve anyone?

Help a team go faster? This is the one place where a project manager may have an edge over a Scrum Master, and that’s only because of education. An agile project manager is a project manager. That means he or she is actively studying project management, which means he or she is studying lean also, looking into work in progress. (I realize many project managers do not actively study project management.) I have high expectations of an agile project manager, and that is to limit WIP, work in progress, to measure cumulative flow. But, Johanna, that’s a lean project manager. Yes, that’s correct. Why not use all of the tools available to us at all times? This is not to help a team actually go faster, but to provide feedback to the team about their WIP. If everyone takes a story at the start of the iteration and everyone always works on their own story, it’s likely the team is at the slowest possible velocity. It’s worth knowing that, or at least retrospecting about the data. A project manager will gather the data. A Scrum Master, especially one who was not a trained project manager, may not know to gather the data.

I have nothing against Scrum Masters. Some of my good friends are CSTs (Certified Scrum Trainers). However, they are not all project managers, and have not been project managers, and have not studied the field of project management. Some have been. And, the real issue is this: In a two or three day workshop, they cannot convey to a person who may or may not have been a practicing project manager all of their project knowledge.

Organizations do not always pick project managers to be Scrum Masters. And, with good reason. Some project managers are command-and-control project managers. I suspect back in my long-ago past, I was. I gave it up long ago because it didn’t work. Some people never gave up command-and-control project management. Those people are not good project managers for agile projects. They are terrible project managers for geographically distributed projects, where you must work through influence.

You can have self-managing teams that are geographically distributed. You can have self-directed teams that are geographically distributed. But, they don’t start that way. They evolve into self-directed and self-managing teams. They start as management-led teams.

And, especially when they are silo’d teams, they need the coordination of a project manager, someone who will manage the risk between the silos, and someone who has the organizational backing, and yes, someone who has the allegiance to the organization to say, “We need to do this project” to write the project charter.

In a geographically distributed team, the agile project manager writes the project charter either with the team, or as a strawman for the people to edit and approve. Shane and I recommend that the people get together to write it together. We like it if people get together in person. We know how rarely that happens. (Penny wise, pound foolish.) So we teach people how to write a project charter when they are divided in space.

Because until there is a project charter, there is no organizing principle for the silo’d teams. Those developers in France, testers in Belarus, product managers and project manager in San Francisco, they all need something to coalesce around. The charter, which includes the project vision provides that. The iterations provide the project heartbeat.

So, that’s why I don’t think Agile Lifecycles for Geographically Distributed Teams, Part 1 is Scrum. It’s close, but no cigar. I respect Ken and Jeff’s work too much to call it Scrum when it’s not.

Now that I’m mostly recovered from my cold, I can continue the series about lifecycles.

(Want to learn to work more effectively on your geographically distributed team? Join Shane Hastie and me in a workshop April 17-18, 2012.)

My Debian Activities in January 2012

2012-02-01T15:20:00+00:00

This is my monthly summary of my Debian related activities. If you’re among the people who made a donation to support my work (213.68 €, thanks everybody!), then you can learn how I spent your money. Otherwise it’s just an interesting status update on my various projects.

Dpkg

The “biggest change” I made is a small patch that brings to an end years and years of recurring discussions about the build-arch and build-indep targets of debian/rules (see #229357). Last year the technical committee took this issue in its hands (see #629385) but it failed to take any resolution. Fortunately thanks to this we got some concrete numbers on the colateral damages inflicted on the archive for each possible approach. In the end, Guillem and I managed to agree on the way forward.

The remaining of what I did as dpkg maintainer has not much to do with coding. I reviewed the work of Gianluca Ciccarelli on dpkg-maintscript-helper who is trying to provide helper functions to handle migration between directories and symlinks. I also reviewed a 2000-lines patch from Patrick Schoenfeld who’s trying to provide a perl API to parse dpkg log files and extract meaningful data out of them.

I updated the dpkg-architecture manual page to document the Makefile snippet /usr/share/dpkg/architecture.mk and to drop information that’s no longer releveant nowadays.

I reviewed a huge patch prepared by Russ Alberry to update the Debian policy and document the usage of symbols files for libraries. As the author of dpkg-gensymbols, I was keen to see it properly documented at the policy level.

I brought up for discussion a detail that was annoying me for quite some time: some copyright notices were embedded in translatable strings and updating them resulted in useless work for translators. In the end we decided to drop those notices and to keep them only at the source level.

I updated my multiarch branch on top of Guillem’s branch several times, all the fixes that were in my branch have been integrated (often in a modified form).

Unfortunately even if the code works quite well, Guillem doesn’t want to release anything to Debian until he has finished to review everything… and many people are annoyed by the unreasonable delay that it imposes. Cyril Brulebois tried to release a snapshot of the current multiarch branch to experimental but Guillem has been prompt to revert this upload.

I’m somewhat at a loss in this situation. I offered my help to Guillem multiple times but he keeps doing his work in private, he doesn’t share many details of his review except some comments in commit logs or when it affects the public interface. I complained once more of this sad situation.

Debian Package Maintenance Hub

That’s the codename I use for a new infrastructure that I would like to develop to replace the Package Tracking System and the DDPO and several other services. I started to draft a Debian Enhancement Proposal (DEP), see DEP-2, and requested some comments within the QA team.

For now, it looks like that nobody had major objections on the driving idea behind this project. Those who commented were rather enthusiastic. I will continue to improve this DEP within the QA team and at some point I will bring the discussion to a larger audience like debian-devel@lists.debian.org.

Package Tracking System

Even if I started to design its replacement, the PTS will still be used for quite some time so I implemented two new features that I deemed important: displaying a TODO notice when there is (at least) one open bug related to a release goal, displaying a notice when the package is involved in an ongoing or upcoming transition.

Misc packaging tasks

I created and uploaded the dh-linktree package which is a debhelper addon to create symlink trees (useful to replace embedded copies of PHP/JavaScript libraries by symlinks to packaged copies of those files).

I packaged quilt 0.50. I helped the upstream authors to merge a Debian patch that had been forwarded by Martin Quinson (a quilt’s co-maintainer). I packaged a security release of WordPress (3.3.1) and a new upstream release of feed2omb and gnome-shell-timer.

I prepared a new Debian release of python-django with a patch cherry-picked from the upstream SVN repository to fix the RC bug #655666.

Book update

We’re again making decent progress in the translation of the Debian Administrator’s Handbook, about 12 chapters are already translated.

The liberation campaign is also (slowly) going forward. We’re at 72% now (thanks to 63 new supporters!) while we were only at 67% at the start of January.

Thanks

See you next month for a new summary of my activities.

5 comments | Liked this article? Click here. | My blog is Flattr-enabled.

Playbook for tackling the Super Bowl with Google

2012-02-01T10:39:20+00:00

While thousands of lucky fans will brave the crowds at the Lucas Oil Stadium in Indianapolis, Ind. to fill the coveted seats at this Sunday’s Super Bowl, many more in the U.S. will enjoy the game from home—in front of the TV, with mobile phones and tablets at the ready.

As the New York Giants and New England Patriots prepare for kickoff, here are several ways to make the most of the big game with Google—wherever you’re watching. You can explore the full list in our Game Day with Google playbook, a new page on Inside Search that we’ve filled with tips on how to use Google to enjoy the game.

Get the inside scoop
Visit the Giants and Patriots Google+ pages for behind-the-scenes coverage and details on a chance for you to join the Giants pre-game hangout on Thursday for a face-to-face chat with the players. Be sure to leave a comment on their post for a chance to participate.

On Monday, Feb 6 at noon ET, stop by the NBC Sports Google+ page for a Hangout On Air with CNBC sports business reporter Darren Rovell. He’ll chat about the previous day’s game and review the best commercials with fans that drop in. Leave a comment on this NBC Sports post to throw your name in the hat to be one of the lucky participants who will chat with Rovell On Air.

Plan your party
Super Bowl party rivalry is already in full swing with Indiana leading the pack in Google searches for [super bowl party], ahead of both New York and Massachusetts. Despite New York being the home state of the buffalo wing, searches for [chicken wings] are nearly 50 percent higher in Massachusetts.

If you’re looking for a dip recipes, [hummus] reigns supreme, followed by guacamole, queso and bean dip. Use Google Recipe search to find a recipe with the ingredients to make everyone happy. Or, swing by ChefHangout on Google+ to join a cooking class on favorite Super Bowl party foods.

Talking babies or barking dogs? You decide.
It wouldn’t be the Super Bowl without the commercials. We’ve already seen a flurry of pre-game teasers pop up on YouTube and Google+, but which commercial will reign supreme? Our fifth annual YouTube Ad Blitz in partnership with NBC Sports enables you to replay and vote on your favorite commercials online from a laptop, mobile phone or tablet. Tune in to the YouTube Ad Blitz channel or NBCSports.com to watch and rate the commercials.

Watch the Madonna premiere on YouTube
If the halftime show interests you more than counting yards gained and lost, get an early taste of the show with Madonna’s music video premiere for “Give Me All Your Luvin” featuring Nicki Minaj and M.I.A on her official youtube.com/Madonna channel this Friday and on the YouTube Ad Blitz channel pre-game on Sunday. You can pre-order her deluxe album right there in the video description. And make sure to tune in to Madonna’s Google+ profile all week long for her latest news.

May the best team win!

Posted by Sue McCauley, YouTube Ad Blitz program manager (and die-hard Giants fan)

The solution to the modern X font handling mystery

2012-02-01T02:53:11+00:00

The solution to the modern X font handling mystery

I wrote last time about my attempts to work out just why xterm was rendering the same font differently on Ubuntu and Fedora. Thanks to comments from Adam Sampson and some additional digging, I now have an answer and some theories. As it happens, the answer illuminates yet more issues with modern X font handling.

In the modern Xft/FreeType/Fontconfig world, fonts are specified more or less as a font name and a size. With most programs that allow explicit specification of the font name you can augment the name with additional attributes, partly to modify the exact font that gets matched and partly to control how it's rendered. All of this is sort of covered in the fontconfig user documentation.

(An example could be 'DejaVu Sans Mono:style=bold:hintstyle=hintslight'. This shows both a modification of the font selection process and a rendering instruction. A similar sort of syntax can be used if you want to find, eg, all of the monospace fonts on the system.)

Fontconfig also has system-wide configuration files, found in /etc/fonts/conf.d/. In most packages that I'm familiar with, the global configuration is a default and explicit specification of things override them. However, this is not the case for fontconfig; at least for some settings, fontconfig's global settings silently override anything you specify explicitly. The only way to override these settings yourself is to have a $HOME/.fonts.conf file (and you can't unset the settings so that you can pick them on the fly, only set them to whatever personal global value you want).

You can probably guess the rest of the story. As spotted by Adam Sampson, Ubuntu's fontconfig package has a global config file that is explicitly forces hinting to be set to hintslight, while Fedora has no config file and is defaulting to hintfull. Because this is set in a global config file you can't override it on the xterm command line, which fooled me into thinking that this setting wasn't the culprit.

(You can include ':hintstyle=hint<whatever>' in a -fa argument all you want, but it is silently ignored.)

Overriding that (with a personal .fonts.conf file that forces hintfull hinting) got Ubuntu rendering to be almost the same as Fedora rendering. The remaining difference turns out to be due to the specific versions and compilation options of my version of FreeType. Interestingly, this is not just a small visual difference; at least under some circumstances the Ubuntu FreeType library renders DejaVu Sans Mono characters a pixel or so taller than my Fedora FreeType library does, meaning that an 80x50 xterm on Ubuntu is visibly taller than a Fedora 80x50 xterm. (They are both the same width.)

I don't know for sure why gnome-terminal, Firefox, and TK applications were unaffected by this, but my theory is that all of them use the Gnome preferences system. Gnome has its own preferences settings for how to render fonts and these appear to completely override fontconfig's views on the subject, so Gnome applications were using the 'right' hinting style for my tastes. I would have probably seen the same rendering of DejaVu Sans Mono in any other Gnome application that used it as the monospace font (a good example is probably gedit).

(Why this happened for some fonts and not for others presumably has to do with how the fonts were hinted, or maybe some fonts specify that they can only be hinted at some levels. I don't know if this means that the fonts that weren't affected are less hinted than DejaVu Sans Mono and so on, or just hinted differently.)

OpenShot 1.4.1 released and ubuntu ppa installation instructions included

2012-02-01T00:40:26+00:00

{lang: 'en-GB'}

OpenShot Video Editor is a free, open-source video editor for Linux. OpenShot can take your videos, photos, and music files and help you create the film you have always dreamed of. Easily add sub-titles, transitions, and effects, and then export your film to DVD, YouTube, Vimeo, Xbox 360, and many other common formats. Check out the full feature list, view screenshots, or watch videos of OpenShot in action!
(...)
Read the rest of OpenShot 1.4.1 released and ubuntu ppa installation instructions included (105 words)

© admin for Ubuntu Geek, 2012. | Permalink | No comment | Add to del.icio.us
Post tags: desktop, install OpenShot 1.4.1 using ubuntu ppa, OpenShot 1.4.1 ubuntu ppa

Press Review #7

2012-01-31T17:25:00+00:00

Here is a little press review around Oracle technologies, and Solaris in particular:

Analyzing Interrupt Activity with DTrace

http://blogs.oracle.com/timc/entry/analyzing_interrupt_activity_with_dtrace

Interrupts are events delivered to CPUs, usually by external devices (e.g. FC, SCSI, Ethernet and Infiniband adapters). Interrupts can cause performance and observability problems for applications.

Performance problems are caused when an interrupt "steals" a CPU from an application thread, halting its process while the interrupt is serviced. This is called pinning - the interrupt will pin an application thread if the interrupt was delivered to a CPU on which an application was executing at the time.

ZFSSA/S7000 major update

http://sparcv9.blogspot.com/2012/01/zfssas7000-major-update.html

The first major software update of S7000/ZFSSA/Fishwork in over a year is now available. With the original version "2011.Q1" it seems a bit delayed, perhaps due to the departure several key persons behind the software post Oracle acquisition of Sun.

The all-seeing eye of DTrace

http://sparcv9.blogspot.com/2012/01/all-seeing-eye-of-dtrace.html

I was recently involved with a problem related to backup software running on Solaris, as part of a general health check of the system I stumbled on something interesting that was not visible using conventional tools.

Windows 8: Getting More ZFS'ish

http://netmgt.blogspot.com/2012/01/windows-8-getting-more-zfsish.html

Storage has always been a part of operating systems. Over time, storage capabilities have increasingly became more sophisticated in operating systems, consuming features from 3rd party partners. Occasionally, a vendor will release very sophisticated increments to their operating systems. Windows 8 is projected to receive more ZFS-like features, to make it more competitive with Solaris, when Sun release ZFS over a half-dozen years ago.

Big Data : opportunité Business et (nouveau) défi pour la DSI ?

http://blogs.oracle.com/EricBezille/entry/big_data_opportunité_business_et

Comme le souligne une étude de McKinsey ("Big Data: The next frontier for innovation, competition, and productivity"), la maîtrise des données (dans leur diversité) et la capacité à les analyser à un impact fort sur l’apport que l’informatique (la DSI) peut fournir aux métiers, pour trouver de nouveaux axes de compétitivité. Pour ne citer que 2 exemples, ils estiment que l'exploitation du Big Data pourrait permettre d'économiser plus de €250 milliards sur l'ensemble du secteur publique Européens (identification des fraudes, gestion et mesures de l'efficacité des affectations des subventions et des plans d'investissements, ...). Quant au secteur marchand, la simple utilisation des données de géolocalisation pourrait permettre un surplus globale de $600 milliards[...]

Activity of the ZFS ARC

http://dtrace.org/blogs/brendan/2012/01/09/activity-of-the-zfs-arc/

Disk I/O is still a common source of performance issues, despite modern cloud environments, modern file systems and huge amounts of main memory serving as file system cache. Understanding how well that cache is working is a key task while investigating disk I/O issues. In this post, I’ll show the activity of the ZFS file system Adaptive Replacement Cache (ARC).

Engineered Systems and Enterprise Architecture (or: How to Sell Dog Food Online)

http://constantin.glez.de/blog/2012/01/engineered-systems-and-enterprise-architecture-or-how-sell-dog-food-online

One of the first things that customers and sales teams realize when dealing with Engineered Systems is: They fundamentally change the IT architecture of a business.

Change is good, it means progress. But change is sometimes seen as a bad thing: Change comes with fear.

The truth is that Engineered Systems really empower IT architects to add value to their business, application and data architectures, without worrying about the technology architecture.

New My Oracle Support User Interface to Replace HTML-Based User Interface on January 27, 2012

http://www.oracle.com/us/dm/100042350-wwsu11104830mpp001-oem-1489365.html

On January 27, 2012, we will upgrade My Oracle Support’s current HTML-based user interface (UI) to a new one built using Oracle’s Application Development Framework (ADF). This upgrade is driven by customer feedback, and will help provide our My Oracle Support HTML-based users more streamlined access to support information and services.

NEW CERTIFICATION: Oracle Certified Associate (OCA), Oracle Solaris 11 System Administrator

http://blogs.oracle.com/certification/entry/0684a

Oracle Certification announces the release of the new "Oracle Certified Associate, Oracle Solaris 11 System Administrator" certification. This certification is for Oracle Solaris system administrators who possess a strong foundation in the administration of the Oracle Solaris 11 Operating System and are proficient in essential system administration skills such as managing local disk devices, managing file systems, installing and removing Solaris packages and patches, performing system boot procedures and system processes.

Solaris Tip: How-To Identify Memory Mapped Files

http://blogs.oracle.com/mandalika/entry/solaris_tip_how_to_identify

A memory mapped (mmap'd) file is a shared memory object, or a file with some portion or the whole file was mapped to virtual memory segments in the address space of an OS process. Here is one way to figure out if a given object (file or shared memory object) was memory mapped in a process or not.

New Storage Magazine awards for NAS...

http://blogs.oracle.com/7000tips/entry/new_storage_magazine_awards_for

Storage Magazine just came out with the January 2012 issue, showing Oracle Storage doing quite well (#1) with the Oracle ZFSSA 7420 and 7320 family. Check out pages 37-43 of this month's Storage Magazine. Storage Magazine: http://docs.media.bitpipe.com/io_10x/io_103104/item_494970/StoragemagOnlineJan2012final2.pdf (pages 37-43)

SSDs and the TPC-C top 10

http://storagemojo.com/2012/01/19/ssds-and-the-tpc-c-top-10/

If SSDs are so great, shouldn’t we see the results in TPC-C benchmarks? They are, and we do.

But there are some surprises.

MWAC in Global Zone

http://milek.blogspot.com/2012/01/immutable-global-zone.html

Solaris 11 has a new cool feature called Immutable Zones. [...] Immutable Zones basically allow for read-only or partially read-only Zones to be deployed. You can even combine it with ZFS encryption - see Darren's blog entry for more details. The underlying technology to immutable zones is called Mandatory Write Access Control (MWAC) and is implemented in kernel. So for each open, unlink, etc. syscall a VFS layer checks if MWAC is enabled for a given filesystem and a zone and if it is it will check white and black lists associated with a zone and potentially deny write access to a file (generating EROFS).

IBM Slashes Some Power7 Processor Prices

http://www.itjungle.com/tfh/tfh012312-story01.html

The new year is well under way and IBM, as we report elsewhere in this issue of The Four Hundred, has closed out last year and is facing whatever new challenges it has. The big one is that new Opteron 6200 processors from Advanced Micro Devices and Sparc T4 processors from Oracle are out, and the even bigger problem is that the Xeon E5 processors from Intel are shipping under NDA to selected customers and are expected to launch this quarter.

With Power7+ machines expected this year, intense competition from X86 and Sparc iron, and a bunch of Power7 machines probably sitting in the barn at IBM's resellers, there may never be a better time to get a discount on Power7 processors.

How Dell Migrated from SUSE Linux to Oracle Linux

How Dell planned and implemented the migration, including key conversion issues and an overview of their transition process.

http://www.oracle.com/technetwork/articles/servers-storage-admin/dell-linux-1498654.html

In June of 2010, Dell made the decision to migrate 1,700 systems from SUSE Linux to Oracle Linux, while leaving the hardware and application layers unchanged. Standardization across the Linux platforms helped make this large-scale conversion possible. The majority of the site-specific operating system and application configuration could simply be backed up and restored directly on the new operating system. Configuration changes were minimal and most could be automated, easing the administration effort required and helping achieve a reliable and consistent transition procedure.

ZFS Storage Appliance Calculator

http://www.oracle.com/us/media/calculator/zfs/index.html

Hardware and Systems Upgrade

http://www.oracle.com/oms/hardwareupgrade/index.html

Learn how to upgrade and why refreshing your data center makes good business sense.

Oracle Solaris and Oracle SPARC T4 Servers—Engineered Together for Enterprise Cloud Deployments

http://www.oracle.com/us/products/servers-storage/solaris/solaris-and-sparc-t4-497273.pdf

Over the last 25 years, the Oracle Solaris has been developed hand-in-hand with systems built around the SPARC processor. Oracle Solaris is tightly integrated with the many system level capabilities of the SPARC T4 processor, providing scalable, high-performance compute capability coupled with integrated high-speed networking and cryptographic acceleration.

Today, with Oracle Solaris 10 and SPARC T4 systems, existing applications can receive an immediate performance boost and at the same time companies can begin extending their operations into the cloud with Oracle Solaris 11.

Use the OPN Fast Track to move your Application to Oracle Solaris 11

http://blogs.oracle.com/partnertech/entry/use_the_opn_fast_track

The first building block is the Oracle Solaris binary guarantee. It warrants that Oracle Solaris 10 binaries can be executed on Oracle Solaris 11 without recompilation.

Even binary compatible applications rely on all the frame works which have been provided with Oracle Solaris 10. Applications who need this fine grained support of the older Oracle Solaris 10 infrastructure are likely to work smoothly on Oracle Solaris 11systems using an Oracle Solaris 10 branded zone. This will work as long as the applicaton has been supported to run in a Oracle Solaris 10 zone before.

Oracle and the Solaris Brand

http://www.mis-asia.com/tech/operating-systems/oracle-and-the-solaris-brand/

When Oracle Corp. acquired to save some brands of Sun Microsystems April 2009 through January 2010, much was made about the enterprise software giant’s entry to the hardware business. Now, two years on, things are looking up for one of the industry’s better known platforms for performance and stability through the last couple decades—Solaris. Just last month, Markus Flierl, Vice President of Software Development, Oracle, told MIS Asia what Oracle has been doing to breathe new life into Solaris and where he expects the new platform to add value to industry users.

Who to trust?

2012-01-31T14:00:02+00:00

We are two people. The person that calmly makes plans and the person that executes them. The first person is calm and thoughtful and has the right amount of doubt to make sure a plan will work. The second person rushes to judgement and is full of hubris. "What was I thinking! I can do it more/better/differently." is what the second person says. The second person often forgets how much work went into the planning or the rationale for why things were set in a particular order.

If an outside knows of the plan, it can confuse things if the second person "optimizes" the plan leaving those other people out of the loop. The second person often thinks they're the only one that knows the plan, but often they are forgetting someone.

I've had to learn that if someone in my todo list is marked as being in a specific order, I should "trust the plan" and follow it... against the recommendation of that second person.

A friend of mine recently said her plan in the morning involved seeing her son off on a trip then getting 4 things done at home. What happened was she made a last-minute decision to drive him to the event personally, which meant a series of problems including some delays that prevented those 4 things from getting done.

Why didn't she listen to that person that, the night before, carefully constructed a good plan?

I do a lot of volunteer work and often we spend a lot of time working on a plan and later when executing the plan people will start to make changes. This brings up all the "second person" problems but at an even bigger scale. You'll often hear me saying, "Trust the process" over and over.

Once we were stuffing envelopes for a big mailing. It was a rather complicated project creating 3000 pieces to be mailed. Previously we had ended up in a situation where we ended up with 2000 properly stuffed, labeled, and stamped envelopes plus 1000 envelopes that just had stamps, and a different 1000 envelopes that were stuffed and had address labels stuck on them. We stuff the envelopes; only stuffed envelopes get labels, and only labeled envelopes get stamps. Three assembly lines, one that feeds the next. If you notice, the order also reflects the cost-of-replacement: stamps are expensive so you don't want to put them on until you know the envelope is otherwise prepared. When you run out of contents, no more stamps are consumed.

Sometimes the labeling process was the bottleneck and someone outside the planning process would "help" by labeling empty envelopes. They don't realize the potential problem they are causing, or the confusion.

Every morning I do my "5 minutes of planning". I look at my calendar then check my todo list for the day. I re-arrange my todo list, often pushing things around to be in priority order. I do this on the train so it is ready when I get to work. By the time I get working on stuff I've often forgotten the rationale for the order things are in, so I've had to train myself to "trust the process" and do the tasks in the order "the other me" proscribed.

Because if I don't do that, I end up spending the morning writing a blog post instead of working on my todo list. And that can disorient my entire day.

Manhattan World Tour – 1 Night Only! Wednesday 2/1/2012!

2012-01-31T12:27:46+00:00

Just a note…I’m back in NYC this week doing some contracting work. I’ve got Wednesday (tomorrow) night open for dinner, if anyone wants to hang out. I’m meeting some friends who are sysadmin-types at Brother Jimmy’s BBQ in Union Square at 7pm, so you’re welcome to come by! See you there!

Contributing to the translation of Debian

2012-01-31T09:00:00+00:00

If you’re not into packaging and if you asked how you could help Debian, someone probably suggested that you help to translate it.

It’s true that translating Debian is essential if we want to make Debian available to everybody on the world. There are many persons who are stuck as soon as they get a message in English, so it’s important to aim for 100% coverage in terms of localization.

Some vocabulary: localization vs internationalization

Internationalization (i18n) is the work that makes it possible to translate messages in a given application.

Localization (l10n) is the work of translating messages of said application. So as a translator, you’ll be doing “localization” but some knowledge of “internationalization” is still useful… because it will define how you’re supposed to provide the translations. We’ll come back to that later.

Join your localization team

Usually the translation work is shared among multiple translators within a localization team. Check out the Debian International page on www.debian.org to find out instructions for translators for each language.

Many teams have a debian-l10n-*@lists.debian.org mailing list used for coordination, feel free to ask questions on those lists when you start (but make sure that you have read the relevant documentation before).

Each team has its own workflow, so observe for a while to get used to what’s happening before asking your first questions.

What is there to translate?

The translation of most of the software provided by Debian is not handled by Debian. The Debian translation teams “only” handle the translation of:

the software that are specific to Debian (debian-installer, dpkg, APT, etc.) (*);
the Debconf prompts in all Debian packages (*);
the Debian documentation (*);
the Debian website;
the Debian wiki;
the descriptions of packages.

Now before contributing to your first translation, I have to come back to internationalization to teach you a few things. In the above list, the projects marked with “(*)” do use PO files for their translation and the next sections will explain you how to work with those files.

Introduction to Gettext

The free software community has mostly standardized on a single internationalization infrastructure known as Gettext. With this tool, you’re provided a “POT file” which contains all the translatable strings. It looks like this:

# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR Software in the Public Interest, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR , YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: dpkg 1.16.1\n"
"Report-Msgid-Bugs-To: debian-dpkg@lists.debian.org\n"
"POT-Creation-Date: 2011-09-23 03:37+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"

#: lib/dpkg/ar.c:66
#, c-format
msgid "invalid character '%c' in archive '%.250s' member '%.16s' size"
msgstr ""

#: lib/dpkg/ar.c:81 lib/dpkg/ar.c:97 lib/dpkg/ar.c:108 lib/dpkg/ar.c:112
#: lib/dpkg/ar.c:134 utils/update-alternatives.c:1154
#, c-format
msgid "unable to write file '%s'"
msgstr ""

[…]

The lines starting with “#:” are comments that indicate the source files where the (English) string is used. This can be useful if you want check the source to have more information about how the string is used.

The lines starting with “#,” contain flags that can be important. If the “fuzzy” flag is set, the translated string is not used because it must be updated (or at least verified) since the original string evolved. The “c-format” flags indicates that the string must be a C format string, this has some implications in what’s allowed in the string (in particular when it embeds conversion specifier for arguments submitted to printf-like functions).

Another thing to note is that the translation of the empty string is used to store some meta-information about the translation itself.

Contributing a translation as a PO file

When you start a new translation, you copy that POT file to create a “PO file” for your own language (eg. fr.po for the French language). You replace some template values (identified with the upper case words in the POT file) and you replace all the empty strings on “msgstr” lines with the translation of the string that appears in the previous “msgid” line.

The result could be something like this:

# translation of fr.po to French
# Messages français pour dpkg (Linux-GNU Debian).
msgid ""
msgstr ""
"Project-Id-Version: fr\n"
"Report-Msgid-Bugs-To: debian-dpkg@lists.debian.org\n"
"POT-Creation-Date: 2011-09-23 03:37+0200\n"
"PO-Revision-Date: 2012-01-16 07:57+0100\n"
"Last-Translator: Christian Perrier \n"
"Language-Team: French \n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n"
"X-Generator: Lokalize 1.2\n"

#: lib/dpkg/ar.c:66
#, c-format
msgid "invalid character '%c' in archive '%.250s' member '%.16s' size"
msgstr "caractère invalide « %1$c » dans la taille du membre « %3$.16s » de l'archive « %2$.250s »"

#: lib/dpkg/ar.c:81 lib/dpkg/ar.c:97 lib/dpkg/ar.c:108 lib/dpkg/ar.c:112
#: lib/dpkg/ar.c:134 utils/update-alternatives.c:1154
#, c-format
msgid "unable to write file '%s'"
msgstr "impossible d'écrire le fichier « %s »"

[…]

If there’s already a “PO file” for your language, there might still work to do: there might be strings that have not yet been translated and there might be “fuzzy” strings which have to be updated — strings which were already translated but where the original string has been modified.

There are software that can assist you to edit PO files: poedit, virtaal, lokalize, gtranslator. There are also special extensions for vim (packaged in vim-scripts) and for Emacs.

Submit the translation for inclusion

Once you have a complete PO file, you should submit it for inclusion. Sometimes you will have been granted commit rights to the source code repository so that you can include your translation by yourself. In the other cases, you should submit your translation with a bug report tagged “l10n” and someone else will include your work in the next release.

Depending on the team, the workflow might require a review before the submission. In that case, you usually have to send a call for review on the coordination mailing list.

Go ahead!

Hopefully those explanations will be enough to get you started. There are many other things to learn¹ but it’s good to learn while practicing…

¹ For example, can you find out why the French translation above changed “%c” in “%1$c”?

Do you want to read more tutorials like this one? Click here to subscribe to my free newsletter, you can opt to receive future articles by email.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Where is Oracle going with Solaris?

2012-01-31T05:17:09+00:00

Where is Oracle going with Solaris?

(Disclaimer: rambling ahead.)

Once upon a time, back when Sun was still Sun, it was possible to kind of see what they thought the future market for Solaris was. Solaris wasn't Linux, but they could load it with attractive features (ZFS, DTrace, arguably Zones, etc) to make up for being not-Linux and then sell it for a relatively low price to hook the low end of the market. Arguably Sun skipped the bit where they upsold to more lucrative services later.

(In this view, the free Linux distributions serve as a valuable initial hook for higher end commercial Linuxes like Red Hat Enterprise. A small company is unlikely to buy RHEL right away; instead they can progressively move closer, first with Debian or Ubuntu, then with CentOS, and finally they start paying Red Hat when they get tired of the alternatives. Since very few people were going to jump from a Linux to Solaris, Solaris needed a similar entry-level hook.)

Then Oracle took over Solaris and now I don't understand how they see its future. The initial moves were straightforward: Oracle drastically raised prices and effectively drastically reduced hardware availability. Then of course they killed off other features that made Solaris attractive, like source availability. As far as I can see this took out the bottom end of the Solaris market entirely.

(It's hard to find current pricing for Solaris on non-Oracle hardware. The best I could find on Oracle's own website was $1k per core per year; it's not clear if you can get a better deal through either Dell or HP, which were at one point theoretically reselling Solaris on their own hardware. I couldn't configure a low-end 1U Dell server with Solaris, for what that's worth.)

One possible answer is that Oracle has no real plans for Solaris's future. In this view, they're treating it as a declining asset and milking it to get as much money as possible from those people who have to have Solaris. As the ranks of those people dwindle, Solaris itself will dwindle away with them. Eventually Oracle will politely sunset it and no one will really care. In this view, the relatively high prices for Solaris (and the outrageously high ones for non-Oracle hardware) are somewhat deliberately designed to discourage new customers; the last thing Oracle wants is for Solaris to actually get popular, because then Oracle would have to start spending real money on it.

Another possible answer is that Oracle thinks that Solaris has a viable future on big iron but not on low end hardware. I'm a professional skeptic about big iron in general, so I'm not well placed to evaluate how realistic this is. I think you can make a case that big iron customers are mostly insensitive to both the exact operating system (they care about the apps, which are often layered on top of a database to start with) and the licensing costs, but will value various (theoretical) Solaris virtues like resilience and inspectability with DTrace (especially if Oracle integrates DTrace support into their database products). On the other hand they do care about TCO (and there can be a lot of money involved in that TCO with big iron and Solaris licensing) and I'm not sure Oracle has a good sales pitch for Solaris against the relentless march of cheaper Linuxes.

(I'm not persuaded by the variant of this where Solaris is supposed to be the true home of Oracle's database software, because it requires customers to either like or be neutral to Solaris and its increased costs. If everyone wants to run Oracle on RHEL, it's hard to make Solaris Oracle's true home.)

All of this is mostly but not entirely academic to me, since it seems clear that we have too little money to interest Oracle. Still, I just can't stop wondering; there was a time when Solaris looked like it had a place in the general Unix future.

(You can argue that Solaris still does, in the form of Illumos and distributions using it. Especially as apparently a whole lot of the Sun technical people have left Oracle and settled at various other places that are working on Illumos; this makes Illumos the technical future of Solaris, and the technical future is the interesting one.)

PS: I would probably be better informed about the speculation on this if I actually followed Solaris news. I don't, because it seems very unlikely that anything Solaris news is going to affect us; Oracle would have to perform one of the world's most spectacular sudden reverses in order to be relevant to us again.

Reading a file into a Python string

2012-01-31T01:44:49+00:00

I’ve learned a number of useful things from the Google learn Python video series. One of the tips I got to use today. That tip was Python’s ability to read a file into a string: $ cat foo this is a test file of words $ python >>> f = open(“foo”,”r”) >>> string = f.read() [...]

HTML is not a SGML dialect and never really has been

2012-01-30T20:33:44+00:00

HTML is not a SGML dialect and never really has been

There is a persistent story that makes the rounds among the web specification world (for example, in this otherwise realistic article on XHTML) that HTML is a SGML dialect but web browsers persistently mishandle and mis-parse certain SGML features such as minimization. Although I have pandered to this belief before, it is false in practice and in reality.

HTML is really a documentation standard; the standard followed behind existing practice, not preceded it. In the very beginning, people just created browsers and a vague format that the browsers understood. This format was inspired by SGML, but it was never an SGML dialect and as such it never had various obscure SGML features. At some point, when people in the W3C were writing down the HTML standard of the time (or perhaps evolving it), they decided to 'fix' this obvious omission by writing into the new version of the HTML specification that it was a SGML dialect.

(Looking at the historical specifications via wikipedia, this appears to go as far back as HTML 2.0.)

You can guess what happened next. All of the browsers of the time promptly ignored this new bit of the standard, and pretty much every browser written since then has as well; none of them ever parsed HTML as SGML, supporting all of the little odd SGML features that that implies. HTML may be an SGML dialect as far as the W3 standards and their validator are concerned, but it is not in real life and anyone who writes HTML believing otherwise is going to have problems.

As you might expect, HTML5 very firmly puts a stake in this particular issue; the current spec draft says explicitly (emphasis mine):

For compatibility with existing content and prior specifications, this specification describes two authoring formats: one based on XML (referred to as the XHTML syntax), and one using a custom format inspired by SGML (referred to as the HTML syntax).

Perhaps someday all of the common HTML validators will be updated to understand HTML as it really is.

Monitoring with Windows Remote Management (WinRM) and Powershell Part II

2012-01-30T19:48:00+00:00

For the first installment of this series, click here. This is yet another post that required hours of research and testing and resulted in me learning way more about various tangential things than I realized I wanted to know.

Ready to wrap this up with some real security goodness? Me too.

When you operate a small network or LAN, passing your credentials over the wire via easy-to-crack hashes and sending other traffic as clear text might be acceptable to you - or more accurately, you don't spend any time thinking about it. But when your network is large, heterogeneous and spans dozens of cities and continents, and has hundreds of internet-facing nodes and thousands of employees and external users... you need to start paying more attention to security. Well actually you needed to have started paying more attention to security way before you got to that point, but you get my meaning. You never know who might be listening with an intent to uncover privileged information - whether outside hackers or internal employees.

When I first set out writing this post, I didn't realize that all WinRM traffic is already encrypted by default. Even when sent over the HTTP protocol and even when Negotiate/NTLM authentication is used. It's still encrypted. But I don't mean to conflate authentication and data encryption right off the bat. Let's start with encryption. Here is an example of the header of an HTTP packet sent to a WinRM server:

POST /wsman?PSVersion=2.0 HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/encrypted;protocol="application/HTTP-SPNEGO-session-encrypted";boundary="Encrypted Boundary"
User-Agent: Microsoft WinRM Client
Content-Length: 1662
Host: server1:5985

SPNEGO is used to negotiate the strongest authentication type available to both nodes, and then everything in the payload of the packet between the "--Encrypted Boundary--" tags... is gibberish. There is no clear text in the packets. I've looked. The only bit of useful information I could find so far while sniffing on the wire was the domain\username used for authentication. I'm guessing that this encrypted data sent over HTTP must be new to WinRM 2.0, because this Technet article implies that data sent over HTTP was clear text at some point.

*Click for larger*

Since the nodes are using the Negotiate protocol, they will settle on the best authentication mechanism that they can both agree upon. (Kerberos > NTLMv2 > NTLMv1, etc.) In this case it's going to be NTLMv2 authentication since they can't use Kerberos since they aren't in the same AD domain. Windows machines haven't used the old easy-to-crack LAN Manager or NTLMv1 password hashes in over 10 years. If you search through your packet capture, (use the "ntlmssp" display filter in Wireshark to easily find the relevant authentication traffic,) you will find several hashes of varying lengths, including the server challenge, client response, client challenge, HMAC, session key, MIC, etc. What's important though is that nothing that directly exposes the actual password is sent over the wire. If the machine has already been compromised, the attacker could access the local SAM and get an unsalted password hash that, using something like Rainbow Tables, could eventually be decoded into the original password. But that's only if the Security Accounts Manager on the local machine has already been compromised. The hash that's stored there is not sent over the wire.

This guy right here has an ongoing, amazing 6-part (and growing) exposé on getting at those infamous NTLM hashes. It always involves already having access to the machine though, and almost always involves old versions of Windows and exploiting flaws that have since been fixed.

In the first part of this tutorial, we did a basic set up of the WinRM service on a standalone computer named SERVER1. Then we connected to that computer from a domain-joined machine named DC01 to demonstrate using the Negotiate authentication protocol to connect to machines that are outside of your Active Directory trust boundary. By the way:

It should be noted that even within a domain, for Kerberos authentication to work when using WinRM, an SPN for the service must be registered in AD. As an example, you can find all of the "WSMAN" SPNs currently registered in your forest with this command:

setspn -T yourForest -F -Q WSMAN/*

SPN creation for this should be taken care of automatically, but you know something is wrong (and Kerberos will not be used) if there is no WSMAN SPN for the device that is hosting the WinRM service.

As with last time, when I execute the command on DC01:

$creds = Get-Credential
$server1 = New-PSSession -ComputerName SERVER1 -Credential $creds -Authentication "Negotiate"

A persistent remote connection is made from DC01 to SERVER1 via WinRM.

The following excerpt from this MSDN article is a pretty good description of what's going on. I'll recap, poorly:

The nodes do a classic TCP/IP handshake. (ACK, SYN-ACK, NICE-TO-MEET-YOU-ACK)
Client (DC01) does an HTTP Get for the resource. (Hey can I just access you?)
Server (SERVER1) says "No way, I'm not that easy! (Returns 401 Unauthorized) ... but I am willing to negotiate, here's what I can do..."
Client evaluates the authentication methods on offer, and sends new token with new base64-encoded authentication junk in it.
Server accepts the challenge response by checking the hash against what it has in its own SAM, and allows Client to connect. (Returns HTTP 200)

So like I said, this communication is already pretty well protected. But maybe you want more. You can either set up an IPsec tunnel between the nodes, or you can enable certificate-based SSL encryption between the two nodes if you feel the need to further wrap all your packets in a warm blanket of security. We'll discuss certificate-based SSL encryption here.

First off, remember from Part I that WinRM just won't work with self-signed certificates. So we need a Certificate Authority. Luckily I've got one, but it's an ECA that belongs to a domain of which SERVER1 is not a member. No matter - to issue certificates to non-trusted parties, you simply need to add the web-enrollment junk to your ECA:

Add all of the web role services

I chose "Username and Password" authentication, but Integrated Windows Authentication might have worked as well, since the two computers are on the same network.

The next thing I'm going to do is install the certificate from the ECA into the Trusted Root CA store on SERVER1, so that SERVER1 will implicitly trust any certificate issued by my ECA. Export the certificate from the ECA, move the certificate to SERVER1, then Import the certificate to the correct store, you know the drill. You could also just browse to http://your-ECA/certsrv and download the CA certificate from there. Whatever works for you.

This next part gave me so much heartburn, and I'm hoping I can now save you some. You might remember from the first part of this tutorial that WinRM needs a certificate for "Server Authentication" purposes. The "Web Server" template in a basic set up of Certificate Services is for Server Authentication purposes. So we should just be able to use that one, right?

No one tells you this, but for WinRM to use the certificate, the private key must be marked as exportable when you request it from the CA. However, the original "Web Server" certificate template does not allow exporting private keys. So on your ECA, copy the Web Server template. Make sure you choose the "Windows Server 2003" option and not the "Server 2008" option, or else the new template will not show up in the drop-down menu on your Certsrv webpage. Name the copy something like "Web Server With Private Key." Modify the new template, and on the "Request Handling" tab, click "Allow private key to be exported." Nothing else needs to be changed unless you need to. Then, on the "Certificate Templates" node under your ECA, right click it, select New -> Certificate Template to Issue, and choose the new "Web Server with Private Key" template that you just created.

This article came in handy for me.

Next, on SERVER1, launch Internet Explorer. Make sure that the URL http://your-ECA/certsrv is added to SERVER1's Trusted Sites list, and modify your Internet Explorer security settings as needed so that you're able to run any and all ActiveX scripts that the ECA wants you to run, etc. Now browse to http://your-ECA/certsrv. You should need to provide credentials. (I bet it's through the same SPNEGO process that we witnessed earlier!) Make sure that the credentials you log in with have permissions to enroll in the certificate you will be requesting. You should get a pretty plain web page where you can request a certificate. If you don't, you've already gone astray.

Click on Request a Certificate, then submit an advanced certificate request. Then click Create and submit a request to this CA. Choose the "Web Server With Private Key" Certificate Template from the drop down menu that you created earlier. Yes, I know this is not a web server, but recall from part one of this tutorial that we need a certificate for "Server Authentication" purposes, and this certificate will give us that. You can spend a bunch of time playing around with the certrqtp.inc file on your CA and customizing the certificate request webpage to provide new templates if you want, but I don't really care about that right now. Also pay attention that as you change the certificate request type in the drop-down menu, you should be seeing the text boxes on the web page change around. This means the ActiveX junk is running successfully in the background.

So submit that request, and the website will either tell you that your certificate request requires approval (go approve it,) or it'll just give it to you right away, depending on the policy you set up on your CA. When you click the link to install your new certificate, the webpage will automatically install your new cert in your Current User > Personal store. Go look at it. It's important that it has the correct name on it (the subject and "CN=" part of the certificate needs to say SERVER1, etc.) and that there are no other validation errors. It should have "Server Authentication" in the Enhanced Key Usage field. Now they say that WinRM should be able to use this certificate whether it resides in the current user store or in the local computer store, but I had to export the certificate from there (including private key!) and then import it into the Local Computer > Personal store to get it to work. Finally, while you're here, open the properties of the certificate, and copy the Thumbprint. You'll need that in a second. (Reference)

Next, delete your old HTTP listener on SERVER1 with this command:

winrm delete winrm/config/Listener?Address=*+Transport=HTTP

You can only have one listener per network interface, from what I understand. Better we keep the config as simple as possible in any case. By the way, you can execute non-Powershell commands like this from within Powershell if you start the command with an ampersand. (& winrm delete winrm/config...)

Create your new HTTPS listener, configured to use your specified certificate, like this:

winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="SERVER1";CertificateThumbprint="1d9256aea461788764cec1904463120f094393f9"}

Where CertificateThumbprint is the thumbprint you copied off of the certificate a minute ago. If all goes well, you will get a "ResourceCreated" response from WinRM. Otherwise, the errors you are likely to see include "Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed" or "A specified logon session does not exist. It may already have been terminated." I wrestled with both of those errors, and the only way I've gotten past them is to follow my above steps to the letter.

SERVER1 is now listening on port 5986, waiting for an SSL-protected connection. Keep in mind that since you didn't use quickconfig, it didn't automatically create a Windows Firewall rule for TCP 5986.

And finally - the fruit of our labor... So I've moved back to DC01. Keep in mind that DC01 is already configured to trust certificates that were issued by my ECA. I run this in Powershell:

$creds = Get-Credential
$server1 = New-PSSession SERVER1 -UseSSL -Credential $creds

And magic happens. And by "magic," I mean "no errors!" The connection established successfully with no fuss. And here's the cool part: This is a packet capture of the exact moment when the two nodes start communicating:

I don't even get to see the headers any more. It's all 100% complete gibberish, impervious to prying eyes, thanks to SSL encryption.

One last thing as a bonus for making it all the way through this article: In case you didn't know, Powershell creates "pseudo-drives," for lack of a better term, for certain repositories on your computer. For instance, in Powershell, type "cd cert:" to navigate around your Certificate Stores like a normal directory, and type "cd wsman:" to navigate around your WinRM configuration as if it were a regular file structure! Pretty cool, eh?

2012 global award winners RISE to the top

2012-01-30T06:00:13+00:00

Our business at Google is rooted in STEM and CS, so we’re passionate about supporting organizations that are expanding access to these fields, especially for students who might not have the opportunity otherwise. The annual Google Roots in Science and Engineering (RISE) program supports organizations running innovative STEM (science, technology, engineering and math) and CS (computer science) enrichment programs for K-12 and university students around the world.

This year, the Google in Education group received a record number of inspiring applications for RISE. We expanded the awards to include Sub-Saharan Africa, and in total, we’re awarding more than $340,000 in funding to 13 U.S., eight European and five African organizations.

Our recipients are diverse, ranging from girls robotics teams building high-tech machinery in Nairobi to after-school programs that have students configuring cluster computers in Salt Lake City. Below are just a few of the outstanding organizations receiving RISE awards this year for their efforts in advancing CS and STEM education:

United States

Santa Clara Valley Society of Women Engineers, San Jose, California. GetSET is a program created for underrepresented ethnic minority girls in the San Francisco Bay Area to expose them to engineering while building self confidence through leadership workshops, tours of technology companies and participation in team-building exercises.
Saturday Academy, Portland, Oregon. Saturday Academy serves 2nd-12th grade students from Oregon and SW Washington with high quality and creative learning opportunities taught by STEM experts, including hands-on, real world activities that create meaningful connections between academic content and practical application.

Europe

Frauennetzwerk Informatik at Universität Passau, Passau, Germany. University students from Passau act as ambassadors for computer science, engineering and math by reaching out to juniors and seniors at their former high schools and running workshops on topics like robotics and mobile app development. Ambassadors go on to serve as mentors to the students throughout their high school and college careers.
The Centre for Academic Achievement, Dublin, Ireland. This center runs free after school educational classes in a university setting for bright primary school students from disadvantaged areas. Each term, students from 32 local primary schools have the opportunity to study science, math and engineering subjects and are encouraged to pursue college degrees in the future.

Sub Saharan Africa

Savana Signatures, Tamale, Ghana. Savana Signatures educates youth and women, building their capacity to access information for the benefit of Ghana’s social and economic development.
Fundi Bots, Kampala, Uganda. Fundi Bots is a technology outreach program for students in high school and university that uses robotics to introduce young children to the endless possibilities of technology in both their day-to-day lives and potential careers.

Organizations interested in applying for 2013 funding can sign up for more information here. We look forward to hearing about all the great work being done in CS and STEM education.

Posted by Roxana Shirkhoda, K-12 Education Outreach

WordPress Clear Line Theme – Previous Page Newer Posts

2012-01-30T03:37:38+00:00

The WordPress Clear Line Theme has paginators at the bottom of pages, that have links to Previous Page and Next Page. Changing them to say something like Newer Posts and Older Posts is easy – you need to edit the following four files:

archive.php
author.php
index.php
search.php

In these files, search for the lines that look like:

posts_nav_link(' &#8212; ', __('&laquo; Previous Page'),...

Edit each file and change Previous Page to Newer Posts, and Next Page to Older Posts.

Alternatively if you’ve got ssh shell access (and you’re hosted on a Unix-like environment eg Linux), you can run the following commands:

cd /var/www/wp-content/themes/clear-line
sed -i 's/Previous Page/Newer Posts/' archive.php author.php index.php search.php
sed -i 's/Next Page/Older Posts/' archive.php author.php index.php search.php

Of course before running these sed commands you should backup your files, in case anything goes wrong…

Dealing with Fitts' Law on widescreen displays

2012-01-30T02:13:49+00:00

Dealing with Fitts' Law on widescreen displays

One of the usual sayings derived from Fitts' Law is that four of the five easiest locations to reach with the mouse are the four corners of the screen, because they require very little precision (the edges trap the mouse and guide it into the corner). Over the years I've made some modifications to my desktop environment to make better use of this principle. The most important one is how I use the top left corner; I have my taskbar equivalent arranged so that when an iconified terminal window gets output, I can just zoom my mouse to that corner and click in order to reveal the terminal window.

Zooming to a corner is a fast operation in most setups; it works fine on a single monitor, even a single widescreen monitor, and on a normal dual-monitor setup such as my work desktop. But recently (for reasons beyond the scope of this blog) my work setup got updated to dual widescreen monitors, which revealed two problems with my application of Fitts' Law in this environment.

The first problem is that the sheer number of side to side pixels in a pair of 1920x1200 LCD panels seems to be a bit too many to easily zoom a mouse across. My mouse pointer generally winds up in the middle of the right hand display; getting it to the top left corner of the left display was no longer anything like a little flick of the wrist. The second problem is that the top left corner was sufficiently physically far off to the side that it was no longer an easy casual action to glance at it to see if there was anything with new output that I needed to deiconify; I was less glancing off a bit and more peering off into the distance.

(I had my old dual displays relatively flat against each other, but I think that I probably need to move the new displays into a much more pronounced V shape.)

My current solution to this issue exploits Fitts' Law once again. The often-overlooked fifth easy to reach location is 'where the mouse is right now', or failing that 'some large area very near where the mouse is'. So I've created a new mouse button binding for my window manager; if the mouse is over the root window, hitting the left button with Shift+Control now de-iconifies the (alphabetically) first terminal window. My mouse is frequently parked over the root window and when it's not there's generally an exposed patch of the root window close to it.

(Technically the binding toggles the window's iconified state, which means that I can flip the first window back and forth from iconified to not. This is a great way to fidget.)

To deal with the 'too far to look' issue and to make things in my terminal windows taskbar easier to reach in general, I've repositioned it so that it's at the top left corner of my second (right) display; this puts it more or less in the center of my overall workspace and makes it easier to both reach and look at. I don't think this move away from a screen corner is a loss for Fitts' Law because everything except the first window already had to be targeted carefully.

Of course, now I just have to train myself out of a many years habit of reflexively looking and going to the top left of the left display. This shouldn't take too long, right?

(What I'd really like to do is duplicate my taskbar equivalent in the top left of both displays. Unfortunately this isn't possible right now with my window manager.)

PS: I experimented briefly with increasing the mouse acceleration (which would make everything effectively closer) but didn't like the effects it had on my ability to target things with the mouse in general; I kept overshooting and missing stuff. Possibly I would have acclimatized with time and I just gave up too soon.

Mounty - Simple disk image mounting tool

2012-01-30T00:05:43+00:00

{lang: 'en-GB'}

Mounting disc image files (.iso, .img, .dmg, etc) in Ubuntu isn’t hard. There are a number of applications available designed to carry out the task.But Mounty, a system tray applet, is probably the easiest of them.
(...)
Read the rest of Mounty - Simple disk image mounting tool (26 words)

© admin for Ubuntu Geek, 2012. | Permalink | No comment | Add to del.icio.us
Post tags: desktop, Mounty, Mounty ubuntu ppa

Twitter Weekly Updates for 2012-01-29

2012-01-29T14:59:00+00:00

Alas, they're all out of Fluttershy. (@ Toys"R"Us) http://t.co/oydeWfp5 #
You know what I miss from Hawaii? Earthquakes. #
Post-fire drill poutine! (@ Frenchies Diner) http://t.co/7VeGWvsC #
Oh. My. God. http://t.co/u9gw9iG8 #
If the #NewWest PD wants to make some money, they should install a red light camera at 6th Ave and McBride. #
Why the Boston Bruins should shoulder blame for Tim Thomas White House mess http://t.co/acpSPCKB #
Lotus Notes! /me shakes fist. #
Daniel Sedin with number 21. #
This makes me happy: http://t.co/ufu8mTtJ Thanks, @themitchy! #
In what universe are you allowed to rescind your 'no' vote on an issue that passed months ago, so it has to be voted on again? Jesus fuck. #
Google Reaching Its Grabby Arms Out To Combine More Of Your Personal information http://t.co/qgei92Nu #
Me: "And do you love Uncle Greg?" Elizabeth: "Yeah. And I love tarantulas too!" #
Lego man sent to space by Toronto teens http://t.co/A5hbO6E2 #
Hey @FoodNetwork, your website just did this to me: http://t.co/42dB5hHz I had to go somewhere else for a recipe. :-( #
Vancouver! Go outside and look to the west. The Moon and Venus are fantastic tonight! #
I've taken over my company's iOS app. If only I knew someone who wrote an intro to iOS book they could send me for "review"… #
What the I don't even http://t.co/t87EeHF1 #
I don't understand. 14 minutes in and the US hasn't scored yet? #concacaf #
Oh, there they go. 16th minute. Poor defending by Costa Rica on the corner. #concacaf #
Well shit, now I can't hate everybody on the Blackhawks. http://t.co/a6gNF84x #
The thing I like about women's soccer is they don't writhe around like they've been shot after getting touched by another player. #
It is snowing like a motherfucker in Coquitlam. #
That was an incredibly successful curling practice. I got two tips on holding my broom during delivery, and I didn't fall once! #

Getting MySQL running on a CentOS Linux server

2012-01-29T14:24:37+00:00

I started playing with MySQL back in the 4.X days, but never invested a lot of my time since my day job required me to support Oracle databases. I’m trying to branch out more now, and recently picked up a copy of MySQL, MySQL High Availability and PHP And MySQL. There are a slew of [...]

Thinking about spam rejection and abuse addresses

2012-01-29T07:25:06+00:00

Thinking about spam rejection and abuse addresses

Somewhat recently we got a spate of spam messages to our abuse address, which set me to thinking about the mostly theoretical issue of how to treat email to it.

(It's a mostly theoretical issue for us because the volume of spam and other email to our abuse address is very low in general, so we're not at all likely to change anything about it.)

On the one hand, visible spam rejection of email to abuse addresses is one of the things that really gets on people's nerves; it's famous for rejecting real spam complaints because, of course, they contain spam. Your spam, that people are trying to complain about.

On the other hand, email to abuse is going to go through our spam scoring system and get tagged if the system thinks it's spam. Pretty much everyone here either discards spam-tagged email outright or filters it to a separate folder. My mail filtering deliberately excludes email to abuse (among a few other things), but I don't know if anyone else either bothered or even thought of it; it's not necessarily something that comes to mind when you're setting up personal email filtering.

And finally, I can't think of any actual real email to our abuse address that we've gotten in the last five years or so (since I moved to here). It's all been spam. So as a practical matter, any filtering or rejection that we do on abuse email is unlikely to affect real complaints, because we don't get real complaints (hopefully because our users and machines don't generate spam, as opposed to people just not complaining about it).

(The other aspect of email to our abuse address is that I suspect most people are going to complaint to the central university-wide abuse address instead of abuse at our specific subdomain. The central people will then get in touch with us through our internal contact address, not our abuse address.)

This is of course a specific instance of the general spam rejection versus spam filtering dilemma. If you reject email people at least know; if you filter, there's at least a theoretical chance that you'll recover from filtering mistakes. The stakes are higher for the abuse address because it is one of the addresses that has a very high chance of false positives (non-spam classified as spam).

The most pragmatic thing to do in a situation like this is to apply spam-filtering to your abuse address. This blackholes real spam to keep it from bothering people while carefully not saying anything to real senders who had their messages misclassified. But this pragmatism sort of bothers me because it's lying to real senders just to pacify them (their email is being ignored either way but you're deliberately doing it silently so they don't know). It would be more honest to use spam rejection on the abuse address, and it might do some good to reduce the level of spam. If legitimate email to your abuse address really is vanishingly rare, it also shouldn't affect very many people.

So what's the right answer? I have no idea.

(My current approach of exempting the abuse address from my personal filtering would not be viable if it got a lot of spam. At that point I would probably remove the exemption and let spam-tagged email to the abuse address get quietly filtered away, mostly because it's easier than trying to persuade everyone that maybe we should do spam rejection for email to abuse.)

WordPress Clear Line Theme – Hide Site Admin, Login, Entries RSS

2012-01-29T04:58:40+00:00

The default settings in the WordPress Clearline Theme (and most WordPress themes) will display a box of settings containing things like “Site Admin”, “Login”, “Entries RSS”, etc. This is called the Meta Widget.

Unfortunately this Meta Widget can really distract from the visual quality of your site, and it’s a slight security risk (though hiding it won’t stop evildoers from working out that you’re running WordPress).

There’s a couple of options for hiding the Meta Widget:

don’t display it at all. Go to Appearance -> Widgets, find the Sidebar that Meta is being displayed in, and delete it. You can then login to your blog by going to the /wp-login.php page. For example if your blog is http://myblog.info, go to http://myblog.info/wp-login.php to login
make it smaller and barely visible (the option I prefer). First of all, go to Appearance -> Widgets and move/add a Meta Widget to the Footer Counters Sidebar (this Sidebar is specific to the Clearline Theme). Then, you need to edit the wp-includes/default-widgets.php file. Search for the line that contains wp_register (about line 293), then delete the three lines that contain ‘rss2_url’, ‘comments_rss2_url’, and ‘wordpress.org’, and remove the bulleting from ‘wp_loginout’. The changes are easier to see with some before and after code:

Before:

<ul>
<?php wp_register(); ?>
<li><?php wp_loginout(); ?></li>
<li><a href="<?php bloginfo('rss2_url'); ?>" title=...
<li><a href="<?php bloginfo('comments_rss2_url'); ?...
<li><a href="http://wordpress.org/" title="<?php ec...
<?php wp_meta(); ?>
</ul>

After:

<ul>
<?php wp_register(); ?>
<?php wp_loginout(); ?>
<?php wp_meta(); ?>
</ul>

Now, you’ll have a small Login link at the bottom right-hand corner of your blog!

Addendum

If you take the second option (making the Meta Widget smaller and barely visible), you may have noticed you get a small “Site Admin” link when logged in (at the bottom right of the page). You can fix this by editing the wp-includes/general-template.php file. At about line 319, change:

$link = $before . '<a href="' . admin_url()...

to:

$link = '';

See all the "Best Picture" Oscar nominated films in 2 days

2012-01-28T17:37:14+00:00

I usually don't blog about something that has so little to do with system administration, but in this case I consider it a "time management tip".

Each year AMC theaters run their "Best Picture Showcase". They show all of the "best picture" nominated films in a marathon. They show 4 films on one Saturday and the other 5 on the following Saturday. This year it is Sat, Feb 18 and Sat, Feb 25. You can buy tickets for either or both days. (Some theaters show all 9 in a row on one day.. 23 hours of movies!)

We went last year and it was awesome. We had seen some of them already but it was fun seeing them again. The schedule includes a break between each film and a big break at inner. We went to a theater far enough away that it felt like we were on a mini-vacation.

For all the details go to: http://go.amctheatres.com/bps

Highly, highly recommended!

(We'll probably go to the one in New Brunswick, New Jersey.)

PL2303 Serial-USB on OSX Lion

2012-01-28T14:24:43+00:00

Here’s a way to get you PL2303-based Serial-USB adapter working with OS X Lion (10.7). Based on the osx-pl2303 project on github, I’ve built a kernel extension that works with OS X Lion. You can grab the kext file here or from the link below.

Installing the kext file can be done in a few easy steps:

download and extract
cd /path/to/osx-pl2303.kext
cp -R osx-pl2303.kext /System/Library/Extensions/
next you need to fix permissions and execute bits:
cd /System/Library/Extensions
chmod -R 755 osx-pl2303.kext
chown -R root:wheel osx-pl2303.kext
cd /System/Library/Extensions
kextload ./osx-pl2303.kext
kextcache -system-cache

Good luck!

http://xbsd.nl/~martijn/log/osx-pl2303.kext.tgz

Integrating ssh-agent into your login process

2012-01-28T13:38:16+00:00

Most of my readers utilize SSH keys to access remote systems. The security benefits are well known, and key-based authentication makes automating remote tasks a whole lot easier. When you use key-based authentication it becomes imperative to protect your private key, since a third party could access your systems if they were able to gain [...]

How I use FvwmIconMan

2012-01-28T06:35:50+00:00

How I use FvwmIconMan

I've mentioned FvwmIconMan in the tour of my desktop and sort of mentioned part of how I use it, but I've never really explained the details.

As I've set it up, FvwmIconMan is essentially a compact taskbar for my various sorts of terminal windows. In a dense display, it shows the window name for each one (well, the first part of it at least), an indicator if the terminal has been iconified, and an indicator if that terminal has the keyboard focus. This is part of how I work around not having conventional titlebars on terminal windows; the window name information from the titlebar is dumped in small text in the 'taskbar', and through long experience I can pick out the label for the current window pretty easily.

(Possibly I should make the current window more distinctive than it is right now. A lot of my FvwmIconMan configuration, much like a lot of my fvwm configuration in general, dates from days with much slower machines that had much more limited graphics.)

Left-clicking on FvwmIconMan's label for a window toggles whether or not it's iconified. Like other taskbar implementations, an iconified (or 'minimized') window is only present as a label in FvwmIconMan; to deiconify it, I have to go click on the label. This means that I care a lot about finding the window labels for specific windows, and I do two things to help with this. First, the window labels are always sorted into alphabetical order; if and when a window is renamed, the order shuffles (this is very important for my use of xterm's ziconbeep feature). Second, I give my windows very consistent names based on either the host they're on or what I'm using them for (and sometimes both). This scheme usually works okay but breaks down a bit if I have a lot of iconified windows on the same host; usually I don't and this isn't an issue. Lots of non-iconified windows on a single host are generally not a problem because they're directly visible and I usually keep them straight by how they're arranged on the desktop.

(This alphabetical sorting does mean that the label for a particular window isn't in a consistent physical spot; it can jump around wildly depending on what other windows get named or renamed. This doesn't bother me, partly because a lot of my terminal windows come and go rapidly anyways. Non-alphabetical taskbars actually drive me up the wall because I never can find anything once I have more than a few things running, or at least I can only find them by scanning through the entire taskbar.)

Some taskbar implementations only show windows from the current virtual desktop or virtual screen or the like. While I use virtual screens I have FvwmIconMan configured to include all terminal windows, regardless of where they are. Among other things this lets me easily yank terminal windows between virtual screens; I move to another screen, then iconify the window and immediately deiconify it again (windows always deiconify on the current virtual screen) with two clicks on the window's label. I can also use FvwmIconMan to switch to the virtual screen that holds a particular deiconified terminal.

(Iconified terminals aren't on any particular virtual screen; they've been effectively swallowed by FvwmIconMan.)

Sidebar: terminal windows versus Firefox windows

A long time ago I would have confidently told you that I did this for terminal windows, and only for terminal windows, because they were by far my most numerous sort of window and I also often had a lot of them iconified. If I had the iconified windows represented as real icons on the root window, I would run out of space; therefor I condensed them all into a much more compact area. Then my Firefox window habit grew out of control and at this point I often have as many iconified Firefox windows as I have terminal windows.

So why do I have a taskbar for terminals and real icons for Firefox? The simple answer is that useful Firefox window names are too long, whereas I can make xterm window names short enough that I can pack them in very compactly. Because Firefox window names are long, a taskbar that showed enough of the titles to remind me what they were would be too big to be feasible. Instead it actually takes less space to have real icons and count on my spatial memory to remember what the Firefox icon over there is for.

(Well, the spatial memory plus the bit of the start of the window title that fvwm shows me below the actual Firefox icon.)

Powerful and Open MediaCenter for Ubuntu Linux - Enna

2012-01-27T15:30:00+00:00

Enna is a Media Center application. Featuring a simple user interface, Enna allows the user to browse and play music and video files, browse pictures and play photo slideshows, build a database of the available media retrieve information from the Internet (such as covers, fan art, song lyrics, and much more). Enna is based on the powerful Enlightenment Foundations Libraries (EFL) for its graphical user interface and GeeXboX libraries for multimedia playback and information retrieval.

Enna Currently Supported ...
* Read your favorite books from over the Internet. Enna currently support GoComics and OneManga content providers.
* Get information from your system and configure it (as well as Enna) quite easily.
* Listen to your favorite songs. Enna currently can display your music cover, the usual metadata information (song title, artist, album) and lyrics as well.
* Provide a pictures wall representation of your photo collection. Also supports customizable slideshow effects.

People Behind Debian: Josselin Mouette, founder of the Debian GNOME team

2012-01-27T09:00:00+00:00

Josselin Mouette is one the leaders of the pkg-gnome team, he takes sound technical decisions and doesn’t fear writing code to work-around upstream issues. He deserves kudos for the work he has put into packaging GNOME over the years. He can also be very sarcastic (sometimes he even enjoys participating to flamewars on debian lists), and there are quite a few topics where we have long agreed to disagree. But this kind of diversity is also what makes Debian a so interesting place…

Read on to learn more about the pkg-gnome team, its plans for Wheezy, Josselin’s opinion on the GNOME 3 switch, and much more.

Raphael: Who are you?

Josselin: I am a 31 years old Linux systems engineer. I started in life with physics, which I studied at the ENS Lyon. I started a thesis on experimental and numerical models for optoelectronics, but when it became clear that research was not for me, I abandoned it and accepted a job at the CEA, which holds the largest computing center in Europe. Working on these machines has been the most awesome job ever (except for it being near Paris). After that I worked a bit on system monitoring technologies.

I am married, currently living in Lyon, and working for EDF (the French historical electricity company) on scientific workstations using Debian. EDF is using Debian on more than a thousand workstations and holds the fastest Debian supercomputer in the world (200 Tflops), which makes it another obvious place for Debian developers.

Raphael: How did you start contributing to Debian?

Josselin: I discovered Debian in 1999 while studying at the ENS, which is one of the biggest nests of Debian developers – while being a small place, it is producing almost one Debian developer per year on average. After wondering for a while what it could be useful for, hacking on a slink snapshot made me think that it was for, well, everything except for gaming. Later, in 2002, when I was working on optoelectronics computing codes, I started to package them for Debian in order to make them easier to install, for us as well as other labs over the world. I started the NM process, and it was going smoothly but also going to take time. However, at that moment, the frozen-bubble game went out and made quite some buzz. Since I knew a guy who knew the game’s developer, he asked me to package it. The package found 3 sponsors in a very short time and was fast-tracked into the archive at a speed that was unseen before. After which the NM process was completed very quickly.

At that time, I was a heavy WindowMaker user, but I didn’t like the direction the project was taking (actually, I wonder if there was one). GNOME was starting to become attractive, but its packaging in Debian was very ineffective, with many inconsistent packages maintained by people who didn’t ever talk to each other – some of them didn’t speak English, and some of them didn’t talk at all. Together with awesome people, among which Jordi Mallach, Gustavo Noronha Silva, JHM Dassen, Ross Burton and Sébastien Bacher, we started the GNOME team in 2003, introducing consistent packaging practices, and initiating synchronized uploads. Releasing a completely integrated GNOME 2.8 in sarge was a considerable achievement; proving (together with the Perl team) that a team was the best way to maintain large package sets changed the way people work on Debian.

“Proving […] that a team was the best way to maintain large package sets changed the way people work on Debian.”

Raphael: You’re one of the most active contributors of the team which is packaging GNOME for Debian. What would you suggest to a new contributor who would like to help the team?

Josselin: There are several ways to contact the team, but the recommended one has always been IRC. We hang on #debian-gnome on the OFTC network, so just come around and ask for us.¹ The real question is what you want to do in the team. Of course, most new volunteers want to help packaging the latest and greatest version of GNOME into unstable as soon as possible, but unless they already have Debian background, this is not the easiest task. Since there are already people working on this, the “big” packages are usually waiting on dependencies.

I used to direct newcomers towards bug triage, but it is a tedious task and I’m now convinced that our huge bug backlog will never be dealt with. The most useful thing to do for newcomers now is probably to find a GNOME or GNOME-related package that needs improvement or is lagging behind, and simply try to work on it. You can also come and fix the bugs you find annoying. Find a patch on the GNOME bugzilla, or cook it yourself, propose it, and if it’s worthy enough you’ll soon get commit access.

“Our huge bug backlog will never be dealt with.”

¹ At this point I feel worth mentioning that if no one answers in 10 minutes, it doesn’t mean that no one will answer in 2 hours, so please stay on the channel after asking.

Raphael: There’s been some controversy about GNOME 3 and the direction that the project is taking. What’s your personal stance on GNOME 3? And what’s the position of the pkg-gnome team?

Josselin: The controversy is not new to GNOME 3, but the large-scale changes made with it have put it more prominently. The criticism usually boils down to a few categories:

General lack of configurability
Strange design decisions
Red Hat centric development
Hardware requirements
Change resistance

The lack of configuration options has been an ongoing criticism since GNOME 2.0 has decided to rip off most of them. Of course, when the control center was redesigned again for 3.0, there was a surge of horrified exclamations from people who missed their favorite buttons. On this topic, I fully concur with GNOME developers. The configuration option that is useful for you is not necessarily useful for someone else. Of course, sometimes developers go a bit too far, but the general direction is right. At work, we found that only a minority of users actually configure anything on their desktops: they just want something that works to launch their applications. Apple and Google have sold millions of devices by making them the simplest possible and without any configuration.

Design decisions are, on the contrary, individual decisions, and each of them, while having reasons behind it, can be questioned. I remember seeing a lot of complaints when the OK and Cancel buttons were reversed in dialog boxes, something that nobody questions anymore. GNOME Shell is full of such changes; some are easy to get accustomed with, some others just make eyebrows raise. The most obvious example is the user menu in GNOME 3.2, which contains an entry to configure your Google account, but no entry to shutdown the computer. Both decisions were taken independently, each of them with (good or bad) reasons, but the result is simply ridiculous. The default configuration in Debian will contain an extension to make it a bit better, but on the whole we don’t intend to diverge from the upstream design, on which a lot of good work has been done.

“On the whole we don’t intend to diverge from the upstream design, on which a lot of good work has been done.”

Point 3 is more complex. Red Hat being the company spending the most on GNOME, it is obvious that their employees work on making things work for their distribution. An example is the recurring discussions about relying on system services that are currently only implemented by systemd. Since there is a lot of (mostly unjustified) resistance against systemd in Debian, and since it won’t work on kFreeBSD anyway, someone needs to develop an alternative implementation of these services for upstart and sysvinit. Everything is in place for someone else to do the job but it has to be done, and this can be frustrating. Especially since it can also be hard to integrate changes needed for other distributions¹.

Hardware requirements are mostly a consequence of the previous criticism: there’s hardware that most distributions just don’t want to bother supporting. We’ve seen it in squeeze with the introduction of a hard dependency on PulseAudio. The Debian GNOME team (together with the Gentoo maintainers) made this dependency optional, carrying heavy patches, in order to cover the cases where it does not work. Now that it has gained more maturity, making this effort obsolete, the new tendency is to require 3D acceleration. For various reasons, it is not available to everyone². On this matter, the position of the Debian GNOME team has always been to support as much different configurations as possible with reasonable effort. Thanks to efforts from the incredible Vincent Untz, upstream supports a so-called “fallback mode”, which is the GNOME panel from 2.x with a lot of its bugs fixed. We intend to support this mode for as long as reasonably possible in Debian, possibly even after upstream ends up dropping it. However, other applications are going to require 3D because GStreamer is moving to clutter too, affecting video playback performance on non-accelerated systems³. For epiphany this is not a problem; only embedded video will be affected. But for totem, this is a major issue; because of that we will probably keep totem 3.0 in wheezy.

Finally, there is a natural human tendency to dislike change (I have it too), and it applies a lot to desktop users’ habits. Needless to say a change of such a scale as introducing GNOME Shell can trigger reactions. However, I don’t think it is reasonable, because of this resistance, to keep gnome-panel 2.x in Debian. This would be a lot of work on obsolete technology, and would prevent the upcoming removal of a lot of deprecated libraries. This time is much better spent improving gnome-panel 3.x in Debian and keeping the “fallback mode” great. One of the change that was made in Debian was to make it easier to find, being available as “GNOME Classic” directly from the login manager, instead of having to find it in an obscure configuration panel. In all cases, I would recommend to actually try GNOME Shell for a few hours before ditching it. I had never been accustomed to a new environment as quickly ever before.

“In all cases, I would recommend to actually try GNOME Shell for a few hours before ditching it.”

¹ Having seen several of my GDM patches reverted without a warning, I know we are not finished with carrying patches in Debian packages.
² Scientific workstations are a non-trivial example, since there is a measurable effect of using 3D in the window manager on heavy 3D applications.
³ On the other hand, on accelerated systems, this feature should end up improving performance a lot.

Raphael: What are your plans for Debian Wheezy?

Josselin: The first goal of the GNOME team is, of course, to provide again a great desktop environment to work on. For wheezy it will probably be based on GNOME 3.4. There also needs to be some work on package management interfaces. Upstream bases everything on PackageKit, but it is not as featureful as the aptdaemon Ubuntu technology. If I have time, I would also like to improve HTTP proxy support, since currently it is based on a stack of terrible hacks.

Raphael: If you could spend all your time on Debian, what would you work on?

Josselin: Obviously I would like to make GNOME in Debian even better. That would imply working on underneath dependencies (what we now like to call plumbing) to make sure everything is working great. This would also imply working more as GNOME upstream to make it more suitable for our needs.

I would also work on large-scale improvements on the distribution, like conditional recommends which I’d love to see implemented¹, or automatic build-dependency generation. I would also work on the installer to make it better for desktops machines.

¹ The idea is to automatically install language packs, or glues between two packages when both packages are installed.

Raphael: What’s the biggest problem of Debian?

Josselin: The obvious answer is the same as the one most people you interviewed before gave: not enough members in core teams. A lot of developers join Debian to work on a small number of pet packages, and don’t necessarily want to be involved with existing teams. It is probably still not obvious enough that the primary way to start contributing to Debian is to join an existing team.

But if there is one thing that is preventing Debian from gaining more momentum now, it is a completely different one: the too short support timeframe. 3 years is really not enough for corporate users. One year to migrate from one version to another is too short, and it is not possible to skip a release. It is definitely possible to change that with reasonable effort: the long-term support after 3 years doesn’t have to cover the same perimeter as the short-term one. For example, we could upgrade the kernel to the version in the current stable release, and stop fixing all non-remote security holes. The important thing is to cover the most basic needs: companies are ready to take the risk of having less support if it allows skipping a version, but not the risk of having no support at all. And even more important is to say that you do something. Red Hat says they support a release for 10 years, but of course after 5 years the supported perimeter is extremely small.

“3 years [of support] is really not enough for corporate users.”

Long-term support will not magically fix all problems in Debian, but it will bring more corporate users into the picture. And with corporate users come paid Debian developers, who can work on critical pieces of the system. Debian was built on the synergy between individuals and companies, and in recent years – perhaps as a reaction against what happened with Ubuntu – we’ve kind of forgot the latter. A lot of individuals have joined the project, and they are actively working, for example, on shortening the release cycle, which goes against the interest of professionals. We should embrace again such users and developers, and that means adapting to the current needs of larger entities.

Raphael: You’re the maintainer of python-support, a packaging helper that was competing with python-central. Both helpers are now deprecated in favor of dh_python2. Does this mean that the situation of Python in Debian is now sane? Or are there remaining problems?

Josselin: dh_python2 (and the Python3 version, dh_python3) has a sane enough design. It fixes a lot of issues in python-central and also python-support, at the expense of somehow reduced functionality for developers. However, just like the previous tools, it merely works around design mistakes in the Python interpreter. For example it is not possible to split binary modules, pure-Python modules and byte-compiled modules in different directory trees, like Perl does – although PEP 3147 introduces a way to do so. There is still no sane and standardized way to deal with module versions. There is no difference made between the module (which is a part of language semantics) and the file containing it (an information which depends on the implementation). Developers heavily rely on introspection features and make assumptions based on the implementation, that make it impossible to work around problems with module files.

Such problems are not restricted to Python. Those who fought against Ruby gems could tell even worse stories. While introducing GObject introspection packages in Debian (they can be used in JavaScript and Python to provide modules based on GObject libraries), I was pleased to see a clear distinction between file and module, but I was again struck by the fact you are not forced to declare API versions in your Python/JS code. In all cases, there is no reliable way to detect runtime dependencies in a given Python or JavaScript file, which leaves the maintainer to declare them by hand, and of course, often be wrong about them. Add to that the fact that most errors cannot be detected before runtime. For all these reasons, and while still being fond of Python for scripts and prototyping, I’ve become really skeptical of using purely interpreted languages to write real applications. Some GNOME developers are moving away from Python and JavaScript, mostly towards Vala; I can only approve of that move and hope the same happens to other projects.

Raphael: Is there someone in Debian that you admire for their contributions?

Of course there is the never-sleeping, never-stopping, Michael Biebl who can upload a whole GNOME release in a single week-end. But there are a lot of awesome people who make Debian something that simply works. I could talk about Cyril Brulebois from the X strike force, Julien Cristau from the release team, Sjoerd Simons for his sound advice and work on plumbing, Luca Falavigna who is so fast at processing NEW, to quote only a few of those I work with frequently. And of course, Jordi and Sam for their humor.

Thank you to Josselin for the time spent answering my questions. I hope you enjoyed reading his answers as I did. Note that you can find older interviews on http://wiki.debian.org/PeopleBehindDebian.

Subscribe to my newsletter to get my monthly summary of the Debian/Ubuntu news and to not miss further interviews. You can also follow along on Identi.ca, Google+, Twitter and Facebook

8 comments | Liked this article? Click here. | My blog is Flattr-enabled.

Why metaclasses work in Python

2012-01-27T05:40:15+00:00

Why metaclasses work in Python

I've covered what you can do with metaclasses (1, 2, 3, 4) and even, sort of, the low level details of how they work (1, 2, 3). But I've never covered the high level view of why metaclasses work, ie what overall Python features make them go (partly because I am so immersed in Python arcana that much of that stuff feels obvious to me, although I doubt it actually is).

To start with, in Python everything is an object and all objects are an instance of something (yes, there are spots where this gets recursive). This includes even things that you wouldn't normally think of as objects, such as functions. Crucially, this includes classes: classes are objects. Any time you have an object in Python, a lot of its behavior is usually provided by whatever it is an instance of (to avoid confusion, I'll call this the type of the object). Classes are no exception to this; a lot of how classes behave is handled by their type, even things like how a new object gets created when you call the class.

(For simplicity, I'm going to ignore old-style Python 1.x classes from here onwards and assume that all classes are new-style Python 2 classes that ultimately subclass object.)

To avoid a point of confusion: classes have ancestor ('base') classes that they inherit from (or just object(), the root class). However, classes are not instances of their base class; we can see why this has to be when we note that a class can inherit from multiple base classes. You can't be an instance of several different things at once. So classes exist in a two-dimensional relationship; they inherit from one or more base classes, and at the same time they are instances of something that provides much of their 'class' behavior. The type of classes (the thing that provides the 'class' behavior) is called type().

(This two dimensional structure can get a bit weird.)

In some languages, the creation of classes is black magic that happens deep in the interpreter and isn't something you can do inside the language (even if the classes are visible as objects). Python has instead chosen to expose the ability to create classes by hand; you you can do this by calling type() with the right arguments (and then binding the class object to a name), just as you create instances of normal classes by calling the class itself. As part of creating classes yourself by hand, you can obviously manipulate class creation; you can create a new class with whatever methods, base classes, and so on you want.

(What's odd about type() is that despite it being a class, you can call it with a single object to get the type of the object.)

Python is also an unusual language in another way; in Python, things like defining functions and classes are themselves executable statements. Python doesn't parse your program, create all the functions and classes, and then start running your code; instead it starts running your code and things like def and class execute on the fly (as does import and so on). So it's natural to have your code running as classes are being created.

The combination of these two things means that Python can easily provide a way to hook your own code into the process of creating the class objects for classes that are written in straight Python, with 'class X(object): ....'. Python is already running code in general when this happens, and the mechanisms of creating classes by hand means it's relatively easy for Python to hand you the bits of the class-to-be so you can modify it and then have everything continue onwards to create a new class. This is why metaclasses can change classes as they are being created.

The other half of why metaclasses work is that Python allows classes to be instances of something other than type(). Since classes get a lot of their 'class' behavior through normal instance method inheritance from type(), a class being an instance of something other than type() lets the other thing intercept or change the normal as-a-class behavior for that class (for example, what happens when you call the class). This is why metaclasses can do things with a class after the class has been created.

VxVM vxassist ERROR V-5-1-5455 Operation requires a disk group

2012-01-27T04:30:37+00:00

On this post we will take a closer look at this veritas volume manager error when trying to display the available disk space in an existig datagroup. The error is “VxVM vxassist ERROR V-5-1-5455 Operation requires a disk group”

This is a draft post as I currently have no answer yet.. Weird thing is, the vxassist command works on one server and not in the other.. which is spitting out the error in subject.

Take this example:

Working server:

# vxdg list NAME STATE ID datadg1 enabled 1169455228.81.sgtjcpb1 datadg2 enabled 1169455429.95.sgtjcpb1 # vxassist -g datadg1 maxsize layout=concat Maximum volume size: 390506496 (190677Mb) # vxassist -g datadg2 maxsize layout=concat Maximum volume size: 676767744 (330453Mb) # vxassist -g datadg1 maxsize layout=raid5 Maximum volume size: 270483456 (132072Mb) # vxassist -g datadg2 maxsize layout=raid5 Maximum volume size: 375160832 (183184Mb)

Looks fine right? But when I tried the same syntax on the other sever, I got this:

# vxdg -g sysdg free DISK DEVICE TAG OFFSET LENGTH FLAGS sysdg05 emcpower5s2 emcpower5 16777216 2029952 n sysdg06 emcpower3s2 emcpower3 16777216 2029952 n sysdg07 emcpower4s2 emcpower4 167772160 2020352 n # vxassist -d sysdg maxsize layout=concat VxVM vxassist ERROR V-5-1-5455 Operation requires a disk group #

I suspect it has something to do with the Veritas VX version or the OS it is running. Will investigate further and let you know.
–

UPDATE.. saw the error after 5 minutes.. saw it? I found “d” error.

Monitoring with Windows Remote Management (WinRM) and Powershell Part I

2012-01-26T16:51:00+00:00

Hey guys. I should have called this post "Monitoring with Windows Remote Management (WinRM), and Powershell, and maybe a Certificate Services tutorial too," but then the title would have definitely been too long. In any case, I poured many hours of effort and research into this one. Lots of trial and error. And whether it helps anyone else or not, I definitely bettered myself through the creation of this post.

I'm pretty excited about this topic. This foray into WinRM and Powershell Remoting was sparked by a conversation I had with a coworker the other day. He's a senior Unix engineer, so he obviously enjoys *nix and when presented with a problem, naturally he approaches it with the mindset of someone very familiar with and ready to use Unix/Linux tools.

I'm the opposite of that - I feel like Microsoft is the rightful king of the enterprise and usually approach problems with Windows-based solutions already in mind. But what's important is that we're both geeks and we'll both still happily delve into either realm when it presents an interesting problem that needs solving. There's a mutual respect there, even though we don't play with the same toys.

The Unix engineer wants to monitor all the systems using SNMP because it's tried and true and it's been around forever, and it doesn't require an agent or expensive third-party software. SNMP wasn't very secure or feature-rich at first so now they're on SNMPv3. Then there's WBEM. Certain vendors like HP have their own implementations of WBEM. I guess Microsoft wasn't in love with either and so decided to go their own way, as Microsoft is wont to do, hence why you won't find an out of the box implementation of SNMPv3 from Microsoft.

One nice thing about SNMP though, is that it uses one static, predictable port.

In large enterprise IT infrastructures, you're likely to see dozens of sites, hundreds (if not thousands,) of subnets, sprinklings of Windows and Unix devices all commingled together... and you can't swing a dead cat without hitting a firewall which may or may not have some draconian port restrictions on it. Furthermore, in a big enterprise you're likely to see the kind of bureaucracy and separation of internal organizations such that server infrastructure guys can't just go and reconfigure firewalls on their own, network guys can't just make changes without running it by a "change advisory board" first, and it all basically just makes you want to pull your hair out while you wait... and wait, and wait some more. You just want to be able to communicate with your other systems, wherever they are.

Which brings us to WinRM and Powershell Remoting. WinRM, a component of Windows Hardware Management, is Microsoft's implementation of the multi-platform, industry-standard WS-Management protocol. (Like WMI is Microsoft's implementation of WBEM. Getting tired of the acronym soup yet? We're just getting started. You might also want to review WMI Architecture.) I used WinRM in a previous post, but only used the "quickconfig" option. Seems like most people rarely go any deeper than the quickconfig parameter.

Here's an excerpt from a Technet doc:

"WinRM is Microsoft's implementation of the WS-Management protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that enables hardware and operating systems from different vendors to interoperate. You can think of WinRM as the server side and WinRS the client side of WS-Management."

I bolded the phrase that especially made my ears perk up. You see, Windows has a long history with things like RPC and DCOM. Those protocols have been instrumental in many awesome distributed systems and tool sets throughout Microsoft's history. But it just so happens that these protocols are also probably the most complex, and most firewall unfriendly protocols around. It's extremely fortuitous then that Ned over at AskDS just happened to write up a magnificent explication of Microsoft RPC. (Open that link in a background tab and read it after you're done here.)

Here's the thing - what if I want to remotely monitor or interact with a machine in another country, or create a distributed system that spans continents? There are dozens of patchwork networks between the systems. Each packet between the systems traverses firewall after firewall. Suddenly, protocols such as RPC are out the window. How am I supposed to get every firewall owner from here to Timbuktu to let my RPC and/or DCOM traffic through?

That's why monitoring applications like SCOM or NetIQ AppManager require the installation of agents on the machines. They collect the data locally and then ship it to a central management server using just one or two static ports. Well, they do other more complex stuff too that requires software be installed on the machine, but that's beside the point.

Alright, enough talk. Let's get to work on gathering performance metrics remotely from a Windows server. There are a few scenarios to test here. One is communications within the boundaries of an Active Directory domain, and the other is communications with an external, non-domain machine. Then, exploring SSL authentication and encryption.

The first thing you need to do is set up and configure the WinRM service. One important thing to remember is that just starting the WinRM service isn't enough - you still have to explicitly create a listener. In addition, like most things SSL, it requires a certificate to properly authenticate and encrypt data. Run:

winrm get winrm/config

to see the existing default WinRM configuration:

WinRM originally used ports 80 for HTTP and 443 for HTTPS. With Win7 and 2k8R2, it has changed to use ports 5985 and 5986 respectively. But those are just defaults and you can change the listener(s) back to the old ports if you want. Or any port for that matter. Run:

winrm enumerate winrm/config/listener

to list the WinRM listeners that are running. You should get nothing, because we haven't configured any listeners yet. WinRM over SSL will not work with a self-signed certificate. It has to be legit. From support.microsoft.com:

"WinRM HTTPS requires a local computer "Server Authentication" certificate with a CN matching the hostname, that is not expired, revoked, or self-signed to be installed."

To set up a WinRM listener on your machine, you can run

winrm quickconfig

winrm quickconfig -transport:HTTPS

or even

winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Port="443"}

Use "set" instead of "create" if you want to modify an existing listener. The @{} bit at the end is called a hash table and can be used to pass multiple values. The WinRM.cmd command line tool is actually just a wrapper for winrm.vbs, a VB script. The quickconfig stuff just runs some script that configures and starts the listener, starts and sets the WinRM service to automatic, and creates some Windows Firewall exceptions. What is more is that Powershell has many cmdlets that use WinRM, and the entire concept of Powershell Remoting uses WinRM. So now that you know the fundamentals of WinRM and what's going on in the background, let's move ahead into using Powershell. In fact, you can emulate all of the same behavior of "winrm quickconfig" by instead running

Configure-SMRemoting.ps1

from within Powershell to set up the WinRM service. Now from another machine, fire up Powershell and try to use the WinRM service you just set up:

$dc01 = New-PSSession -ComputerName DC01
Invoke-Command -Session $dc01 -ScriptBlock { gwmi win32_computersystem }

Returns:

You just pulled some data remotely using WinRM! The difference between using a "session" in Powershell, and simply executing cmdlets using the -ComputerName parameter, is that a session persists such that you can run multiple different sets of commands that all share the same data. If you try to run New-PSSession to connect to a computer on which you have not configured the WinRM service, you will get a nasty red error. You can also run a command on many machines simultaneously, etc. Hell, it's Powershell. You can do anything.

Alright so that was simple, but that's because we were operating within the safe boundaries of our Active Directory domain and all the authentication was done in the background. What about monitoring a standalone machine, such as SERVER1?

My first test machine:

Hostname: SERVER1
IP: 192.168.1.10
OS: Windows 2008 R2 SP1, fully patched, Windows Firewall is on
It's not a member of any domain

First things first: Launch Powershell on SERVER1. Run:

Set-ExecutionPolicy Unrestricted

Then set up your WinRM service and listener by running

Configure-SMRemoting.ps1

and following the prompts. If the WinRM server (SERVER1) is not in your forest (it's not) or otherwise can't use Kerberos, then HTTPS/SSL must be used, or the destination machine must be added to the TrustedHosts configuration setting. Let's try the latter first. On your client, add the WinRM server to the "Trusted Hosts" list:

We just authenticated and successfully created a remote session to SERVER1 using the Negotiate protocol! Negotiate is basically "use Kerberos if possible, fall back to NTLM if not." So the credentials are passed via NTLM, which is not clear text, but it's not awesome either. You can find a description of the rest of the authentication methods here, about halfway down the page, if you need a refresher.

Edit 1/29/2012: It should be noted that even within a domain, for Kerberos authentication to work when using WinRM, an SPN for the service must be registered in AD. As an example, you can find all of the "WSMAN" SPNs currently registered in your forest with this command:

setspn -T yourForest -F -Q WSMAN/*

SPN creation for this should have been taken care of automatically, but you know something is wrong (and Kerberos will not be used) if there is no WSMAN SPN for the device that is hosting the WinRM service.

OK, I am pooped. Time to take a break. Next time in Part II, we're going to focus on setting up SSL certificates to implement some real security to wrap up this experiment!

Getting Spotify to run on Gentoo/Linux: A Gross and Cruel Hack

2012-01-26T15:30:09+00:00

Spotify is a great way to listen to music. Unfortunately the official client only runs on Windows and Mac machines. There is an experimental unsupported client for linux, however it’s provided as a DEB (ubuntu/debian) package.

Here’s a gross hack for whom is desperate to get it working on Gentoo.

Step 1 : Get the package

You can download the package from here.
Pick the package matching your own architecture.

Step 2 : Convert the DEB package and extract it

Install the package deb2targz if you don’t already have it.

The following command will create a tar.gz file from the .deb package :

^?View Code TEXT

1	deb2targz spotify-client-qt_0.6.2.291.gcccc1f5.116-1_amd64.deb

You can then extract that tar.gz file like below :

^?View Code TEXT

1	tar zxvf spotify-client-qt_0.6.2.291.gcccc1f5.116-1_amd64.tar.gz

This will create you a usr directory, containing spotify files.

Toss them at the appropriate places on your system :

^?View Code TEXT

cd usr
mv bin/spotify /usr/bin/
mv share/pixmaps/* /usr/share/pixmaps/
mv share/spotify/ /usr/share/

Step 3 : Fixing library issues

Now this is the ugly part. Spotify is linked against specific versions of some libraries (SSL 0.9.8 and Crypto 0.9.8). In order to make it work, you need to fake those versions by creating a symlink from the wanted version to the existing (you’ll need to figure this out) version in your system.

^?View Code TEXT

1
2
3

cd /usr/lib
ln -s libssl.so.1.0.0 libssl.so.0.9.8
ln -s libcrypto.so.1.0.0 libcrypto.so.0.9.8

Step 4 : Instructing firefox to open the spotify protocol with the Spotify application

You need to register the spotify protocol so that Firefox will know how to deal with those “spotify:” urls.

Open the about:config page
Create a boolean value by the name of network.protocol-handler.expose.spotify
Set its value to false
Click on a spotify link (for example a playlist link or such). A popup will open and ask you to pick an application. Use /usr/bin/spotify.

That’s it. All set.
I’m not proud of it…. but I wanted to use Spotify badly

Getting Spotify to run on Gentoo/Linux: A Gross and Cruel Hack is a post from: Tech@Sakana - A sysadmin's blog

E-Book Reader for Ubuntu Linux - FBReader

2012-01-26T15:30:01+00:00

An electronic book (e-book, ebook, digital book) is a book publication in digital form, consisting of text, images, or both, and produced on, published through, and readable on computers or other electronic devices. Sometimes the equivalent of a conventional printed book, e-books can also be born digital.

FBReader is an e-book reader.
Main features:
* supports several open e-book formats: fb2, html, chm, plucker, palmdoc, ztxt, tcr (psion text), rtf, oeb, openreader, non-DRM'edmobipocket, plain text, epub, eReader
* reads directly from tar, zip, gzip, bzip2 archives (you can have several books in one archive)
* supports a structured view of your e-book collection
* automatically determines encodings
* automatically generates a table of contents
* keeps the last open book and the last read positions for all open books between runs
* automatic hyphenation (patterns for several languages are included)
* searching and downloading books from www.feedbooks.com and www.litres.ru
* partial CSS support for epub files

More Options for Google+ Badges

2012-01-26T13:53:31+00:00

Webmaster Level: All

Update on February 2, 2012: The new Google+ badge is now out of preview and available to all users on all sites.

When we launched Google+ pages in November, we also released Google+ badges to promote your Google+ presence right on your site. Starting today in developer preview (and soon available to all your users), we're adding more options for integrating the Google+ badge into your website. You can configure a badge with a width that fits your site design and choose a version that works better on darker sites. You'll also see that Google+ badges now include the unified +1 and circle count that we added to Pages last month.

If you’re still considering whether to add a Google+ badge on your website, consider this: We recently looked at top sites using the badge and found that, on average, the badge accounted for an additional 38% of followers. When you add the badge visitors to your website can discover your Google+ page and connect in a variety of ways: they can follow your Google+ page, +1 your site, share your site with their circles, see which of their friends have +1’d your site, and click through to visit your Google+ page.

The Google+ Badge makes it easy for your fans to find and follow you on Google+. With these additional options, we hope it's even easier to create a badge that fits your website.

Follow the conversation on Google+.

Posted by Lucy Hadden, Software Engineer, Google+

Zeo Sleep Manager

2012-01-26T13:31:15+00:00

I received an email out of the blue through my contact form here from a representative over at “Intus Healthcare”. He pointed me in the direction of the Zeo Sleep Manager, with an aim to reviewing it. Sure enough, I was thoroughly interested, and we exchanged a few emails back and forth on it’s serial port, and other such things. Unfortunately at that point, things went dead – I’ve sent him several emails over the past few weeks but haven’t heard anything back. Nonetheless, the product looks really interesting, and hits several of my interests, and so I went ahead and ordered the product. I ordered directly from myzeo.co.uk which seems to be a store front for Intus Healthcare who are apparently Zeo’s UK distributors of the product.

The order process was simple enough, and I’m thoroughly looking forward to receiving the product. I’ll post further updates when it arrives.

*UPDATE 27/01/12* Product arrived!

*UPDATE 28/01/12*

The Zeo Sleep Manager arrived yesterday in record time, less than 24 hours from when it was ordered! Of course, I set it up and used it last night. The band itself was reasonably comfortable, and I didn’t find sleeping in it a problem. The results of this morning seem to match the sleep cycles I’d expect, so that’s also a positive. I’ve been given a ‘sleep score’ of 107 which I understand is supposed to be very good, despite the fact that I didn’t have the greatest night’s sleep. ‘Time to sleep’ is recorded as 9 minutes, when it was at least 30 minutes, and apparently I only woke up once for 1 minute during the night, when I know that I was up twice for at least 30 minutes combined. The second of these periods is listed as ‘light sleep’ – maybe my brain was still in doze mode

Planet Sysadmin

What five years of PC technology changed for me

What five years of PC technology changed for me

How to Uninstall Xcode from OS X Lion

How to Install wget in OS X Lion

Default to Incognito

ownCloud 3.0

Impressions: Network Warrior, 2nd Ed

Impressions: Windows Sysinternals Administrator's Reference

Impressions: The Tangled Web

The Toughest Question in Digital Security

How to view the passwords of WiFi Networks you’ve previously connected to in OS X

How to Enable Developer Mode on your HP TouchPad

Links: 2-3-2012

Understanding a subtle Twitter feature

Understanding a subtle Twitter feature

How to Install Xcode in OS X Lion

Setup and Configure Bandwidth Limiting Module for Apache2

Agile Lifecycles for Geographically Distributed Teams, Part 3

Example 3: Using a Project Manager with Iterations and Kanban and Silo’d Teams

Unicode over 60 percent of the web

Links: 2-2-2012

Understanding Resident Set Size and the RSS problem on modern Unixes

Understanding Resident Set Size and the RSS problem on modern Unixes

How to Install Android on Your HP TouchPad Using OS X

DownVerter - Free and fast YouTube downloader

Related posts

Lack of IT Content Volume I

Install Zeitgeist and Zeitgeist Activity Journal Under Ubuntu

Denyhosts for sshd – usernames dictionary

Wunderbar

Links: 2-1-2012

Mind the Gap: Encouraging women to study engineering

ZFS and OS X meet again?

How to Take a Screenshot of Your HP TouchPad Tablet

A ZFS pool scrub wish: suspending scrubs

A ZFS pool scrub wish: suspending scrubs

Why an Agile Project Manager is Not a Scrum Master

My Debian Activities in January 2012

Dpkg

Debian Package Maintenance Hub

Package Tracking System

Misc packaging tasks

Book update

Thanks

Playbook for tackling the Super Bowl with Google

The solution to the modern X font handling mystery

The solution to the modern X font handling mystery

OpenShot 1.4.1 released and ubuntu ppa installation instructions included

Related posts

Press Review #7

Analyzing Interrupt Activity with DTrace

ZFSSA/S7000 major update

The all-seeing eye of DTrace

Windows 8: Getting More ZFS'ish

Big Data : opportunité Business et (nouveau) défi pour la DSI ?

Activity of the ZFS ARC

Engineered Systems and Enterprise Architecture (or: How to Sell Dog Food Online)

New My Oracle Support User Interface to Replace HTML-Based User Interface on January 27, 2012

NEW CERTIFICATION: Oracle Certified Associate (OCA), Oracle Solaris 11 System Administrator

Solaris Tip: How-To Identify Memory Mapped Files

New Storage Magazine awards for NAS...

SSDs and the TPC-C top 10

MWAC in Global Zone

IBM Slashes Some Power7 Processor Prices

How Dell Migrated from SUSE Linux to Oracle Linux

ZFS Storage Appliance Calculator

Hardware and Systems Upgrade

Oracle Solaris and Oracle SPARC T4 Servers—Engineered Together for Enterprise Cloud Deployments

Use the OPN Fast Track to move your Application to Oracle Solaris 11

Oracle and the Solaris Brand

Who to trust?

Manhattan World Tour – 1 Night Only! Wednesday 2/1/2012!

Contributing to the translation of Debian

Some vocabulary: localization vs internationalization

Join your localization team

What is there to translate?

Introduction to Gettext

Contributing a translation as a PO file

Submit the translation for inclusion