Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Book Review: Sudo Mastery: User Access Control For Real People

Saint Aardvark Re:sudoedit? visudo! (83 comments)

Yeah, they got the link wrong...not sure what happened there.

about 7 months ago

Book Review: Sudo Mastery: User Access Control For Real People

Saint Aardvark Correct link for buying the book (83 comments)

Hi all -- I submitted this review, but it looks like something ate the link for the book. Here's where to buy it:

I believe the Amazon link gives the author a few more shekels, but he makes the most money from the first link; details from his website's page on this book.

about 7 months ago

Millionaire Plans Mission To Mars In 2018

Saint Aardvark Tito presenting paper on *crewed* flight in March (97 comments)


This publication obtained a copy of the paper Tito et al. plan to present at the conference, discussing a crewed free-return Mars mission that would fly by Mars, but not go into orbit around the planet or land on it. This 501-day mission would launch in January 2018, using a modified SpaceX Dragon spacecraft launched on a Falcon Heavy rocket. According to the paper, existing environmental control and life support system (ECLSS) technologies would allow such a spacecraft to support two people for the mission, although in Spartan condition. âoeCrew comfort is limited to survival needs only. For example, sponge baths are acceptable, with no need for showers,â the paper states.

The IEEE Aerospace Conference is in March -- next month. That's pretty interesting timing.

about a year and a half ago

A Chat With USENIX Community Manager Rikki Endsley (Video)

Saint Aardvark Re:Sort of past its sell date (40 comments)

I respectfully disagree. I've been to four LISA conferences (sysadmin conference run by USENIX) since 2006, and I see very little that is comparable; there are the various LOPSA conferences (LOPSA-EAST, Cascadia IT Conference), but they're simply not at LISA's scale. Want to hang out with a thousand other sysadmins? Get training from Ted T'so on recovering borked disks? See what Google is up to -- or the small IT shop at the university down the coast with 1/20000th the budget? There's simply nothing else out there that matches it.

As for the rest of the conferences, all I know is the summaries I've read in ;login: and the material that I've watched/listened to on their website. (And btw, HUGE kudos to USENIX to opening access to their proceedings, talks and papers.) But at the very least, they make damned interesting reading, and have made me very curious about things that are going on outside my narrow focus.

I don't have the breadth of experience you do; I concentrate on system administration because I love it, and I've been doing it less than ten years. I'm definitely an interested amateur (at best) when it comes to topics like security, or file systems, or OS design. But I'm always surprised how much of USENIX conference material touches on areas of interest or direct relevance to me, and at the very least browsing their papers is a wonderful introduction to some research and work I'd miss otherwise. I'm sure (with the exception of LISA) there are more focused conferences, or better known ones (DefCon is one that springs to mind). But I can't agree that USENIX is "past its sell date".

(And in passing, thanks very kindly for all the work you've done for the Open Source/Free Software community. Kinda boggles my mind that I'm debating you...)

about a year and a half ago

Astronaut Neil Armstrong Has Died

Saint Aardvark Re:Thank you, Neil Armstrong (480 comments)

I wasn't around then, but I've been reading up on him and all the rest of the Apollo astronauts since. I'm filled with wonder every time I think about it.

Thank you for everything, sir. I hope your eternity is a pleasant one.

Well put. Fare well, Mr. Armstrong.

about 2 years ago

Biology Help Desk: Volume 2n+1, n=2

Saint Aardvark Re:does it follow similar rules to biological syst (34 comments)

Thanks for the term "stemmatics" -- I was familiar w/the concept but knew it as "textual criticism", which I think is probably a great deal more broad than this. What's always bugged me about this concept -- perhaps unfairly -- is whether or not it has any experimental evidence to back it up. My impression is that it's a bunch of heuristics based on a preference for simplicity. Is there any experimental evidence to suggest that texts do grow/change the way these rules say? (I'm not asking for you to chip in (although you're welcome to - hey, your journal :-), more just outlining my next bout of reading in my spare time.)

more than 2 years ago

Biology Help Desk: Volume 2n+1, n=2

Saint Aardvark Re:does it follow similar rules to biological syst (34 comments)

Sorry to jump in, but I happened to read a neat paper in Nature about something like this a while back. It was called Rise and fall of political complexity in island South-East Asia and the Pacific. TThe article is behind a paywall, but there's a general summary from Wired magazine here, and another aimed at fellow researchers here.

My half-assed summary: the researchers use phylogenetic methods -- ways of looking at genomes from organisms and estimating how long ago they had common ancestors (I'm sure Samantha could give a better/actually accurate explanation) -- and see if it can be applied to societies to see how they change over time. In this study, they looked at a bunch of different groups in the south Pacific and tested different models about how political organization could change (would people go from loose tribes to highly-organized kingdoms in one step? what about the other way around?). It was interesting stuff.

more than 2 years ago

Biology Help Desk: Volume 2n+1, n=2

Saint Aardvark Re:Some questions about gene expression (34 comments)

Many thanks for the explanations!

The researchers I work with deal with microarray data a lot, and have built a tool to help compare datasets ( I'm becoming more familiar with the technology as I go along, but the heat maps and the dendrogram legends (is that what they're called?), those are some dense infodumps.

more than 2 years ago

Biology Help Desk: Volume 2n+1, n=2

Saint Aardvark Some questions about gene expression (34 comments)

Heyo -- thanks for the heads-up on Twitter. I'm the sysadmin at a small university department, and I work with scientsts studying gene expression. They're good and patient people, but sometimes I feel a bit like I'm questioning the foundations of their work...which feels either rude or ignorant.

First off, I'd always been under the impression that DNA was only/mainly used during reproduction -- a cell divides under DNA direction, some bit of the cell is the machinery that makes whatever protein is needed during its life, and DNA isn't involved much after that. However, I'm starting to understand (I think...) that I've got it all wrong. My understanding now that gene expression can basically turn on a dime, and that *this* is the usual way a cell makes a protein: something happens to a cell, it says "Whoah, I need protein X", and it starts transcribing the DNA so it can manufacture it (modulo things like gene regulation). This process can take very little time (hours or less). Have I got that right?

Second: one of the things they study is datasets of gene expression in post-mortem brains. (Well, technically I guess I've got that wrong, since genes aren't expressed post-mortem... :-) As I understand it, someone dies -- say, someone with schizophrenia -- their brains are donated to science, and at some point someone does microarray sequencing of blendered neurons. This is compared to brains of control subjects, gene X is found to be over/under-expressed in schizophrenic brains, and so gene X is involved somehow in schizophrenia. (This is a gross simplification, especially in the case of schizophrenia; my understanding is that these signatures cover many, many genes, they're subtle at best, and there's nothing like "a gene for schizophrenia".)

What I don't understand:

a) Since time passes between death and sequencing, how much fidelity does/can this have do what was going on at the point of death?

b) Even if it is a good indication of what was going on at death, how does that relate to a long-term illness like schizophrenia when (assuming I've got this bit right) gene expression can turn on and off in a very short time? I realize there are (ahem) ethical problems with doing brain biopsies on living subjects, and that post-mortem is the best that can be done -- but how good can it be?

Many, many thanks for your time. Any questions about system administration, let me know. :-)

more than 2 years ago

File Sharing In the Post MegaUpload Era

Saint Aardvark Sorry, what? (334 comments)

  1. What's their methodology? How exactly did they get this info? I see nothing here like a link to a full paper.
  2. Who are they and why should I trust them? Disclaimer: I could turn out to be woefully ignorant, and maybe I should just get my head out of my ass. But their main web page appears to be amazingly content-free, and there are two posts on the blog -- this is one of them. (To be fair, the
  3. They only present two data points here -- Jan 18 and Jan 19. What's happened since? Why the breathless summary (Slashdot's and the blog post) saying file sharing is all going to Europe now?
  4. The post-Jan 19 diagram says the hosting provider breakdown changed, which is presumably why they're breathless about Europe. But there's no data presented on where those new providers are located -- no corporate info, no datacentre locations, nothing.

If there's something to see here, I'm missing it.

more than 2 years ago

Mozilla Offers Alternative To OpenID

Saint Aardvark Re:Useful Links (105 comments)

I was going to post something similar but you beat me to it. Many thanks!

more than 2 years ago

Ask Slashdot: Data Remanence Solutions?

Saint Aardvark Radia Perlman's Ephemerizer (209 comments)

I think that what you want is The Ephemerizer, by Radia Perlman (she of OSPF fame). I heard about this a few years ago at the LISA conference, and a bit of digging turned it up. From the abstract:

This paper is about how to keep data for a finite time, and then make it unrecoverable after that. It is difficult to ensure that data is completely destroyed. To be available before expiration it is desirable to create backup copies. Then absolute deletion becomes difficult, because even after explicitly deleting it, copies might remain on backup media, or in swap space, or be forensically recoverable. The obvious solution is to store the data encrypted, and then delete the key after expiration.

Google turns up this copy in PDF.

Hope that helps!

about 2 years ago

Ask Slashdot: How To Securely Share Passwords?

Saint Aardvark Safety deposit box (402 comments)

You could try something like:

  • Keep a list of passwords (I use Emacs + GPG, but there's bound to be something out there that'll work for you if that's not your style)
  • Print out the list monthly (if that really is how often you change passwords)
  • Seal it and put it in a safety deposit box at your local bank
  • Tell everyone "In case of my death, go here for passwords"

(Alternately, this could be something a lawyer could help with -- something like holding passwords in trust, only to be given up in the event of X, Y, Z...)

Yes, it's a pain in the ass. But it would work, and it would mean your executor/spouse/etc would only have one set of people to convince that you're dead.

more than 2 years ago

TSA's VIPR Bites Rail, Bus, and Ferry Passengers

Saint Aardvark That's it. (658 comments)

I'm a Canadian sysadmin. I love -- LOVE -- the LISA conference ( It's wonderful, informative, and fun; I've made great friends there, learned an incredible amount and generally enjoyed myself enormously.

Last year was the third time I went. The conference was in San Jose. I took a bus and a train -- which took over 24 hours -- from Vancouver to San Jose, rather than fly and go through a naked body scanner. I figured if I'm going to talk the talk, I should walk the walk.

I'd already decided to skip this year's conference; it's in Boston, which is a long way to go by train or bus. I didn't want to be away from my family for that long. But I had been thinking about going next year, when it's going to be in San Diego.

I'm not going now. Not if this crap keeps up. I'll watch the video on my workstation, I'll listen to the MP3s on the bus, and I'll stay here in Canada. We have problems of our own -- but random searches and "papers, please" for the crime of taking the goddamned train are not one of them.

I'll miss y'all.

more than 2 years ago

Rob "CmdrTaco" Malda Resigns From Slashdot

Saint Aardvark Thanks so much! (1521 comments)

I've enjoyed Slashdot immensely for many years now, and it's still the first page I load every morning at home and every slacking moment at work. Thanks so much for all the work you've put in and the enjoyment you've given me, and the best of luck in all you do.

about 3 years ago

Thunderbird Unseats Evolution In Ubuntu 11.10

Saint Aardvark Such awesome news! (283 comments)

This was always one of the first changes I made in a new Ubuntu install. Evolution was awful, slow, and I hated it.

more than 3 years ago

Wikileaks Says Public Forced Canadian DMCA Delay

Saint Aardvark Re:Well (177 comments)

Peter Millikan is a class act. I'm going to miss him as speaker.

more than 3 years ago

E-Book Lending Stands Up To Corporate Mongering

Saint Aardvark The FSF got it right (259 comments)

Still, I can't help but think: digital rights management, sure! Where are my rights, as a consumer, and who is managing them?"

And that is why the Free Software Foundation insists on calling this technology "Digital Restrictions Management ( it points out that this is meant to keep YOU, the paying customer, from doing useful things with the stuff you buy.

more than 3 years ago



Book Review: "Sudo Mastery: User Access Control for Real People"

Saint Aardvark Saint Aardvark writes  |  about 6 months ago

Saint Aardvark (159009) writes "Disclaimer: I got a free copy of this book because I was a technical reviewer for it. Disclaimer to the disclaimer: I totally would have paid for this book anyway. Final disclaimer: a shorter version of this review appeared on

If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:
  1. Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
  2. Make sure you're in the wheel group.
  3. Profit!

Okay, so you can now run any command as root. Awesome! But not everyone is as careful as you are (or at least, as you like to think you are). If you're a sysadmin, you need to stop people from shooting themselves in the foot. (Might also want to stop yourself from self-inflicted gunshot wounds.) There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form (sue me), and my eyes would glaze over. And so I'd go back to putting some small number of people in the "wheel" group, and letting them run sudo, and cleaning up the occasional mess afterward.

Fortunately, Michael W. Lucas has written "Sudo Mastery: User Access Control for Real People". If his name sounds familiar, there's a reason for that: he's been cranking out excellent technical books for a long time, on everything from FreeBSD to Cisco routers to DNSSEC. He just, like, does this: he takes deep, involved subjects that you don't even know you need to know more about, and he makes them understandable. It's a good trick, and we're lucky he's turned his attention to sudo.

The book clocks in at 144 pages (print version), and it's packed with information from start to finish. Lucas starts with the why and how of sudo, explaining why you need to know it and how sudo protects you. He moves on to the syntax; it's kind of a bear at first, but Chapter 2, "sudo and sudoers", takes care of that nicely. Have you locked yourself out of sudo with a poor edit? I have; I've even managed to do it on many machines, all at once, by distributing that edit with CFEngine. Lucas covers this in Chapter 3, "Editing and Testing Sudoers", a chapter that would have saved my butt. By the time you've added a few entries, you're probably ready for Chapter 4, "Lists and Aliases".

sudo has lots of ways to avoid repeating yourself, and I picked up a few tricks from this chapter I didn't know about — including that sudo can run commands as users other than root. Need to restart Tomcat as the tomcat user? There's a sudoers line for that. I'm ashamed to admit that I didn't know this.

There is a lot more in this book, too. You can override sudo defaults for different commands or users (you can change the lecture text; maybe sometimes there *is* a technical solution for a social problem...). You can stuff sudo directives into LDAP and stop copying files around. You can edit files with sudoedit. You can record people's sudo commands, and play them back using sudoreplay. The list goes on.

Sounds like a lot, doesn't it? It is. But the book flies by, because Lucas is a good writer: he packs a lot of information into the pages while remaining engaging and funny. The anecdotes are informative, the banter is witty, and there's no dry or boring to be found anywhere.

Shortcomings: Maybe you don't like humour in your tech books; if so, you could pass this up, but man, you'd be missing out. There wasn't an index in the EPUB version I got, which I always miss. Other than that: I'm mad Lucas didn't write this book ten years ago.

Score: 10 out of 10. If you're a Linux or Unix sysadmin, you need this book; it's just that simple.

Where to buy:

  • You can buy the ebook version from Lucas himself.
  • You can also buy the ebook or a dead-tree version from

Link to Original Source

Canadian bureacracy can't answer simple question: What's this study with NASA?

Saint Aardvark Saint Aardvark writes  |  more than 2 years ago

Saint Aardvark writes "It seemed like a pretty simple question about a pretty cool topic: an Ottawa newspaper wanted to ask Canada's National Research Council about a joint study with NASA on tracking falling snow in Canada. Conventional radar can see where it's falling, but not the amount — so NASA, in collaboration with the NRC, Environment Canada and a few universities, arranged flights through falling snow to analyse readings with different instruments. But when they contacted the NRC to get the Canadian angle, "it took a small army of staffers— 11 of them by our count — to decide how to answer, and dozens of emails back and forth to circulate the Citizen’s request, discuss its motivation, develop their response, and “massage” its text." No interview was given: "I am not convinced we need an interview. A few lines are fine. Please let me see them first," says one civil servant in the NRC emails obtained by the newspaper under the Access to Information act. By the time the NRC finally sorted out a boring, technical response, the newspaper had already called up a NASA scientist and got all the info they asked for; it took about 15 minutes."
Link to Original Source

Canada's online surveillance bill: Section 34 "opens door to Big Brother"

Saint Aardvark Saint Aardvark writes  |  more than 2 years ago

Saint Aardvark (159009) writes "Canada's proposed online surveillance bill looked bad enough when it was introduced, but it gets worse: Section 34 allows access to any telco place or equipment, and to any information contained there — with no restrictions, no warrants, and no review. From the article: "Note that such all-encompassing searches require no warrant, and don't even have to be in the context of a criminal investigation. Ostensibly, the purpose is to ensure that the ISP is complying with the requirements of the act — but nothing in the section restricts the inspector to examining or seizing only information bearing upon that issue. It's still "any" information whatsoever." You can read Section 34 here."
Link to Original Source

Samsung plants keyloggers on laptops it makes

Saint Aardvark Saint Aardvark writes  |  more than 3 years ago

Saint Aardvark writes "Mohammed Hassan writes in Network World that he found a keylogger program installed on his brand-new laptop — not once, but twice. After initial denials, Samsung has admitted they did this, saying it was to "monitor the performance of the machine and to find out how it is being used." As Hassan says, "In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners." Three PR officers from Samsung have so far refused comment."
Link to Original Source

Canada's copyright debate turns ugly

Saint Aardvark Saint Aardvark writes  |  more than 4 years ago

Saint Aardvark (159009) writes "As reported by the CBC, the debate in Canada over the new copyright bill hit a new low. Minister of Heritage James Moore decried opponents of the bill as "radical extremists", with a "babyish" approach to copyright. As Professor Michael Geist points out, these "radical extremists" include a laundry list of educators, politicians and business leaders. The minister initially denied making any such remarks...until video surfaced showing the speech. Said one critic, "He has morphed from a personable, PR-savvy techno-nerd minister to a young Richard Nixon [with an enemies list]". As if that wasn't enough, Cory Doctorow waded into the debate with an article outlining his objections as a Canadian author, and a debate over Twitter with the minister himself. The thinly-veiled attack on Geist may backfire, though: "voters may ask if the bill's proponents are engaging in character assassination rather than rational policy debate because the proponents' actual arguments aren't that convincing.""
Link to Original Source

James Moore's Attack on Fair Copyright

Saint Aardvark Saint Aardvark writes  |  more than 3 years ago

Saint Aardvark (159009) writes "Professor Michael Geist writes about Canadian Minister of Heritage James Moore's recent speech. In it, Moore condemned critics of his proposed new copyright bill, saying "Make sure that those voices who try to find technical, non-sensical, fear-mongering reasons to oppose copyright reform are confronted every step of the way and they are defeated. When we do that this bill will pass and Canada will be better for it.""
Link to Original Source
top launches

Saint Aardvark Saint Aardvark writes  |  more than 4 years ago

Saint Aardvark writes "Via Michael Geist comes the news that has launched. It offers a searchable interface to 16 years of Canada's official record of parliamentary debate and votes, information on bills before Parliament, the ability to be alerted when your member of Parliament speaks, and much more. OpenParliament is a grass-roots effort, not a government initiative. This is all the more remarkable considering that, while the Hansard has been online since '94, it has to be parsed using a "wobbly tower of rules". Natch, it's Free Software."
Link to Original Source

Creative Commons: 59 hours to reach $500k

Saint Aardvark Saint Aardvark writes  |  more than 4 years ago

Saint Aardvark (159009) writes " is appealing for donations to help support them in 2010. Lawrence Lessig, a familiar name to Slashdot readers and the founder of Creative Commons, writes: "[T]he White House, Al Jazeera, and Wikipedia all adopted CC licenses. That happened this year. And now that it has happened, we all have an even stronger obligation to make sure this thing that thousands helped build over the past 7 years continues to grow and succeed and inspire." Their goal is to raise $500,000 by December 31st to ensure funding for the coming year. They've got just $80,000 left to go. You can donate here."

FSF Settles Suit Against Cisco

Saint Aardvark Saint Aardvark writes  |  more than 5 years ago

Saint Aardvark writes "The Free Software Foundation has announced that they've settled their lawsuit with Cisco (reported earlier here). In the announcement, they say that Cisco has agreed to appoint a Free Software Director for Linksys, who will report periodically to the FSF; to notify Linksys customers of their rights; and to make a monetary donation to the FSF. An accompanying blog entry explains further: "Whenever we talk about the work we do to handle violations, we say over and over again that getting compliance with the licenses is always our top priority. The reason this is so important is not only because it provides a goal for us to reach, but also because it gives us a clear guide to choosing our tactics. This is the first time we've had to go to court over a license violation.""
Link to Original Source

USENIX opens access to conference proceedings

Saint Aardvark Saint Aardvark writes  |  more than 6 years ago

Saint Aardvark writes "USENIX has announced that is is opening up public access to all of its conference proceedings. Previously, these had been restricted to USENIX members until one year after publication. From LISA to FAST, from WOOT to USENIX' own eponymous conference, if you're in any way working in, for, near or around IT you want this information. Kudos to USENIX for doing this!"
Link to Original Source

Letter casts doubts on Yahoo! China testimony

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Saint Aardvark writes "A hand-written letter, believed to be from Chinese police, has surfaced that sheds new light on the case of Chinese reporter Shi Tao. The letter "is essentially a standardized search warrant making clear that Chinese law enforcement agencies have the legal authority to collect evidence in criminal cases. This contradicts Yahoo's testimony to Congress in 2006 that they "had no information about the nature of the investigation." "One does not have to be an expert in Chinese law to know that 'state secrets' charges have often been used to punish political dissent in China," says Joshua Rosenzweig, manager of research and publications for The Dui Hua Foundation. Shi Tao was sentenced to 10 years in prison for his reporting on the Tianamen Square massacre."
Link to Original Source

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Saint Aardvark writes "CoreLabs released an advisory today about a remote hole in OpenBSD. The vulnerability, which affects versions 3.1, 3.6, 3.8, 3.9, 4.0 and the upcoming 4.1 release (for code obtained prior to Feb 26th; the upcoming CD is fine), comes from the way OpenBSD's IPv6 code handles mbufs. Theo's terse announcement is an interesting counterpoint to Core Security's timetable, which details their efforts to convince the OpenBSD team of the flaw's seriousness. The workaround is to block IPv6. Discussion continues on, and a short discussion of the flaw's details can be found here."

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Saint Aardvark (159009) writes "While trying to get a Sparc machine to boot disklessly so I could install OpenBSD on it, I kept getting these errors:
Boot: bsd.rd
Automatic network cable selection succeeded : Using TP Ethernet Interface
Using BOOTPARAMS protocol: ip address:, hostname: roark
root addr= path=/home/aardvark/openbsd-sparc64/chroot
open /sbus@1f,0/ledma@e,8400010/le@e,8c00000/bsd.rd: Unknown error: code 72

tcpdump showed that the machine was trying to contact the NFS server ( by udp on port 0; the server kept responding with an ICMP port unreachable error. Googling turned up one other person back in '99 (!) who had the same problem, but no fix.

The problem? PEBCAK: I'd symlinked the file to the IP address in hex (ie, ln -s C0A81719) but had neglected to append the architecture after that. So after I did this:

ln -s C0A81719.SUN4

everything worked.


Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Saint Aardvark writes "When, in 1992, US Vice-President Dan Quayle accused the TV show Murphy Brown of 'mocking the importance of fathers, by bearing a child alone, and calling it just another "lifestyle choice'", the clip showed up in many TV news shows. And when the show replied, that reply was broadcast to millions of viewers. Yet, as Lawrence Lessig complains, "the part of our culture that is recorded in the newspapers remains perpetually accessible, while the part that is recorded on videotape is not". A researcher who decided to see just how hard it would be to get the video clips of this debate verified this recently: Quayle's speech was forbidden from being distributed digitally "for reasons of copyright", the Murphy Brown episode is "not currently available to the public", and he had to pay $111 for four brief clips of news broadcasts on the brouhaha. His final report says that "the resulting gap between our expected ability to review public discourse and our ability to do so was surprising, and suggests that much public debate about access to the historical record, and the need to prevent off-air taping, is based on false assumptions.""

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Saint Aardvark writes "As reported by, Theo de Raadt has written an open letter to the One Laptop Per Child (OLPC) project criticizing their willingness to sign NDAs in order to write drivers for Marvell's wireless chipset. Claiming strong agreement from RMS, he wrote: "I've heard claims that you (OLPC members, Red Hat employees) think this relationship with Marvell will eventually prompt/teach them to be more open in time. Do you not realize how much of a DELUSION the history of free/open operating systems shows that point of view to be?" He also cited part of a a private reply from Jim Gettys, VP of Software Engineering for OLPC saying that "Free and open software is a means to an end, rather than the sole end unto itself for OLPC," and agreed with a fellow developer that OLPC's stance was "morally bankrupt". In return, Gettys wrote: "At anything like this price and power point, there simply isn't anything else on the market that remotely resembles that particular Marvell part. There are no other alternatives given our constraints on power and cost....Marvell is not in a position to open their wireless firmware as it is currently dependent on the third party operating system kernel [for the chipset's embedded ARM processor] that they do not own. A GPL Linux device driver for the Marvell wireless chip, the Libertas driver, still under development but also fully functional can be found in our GIT tree.""



Firewalls, H323, Abstraction

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Last month, my work got a new H.323 video conferencing unit, and today we had our first real test: a lecture given at SFU that was streamed to us. For the most part, it went really well; there were no big screw-ups and everything went as planned. During the second half of the conference, though, the audio was intermittently choppy. I'm not certain, but I think that a local user's Internet radio stream may have caused the problems.

If that's the case and it would surprise me, since I'd assumed we had a pretty damned fast connection to the Internet then I'll need to start adding traffic shaping to our firewall. Working on the firewall is something I've been putting off for a while, since it's a bit obscurelovely pf firewall, littered through with quick rules. But there's a good tool for pf unit testing I've been meaning to try out since I heard about it at LISA. Probably won't be as big a help with the traffic shaping stuff, but at least I'll be reasonably sure I'm not screwing anything else up.

And now I'm wondering just how hard it would be to come up with (handwave) something that would combine automatic form generation, web-based testing code and summary code. We have these multiple conferences that need registration pages; while some of the information is the same (name, email address) some is different (one conference has a banquet, another wants to know if you're going to be attending all three days). Putting all this in a database and using something like Formitable to generate the form seems perfect.

Since I'm already using Perl's WWW::Mechanize and Test::More to test the pages, it'd be nice to have it look at the stuff used to generate the form and use that to test the page. (That's not the clearest way I could put that, but if I don't write this down now I'll never write it down.) And if I could add something that'd automatically generate summary pages for conference organizers, it'd be even better; stuff like email and address is always easy, but being aware of special questions would be nice too. (Though maybe not necessaryhow hard is it to generate summary pages?)

Trouble is, this is a lot of deep thinking that I've never really had to do before. I suspect this sort of thing is a good programmer's bread and butter, but I've never been a programmer (good or otherwise). The more I think about this, the more I can't decide whether this is really hard, possible but too much effort to be worth it, or already done by something I haven't come across yet.

The little things I can handle, though. This crash looks like it's happening because of a mixup between rand(3) and random(3). In Linux, both have a maximum of RAND_MAX, but in Solaris the latter has a maximum of 2^31. This wreaks havoc with the let's-shuffle-the-playlist routine in XMMS, and we end up with a crash. Once I figure out how to program in C, it shouldn't be too hard to get it fixed. :-)


Didn't even drown or anything!

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago This was Arlo's first time going all the way under water. He was definitely surprised by the whole operation, but he didn't panic or cry or anything. Such a trooper.


pkgsrc + RT

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

I installed RT at work a couple days ago using pkgsrc. This was the first time I'd ever used pkgsrc, and I have to say I'm impressed. Yes, it's just like a portable ports tree -- but it's just like a portable ports tree, and I'm starting to think that's a very, very powerful idea.

RT went well except for the final install, where it complained and died. Fortunately, it turned out to be susceptible to exactly the sort of one-line patch that I have an affinity for. Not as cool as correcting Theo de Raadt's code, mind you :-) but still a good feeling.

Ah...RT, I've missed you.


More stuff to read

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

  • Word-by-word diff of GPLv2 and v3
  • New version of Unix Backup and Recovery, by W. Curtis Preston. The first was amazing; this one covers Windows and Mac OS X as well. WANT.
  • Good reading and good suggestions. I need to alias ls, fg, mutt, sudo, and to shorten my alias for SSHing to my webserver.
  • I think I finally figured out what was going on when my desktop machine at work had a suddenly borked mouse/X relationship: double-clicking was inconsistent, single-clicking was inconsistent, but the keyboard still worked. It happened again a few days ago, and I managed to run xev and verify that things really were messed up: the mouse and all its clicks and motions just weren't registering at all. I managed to figure out what was (probably) going on when I came across this link. In the end, what worked for me was switching to a console and running cat /dev/input/mouse1. Don't know why (yet!) but that seemed to reset everything.

Still to come: Why upgrading is the most important thing EVAR.


Okay, so maybe I'm wrong

Saint Aardvark Saint Aardvark writes  |  more than 6 years ago

People have been calling me out on my last post, and that's good; I love a good argument^Wdebate, and doubly so when it comes from people w/more experience than me. So I'm going to start responding to the comments, laying out where I'm wrong and where I still think I'm right.

I said:

OpenSolaris: If I wanted to upgrade everything by hand, I'd stick with Slackware.

Bzzt! As I found on on a recent episode of BSDTalk, NetBSD's pkgsrc is available for over nine hundred thousand operating systems, including Solaris and Slackware Linux. Tha's right, both premises in that statement were wrong.

Not only that, pkgsrc can be tucked out of the way so that it doesn't interfere with the rest of the I could even throw it on Thornhill right now, Slackware and all, and start using it instead of my own half-assed build script for Apache/SSH/PHP/OpenSSL/mod_ssl (which, in my own defence, works pretty darned well).

In fact, tomorrow I'm heading out to The Other University to set up two new X4200 servers, and I'm seriously considering adding pkgsrc to them -- if only to avoid having to compile (and botch) Lapack and Blas. If that goes well, I may start adding it to the main server here so that we can easily get more up-to-date versions of Firefox et al. (Though I could probably get them from Blastwave...this has been a low enough priority for me so far that I haven't really looked into all my options.)

That is not to say it's perfect:

  • While it has six thousand packages or so in its tree, only (...) something like two or three thousand compile.
  • Upgrading is less than perfect; as you'd expect, the process is basically remove-and-recompile...and since that goes for dependencies as well (at least in the default case), it can potentially be a while before it all gets back to a useable state:

    It is possible, and in the case of updating a package with hundreds of dependencies, arguably even likely that the process will fail at some point. One can fix problems and resume the update by typing make update in the original directory, but the system can have unusuable packages for a prolonged period of time. Thus, many people find 'make update' too dangerous, particularly for something like glib on a system using gnome. To use binary packages if available with "make update", use "UPDATE_TARGET=bin-install". If package tarball is not available in ${PACKAGES} locally or at URLs (defined with BINPKG_SITES), it will build a package from source. To enable manual rollback one can keep binary packages. One method is to always use 'make package', and to have "DEPENDS_TARGET=package" in /etc/mk.conf. Another is to use pkg_tarup to save packages before starting.

    From the Swedish NetBSD wiki. Though it's nice that manual rollback is doable; that's always my big paranoia when it comes to source-based upgrades.

  • Upgrading Gnome in particular is a fucking bear.

That last complaint is not as fair as it could be. I mean, I'm not going to be upgrading Gnome on either Thornhill or the two new Sun machines. And at around 80 packages, it would be damned difficult to try and recompile it all without starting with a clean slate. But this sort of nonsense with Gnome is what put me off the ports tree in FreeBSD.

(I was going to put in something about how Debian doesn't need that sort of thing, but I should research that first.)


Wish I'd known about that earlier...PLUS: Special update!

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

First off, a special catch-up entry for my very, very special Slashdot friends. :-) I've been slack at cross-posting entries from my blog since about halfway through LISA. I'm going to do my best to fix that, but I won't be posting old entries here...too much work, and Slashdot has no way of backdating old entries.

I've set up a new blog on my site, using a combination of Perl, ASCIIdoc, Make and email. It's working well, though there are some bugs and missing features. The main things I like about it are that it's plain text and there's no PHP. At last, I can edit things in emacs without using Mozex!

And so, on to today's entry in which I make a fool of myself by denigrating different operating systems based on experiences from three years ago. As always, there are comments both here and on the website...including a FreeBSD committer who cordially invites me to put my money where my mouth is. Fair point, and I'll be responding to that later. (Along with admitting my ignorance about pkg-src on Solaris.)

On with the show!

libpst is a command-line tool that converts Outlook .pst files into standard mbox files, the way T&R intended.Wish I'd known about this before... One of the outstanding feature requests is listing and extracting individual messages. Maybe I'll take a look at this.

In other news, I borked my home machine (Debian testing) by trying to extend a partition w/ReiserFS. That gave me a perfect excuse to upgrade to a bigger disk and reinstall Debian.

Next up is maybe looking at replacing my venerable copy of Slackware 9 with a Debian install, too; the ease of installing and upgrading Debian packages is just too good to pass up.

I did consider other OSs:

  • FreeBSD: Even after three years, port-upgrade still scares me.

  • NetBSD: meh, what's exciting about that?

  • OpenBSD: Secure, yes, and God knows I'd like to use pf. But not easy to upgrade, either ports or releases.

  • Dragonfly: Not yet.

  • BSDs in general: I want a journalled FS.

  • OpenSolaris: If I wanted to upgrade everything by hand, I'd stick with Slackware.

And yes, I realize I'm damned ignorant, and that a server should not be exciting. But I'm convinced that a big part of running a server successfully is ease of upgrading, whether security fixes or new app versions, and Debian is just wonderful.


Why is the system load 200?

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Here's a fun game: create a large (>1GB) file in your home directory called core and start Firefox. Have a look at this part of

if [ -x "$crc_prog" ]
if [ -f core ]
crc_old=`$crc_prog core | awk '{print $1;}' `
## Run the program
"$prog" ${1+"$@"}
if [ -f core ]
crc_new=`$crc_prog core | awk '{print $1;}' `
if [ "$crc_old" != "$crc_new" ]
printf "\n\nOh no! %s just dumped a core file.\n\n" $prog
printf "Do you want to debug this ? "
printf "You need a lot of memory for this, so watch out ? [y/n] "

Care to guess what'll happen? That's right: Firefox will take 10 seconds to start up because it's busy md5summing a big-ass core file. The user will think that it hasn't launched at all and will click again. Rinse and repeat, with more and more clicking every time. By the time I figured out what was going wrong, the system load was about 200. Fortunately, it's a simple thing to add DEBUG_CORE_FILES= judiciously (not DEBUG_CORE_FILES=0; I keep forgetting that a simple [ $FOO ] simply tests whether $FOO is empty, not whether it's non-zero).

Also: the advantage to being in a small shop is that if you're the only one running Linux on the desktop, you can just go ahead and add things like the latest version of Firefox (now without the amusing bug that makes a search work on some other random tab, instead of the one you're looking at) and the MySQL DBD connector for Perl. It's really incredible how much irritation those two things are gonna save me.

Finally: this is just plain cool. As he did during the Bash scripting BOF, Wout takes me to school. Didn't know about: ssh -t, COLUMNS/LINES environment variables, tput, or just how much Applescript can do.


Insert regex here for GPG and PGP

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Memo to myself: Don't eat the Turkey sashimi.

In other news: I don't usually post links to things just to say "go read this". However, I'll make an exception in these cases.

First, I was recently going to use the word "Manichean" to mean "dualistic, good-vs-evil view of the universe, with an implied inevitable battle between the two". However, when I Googled for it to check the spelling, I came across this article explaining why that wasn't a terribly accurate use of the word. Interesting stuff...I certainly didn't know there were any Buddhist-influenced ascetics hanging around Baghdad in the 3rd century.

Second, there's some interesting and contradictory stuff on the procedures for GPG/PGP keysigning parties here and here. Why does publicizing a public key "slightly reduce the security of a key pair"? I don't know. I've had a quick look through my copy of Applied Cryptography (3rd Ed.), donated by the kind man behind Pangolin Systems, but can't find anything from Saint Bruce about this. Anyone?

Third, there's an excellent set of tools for keysigning parties available here. One of the people who signed my key at LISA had used caff to send it back, which is a nice wrapper around the whole procedure (grab the key, sign the key, encrypt the key with itself, email it back to each of the key's email addresses). The lack of understandable (but see next paragraph's self-ass-kicking) documentation for GPG means that a) this automation is very nice, and b) I'm kicking myself for not buying Michael Lucas' book from the No Starch Press booth at LISA.

Fourth, if'n you've got GPG, it's worth reading the documentation, like the FAQ or the GNU Privacy Handbook. Shame on me for not doing that previously. (And shame on me for taking so long to email people's keys back to them.)

Fifth, you can find some pretty stats here, or the trust path from me to Wietse Venema. Geek Pride!

Sixth and finally, there is this handy little page about how to set up a CPAN library in your home directory. Since it took me a while to track this down, I'm throwing it in here so's I can find it quicker next time.


Sweet Odin's Raven!

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

I've just come across AsciiDoc, and this is SO CLOSE to what I want: Ascii-based markup, still intelligible, and rendered into pretty CSS-compliant whatnot.

For a while now I've been toying with the idea of leaving WordPress behind and just writing all my stuff in Emacs, the way RMS intended, and converting it all to pretty HTML through <handwave>some sort of script or Makefile</handwave>. But this...this is perfect. See this? If it were a black monolith orbiting Jupiter, I would say "My God, it's full of stars!" It's clean, it's spare, it looks good, and it does not require verdammnt patching to stop it from throwing in br tags every time it sees a newline. And you know what it requires? Python! That's it!

I know what you're saying: this is like wiki markup without the wiki. EXACTLY! It's easy to write, easy to read, it looks good and it's just static: no PHP remote inclusion waiting to happen, no heavy load, just simple plain text and html. Oh yes.


WWW::Mechanize and the values of testing

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

One of the great things about going to LISA is that you get the proceedings and/or training for everything on CD or dead tree. (Well, nearly everything...I've heard that some people didn't or couldn't make their training materials available (though I've not been motivated to confirm this yet), and some of the talks didn't do this (Tom, where are your slides?)). There is some wonderful stuff to be found in them... WWW::Mechanize, which is just perfect for testing out this conference registration form I'm working on. Only I've run into a bug that comes when trying to specify which button to click on:

$agent->click_button(value => 'Okay to submit');

That li'l chunk gave me this error:

Can't call method "header" on an undefined value at /home/admin/hugh/perl/lib/perl5/WWW/ line 2003.

One guy reported the same trouble, but got no response. And the RT queue is fulla spam.

But aha, I found out how to use the Perl debugger in Emacs (M-x perldb. Shhhh!) and was able to track things down. Turns out there are a couple things going on:

  1. In the page that I'm parsing, there are actually two forms, not one; one sends you back to correct mistakes, one sends you forward to keep going. Since I was not specifying which one to use, it used the first...and in that one, there is no button labelled "Okay to submit". One I specified the right form ($agent->form_number(2);) everything was good.
  2. But of course, this sort of thing shouldn't happen, right? Right.

There are a couple subroutines/methods in this module that aren't testing for the right number of arguments. One of 'em is click_button, which has this loop:

my $request;
elsif ( $args{value} ) {
my $i = 1;
while ( my $input = $form->find_input(undef, 'submit', $i) ) {
if ( $args{value} && ($args{value} eq $input->value) ) {
$request = $input->click( $form, $args{x}, $args{y} );
} # while
} # $args{value}

return $self->request( $request );

No test/case for not finding a button named whatever, so it just blithely returns $self->request( $request ). But of course, request does the same thing:

sub request {
my $self = shift;
my $request = shift;

$request = $self->_modify_request( $request );

if ( $request->method eq "GET" || $request->method eq "POST" ) {

$self->_update_page($request, $self->_make_request( $request, @_ ));

Again, no test for the right number of arguments. And having just read the Test::Tutorial manpage, I'm all about unit testing and such, baby.


My Street

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Cities and circles drawn perfect, complete
These are the fables on my street, my street, my street
"My Street", The New Pornographers

Okay, my (lawyers, please note) TOTALLY ACCIDENTAL stalking of Tom Limoncelli continues. I met another sysadmin from Boston (who, BTW, is into LISP. Call that accidental? 'Cos I don't) (alsoplus he's the third guy I've met from a small shop, which is damned reassuring in a conference full o'people from multi-continent corporations/teams) who invited me along to the LOPSA hospitality room. I talked to David Parter from LOPSA about why I should join. He also gave me the sad news that the Burritos-as-big-as-your-head place in Madison, WI is closed. Noooooo!

Nice bunch of people, who'll probably be getting a membership fee from me post-haste. Totally unrelated to the free beer. I met a guy from a Scandinavian hosting company that has, like, 300,000 domains (!). We talked about spam for a while, and PHP's ability to include files remotely (he's a big fan. Oh, wait, no) ("When I meet the guy who put that in..." "You'll punch him in the cock?" "Oh, that's just the start of it."), and Perl vs. C vs. LISP vs. Dvorak keyboards vs. I don't know what all.

And who else is in the room AND stared at my badge trying to figure out who the hell I was? That's right, Tom! Still no chance to lean over casually and say, "So I hear Google's trying to figure out what to about TCP scalability bringdown. 'Cos, like, my enterprise-fu PHP taint mode will totally nebbish your gubbins. Scalable. Solution. Moving forward. Come back!"

Also went to the: Free Beer and Ice Cream BOF, PGP/CACert BOF, and the Bash scripting BOF. Last challenge: using Bash built-ins only, check to see if a given TCP port on a given host is open. Welp, I did know about Bash's built-in /dev/tcp/host/port, but totally foundered on syntax. We were told to email our scripts to sounded familiar, and it should, 'cos was Alex Polvi, who works at Oregon State University Open Source Lab, they who provide bandwidth to such as Gentoo, Mozilla and Kerneltrap. At one point, a few friends of his came in and sat down close to where I was, and he came over and talked to them during one of the challenges. "I think everyone would get freaked out if they knew a Google recruiter was here," he said, laughing. Worked for me.

And, BTW, I thought I was at least quarter-decent at Bash. Hah! It is to laugh.


Letter From An Occupant

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

What the last ten minutes have taught me:
Bet the hand that your money's on
"Letter From An Occupant", The New Pornographers

Attended my first BOF last night on wikis for sysadmin documentation -- amazingly fun and informative. I even managed to contribute to the conversation. And when I told the war story about recovering my wiki from spammers (that's right! because PHPWiki sucks!) I got a gratifying look of sympathy from the audience.

Today's talk was "Habits of Highly Effective Sysadmins". It was aimed at folks like me who've been mostly self-taught, and I thought they hit the mark extremely well. (I've heard lots of people here say that they'll go see anything put on by Lee Damon or Mike Ciavarella just on principal (principle?).) Very, very informative and great teachers, too.

I found out today that Tom Limoncelli's name is pronounced "li-mon-sell-ee", not "li-mon-chell-ee". W/luck, this will save me embarassment later.

Tonight the BOFs start in earnest, including the one that offers free beer and ice cream. Sadly, I will be attending the one on pet counting instead. I will die a little bit inside.


Choose It

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Two sips from the cup of human kindness, and I'm shit-faced
Just laid to waste
If there's a choice between chance and flight,
Choose it tonight.
"Choose It", The New Pornographers

Just got back from a whirlwind walk from the Lincoln Memorial to the Washington Monument to the White House. Beautiful, all of it...though a) the White House is small and b) there was something being filmed/videotaped in the courtyard, which made me think of Vancouver.

Training again. AFrisch was good, convering Cfengine quite well; would've liked to see more info about expect. (Apparently there are Perl/Python bindings...I had no idea.) Afternoon course was "Interviewing For System Administrators" by FIXME, and that was great -- lots of things I didn't know, lots of tips on doing it better next time.

Saw Tom Limoncelli in the hall during a break. Managed to restrain myself. I have the reputation for quiet restraint of a nation to uphold.

Very tired now. Time to go get beer.


Bones of an Idol(2)

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

As we sift through the bones of an idol<
We dig for the bones of an idol
When the will is gone
'Cause something keeps turning us on
"Bones of an Idol", The New Pornographers

Today was Solaris 10 Administration, an all-day course that introduced all the nifty features of Solaris 10. I've only worked with Solaris since July, but I've been reading so much about Solaris 10 that most of the stuff presented (dtrace, SMF, zones) was familiar to me. OTOH, the course was aimed at admins of older versions of Solaris (2.veryearly through 8 and 9), and so the explanation of the differences assumed a lot more familiarity with Solaris than I had. It was a curious sensation.

Still, though, it was worth going to. Good quote: "Oracle DBAs are the most Kool-Aid drinking people I've ever met." And another: "Zones are the most controversial thing we'll be talking about today, and spending the most time on. I saw someone carrying two cups of coffee -- that's the right attitude." Also, Bill Lefebvre, the man I was going to accuse of stealing my underwear, wrote top(1).

Oh, and it's a good thing I brought a second wireless network card; the onboard one in the laptop kept dying, with an entry in syslog that read "fatal firmware error". Now I've got an Orinoco Gold in here, and it's working just fine.

Met a sysadmin today who works in the VOIP department of a phone company; they've moved most of their stuff from racks and racks of old-style Alcatel equipment to one rack of Solaris machines acting as soft switches. I was curious about the difference in reliability and uptime; my understanding is that the demands on telecom equipment are worlds above anything that can be provided by COTS Unix, and asked him how it worked for them.

He said that, yes, you'd get situations where a phone call would be delayed because of a system crash: instead of taking one second to connect, it might take two or even three. And if that was anything beyond a small fraction of their customers, that would be a big problem. However, the soft switches had much better failover ability than the old stuff; the old stuff would be up much longer, but when it failed everything would cascade and the whole system would come tumbling down, at which point a customer would hear "Your call cannot be completed as dialed."

Met another guy who was very excited about ZFS, because of an app at his work that writes 4 TB of data in individual 4 KB files. The best they've heard from their current storage vendor of choice is a block size of 8 KB...which means doubling their storage requirements just to deal with filesystem overhead.

I had alligator jumbalaya. It's official: it tastes like salty chicken.



Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Jackie, you yourself said it best when you said
There's been a break in the continuum
The United States used to be lots of fun...
"Jackie", The New Pornographers

10am CST: Welp, I'm in the air on my way to Chicago, and from thence to Washington for LISA. The laptop is running well (stress-tested by Sloan, The New Pornographers and Yo La Tengo), and I'm using my time to skip watching "Lady in the Water" (not how I want to see this film for the first time) and work on AsciiDoc. I think this is going to work pretty well for my plan: to start having my blog in just plain text for source, and plain HTML for output. I like it a lot, and the less PHP I have to audit the happier I am. (Not that I *do* audit PHP. But I feel guilty when I don't.)

Turned out I was rather stupidly cautious at the airport. The flight left at 6.15am PST, and I was there at 3.45am. What I didn't realize is that the ticket counter didn't open til 4.30am, and customs not til *5am*, thank you. But once they got started, everyone moved along pretty quickly.

I did get pulled over for extra searching, but nothing serious: where was I going, could I open the bag, where do I work. Once that was done, the officer was quite friendly; he urged me to take time to go see the sights, since work was paying for this. I expected worse.

But man, I don't know when I'll have the time. Training starts tomorrow with a full day of Solaris 10, and it just keeps going from there. Plus, of course, there's the free beer and ice cream. The time, she flies, no?

I need to get a haircut. I haven't shaved my head in two weeks, so I've got a damned dirty commie hippie head of hair at the moment.

Wow...over somewhere midwestern now, and the patchwork of land is neat to look at. Not half as beautiful as a city at night from 3000 metres,, that's God's own set of Xmas lights.

12.30pm CST: Later...In O'Hare at Chicago, taking advantage of the free electrical outlets for charging laptops. The wifi access is charged-for, though, same as in Vancouver. And me without OzymanDNS...

10.20pm EST: Now in my hotel room. No wireless from USENIX up here, but it does work in the lobby where there's simply an amazing amount of very dressed-up corporate types. I think it's some sort of Xmas party. The contrast between them and the t-shirts-and-jeans crowd (not to mention me typing away alone on my laptop) is stunning. (Incidentally, my grandmother was both shocked and appalled to learn that not only was I not purchasing a new suit for this conference, I would not be wearing a suit at all.)

My luggage, I found out after an hour of waiting, is currently wending its way here from Chicago; I imagine some sort of Die Hard 2-esque leap across the tarmac that failed, but only barely. Allegedly United expected it here at 7pm and will courier it over Real Soon Now. We'll see.

By the time I finally made it to the hotel and checked in, it was 6.30pm . It had been a long time since I'd had anything but Mountain Dew (SPECIAL CAFFEINATED US VERSION!) to eat, so I was just starving enough to go for the -- wait for it -- $13 (US!) cheeseburger in the lobby. That and two Guinesses pretty much blew my budget for the week; at this point, I'm looking into the carb count in a BSSID beacon frame. (Yes, I'm making that term up.) Worth it, though; my roommate and I exchanged war/horror stories with a Sony engineer/sysadmin from San Francisco over the beer. Good times.

I'm pretty sure I saw Aeleen Frisch in the lobby. I think I saw William LeFebvre, the program chair, at the airport picking up baggage from the SAME BAGGAGE CAROUSEL where my stuff was supposed to be. There's this thing called USENIX bingo, where they give you cards with organizers' photos in it and you're supposed to get them to sign it. I think I'm going to tackle LeFebvre and ask him where my underwear is, then get him to sign my card to affirm that he didn't steal it.

I have not yet seem Tom Limoncelli, and I wouldn't recognize Dan Kaminsky if he queried my DNS server via avian carrier, so my plans to see what they've done with my underwear are, as yet, hazy. If my underwear doesn't show up, I may have to go shopping. I think the nearest Wal-Mart is in Tennessee.


Stupid, uninformative errors

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Spent half the day trying to figure out why a Sun Directory Server had suddenly lost its ability to replicate over SSL. The logs said:

[21/Nov/2006:00:01:00 -0800] - INFORMATION - NSMMReplicationPlugin - conn=-1 op=-1 msgId=-1 - Replication over SSL FAILED as SSL is not enabled. Check that the attribute nsslapd-security in cn=config is on.
[21/Nov/2006:00:01:00 -0800] - ERROR<8318> - Repl. Transport - conn=-1 op=-1 msgId=-1 - [S] Bind failed with response: SSL configuration error (808).
[21/Nov/2006:00:01:00 -0800] - ERROR<8221> - Incremental Protocol - conn=-1 op=-1 msgId=-1 - Failed and requires administrator action []
[21/Nov/2006:00:01:00 -0800] - ERROR<8221> - Incremental Protocol - conn=-1 op=-1 msgId=-1 - Failed and requires administrator action []

Google turned up nada. In the end, it turned out that the last time the directory server had been started, the security token had not been provided. Restarted the server, typed in the token on standard input, and replication works again.

Yes, this is a job for expect -- but this approach has failed for coworkers in the past. I'll have to look into it.


OpenBSD netboot problems - unknown error code 72

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

(Note: edited to actually be correct this time. :-)

While trying to get a Sparc machine to boot disklessly so I could install OpenBSD on it, I kept getting these errors:

Boot: bsd.rd
Automatic network cable selection succeeded : Using TP Ethernet Interface
Using BOOTPARAMS protocol: ip address:, hostname: roark
root addr= path=/home/aardvark/openbsd-sparc64/chroot
open /sbus@1f,0/ledma@e,8400010/le@e,8c00000/bsd.rd: Unknown error: code 72

tcpdump showed that the machine was trying to contact the NFS server ( by udp on port 0; the server kept responding with an ICMP port unreachable error. Googling turned up one other person back in '99 (!) who had the same problem, but no fix.

What was weird was that this had worked during an earlier install -- only the running of MAKEDEV hadn't completed (don't ask), so I didn't have /dev/console when I booted up, which meant no nothing once it tried to mount the root directory.

I started looking at the traffic in greater detail, and saw that the packet to port 0 was, according to Ethereal^WWireshark, a nicely formed NFS call trying to get the filehandle for the kernel (/bsd). Well, what would make it send it there? After all, mountd was listening on the same port it'd been contacted on a moment ago...

Looking at the call to portmap on port 111, I saw that the client was asking for the port for nfsd, but was being told that there was no such thing -- that the port number was zero. What the...I checked rpcinfo -p and saw that, yep, there was no nfsd...and then realized my mistake: mountd only deals with mount requests; it's nfsd that actually reads/writes files, gives information about their size and modification times, and so on. I'd been starting the NFS stuff by hand since this was a one-off, and had totally forgotten to start nfsd. I did so, and suddenly all went well. PEBCAK.


Bones of an Idol

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Thursday: Go to The Other University to do some prep for the move coming up next week. Check in with their computer store (where you pretty much have to buy things) to see how the order on the console server is going. The guy behind the counter looks up the order, frowns, and tells me that it seems their supplier does not have one in any of their three Canadian warehouses. Okay, so how long will it take to get one in? He looks at me earnestly and says that, sometimes, they never come in. I ask at what point I can count on the supplier a) giving up and b) informing me of that fact. He frowns again, and suggests that I check back in a couple weeks (four weeks after I've placed the order) just to be safe.

Friday: Get email from contractor/university liason for new building to say that network and electrical connections will not be ready in time because the requests were received so very late. While The Other Guy was supposed to get them in long ago, I should've been on top of this.

Monday, a stat in Canada: Go to the old building to do a serverectomy on a soon-to-be-formerly shared rack. The Other Guy mentions that the new server room has water on the floor. I go over to look, and it's a rapidly evaporating puddle, irregular in shape and maybe two metres across at its widest. I can't figure out where it's coming from. Turns out there's some other stuff that should become formerly shared as well, so I spend time poring over Sun Enterprise 1 workstations (which I like) and old inkjet cartridges for printers that may no longer be around (which I don't like). Ask The Other Guy, who's been involved with the move a lot longer than I have, what electrical connections he's asked for him and for me (long story) in the new building. He says that he gave them the model number of the Sun rack he's got (which has built-in, and very nice, PDUs) and asked them to figure out what he needs.

Tuesday: Moving day. As expected, network and electrical are not present; we've got 2 x 15A 120V circuits. Also, the leak is back, and we can see that it's coming from a small leak in the concrete roof. I move my rack into another room; The Other Guy spreads a blanket over his rack. The liason promises us that the contractors are on the job to fix the roof. The network connections (two fiber, two Cat5) get terminated, so I call the local network folks to get that taken care of. The university wireless network is not present in the new building.

Wednesday: The contractors show up to start fixing the leak. The network connections have been set up. The contractors have put in a big tube of plastic sheeting, taped to the roof at one end and a 40-gallon recycling barrel at the other. The Other Guy decides things are good enough and starts setting up his rack; I elect to hold off another day.

Thursday: The contractors say the roof is fixed, so I move the rack in and start hooking things up. The new OpenBSD firewall comes up nicely -- thank you, pf developers -- as does the main Sun server. Next up is the SunRays in the lab, only they're not. I take my laptop in and try to verify connectivity. I can't. The Other Guys suggests that the VLANs on my new switch are the problem and suggests just simplifying things. I do and keep testing. Traffic from the laptop's RFC 1918 address just never makes it to the server. In a fit of desperation I try using an address in our routable subnet, and it works. This takes me until 8pm to figure out. I email various bosses explaining how far I've got, and the campus network folks to ask if they're filtering this subnet in some way. (This isn't completely out of the question; this place has a reputation for a pretty locked-down network.)

Friday: I buttonhole the guy at the campus network office and ask him about this. He considers this and realizes that while he's forgotten to unblock DHCP (told you it was pretty locked down), the other behaviour I'm seeing can be explained if I've somehow got my interfaces crossed. I'm doubtful but give it a try, which is a good thing because suddenly everything works. I don't understand it or what I did wrong, but assume that I was simply too tired the previous night and thank him profusely for taking the time to talk to me. I am now where I should have been twenty hours before. Mighty battles emerge with Sun's DHCP and Sunray servers. In the end, I have to delete the Sunray configuration, delete all DHCP configurations, and then add the Sunray configuration back. This works, which annoys me; why are there all these opaque configurations around? Not a single plain-text file in sight. I manage to get a printer working, then another. DHCP is modified so that laptops work as well. I call it a night and head home.


8 o'clock, the lights were on at Shea

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

Woot! I managed to install OpenBSD 4.0 on my work laptop this afternoon while Arlo slept in my arms. Not only that, it automagically set up X and I figured out wireless + OpenVPN. Woot! Firefox is running, I've got Mozex and Adblock going...the only thing left is to figure out how to get IceWM to start up automagically.


The Universe occasionally says "Fuck You"

Saint Aardvark Saint Aardvark writes  |  more than 7 years ago

If your machine has hard drives that are, in theory, removeable because they have a front catch, but in practice require you to open up the case to disconnect the SCSI and power cables, that's not a server.

If your machine's CD drive fails and it takes you fifteen minutes of searching to find the unlabelled holes on the bottom of the case that allow access to the screws that are attached to the bottom of the drive so that you can actually remove the drive, that's not a server.

For $399 US, thank you, for the Academic edition of MathMagic, I expect better goddamned installation instructions than this:

- Windows
- MathMagic Pro Edition Full installer with some old versions of fonts and
(Please run this full installer first.)
[ a url ]

- MathMagic Pro Edition v3.5 (application only. The latest version.)
(Please use this v3.5 application, instead of v3.0 installer by the
installer, after moving it into /Program Files/MathMagic Pro/ folder)
[ another url ]

- new CS & CS2 plugin
(Please use this Plug-in, instead of the Installer installed one. Copy
it into InDesign's Plug-ins/Equations folder.)
[ whee! lookit alla urls! ]

- new fonts for PDF embedding
(If you want to embed MathMagic fonts in your PDF documents on Windows,
please download the new MathMagic TrueType font set, and replace the
preinstalled ones(remove the old MathMagic fonts from Windows Fonts
directory and copy these new fonts into Windows Fonts folder).
[ sale! sale on urls! ]

The email goes on to suggest that installation instructions can be found on their website (but neglect to mention that it only covers the Mac version), or "in User Guide documents that you can find after installation." What a crock.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>