jueves, 31 de diciembre de 2009

My wishes for 2010

Hi!

As just about everybody else does, I will be making my wish list for next year, which is just a few hours ahead here in Colombia. Most of the topics are IT related, but not all of them are.

- Get to grab one of those cheap, never-ending battery life ARM based netbooks (the sooner, the better).

- See Firefox (and now Chrome) get to grab more market share than IE.

- See FLISoL explode in assistance and installations (in Bogotá, Colombia and everywhere).

- This is a big one: See a 60 minutes article about FLOSS. That'd be so cool! Here in Colombia, one "Especiales Pirry" or "Séptimo Día" article would make the day.

- Convince the bosses at the company where I work to allow me to use GNU/Linux on my laptop computer (haven't tried yet... have to think of a way to do it). We use a lot of GNU/Linux but not on our desktops which is a shame, if you ask me.

- Get to see my wife come out of her health problems and make it back to her normal life (love you, Honey!).

- Get to spend next Xmas and new year (that'd be 2011) with my family (I mean, the blood related one), be it in Maracaibo (where I'm from) or here in Bogotá... better here in Bogotá (I just spent a weekend at a hot place and I couldn't bear it. Don't want to think what it'll be when I put my feet back in Maracaibo. :-S)

I guess that'd make it for next year. Hope at least half of them come true... specially the last two.

Happy MMX! (no relation to Intel)

jueves, 24 de diciembre de 2009

How to see files hidden behind a mount

Hi!

It's been a while since I did my last technical post. Yesterday I saw myself in a situation where I had to see some files in a directory that was used to mount a partition so I wasn't able to see the files I needed, so to speak. After some hacking, I was able to see the files. Here's how it's done.

First, let's set an environment for our tests. I have some files in /mnt/D/ and /mnt/D/ is in the root partition:

# mount
/dev/sda6 on / type ext3 (rw,relatime,errors=remount-ro)
proc on /proc type proc (rw)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
# ls /mnt/D/ -l
total 8
-rw-r--r-- 1 root root 6 2009-12-24 14:55 test2.txt
-rw-r--r-- 1 root root 5 2009-12-24 14:55 test.txt
# cat /mnt/D/test2.txt
adios

Now, I use this partition to mount a drive from a windows host, so after I do that mount:
# ls /mnt/D/ -l
total 884802
-rwxr-xr-x 1 antoranz root 1883 2009-11-27 09:42 20091125.html
-rwxr-xr-x 1 antoranz root 2150 2009-11-27 10:59 20091126.html
-rwxr-xr-x 1 antoranz root 110230 2009-10-17 19:56 3D400055.WAV
-rwxr-xr-x 1 antoranz root 0 2009-12-23 15:10 algodon.txt
drwxr-xr-x 1 antoranz root 0 2009-11-04 15:34 billnew
etc

so the files that were in /mnt/D are now hidden because of the new mount. What I did to see the files was to remount the root partition (as that's the partition where the files I need really are) in another mount point. Let's try to do it directly. As you can see from the mount I showed before, my root partition is in /dev/sda6 so:

# mount -o ro /dev/sda6 /mnt/tmp
mount: /dev/sda6 already mounted or /mnt/tmp busy
mount: according to mtab, /dev/sda6 is mounted on /

I knew it wasn't going to give itself up so easily. But don't panic... there's a way to fool the SO... really! Have you heard of loop devices? Now's a great moment to learn about them... but I won't go into the details. Let's just say they are very useful. Do your homework and find out about them. Let's link /dev/sda6 to a loop device:

# losetup -f -v /dev/sda6
Loop device is /dev/loop0

So /dev/sda6 is now linked to /dev/loop0. Let's try to remount the root partition again to see what happens:

# mount -o ro /dev/loop0 /mnt/tmp
#

The prompt is staring at me and the command didn't complain. Seems like it's done. Let's see what's in /mnt/tmp:

# ls -l /mnt/tmp/
total 108
drwxr-xr-x 2 root root 4096 2009-12-11 21:01 bin
drwxr-xr-x 3 root root 4096 2009-12-24 11:10 boot
lrwxrwxrwx 1 root root 11 2009-08-20 12:06 cdrom -> media/cdrom
etc

The content of the root partition... as expected. Well... let's see if the files I need are still there:
# ls -l /mnt/tmp/mnt/D
total 8
-rw-r--r-- 1 root root 6 2009-12-24 14:55 test2.txt
-rw-r--r-- 1 root root 5 2009-12-24 14:55 test.txt

As you can see, the new mount point is not fooled by the fact that there's something else mounted in /mnt/D. And now finally let's see if we can get the original content of the files:

# cat /mnt/tmp/mnt/D/test2.txt
adios

And there you are. Now, a little word of caution. I was able to see the files but the content of the other file appears to be corrupt (have to find out why) so be careful with what you get at the end. Take it as a nice start.

Merry Xmas, everyone!



Venezuelan Justice System used to be David Morales Bellos' before the revolution... Now it's Hugo Chavez's. At least David Morales Bello was never the president of Venezuela.

domingo, 15 de noviembre de 2009

A tip for the next interview with Steve Ballmer

Hi, guys!

In case you are an IT journalist and were to interview Steve Ballmer, Microsoft's CEO, please, I beg you, ask him this question:

- Mr. Ballmer, given your hard stance on GNU/Linux violating Microsoft's IP (whatever that means), what's your take on Microsoft being caught twice in a matter of a few months in violations of the General Public License? Is it official policy at Microsoft that personnel can throwing all kinds of (unproven) accusations at the Free Software community yet, at the same time, treat GPL software with total disregard for the terms they demand?

I just can't believe a company that prides itself of "respecting IP" can be caught twice in a GPL violation. Even worse if all they do is point fingers at other people saying other's are violation Microsoft's IP (without showing proof).

- http://news.slashdot.org/story/09/07/23/1327205/Microsofts-Code-Contribution-Due-To-GPL-Violation
- http://www.pcmag.com/article2/0,2817,2355892,00.asp

lunes, 9 de noviembre de 2009

man date: %C: century; like %Y, except omit last two digits (e.g., 20)?

Oh, really? The only problem that I find in that statement is that it would be correct on the very last year of a century. I mean We are in 2009 and our century is the 21st, right?
Well, let's see what date says about our century:

$ date +%C
20

Lovely! What about in 1999?

$ date -d 19990303 +%C
19

So in 1999 being the 19th century, the closest thing I was to using a computer was an abacus (considering I was a windows user at the time we can agree I was actually using something next to an abacus).

And what about the last year of the 20th century?

$ date -d 20000303 +%C
20

Only then the definition provided by 'man date' does match the actual century for a certain year. And before people start complaining about 2000 being the first year of the 21st century instead of the last of the 20th century:
The year 0 doesn't exist in our calendar. Remember the gregorian calendar is roman based and romans didn't know the concept of 0, therefore no year 0. Theoretically speaking, from Dec 31st 1 BC, you'd have jumped into
Jan 1st 1 AD. If the first year of the first century is 1 AD and the last is 100, the first year of the second century is 101, the first year of the 20th century would be 1901 and the last would be 2000 and the first of the 21st century would be 2001 and so on. I used to discuss about this very same point with my Music History professor at the Conservatory in Maracaibo and we'd get into all kinds of philosophical questions about when it was 0, the limit between year
1 BC, 1 AD and so on and we'd never get to a point. My best wishes for my dear professor Osvaldo Nolé, by the way.

More info:
- http://en.wikipedia.org/wiki/Year_zero
- http://en.wikipedia.org/wiki/Gregorian_calendar

sábado, 3 de octubre de 2009

3com 3CRWER101U-75: Not working.

Hi!

I went shopping to the mall that is around my house for a wireless router this morning. I didn't want to spend a lot of time on it so I basically bought the (almost) first router that I saw. It's a 3com router. A 3CRWER101U-75 (model WL-550, I think). I bought it thinking that it'd be a reliable router, even if it wasn't very powerful. As long as my wife could be connected to the net from our room, it'd be more than enough.

So, I arrived home about 4 hours ago. Since then I've been trying to get the damn thing to work properly and I just haven't been able to get it to work.

If I try pingin the router from a box that is connected to it by wire, the connection is intermittent:

64 bytes from 192.168.200.1: icmp_seq=3594 ttl=64 time=0.384 ms
64 bytes from 192.168.200.1: icmp_seq=3595 ttl=64 time=1.14 ms
64 bytes from 192.168.200.1: icmp_seq=3596 ttl=64 time=0.678 ms
64 bytes from 192.168.200.1: icmp_seq=3597 ttl=64 time=0.467 ms
64 bytes from 192.168.200.1: icmp_seq=3598 ttl=64 time=0.563 ms
64 bytes from 192.168.200.1: icmp_seq=3599 ttl=64 time=0.789 ms
64 bytes from 192.168.200.1: icmp_seq=3609 ttl=64 time=9770 ms
64 bytes from 192.168.200.1: icmp_seq=3619 ttl=64 time=0.435 ms
64 bytes from 192.168.200.1: icmp_seq=3620 ttl=64 time=0.401 ms
64 bytes from 192.168.200.1: icmp_seq=3621 ttl=64 time=0.421 ms

See the wholes between 3599 and 3619? How about that?

Talking about the wireless, the only setting that is close to working is setting it to use WPA/WPA2 Only with TKIP+AES. And I say close because I only get to connect to the wireless on GNU/Linux with wpa_supplicant (running on the console) and even then it disconnects quite often. On windows, it's a no-go. And I'm talking about boxes that are less than 2 mts from the router while I do my testing.

Is it that I'm putting it under too much of a load while I do my testing? It's a very small router so I don't expect it to behave as a high-end router.... but even then... what's the firmware based on? Windows Vista?

I just can't believe it, really. I thought 3com products where reliable. At least this router doesn't make the company look good. What should I do? Is there a firmware update or something? Somebody help me, please!

PS I should have heard recommendations from a friend of mine who told me to get a WRT54G router instead, but I didn't get to see any at the mall, so....

Update 1
The wired connection has been working much more reliably today. So far, I haven't had any disconnections so far. However, the wireless is another story. Though the wireless can be seen by hosts, I can't connect to it:

CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:1e:c1:a2:3f:ec (SSID='Enfermitos' freq=2422 MHz)
Association request to the driver failed
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Authentication with 00:00:00:00:00:00 timed out.
CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:1e:c1:a2:3f:ec (SSID='Enfermitos' freq=2422 MHz)
Association request to the driver failed
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Authentication with 00:00:00:00:00:00 timed out.
CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:1e:c1:a2:3f:ec (SSID='Enfermitos' freq=2422 MHz)
Association request to the driver failed

What should I try?

miércoles, 9 de septiembre de 2009

dhcp-lb 0.02

Hello!

You might have read about dhcp-lb when I announced it a couple of weeks ago. It's a suite (sui generis :-) that is used to keep multi-path routing configured when you use dhcp up-links.

After it was tested at the Hospital where I used to work before, we noticed a problem and I decided to enhance the script over that discovery so I'm announcing dhcp-lb 0.02. Go get it from here.

Not much has changed, as a matter of fact. The thing is that you can tell dhcp-lb what static interfaces you are using besides the up-link. Those static interfaces are not involved in the multi-path routing (just yet), by the way... so if you have a provider that has a static configuration and another that uses dhcp, the script is not ready to handle that... but it will come... someday (hopefully in the rather not too distant future).

So, say you have interfaces eth1 and eth2 used for internet (dhcp) where eth2 has double the bandwidth of eth1 and a static connection to your intranet on eth0, the configuration file will look like this now:

dhcp-lb eth1 table-eth1 200 1
dhcp-lb eth2 table-eth2 201 2
static eth0

I also included some checkups for the configuration file (more than one space or tab can be used between the components of a configuration line, empty lines are welcome, etc.. but more checkups are still missing, I'm sure). Feel free to use it (and I thank you for using it if you do) and tell me how it goes.

Bye!

PS Thanks go to Overt Barreto at the Hospital of Pediatric Specialties in Maracaibo, Venezuela for taking the time to test the script... he had to anyway but it's always nice to have a person tell you when something goes wrong.

viernes, 4 de septiembre de 2009

Carta abierta a rector de la UTN (Argentina)

Buenos días!

Soy un ingeniero de computación venezolano que vive en colombia. Acabo de enterarme de que la UTN canceló una charla del Sr. Richard Matthew Stallman a darse en su Universidad. Dicha charla, según la fuente, fue cancelada por contratos que la UTN tiene con Microsoft que impiden que se hagan críticas sobre dicha empresa.

Creo que de más está decir que debería darles _pena_ haber cancelado la charla de una persona tan importante dentro del mundo de las tecnologías como RMS por razón de dichos contratos. Cualquier mortal se vería tentado a pensar que la universidad debería ser un ambiente para el desarrollo libre de las ideas/expresión.... claro, siempre y cuando dicha universidad no tenga un contrato con alguna compañía que se lo impida.

Ojalá se den cuenta de su error y decidan llevar adelante la charla... incluso si eso implica la cancelación de los contratos (total... hay bastante software libre por ahí que les servirá para las mismas funciones y sin un contrato restrictivo). Creo que en este caso hay suficientes bases desde el punto de vista moral (como se acaba de ver con este ejemplo) como para que su universidad decida rescindir de ellos.

Muchas gracias por su atención.

sábado, 29 de agosto de 2009

Popping GNU/Linux out of the Virtual Machine

Hi!

At work I'm tied to a windows machine, however I have been able to use GNU/Linux which is where I'm most productive.

First, I tried working with Portable Ubuntu. It works pretty well, however the latency can be a little high sometimes (Firefox being the most obvious case that I noticed).

About a week ago I started working on a clustering experiment and wanted to give it a shot inside Portable Ubuntu. However, I discovered it wasn't possible because its kernel doesn't support bridging (I was going to use some qemu virtual machines for the experiment).

Well, It seemed like I was going to need a virtual machine to host the experiment after all. I have used qemu and love it because of all the networking tweaking it allows you to do, however it can be very slow... and inside the virtual machine I was going to host more virtual machines, so I decided to use something else, at least on the hosting virtual machine.

I tried VirtualBox and was gladly surprised by its performance. It was veeeeeeeeeery fast.

Got Kubuntu installed on it. It works acceptably. Now the problem with virtual machines where you have a window that represents the computer's monitor is that you have to use key combinations to get in and out of the virtual machine environments.... plus the windows in the virtual machine are inside a window that looks not integrated to the real environment.

But then a truck hit me. How about finding a way to get the windows out of the virtual machine? How about using an X server on Windows (XMing, for example) and configure the Virtual Machine to use that X server. kdm can be configured to use a remote X server.

If you check /etc/kde4/kdm/kdmrc (remember it's Kubuntu, so I'm using KDE... gdm must have something similar), in the [general] section, there's StaticServer and it's set to :0 (in other words, the X server of the host). I changed that to say 10.0.2.2:0.0 (the address of the windows box from VirtualBox):

StaticServer=10.0.2.2:0.0

Then I started XMing (XMing included in Portable Ubuntu, by the way) with -rootless, so that I got no decoration for the X server window, then I restarted the kdm service on the virtual machine and there it is! kdm is displayed on the windows environment. Log in to kde and after a moment of not seen anything on the X server screen I get to see KDE's background, plasma panels and everything else. Cool! The windows are not integrated in windows, but I don't have to get in/out of the Virtual Machine screen anymore.

The only thing I'd have to complain about so far is that sometimes the latency on KDE gets too high and I don't know how to avoid it. I tried with the windows XMing and cygwin's XWing but I got the same latency issue. How can that be avoided?

Picture
The picture I'm including is the same thing running off a Kubuntu 9.04 LiveCD on my wife's box (shhhhhhhhhhh, she better not hear about it).

Sidenote
When I log into kde, depending on the resolution of Windows (the real OS of the machine), KDE's splashscreen is seen or not.

sábado, 22 de agosto de 2009

dhcp-lb: Load balance with DHCP links

Hi!

Some years ago, when I worked at the Hospital of Pediatric Specialties in Maracaibo, I did a project that would update routing for our multi-link internet connection when there was a DHCP event. I decided to redo the whole thing using a simpler approach plus I would release the code without asking for permission (as it's mine now) under Affero GPLv3.

Introduction
So, you have read lartc's guide on 'Routing for multiple uplinks/providers' and it all makes sense (and does work). However, there's a catch for you: Instead of having static network configurations, your ISPs use DHCP to set your network connections and you don't intend to sit all day long waiting for DHCP event to happen to reconfigure the whole thing, do you? That's what I thought.

dhcp-lb
In order to solve the problem I just described I created dhcp-lb. It's a python script that, once configured and linked as a dhclient exit hook, can listen to dhcp events and reconfigure networking accordingly.

What I need
You need python, dhclient, iproute2 (that I think will come by default in almost every distro) and a multipath-enabled kernel (check for CONFIG_IP_ROUTE_MULTIPATH, I think).

How to get it?
Right now, the only way to get it is through bazaar from launchpad's branch I set for it. I have created a PPA, but I have to learn how to use it so be patient (maybe someone can help me in this journey). If you want it but don't want to use bazaar to get it, email me and I'll gladly send you a tgz with it.

Configuration
Configuring it is fairly simple. You need to create a file called /etc/dhcp-lb with the configuration of each link involved in the multilink default route. Each line has the configuration of each link and it has four fields (so far):
- Network Interface
- Routing Table for that interface
- Routing Table ID (numeric, less than 255... check /etc/iproute2/rt_tables)
- Weight (numeric, more than 0)
All 4 fields have to be separated by exactly a single white space at this time. One example /etc/dhcp-lb file would look like this:

# interface routing-table table-id weight
eth0 table-eth0 200 1
wlan0 table-wlan0 201 2

In this example I set wlan0 to have twice the routing weight of eth0 (for example, eth0 is 512 kbps and wlan0 is 1 mbps). Also, if the routing tables are not set in /etc/iproute2/rt_tables, dhcp-lb will take care to add them to that file, so no need to change rt_tables beforehand.

After you have done that, all you need to do is link /usr/bin/dhcp-lb into the exit hooks directory (/etc/dhcp3/dhclient-exit-hooks.d in my case) and you are done. Restart the network service and it should start working right away.

Keep in mind
dhcp-lb only configures routing with multiple uplinks and it doesn't correct any of the shortcomings that come along having multiple uplinks. It only reconfigures routing with dhcp events. What are the shortcomings? That would require a blog posting of its own, but this is the most noticeable (at least, to me):

- Balancing works beautifully for multiple short connections from your LAN. Few long connections? It won't look like it's balancing at all. It's because of the way routing works. The kernel doesn't make a routing decision for every packet that goes out of a box. Instead, it uses a routing cache to associate a target IP with the network interface it chose to use to get to it so it doesn't have to make a routing decision again... and the cache lasts for a few minutes (run this command: ip route show cache to take a look at the actual cache). After a while, it can decide to send packets to that same host through another network interface possibly breaking connections established to that host cause the other host will start receiving packets from a different address.

Conclusion
I hope this project helps you. However, this project is (as you can see from the logs) very young so expect it to have some problems (that I'll be working to solve). Have patches for it? Please, send them without hesitation. I'm open to suggestions and donations if you consider I deserve any.

Update
I just released dhcp-lb 0.02 (sep 9th 2009). Check this post to learn more about it.

domingo, 16 de agosto de 2009

[OT] Adsense: Get scientology out of my site!

I set up Google's adsense on this blog. It's not being making all the truckloads of money I expected from it, but it's better than nothing nevertheless.

However, since a couple of weeks ago, the only advertisements I've seen on those spaces are dedicated to Scientology... at least on the computers I've been able to check for it.

Now, I've got a problem with that... and it's not because I don't like Scientology per se. It's just that I don't have any sympathy for any religion in particular. And come on, if there's an advertisement of Scientology every once in a while, I can let it slip through... but EVERY AD for the last couple of weeks? That is a little too much for my religious tolerance.

So, guys at Adsense, get rid of the Scientology ads on my site.... or even better, set up a page so that I can ban some ads I don't want to see on my site (like religious ones, for example).

Thanks in advance to anyone who can help in this regard.

martes, 11 de agosto de 2009

Installing openSuSE: grub complaining on a hardware RAID

Hi!

I'm a Kubuntu/Debian user (and intend to stay that way), however a few days ago I set myself to install openSuSE 11.1 (LiveCD based on KDE4). The thing is that this particular box has a hardware RAID set up.

0f:08.0 RAID bus controller: Hewlett-Packard Company Smart Array E200i (SAS Controller)

I had no problem installing other OSs on top of it so I thought it was going to be painless.... It wasn't.

As a matter of fact I didn't have too much of a problem (and the installation was pretty fast, congratulations for openSuSE for that).... except for the fact that when the installer was about to finish, on the part where grub was going to be installed on the MBR, it would fail miserably with an error 21. It would complain about not being able to find a certain device. I was given the option to retry installing grub without going though the whole installation procedure all over again. I tried a couple more times with a few option changes but I always got the same error.

I then went into grub (by calling grub as root on the terminal) to see what I could do. I tried to change the root device, but when I wrote root and then hit the tab key to see the available devices, no one showed up. Could it be because I'm working on a live CD and some of those partitions were just created?

I went openSuSE's IRC channel on freenode.net and the guys there were very interested on my problem. After a while someone (sorry not to remember your nick, man.... or woman... but thanks for showing me the light) told me that it could be a problem with grub's device.map file.

I went there (/boot/grub/device.map of the running LiveCD instance) and only saw a line for (fd0). It looks like it's missing all the partitions I have set up on the disk after the installation (Important Notice: see the update to the article at the end). I write a mapping of all the devices that I needed (including the HD I was using and all the other partitions with other operating systems) with what I would guess partitions would be to grub. Something like:

/dev/cciss/c0d0 (hd0)
/dev/cciss/c0d0p1 (hd0,0)
/dev/cciss/c0d0p2 (hd0,1)

And so on. Saved the file then I went into grub again. root tab..... and there are all the partitions I needed. So I do the grub installation procedure which ends up being like this:

root (hd0,4)
setup (hd0)

(hd0,4) would be the / partition I was installing on (with /boot not in a separate partition). Remember I was trying to install it on the MBR, that's why I say (hd0) on the setup command. I get the output that the installation went right and I'm done.... almost. I mount my root partition (that would be / of the just installed openSuSE) and see the content of its /boot/grub/device.map and it's the same old broken one. I replace it with the one I edited on the running LiveCD. Unmount, just in case so the installer (which is still waiting for me) doesn't go crazy.

Then I let the installer finish telling it that I don't want to install any bootloader. It finishes installing. Reboot, I get openSuSE running.

Hope you don't need to apply this but... it could be a little too late. Otherwise, why would you be reading this, right? Good luck anyway!

UPDATE
I'm looking at the device.map file on my box at home with Kubuntu kinky... I mean, karmic (that openSuSE box was at work) and I see that the only line there is a mapping to the hard drive and not all the partitions of my box:

(hd0) /dev/hda

So perhaps I just needed to add a line to map /dev/cciss/c0d0 to (hd0) and that would be it... but it could also be because karmic is using grub2, so keep that in mind when you try. In any case, I'm not going to retry doing the installation just to figure it out.

domingo, 26 de julio de 2009

Are we too naive by believing that GNU/Linux is more secure by design?

Hi!

I've been wondering for the last couple of days about the proposition that I use where I state that GNU/Linux is far more secure than Windows among other things because it's designed to be so (a real muti-user OS by design, real Networked OS by design, etc) plus other customs that we *NIX users have like not using the root account to play Frozen Bubble and so on.

Now, there are people that say that it's just that GNU/Linux is less attractive to malware software because there are so few of us GNU/Linux users. I have always thought that this is crap but anyway....

Now, think about the things that FLOSS developers get to do:
- Crack encrypted DVDs
- Allow for communication between Microsoft Windows hosts (with a twisted SMB protocol) and *NIX hosts before Microsoft (reluctantly... but with a lot of PR spin, as usual) released the documentation about it
- Synchronize with iTunes
- Running GNU/Linux on basically any piece of equipment worthy of running it (with or without support by the vendor).. and some others that aren't worthy but....
- Brake every DRM mechanism ever built

And the list goes on and on. No matter what the developers wanted to restrict, there has always being a way to crack it.

Now... if FLOSS developers are able to do basically just everything they set themselves to do, wouldn't it be possible that malware developers will get get to do the same with the security barriers set on a GNU/Linux (or *NIX for that matter) no matter how hard we try to restrain them?

I just wonder

sábado, 25 de julio de 2009

Random musings on GPL and Microsoft

This has been a very remarkable week.

We had Microsoft releasing some 20,000 LOC of Linux drivers so that Linux can run faster on their Hyper-V solution. A lot of MS PR saying how they love interoperability and how cool they are. I will be the first to say that I was in shock (and I bet I wasn't the only one). After all, we are talking about a license that their managers explicitly hate so why release code under that license then? I just couldn't help seeing a little hypocrisy involved.... to say the least. It's always cool to say that they had to eat their own words anyway so I didn't take it as a bad thing, after all, as Linus says, we are all developing scratching our own itches.

But a couple of days later things got even more interesting when we hear that there was an issue with some GPL code that they were using in their solution that was improperly linked and so they had to release the code... BUT it was not a GPL violation (or so they say). Now, wait a minute... if there was a situation that had to be called upon (which people involved say they wanted it to be handled quietly) and ended up with them releasing the 20 KLOC, then how can that not be a GPL violation? If there was no violation then there was no situation to be called upon (which people involved wouldn't have had to say that they would have wanted it to be handled quietly) in the first place, was there? I don't know, but something smells fishy here.

Now, let's make something clear. Microsoft representatives have stated in the past that GPL is viral and that it attaches itself in their IP. Look, pal... GPL doesn't attach itself. It's not a living thing. It's attached by developers when they choose to use it. Their own in-house developers do it (as Cisco via Linksys and others have had to learn the hard way... now perhaps Microsoft joined that Hall of Shame). After all, nobody is forcing anyone to use GPL code in their solutions. Well, at least I haven't heard of anyone complaining of having RMS threating them with using GPLed code in their solutions or.... So if you don't like the GPL, then don't use code released under its terms. Stop wining about how bad the GPL is, do your homework and write your own code instead. I know.... there's excellent GPL code out there and it's gonna take time to reproduce it but... if you choose to use it, then abide by its rules. That's all their creators asked for when they released the code under its terms after all, right?

domingo, 5 de julio de 2009

Miguel: You, the man! - Open letter to Miguel de Icaza

Dear Miguel:

During the last couple of weeks there has been a tremendous amount of information pouring about Mono, the free (speechwise) implementation of .NET started by you, Novell's vice-president of Development Platform, and how it should/would be handled by distros. We even had RMS himself come into the fray and tell us his take on it (which he had been mum about till now).

Mono is a development framework that (more or less) implements .NET (yes, that framework from Microsoft). The thing is that while some parts of .NET are open standards approved by ECMA and released under RAND terms, there has to be a solid word from Microsoft about what these RAND terms would be for Mono. The biggest fear of it is having a patent related claim later on when Mono-dependent applications become more "established" and harder to be replaced.

We have seen that when you are asked on it, you point at ECMA and when they are asked they do an HTTP redirect to Microsoft instead.. and they are just as mum as RMS was (conveniently so for them, I think.. they must be laughing their asses off by seen how we debate on the topic with them moving not a single finger).

So, coming back to the point, what we need, Miguel, is a statement from Microsoft, and I mean from someone that has gained a little confidence from the FLOSS community like Sam Ramji or Lawrence Crumpton who have at least shown their faces and stared at the beast (us) straight into the eye and not some random PR representative, telling us how the thing with Mono is.

Now you are the guy with the contacts at Microsoft, you are in charge of Mono, so just like in "The Ladykillers" (do I love that movie!) when the quarterback grabs Lump by the helmet's grill and tells him: "Hey, butt-head! You, the man!", now it's my time to tell you: You, the man! Get us out of this FUD feast (from both sides of the debate) and make them say something we can eat.

Glad to be of service

sábado, 27 de junio de 2009

Named Pipes... or how to get two separate applications to interact

Recently, I've been working on an application (bash based) that could gather some information that I need from a host (network interfaces configuration, arp neighborgs, routing policy, pinging some other hosts, etc). Then I wondered that it would be good if I were able to connect to some hosts through SSH and run some commands on those hosts and save the output of those commands as part of the information of the first host. Like an information gatherer of sorts.

I started working on this part of the project and hit a brick wall. When I connect to a host using openSSH's server, I had no problem throwing a bunch of commands at the server and wait for the output to come from ssh and save it. Say, something like:

$ ssh ubuntu@ubuntu <<EOF
> ip link show
> ip addr show
> EOF
ubuntu@ubuntu's password:
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:21:70:94:08:b0 brd ff:ff:ff:ff:ff:ff
3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:44:d3:f4:bf brd ff:ff:ff:ff:ff:ff
4: pan0: mtu 1500 qdisc noop state DOWN
link/ether 96:4d:e1:83:8a:4d brd ff:ff:ff:ff:ff:ff
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:21:70:94:08:b0 brd ff:ff:ff:ff:ff:ff
3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:44:d3:f4:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.123.127/24 brd 192.168.123.255 scope global eth1
inet6 fe80::216:44ff:fed3:f4bf/64 scope link
valid_lft forever preferred_lft forever
4: pan0: mtu 1500 qdisc noop state DOWN
link/ether 96:4d:e1:83:8a:4d brd ff:ff:ff:ff:ff:ff

Great. However, I didn't' want to connect to a host with one openSSH service. I had to connect to a router (a HW router, so to speak) that, whenever I sent it more than one command, would break my connection.

After several tries and experiments, I thought about creating one application that would use the ssh client to send commands to the router and get the output of the ssh client. It would wait for the router's prompt to show up before sending another command. Now, that would require not only getting the output of the ssh client, as that is a piece of cake:

$ ssh user@host | ./ssh_handler

That would allow my_ssh_handler to get the output of ssh (in other words, the router) to process it, but I also need to send commands to the ssh, somehow. That's when named pipes show up.

Named pipes allow you to send/receive data from streams that are not the standard input/outputs we get with every process (standard input, standard output, standard error).

Say you have two terminals sessions sitting on the same directory:

Session 1:
$ pwd
/home/ubuntu/pipe experiment

Session 2:
$ pwd
/home/ubuntu/pipe experiment

Let's create a named pipe in this directory in one of those sessions:
$ mkfifo my_pipe
$ ls -l
total 0
prw-r--r-- 1 ubuntu ubuntu 0 2009-06-28 18:00 my_pipe

We now have a pipe in the directory (see the leftmost p in the listing, that means it's a named pipe).

Now, let's try to send something from session 1 to session 2 through the pipe:

Session 1:
$ echo "Hello" > my_pipe

Notice how the process is blocked and doesn't exit. Let's read the content of the file with cat on session 2:

Session 2:
$ cat my_pipe
Hello

And if you go to Session 1, you will see that the echo has finished executing.

Now, let's create two scripts that will exchange information through two pipes. Script 1 will read lines from its standard input sending them and then will receive a line of information. The second will send back exactly the same line prepending: "You said".

Script 1:
# read from the standard input
while read input; do
    echo $input > pipe1
    # read from the other session
    read input < pipe2
    echo $input
done

Script 2:
#read from the other session
while true; do
    cat pipe1 | sed 's/^/You said /' > pipe2
done

When you run script2, it will stay there forever waiting for processes to dump stuff into pipe1

Then we run script1 like this:

$ ( echo HELLO; echo BYE; ) | ./script1
You said HELLO
You said BYE
$

Right on target. Now, I want to explain a very tiny detail. Why did I use an infinite loop on script2? Because if you try with a while read, it would only read a single line from pipe1 and then get an EOF and finish the loop (something related to the way the echo > pipe1 in script1 works, I think).

And then, going back to my problem, how did I get to make the handler? One simple way to put it is:

$ ./ssh_handler | ssh -i certificate user@host > a_pipe

ssh_handler uses its standard output to send commands to ssh. ssh is using a certificate so that I don't have to use password authentication, it gets the commands from its standard input and writes whatever comes out of the ssh server to a_pipe (you guess it, a named pipe). a_pipe is used by ssh_handler to read whatever comes from the ssh server and that's it: Two interacting applications.

sábado, 6 de junio de 2009

SSH Tunnels: Using a service from a nated (twice) box

Hi!

Recently I have being managing a box using a 3rd party application that allowed me to handle a windows box where I could use putty to get SSH access to a linux box. It had to be done this way because both my box and the linux box are nated, so they can't reach each other. Let me say it was a real PITA. The keyboard layouts were getting on my nerves. Some important keys didn't work sometimes... or at all (like ; or @ or ', etc). After a while I was encouraged enough to dig for a solution to get access to the SSH service of the linux box directly (or almost) instead of depending on this mess I was using.

First, let me introduce SSH tunnels before I dig into the actual solution to my problem.

SSH Tunnels

SSH tunnels are used between an ssh client and a server so that there is one parallel trusted (encrypted) connection using SSH as its transport.

When the tunnel is set up, there will be a passive listening side and one active connecting side. On the passive end we set up a port so that the tunnel waits for connections of clients to this port. When a client connects to this port, on the active side there is another connection to (potentially) another host/port and so the tunnel connects the client that used the passive port to the new connection on the active side.

The tunnels can be set up so that either our client is the listening side or the active side. But, it will never be both in a single side. It's either listening or connecting, and the tunneled connection is always established from the listening side to the active side.

So, how do this work? Well, let's do some simple examples.

L Tunnel (client side is the listening end)

On a local tunnel, we set up a port on our side and the SSH server will be the connecting side.

Let's say we want to get access to a HTTP service that is on the SSH server, but we want to use one encrypted transport for the transmission.

Say we will use our local port 8080, and on the other end the HTTP service is listening on port 80, the user to connect to the SSH service is sshuser and the host is sshhost. So, we set up the connection like this:

ssh -nNT -L 8080:localhost:80 sshuser@sshhost

After the tunnel is set up, we can use a web browser to use the http server:

http://localhost:8080

Ok, let's explain the details so we can get the devil out of the equation.

-nNT is used so that SSH doesn't start a SSH terminal session besides the tunnel (as I don't want to use it).

-L 8080:localhost:80 Here is where the tunnel is set up. The first parameter (8080) is the port we want to set up on the listening end (our host for a L Tunnel). Then the interesting part, localhost:80... with this we are telling the active side (on the SSH server for a L Tunnel) that when a client connects to our listening port (8080) we want the other end to connect to host localhost (localhost to the other end, the SSH server, that is) port 80 (http service).

After running that command on our box, we can see this with netstat:

tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 3310/ssh

As you can see, we set up a listening port on our host on port 8080 and it's only available to processes running on our host (I guess it's possible to fool this a little with a little nating, but it's out of the scope of this article).

Now, we just have to use this port on our host to use the HTTP service on the other end. That's why we say http://localhost:8080.

In this case we used the HTTP service of the same SSH server we used to set up the tunnel. But we could use the HTTP service of yet another host that's accessible to the SSH server. Say there is a host that's accessible to the SSH server through IP 192.168.25.3 (as you can see, it's a private network that could be only accessible to the SSH server and not us from our host). In that case:

ssh -nNT -L 8080:192.168.25.3:80 sshuser@sshhost

Then we use our browser:

http://localhost:8080
R Tunnel (ssh server is the listening end)

Say we want to set up port 2000 on the other end of the tunnel so that when clients connect to it, we will let those clients use our HTTP service on our host. We do basically the same we did before:

ssh -nNT -R 2000:localhost:80 sshuser@sshhost

As you see, the only real change is that we said -R instead of -L. All it does is invert the direction the tunnel is set up (listening side on the SSH server).

After we set it up, on the other end we can use netstat to check if we are listening:

tcp 0 0 127.0.0.1:2000 0.0.0.0:* LISTEN

Then we should be able to browse with a client from the other end of the connection by using port 2000:

http://localhost:2000

As in the case of L Tunnels, the order of the parameters of the tunnel is always the same: port on the listening side:server host on the active side:port on the active side.

And just like in the case of the L Tunnel, we could use a R Tunnel to connect to a host different from the active host of the tunnel. So say I want to enable access to a remote desktop service of a windows box that's on my private network accessible (to me, that is) through IP 172.17.32.67. Let's say I'll use port 3000 on the other side:

ssh -nNT -R 3000:172.17.32.67:3389 sshuser@sshhost

Then on the other side:
rdesktop localhost:3000

And it's done!

Now, let's work on our problem.

Access to a service on a host that's nated from a box that's nated too

Well.... as both boxes are nated, then it's impossible to get them in touch with each other.... directly, that is. But I bet you can use a box that has a SSH service that's accessible to the original two boxes, can't you? I bet you do! And then, we can do this:

On the side of the box that has the SSH service we want to get access to:

ssh -nNT -R 2000:localhost:22 sshuser@sshhost

What we do there is set up port 2000 on the middle box so that when a client connects to it, it will be connecting to the SSH service of the host we are running the command from. In other words, we have forwarded the ssh service of this host to port 2000 of the middle box.

Then, on the box we want to run SSH from to get access to the other box:

ssh -nNT -L 4000:localhost:2000 sshuser@sshhost

What we do is set up port 4000 or our host so that when a client connects to it, there will be a connection on the middle box to its port 2000 (which is the forwarded SSH service of the ending box). In other words we have forwarded the SSH service of the ending box to our port 4000.

Then we can use a ssh client to get in touch with the service we are interested in:

ssh -p 4000 remoteuser@localhost

And it's done! What do you think?

Bash Tricks II: repetitive tasks on files

It's been a while since I wrote for the last time. I found a job (finally) and it's eating up most of my time.

Anyway, I had already written a piece on repetitive tasks before. Yesterday I had to do a thing that required another set of repetitive tricks. I had to find a file that could be included in a number (huge number) of compressed files. Some where named .tar.gz, others where tgz. I didn't want to spend the next month checking each compressed file to see if my target file was there. So I made a one-liner that did the whole thing for me.

First Attempt

( find /mnt/tmp/ -iname '*'.tgz; find /mnt/tmp/ -iname '*'.tar.gz; ) | while read filename; do lines=`tar tzf $filename | grep -i file-pattern | wc -l`; if [ $lines -gt 0 ]; then echo $filename; fi; done

First we have the ()s. These little kids let you run various commands and tie together their outputs so that they make up a single output.

Second we have the while read variable; do x; y; z; done. This construct allows us to read from the standard input line by line placing the content of each line in a variable (multiple variables can be used, in that case a single word from the standard input will be placed in each variable). In our case, we used $filename as our variable (be careful not to use $ on the while read).

Then the ``s. These kids allow us to run a command so that its output can be assigned. In our case, we are listing the files of a tgz file, grepping to find the pattern of the file we are looking for and then counting the lines that come out of grep. The number of lines is what is saved in the variable $lines.

Finally, we are testing to see if the number is lines is greater than 0. If it is, we print the name of the file where we found the file pattern we were looking for.

Second Attempt

Now let's try something a little bit different (though with the same pattern of file search). I have a number of ISOs saved in a box and each one of them has a number of RPMs inside of them. I have to look for this same file I was looking for before.

Basically, it's the same thing we did before, the only thing that's changing is that we will use another level of nesting so that we can mount/umount the iso files. Let's see:

find /var/isos/ -iname '*'.iso | while read iso; do mount -o loop,ro $iso /mnt/tmp; find /mnt/tmp/ -iname '*.rpm' | while read rpm; do lines=`rpm -qlp $rpm | grep -i file-pattern | wc -l`; if [ $lines -gt 0 ]; then echo $iso $rpm; fi; done; umount $iso; done

And that's it! Neat, isn't it?

Now, keep in mind that if you want to do rather simple things with the files, you can ask find to execute some commands on the files it finds. In my case it would have been a little tricky (at least) to write the actions I wanted to do on each file in find's syntax, so I went for the piping solution.

lunes, 4 de mayo de 2009

GNU/Linux up 60% YoY, Windows down 4.02%

Well well.... I couldn't blog on friday when the news were fresh (and I knew right away everybody was going to comment on it). GNU/Linux has hit a 1% market share during April 2009 according to Hitslink's statistics. Alongside these statistics we can see that IE keeps bleeding market share while FF and Chrome continue to go up. Great news as well.

But then I find Adrian Kingsley-Hughes' article on the subject where he makes a comparison of market shares the way they were a year ago.

GNU/Linux had a market share of 0.63% in april 2008. One year later, it's (finally) reached 1,02%. If we look at the sheer number it's still laughable, right? Well, It's not laughable for two reasons:
- It's an increase of over 60% year over year for GNU/Linux (the brighter side of having such a low number to start with, for sure).
- Also, I bet they are not laughing at this at Redmond, Washington. Windows is one of two cash cows of Microsoft and losing a hundredth of the (potential) income these days plus having to almost give away Windows to be present on one of the few markets that's healthy nowadays (netbooks) is costing them hard cash.

Year over year, Windows had a decrease of 4.02% (from 91.58% to 87.9%). Some months ago it had to face being under 90% in years (probably more than a decade), and still going down.... very slowly, but down nevertheless.

Also, if we consider how FF has been going against IE, we find these numbers: FF was at 17.76% in april 2008 and it's at 22,48% last april which translates in an increase a little over 26% YoY. Not bad. IE's numbers are a little different. One year ago it was at 74.86% and last april it's at 66.1% which means it had a decrease of over 11% year over year.

I see two menaces for Microsoft here. Microsoft's own survival depends (completely, I think) on Windows' survival. Windows doesn't survive, Microsoft will follow through next shortly, so loosing Windows' market share directly is bad news no matter how you see it. But also, remember that a little over 10 years ago Microsoft had to basically kill one of the biggest threats to Windows as a platform: web browsers. The new push for alternative web browsers means they have a direct threat to Windows yet again, plus loosing their chance to leverage their stuff through EEE. And having FF (which is a direct legacy of Netscape's browser) spearheading this wave is more than poetic justice to me.

Overall, not good news for Microsoft, but good news for everyone else. Let's hope next year I can still comment on news as good as this one.

martes, 28 de abril de 2009

FLISoL Bogotá 2009 - The good, the bad and the ugly

Hello!

Last saturday we had a run of FLISoL. I was present to Bogotá's instance as an installer. It's so wonderful to see all those guys going somewhere with the only purpose of helping other people (plus hanging out afterwards).

The Good
There were roughly 30 installers overall. 121 machines got worked on. Roughly 100 of them got a GNU/Linux installed/updated on them. 55 of them were Ubuntus (and such), 21 of them got Debians (no love for RPMs here in Bogotá, guys.... sorry), 12 of them got Mandriva, 4 of them got OpenSuSE, 2 got Fedoras plus a few others.

I got to install Kubuntu 9.04 64 on a machine (cause I didn't have Ubuntu 64 at hand), plus another Ubuntu 9.04 32. Unfortunatly I had to leave early cause of family matters. Till the moment I left things were flowing normally.

The environment was cool though we were a little crammed.

The Bad
We were going to have some servers with mirrors of the repositories of the major distributions. Unfortunately the mirrors weren't up till a couple of hours later which meant that the first installations that went through had to download stuff from internet repositories.... and with so many installations going on at once, you can guess how fast that went through. Unfortunately not having the mirrors from the start could have easily added 20 minutes (being optimistic) to the installation times of that first round. For my second installation the mirrors were already in place and that went much faster.

The thing to keep in mind for every installation you do is trying to get it well done in as short amount of time as possible, and having the "customer" understand the basic things (most important of all: package manager). That can be a little tricky to balance.

Another letdown was that we couldn't use the application I had worked on (along with Jorge) to gather all the information about the boxes once they were finished. It was probably because of the same reason we didn't have the mirrors up when we started. Fortunately that was not a show stopper.. I hope we'll be using it for other coming events.

The Ugly
In one of our previous installers' mettings we had been told not to bring anything to the Festival (other than the strictly necessary). Last year one computer got lost and they didn't want the same to happen again.

Well.... the Festival wasn't even started and not one but two laptops were already missing. Apparently there's a guy who has this custom of fooling around at the library to see which unwary person he can try to con. One person was candid enough to hand him with two laptops he/she was carrying while he/she did something else. A while later the person who got the boxes was missing... along with the two boxes. A strong reminder for me that, even if Bogotá is not as insecure as Maracaibo or Caracas, it's not Vienna (don't want to start a war here, guys, it's just my appreciation).

Some pictures
Here, here and here.

Bottomline
I liked the experience very much. I hope I can work on it next year as well. I still haven't seen statistics of Colombia or Latin America overall... Let's just hope they are as good (or even better) than Bogotá's.

Sidenote
I already learned that Maracaibo (my hometown in Venezuela) will be having its FLISoL next saturday (don't know why).

And for those who are curious: Nope, Microsoft didn't hand out anything for FLISoL. But given their last quarter's results, who can blame them?

lunes, 20 de abril de 2009

Una ayudita para FLISoL - Carta abierta a Microsoft

Querido Microsoft

Antes de hacer mi petición quiero dejar claro quien soy. Mi nombre es Edmundo Carmona. Soy un ingeniero de computación venezolano viviendo en Bogotá. Desde hace varios años soy un usuario/administrador de GNU/Linux y, a diferencia de otras personalidades de la comunidad de FLOSS (muchos de ellos con muchos más logros que yo), no confío en ustedes y despotrico de ustedes cada vez que puedo (ítem 940).

Durante las útimas dos semanas he estado colaborando en la organización de FLISoL, el Festival Latinoamericano de Instalación de Software Libre, que tendrá lugar este sábado. Vamos a estar instalando (de forma gratuita) Software Libre en los equipos que nos traigan a los sitios dispuesto para ello para el festival. En cierta forma, somos cuidadanos responsables tratando de eliminar las drogas tecnológicas de las calles.

Durante nuestra última reunion surgió la pregunta de qué hacer con los niños que vengan acompañando los padres que traigan sus equipos para la instalación? Ahí es donde entran ustedes.

Todos sabemos que Vista fue un gran desastre (probablemente comparable a Windows Me). Me imagino que ustedes deben tener pilas con miles y miles de CDs/DVDs de instalación de Windows Vista disponibles esperando que algún incauto compre alguno.

Serían tan amables de facilitarnos unos 15 o 20 CDs/DVDs de instalación de WIndows Vista? No los vamos a estar instalando en los equipos, no se preocupen. Yo personalmente se los entregaría a los niños para que se entretengan con ellos (usándolos como frisbies o rayando su superficie). mientras estamos haciendo nuestra labor. Yo se perfectamente que su sistema operativo es un juguete y por ello lo deberíamos instalar en los equipos de los niños pero, la verdad, me rehúso.

Atentamente
Edmundo Carmona
Ingeniero de Computación

ACLARATORIA
Ya que no tengo idea de con qué puede salir Microsoft a raiz de este correo, quiero dejar claro que esto es un chiste y que por ningún motivo puede que ser interpretado como que está relacionado de alguna forma a FLISoL. Es mi creación exclusiva y nadie más de FLISoL participó en su creación.

English Version

domingo, 19 de abril de 2009

A little help for FLISoL - Open Letter to Microsoft

Dear Microsoft

Before I make my request, let me first state who I am. I'm Edmundo Carmona, a venezuelan computer engineer living in Colombia. I've been a GNU/Linux user/administrator for years and, unlike others in the FLOSS community (many with far greater accomplishments than mine), don't trust you a tiny little bit and I bash you every time I can (940).

During the last couple of weeks I've been helping out in the organization of FLISoL. It's the Latinamerican Free Software Installation Festival, which will take place next saturday. We will be installing Free Software on computers that people take to the locations we set up for free (as in no monetary charge). In a sense, we are just responsible citizens trying to keep technological drugs off the streets.

During our last meeting there was a question about what we will be doing with people that carry their kids along with them to the location. That's where you come into the scene.

See, given the fact that Windows Vista has been such a mess (probably comparable to Windows Me), I thought that you probably have thousands upon thousands upon thousands of Vista installation CDs/DVDs stacked one on top of the other waiting for the first poor soul to buy one of them.

Would you be kind enough to provide us at FLISoL Bogotá with say, 15 or 20 of those installation CDs/DVDs? We won't be using them to install Windows on the computers, don't have to worry about it. I will personally hand them out to the kids so that they use them to play around (as frisbies or just to scratch on their surface) while we are on our stuff. I know that yours is a toy OS and so we should install them on the kids computers, but I refuse to.

Yours truly...
Edmundo Carmona
Computer Engineer

DISCLAIMER
As I don't know what Microsoft could be up to after this letter, I will state that it is a joke and that by no means it should be interpreted as being somehow related to FLISoL. It's my sole creation and no one else from FLISoL (besides me, of course) helped in its creation.

Versión en español

viernes, 17 de abril de 2009

Are macs more insecure than Windows / GNU/Linux?

I've been very busy lately studying python to create a tool for FLISoL, so expect to hear about that within the next days (the event is to take place sat. April 25th).

I hit this article about security on Macs by Preston Gralla where he states that some security experts say that Macs are easier to crack than Windows and GNU/Linux.... now, easier to crack than GNU/Linux, I find that believable... but more than Güindous? I doubt it. Anyway, they are the experts and I don't mean to contradict them.

However, Macs are just another closed platform. It can't be verified to be secure by any third party, so perhaps it really is that they be more insecure than Güindous... given that there's no source code to review, I can't really tell (not that I would check the code, anyway).

How much DRM code is in OSX these days? Does it spy its users "a la güindous"? Does anybody know? No source code, so nobody can't really tell.

I have developed this analogy of someone who wants to buy a nuclear reactor. There are two organizations interested in providing you with their nuclear reactor.

- Provider # 1 gives you the reactor plus all the design information, all blue prints, everything but the kitchen sink!

- Provider # 2 gives you the reactor and doesn't give you a clue as to how it is built inside. It's a black box (or a massive gray one). All you have is the control panels and the documentation that this provider is kind enough to provide with (you know.... they can't give you everything for security reasons).

Given those two choices... which would you consider to be more secure/stable/reliable? Which one would you choose? I'd personally go for Provider 1. At least I know what I'm getting. And the guys are so comfortable with their design that they even give it away to buyers. Perhaps the guys at Chernobyl chose provider # 2.

And finally, what's a virus for Macs called? An iVirus?

martes, 7 de abril de 2009

Latinamerican Free Software Installation Festival'2K9

Hi!

I have registered myself as an installer at the Latinamerican Free Software Installation Festival, a.k.a FLISoL (first time to work on a FLISoL ever, by the way). This year this event is going to take place on April 25th on many locations all around latinamerica.

I will be working in Bogotá, Colombia. In my location the number of registered installers is around 30 people and we expect to make 150 installations. We will be working at the Biblioteca Virgilio Barco, in case you want to show up. The registration process if you want to get GNU/Linux installed in your computer is already open and, in case you are not insterested in installing GNU/Linux, we will be doing installation of Free Software on other platforms as well (Firefox and OpenOffice come to mind).

I'm more than sure that organizers will welcome any kind of help you think you could provide. Interviews? Donations? Working hours? Anything goes! I'll gladly work as a translator, in case it's needed.

FLISoL
FLISoL Colombia
FLISoL Bogotá

sábado, 4 de abril de 2009

One DVCM to rule them all (follow up)

Hi!

There were some comments in my original story about the performance of some DVCMs where I was told that bazaar degrades pretty much when you have thousands upon thousands of revisions and that the repositories could be packed. I decided to follow suit and see where git and bzr would stand having some thousands of revisions in them.

First I used git-svn to import some 20,000 revisions of a project into git (I got the first 20,696 revisions from kde... there were roughly a million, but I thought that would be enough... as a matter of fact I spent a couple of days getting to those 20,696 revisions).

Importing
I exported the content of git and imported it into the separate VCMs to see how they would match up on that task.

Bazaar took hours to complete this import. The first 2000 revisions where imported in about 6 minutes... but by the end, every 100 (hundred, not thousand) revisions were imported in roughly 10 minutes (one commit every 6 seconds?). The repository would be like 554 MBs in size (after packing).

Git made the import (so that I matched apples to apples) in less than 5 minutes and ended up with a repository like 283 Mbs in size (after gc).

Operations
Halfway diff of the project to where it is in the last revision took bazaar some 9 minutes and 15 seconds. Git made it in about 28 seconds. I think bzr won't recover after that liver hook.

When I tried to move to that halfway revision, git took 17 seconds to do it (reset --hard revid), bzr took.... well, to tell you the truth, I forgot about it... I went for lunch, came back and it was still working on it. In Tenchu terms, git got a Grand Master (by the way... I'd love to play Tenchu!).

Conclusion
Well... git did mop the floor with bzr on a big repo after all, both in terms of repository size and performance.

Sidenote
Should I include mercurial? Could it withstand git? How do I make the import to begin with? I tried with hg import -, but it was using massive amounts of memory (bzr did too, by the way... I barely made it to import with the memory I had) and I didn't know if it was the right way to do it.

Update
bzr finally reverted. It took 46 minutes.

sábado, 28 de marzo de 2009

One DVCM to rule them all

Hi!

Given the recent news that GNOME development will be moving to git soon, I decided to take a look at three DVCMs to see how they matched each other. Not that I made exhaustive tests. I just thought of a series of operations to perform on a small and a big project to see how they matched against each other.

I compared git, mercurial and bazaar (the one I use).

The small project I used was a project of mine (some thousand lines of code.... not too big). I used a sequence of ten revisions taken from the project and stuffed them in the three VCMs.

The big project was linux (the kernel). Given the time that some operations took (plus the room that it took on my already mostly filled up box) I only tried with revisions 2.6.27 (327 MB) and 2.8.28.8 (348 MB).

I measured performance both in time taken for the operations and room taken by the repository. I'm using my dated box (4 years old?) on jaunty using the repository packages. Verbigracia: git 1.6.0.4, hg 1.1.2 and bzr 1.13

Here are the results:

Time Performance
Small Project
On the small project the absolute winner was git. Second was mercurial and third bazaar. Git made most of the operations 3 to 10 times faster than mercurial and the later did them mostly three times faster than bazaar. Of course, as it's a smal project, what git could do in the blink of an eye, bazaar could do it in a longer blink of an eye. The slower operation on all three VCMs was a revert after having deleted the whole project. It took bazaar 1,72 seconds on the biggest revision (the 10th), mercurial made it in 0,56 and git took 0,13 (on the 8th revision... I was already bored with seeing git kicking a55es).

Big project
Here I expected git to mop the floor with the other VCMs. Given Linus' dislike for slowness (at least on VCMs subjects) and that at least bazaar recommends not to use it for big projects, I expected to see git go faster than Ussain Bolt yet here I saw mixed results amazingly having bazaar (the slowest of them all on a small project) be the fastest sometimes (not that I did things people would normally do on a project.... I don't think you will work with a 20 MB patch between one revision an another, anyway).

On the first add (a 300+MB add) results were veeeeery strange. Here git dragged itself to let the others pass over it. Mercurial took ~6 seconds, Bazaar made it in ~41 seconds, but git.... well, it made it in ~106 seconds. That shattered my expectations... and that was for starters.

Status after an add: On the first revision, bazaar and git were very close around 3-4 seconds... bazaar made it at over 10 seconds.... but on the add of the second revision we had very different results: ~3 seconds for mercurial, ~14 seconds for bazaar and git made it at ~191 seconds.

For the first commit, git won easily. It took git ~55 seconds, Mercurial did it in ~131 seconds and bazaar arrived when the party was already over at ~203 seconds (mercurial was already drunk and git was on the way to the hospital)... however on the second commit (remember, it's over a 20 MBs difference), they were all much closer. Mercurial arrived last with ~168 seconds, git second with ~144 seconds and bazaar (oh, my!) first with ~130 seconds. Now I didn't expect that.

After the commit, (again) I expected git to fly when asked for a status. But it didn't deliver. Both times mercurial was first, bazaar was second with about double the time and git was third with about 5 times the time for mercurial. By the way, the status after the first commit was about 3 times slower than the second on all VCMs.

Now, when I removed all the content of the project (rm * -dfR) and asked for a status, we went back to normal: git first, mercurial second bazaar third. For both revisions, bazaar stayed around 8-9 seconds. Mercurial made it in ~8 seconds for the first and ~4 seconds for the second. Git made it in ~2 for the first and ~4 for the second.

Then I tried to revert (in bazaar and mercurial, reset --hard HEAD for git) after having removed everything. Here the result were strange again. Bazaar made it first with 213 and ~212. Mercurial and git exchanged places between the two revisions. First revision, mercurial made it in ~356 and git made it in ~435. Second revision, git made it in ~455 and mercurial in ~459.

Then I tried to go to 2.6.27. Mercurial took ~88 seconds and bazaar was waaaaaaaaaay behind at ~507. When i revert back to the last revision, mercurial made it in ~186 and bazaar made it in ~393. When I tried it in git (with a checkout) when I reverted to the first revision, I destroyed (I think) the second revision, so I decided to not include the time it took to revert/revert.

So, I thought that git would be the clear winner and the fact is that I got mixed results. Perhaps people can join in and give me some insights about why it was like that.

Repository Size Performance
Here there were no mixed results. Both for a small project and a big project, bazaar was the clear winner. Mercurial made it second and git arrived last.

Bazaar's repository size for the small project was around 10-40% smaller than mercurial's. Also bazaar was around a third the size of git's.

On the big project, here are the sizes:
Bazaar: 87152k for the first revision and 99456k for the second.
Mercurial: 148844k and 166122k
Git: 158912k and 228544k

Bottomline
Well.... I would have loved to give you a clear winner, but the fact is that there wasn't. For a small project you already know who the best is in terms of user time and repository size... but for a big project, it's a little more blury. I urge you to jump into the comments area to give me your thoughts on it.

As usual, keep in mind that other than performance, there are other differences between all of them in terms of features. It's not just about performance to decide what DVCM to use for a project.

Disclaimer
I could have made a mistake when working with mercurial or git, as I didn't know how to use them before writing this article (and I still don't). So if you think I could try to do something a little different, then go ahead, mail me or post a comment. Perhaps we could create a test suite or something to compare their performance.

miércoles, 25 de marzo de 2009

Microsoft uses git for version control

Not only has GNOME decided to switch to using git. We have learned that development at Microsoft is based on git too.

Development for Windows 7 is handled on a modified (in-house) version of git that allows it to run natively on Windows (the blessings of the GPL, I believe they must think at Redmond). Why reinvent the wheel when one of the best tools for the job is out there for free?

According to our sources, at first, some developers introduced git behind the backs of their managers by using it on top of cygwin. As they felt more comfortable with the tool and presented their benchmarks to management, it was obvious that git allowed development to be carried out in a much more efficient fashion. Then they started the process of making git run natively on windows without needing an intermediate layer, which allowed it to run even faster. It has been reported that the patches to git will be sent upstream once Windows 7 reaches RTM.

This may sound as shocking news for some people, but over the last couple of years Microsoft has been trying to get cozier with open source... and this is yet another example of it. Unfortunately Microsoft's Horacio Gutierrez wasn't available for comments, nor Lawrence Crumpton.

Having said that, did you notice that it's April 1st? It's the only way something that far fetched could ever be published.

My opinion: I hope they are using RCS... or even better: no source control at all. :-)

"Get the facts" on browsers

When I was heading to download IE8 to test its JS performance, I saw this link about "Getting the facts" on web browsers. Having the knowledge of what "Get the facts" meant back in time when that was devoted to trying to put GNU/Linux in bad light against Windows-et-all, I just couldn't help myself and went in there to see what was showing up.

They have this video where they show how IE8 renders "index" pages of popular sites. Apparently IE8 kicks ass on that (as a matter of fact the differences between rendering times of the browsers they compare is very little, sometimes the blink of an eye). And so they have the guts to affirm that IE8 is one of the fastest browsers on earth. Is that really? Is rendering times for pages the real measure for browser speed? Come on! As applications are more and more "functional" and so becoming more Javascript intensive (yes, not VBScript intensive, but Javascript... thanks heaven) then I think Javascript performance is just as important.. or even more so that rendering times (specially if the difference in terms of rendering is so close between the browsers they showcase).

And how does IE8 do on that front (on my box)?
V8: 34.4
SunSpider: 9164.4

And, as you can see here, that's a looooooooong shot from being fast. So Microsoft, why don't you try to get the facts right at least once?

PS Were they saving that video for April Fool's day? I guess I just blew it.