A simple matter of…

Okay, I’ll rise to the bait.

You can’t be serious. There are often people seeing what you type, besides which, if this was adopted then people would _start_ looking. When I’m assisting someone on a computer and they are at a password prompt, I even go to the lengths of looking away - very pointedly moving my whole head not just my eyes so that they know I’m not looking.

Of course, I’m a sysadmin and a geek - if I _really_ wanted their password I probably could.

Upgraded desktop to Linux 2.6.30 (and newer NVIDIA drivers), this also upgraded me to Xorg 7.4.

As a result, my Logitech G7 mouse changed behaviour. Instead of the horrible side “back” button doing middle click as I like, it started doing back. Pressing a scroll wheel as often as a Unix user does is not nice nor accurate.

After about an hour of fighting xorg.conf I eventually got “xinput” to work using:

 xinput set-button-map 4    1 8 3 4 5 6 7 2

NB: “xinput set-button-map 4 1 8 3 4 5 6 7″ doesn’t work. However I could not get “ButtonMapping” in xorg.conf to work, even in an evdev section like this:

Section "InputDevice"
       Identifier      "evdev mouse"
       Driver          "evdev"
       #Option         "Name"  "Logitech USB Receiver"
       Option          "ButtonMapping"         "1 8 3 4 5 6 7 2"
       Option          "SendCoreEvents"
EndSection

Finally I succeed by edit hal - /etc/hal/fdi/policy/preferences.fdi to be precise need this bit including:

<device>
  <match key="info.capabilities" contains="input.mouse">
   <merge key="input.x11_driver" type="string">evdev</merge>
   <merge key="input.x11_options.ZAxisMapping" type="string">4 5 6 7</merge>
   <merge key="input.x11_options.ButtonMapping" type="string">1 8 3 4 5 6 7 2</merge>
  </match>
</device>

Discovering that even though I’ve set “DontZap” to false it is ignored (since the default has changed to true) didn’t improve my mood.

I was setting up a 3 broadband dongle earlier today, shame their website was failing (connection reset). That’s fair enough, these things do happen, though it’s not terribly impressive.

However, for a large corporation I’d hope (not expect - I’m not that naïve) they at least set it up a bit better. A single IP address (which doesn’t strike me as a great idea) with an hour long TTL on it - so if they ever need to move it quickly, it’s up to an hour long wait. Oh well, let’s hope they don’t need to do that then. I presume it’s behind a pair of HA load balancers at least.

In an update to the miserware post, I’ve been kindly informed that I can reveal the details to you, so here are the stats. These numbers are solely from CPU savings - they exclude savings from power supplies, fans etc.

For the past few months I’ve been assisting a friend (hi Mat!) who has been working at a young startup company in America. The company is called Miserware and they have some neat software which uses various techniques (including the usual Speedstep etc) in order to reduce the power consumption of your computer. Yes, it even tells you how much.

They are now in a beta program - if you’d like to try it out (Linux only), please just drop me an email (they are _so_ organised there is even a little referral competition going on).

Whilst I can’t reveal any juicy details for you, I can say it’s been a real delight working with the guys at Miserware. Always friendly, prompt, accurate and helpful debugging when we’ve hit issues (one particular issue which proved difficult to track down became known as “The Adrian problem”). I’ve really enjoyed watching things develop - it makes a real difference when even little suggestions for improvement are made. It really encourages you to send back even more feedback or ideas. They’ve clearly got a real pride in their work and their product. Everything is done “right” - the packaging, the manpages, init scripts etc. Kudos!

I often think that Java has the worst case of NIH syndrome I’ve ever seen. At other times it’s due to the way it chooses to do things. However that’s little excuse in my opinion - “so don’t do that then” is one possible answer. “Think of the children” (or rather “think of your users”) being a more helpful reply.

This article is written from my point of view as a system administrator. Java programs (or rather their programmers) often seem to think that the way to configure a program isn’t via a readable configuration file, oh no. You have to edit sometimes dozens of “properties” files and XML files, these will no doubt be scattered throughout a whole WEB-INF tree.

Let’s start with ActiveMQ’s “wrapper” property file:

 # Java Additional Parameters
 # note that n is the parameter number starting from 1.
wrapper.java.additional.1=-Dactivemq.home=%ACTIVEMQ_HOME%
wrapper.java.additional.2=-Dactivemq.base=%ACTIVEMQ_BASE%
wrapper.java.additional.3=-Djavax.net.ssl.keyStorePassword=password
wrapper.java.additional.4=-Djavax.net.ssl.trustStorePassword=password

To add extra parameters I have to actually add a line with an incremental number? Or worse to remove one I have to go and edit all the other lines? I’m ignoring the horrific sin of passing passwords on the command line exposed to any user who types “ps”. This is just diabolical - no one could possibly be proud of this design.

XML files are far, far worse though. They aren’t human readable to any sane definition of it. This is pretty silly - life should be made easy for people - it’s not as if parsing a configuration file requires high performance. It’s far more important that the chances of making a mistake are as low as possible and that they are easy to edit and understand. I even recall reading many articles that parsing XML files is slow and uses up huge amounts of memory too - (something Java programs seem to do in abundance - it doesn’t seem unusual for them to take many minutes and GB of memory to start).

Back to the ranting. XML files and comments. There is no universal comment syntax in computing, however let’s take a look at the common ones:

• # most comment comment sign in unix, most configuration files, most scripting languages
• // used in C++ and derivatives (including Java), most modern C implementations
• /* … */ used in C, C++ and derivatives, does not nest

Now let’s look at XML files. I do realise that this syntax is due to the format, however it’s another reason why it’s a horrific format for configuration files. The comment characters here are:

• <!–– … ––> - that’s almost twice as long as the previous worse case and seven times longer than the usual case. It doesn’t even nest.

Since I’ve been signed up with the telephone preference service, only one company phone spams me. BT. First you get a phone call which you answer, the phone goes “beep” and that’s it. Then a short time later, the phone goes again, surprise surprise it’s BT sales about how they can “save me money”.

I’ve told them at least five times now and if it wasn’t for the hassle of moving ADSL ATM (I have static IPs I use) BT would have lost my business through this spam if nothing else.

This time I raised a complaint. They got back to me today - apparently I’ve been “moved to a new billing system which doesn’t support opt-out yet”. Outrageous.

New complaint filed with the Information Commissioner’s Office.

Just added TLS to my mail server and whilst I was at it, SASL AUTH (via dovecot). The latter was very easy, the former was also pretty simple after I read the big document I’m not authenticating clients via TLS - it’s possible, but SASL AUTH is a better solution for me (you don’t need to worry about generating unique certificates or distributing them).

Had to recompile up gnome mail-notification since they’ve not read or understood OpenSSL and GPL license incompatibility issues. Or rather, they’ve read about it, but then decided not to agree with the interpretation that people who have spent far longer on it have come to.

Shame really. I’ve heard unpleasant things about GnuTLS (notably from the developers of OpenLDAP), since openssl is a library, if only it was released under LGPL this wouldn’t have been an issue. Some people have suggested trying to adopt Mozilla’s NSS instead. It looks like the open source community doesn’t have a high quality SSL library that can be used. Bugger.

The time had come to add some more storage to my main server, since I wasn’t in a hurry I thought I’d recheck my normal procedure and as a result I’ve updated it a bit.

My typical disk layout uses Linux MD software RAID-1:

• split each disk into 50MB partition for boot and everything else for LVM
• use mdadm to combine the two 50MB partitions, create a filesystem directly on top, call it /boot
• use mdadm to combine the two remaining large partitions, run pvcreate on MD device created
• now add that PV to LVM and use it

Over the years, both MD, LVM and the filesystems have improved, however it would be a marked improvement if the defaults changed with the times too.

mdadm: you need to specify “–metadata=1.2″ (or add “metadata=1.2″ to /etc/mdadm/mdadm.conf) as otherwise you’ll be stuck with 0.90 which “limits arrays to 28 component devices and limits component devices of levels 1 and greater to 2 terabytes”. v1.2 not only eliminates these limits, but stores the size of the underlying device and also names the MD device.

LVM: you need to add “-M2″ (or add ‘format=”lvm2″‘ to /etc/lvm/lvm.conf) which is described as “more efficient and resilient and offers greater flexibility and control”. Unfortunately all physical volumes in a volume group must use the same format. You can use “vgconvert” to migrate (if you are lucky).

ext: of course we have ext4 now to replace ext3. If you can create the filesystem afresh (rather than just use tune2fs) then you get additional improvements. You do want to check the data loss issue though. Fortunately the defaults set in /etc/mke2fs.conf are up to date - setting the new features as appropriate. Thanks Ted Ts’o!

Well I thought that Microsoft may buy Sun but it looks like IBM is in talks instead.

OTOH Microsoft do have a lot of cash in the bank…