niq’s soapbox

So that’s how MSIE is an essential core component of Windows, and can’t possibly be removed!

As with any other geek, people expect me to know all about computers, and help them out when something doesn’t work. Never mind that I know nothing about windows, and proceed by trial and error. So, I’ve just been to help a friend get her newly-installed broadband working.

It turned out she was already connected to the ‘net just fine. I popped up a command window, typed in “ping www.google.com”, and it worked without hesitation. OK, so where’s the problem? She showed me: she brings up MSIE, and it insists that she’s offline and invites her to connect! Evidently it’s too … ummm … smart to notice that the rest of the operating system all around it is connected. She’d already done the “obvious” thing, and tried setting up a new “broadband” connection in MSIE’s menu.

OK, the menu doesn’t have an option for a regular network connection. So I tried just removing the old dialup connections, whereupon it all worked. Evidently they were standing in the way of MSIE using the network!

Well, I take my hat off to the engineers who designed that. It must take a lot of ingenuity to make things quite so gratuitously difficult. Heath Robinson would be proud of you! And that’s the kind of feature that’ll keep you firmly ahead of Linux, Solaris, MacOS, etc, which “just work” when you attach them to a network, and deprive the user of all that mystery and entertainment.

Lydford Gorge is small, but it’s about as close as you get in England (south of the Lake District) to real scenery. That is to say, the word “gorge” really means it.

Looking down from the road bridge (don’t try that if you get vertigo!), the river in the bottom looks exciting. But I can’t tell from that distance whether it should be navigable by a white-water enthusiast - possibly excluding the famous 30-metre waterfall. Upstream from the bridge the view is very much obscured by trees; downstream there’s some clear view (that’s the really vertiginous one), and it’s very clearly not a wimp’s river. But in a country where anything above about grade 2 (OK maybe 3) would be impossible to insure, the absence of commercial adventure on it doesn’t necessarily mean it’s impossible.

Hmmm. Anyone tried it?

p.s. yes, I must be mad. All the best people are mad

Since the Sun box arrived, I’ve been struggling with the logistics of my workspace.

Clearing the desk for the shiny new 24″ monitor was straightforward enough. But how to deal with two computers: both the new Solaris box and the existing Linux one? A remote desktop isn’t an option, because I want to be able to work at either computer while the other is powered down. For a day I perched the old box’s monitor on the corner of the desk, but the stiffness of my neck after an hour working at it told me clearly that’s not sustainable.

Well, that 24″ monitor has two inputs (digital and analogue). The Sun came with a digital lead, and I was using analogue on the Linux box. Plugging both in works, and under normal operations the monitor can be switched between them. A solution therefore appears to be to plug both computers in to the one monitor. But can the Linux box be configured to recognise the Sun hardware and use the full 1920×1200 display, as opposed to a a distressingly small subsection? The Sun hardware is too new for the system to auto-recognise and configure. And the Solaris box doesn’t even have an xorg.conf from which I could copy relevant parts.

Well, yesterday I fixed it, with a bit of help from the good folks on IRC (thanks arreyder, yango et al). Two computers, one monitor, and both computers giving a great display! Now I can retire the old monitor.

Still a few downsides. I can’t share a keyboard&mouse the same way, so I have to swap them around and regularly find myself typing at the wrong one. And I miss the sound on the old monitor - the new one has none. But nothing that’s a showstopper. And, not least, whereas the old monitor was selected for (among other things) its low energy consumption at about 40W, the new one is rated 90W.

I’ve also just come to appreciate the value of USB. With the Sun box to the left of the desk and the mouse at my right hand, that’s an awkward connection. But the Sun keyboard rides to the rescue, with two USB ports in the back, so I only have to plug the mouse in to the keyboard.

Sun’s webstack team is hiring!

The web stack is strongly focussed on open source solutions, centred on the LAMP[1] stack and variants on those technologies. We’re now looking for recent grads eager to work on open source technologies and help build next generation OpenSolaris web platform.

If interested, see

http://www.sun.com/corp_emp/search.cgi?funcs=&loc=&keyword=559337&x=0&y=0
http://www.sun.com/corp_emp/search.cgi?funcs=&loc=&keyword=559340&x=0&y=0

and please mention niq’s soapbox in your application!

As regular readers are no doubt aware, I joined Sun Microsystems back in February as Apache guru. The MySQL acquisition bought in key developers from a broader range of opensource web-technology projects. I’m happy to say that on current experience, they’re the best company I’ve worked for by a clear margin. This is a company that doesn’t just treat its engineering staff as junior bods on the way to ‘real’ jobs in management or marketing, and expect you to be ‘above’ engineering (or on the scrapheap) by age 30. I’m happy to recommend them as an employer.

[1] Yeah, right, maybe I should say S(olaris)AMP, but both platforms are important to us, as indeed are alternatives to the A, M and P!

quasi (mads) just pinged me on IRC. He’d made a comment on my latest blog entry, but it hadn’t appeared. And another on May 1^st, which had also gone nowhere. Today’s ping was because his comment was in fact a suggestion, in response to my question.

Turns out akismet seems to have a grudge against him, and thought both his comments were spam. Since they’re both less than a week old (or whatever it is), I was able to recover them through the admin panel.

Akismet is a bit of a lifesaver, in that it eats up the vast majority of spam attacking the blog. But this is not the first time it’s given false positives. So, anyone whose comment doesn’t show up, that’s probably what happened to it. Ping me, and I’ll look for it. If you don’t ping me, I’ll never know you tried to comment.

The new solaris box came with Thunderbird installed as a default mailer.  It works for mail once I’ve disabled crap like pseudo-HTML composition.  At least, while online and its IMAP servers are responding.  And so long as you post everything through one SMTP host.

OK, yes, that’s pretty limiting.  But the real killer is how it falls about in a ghastly heap when trying to access an IMAP server that’s offline or responding slowly.

I’m used to Apple’s mailer - on the mac laptop - which makes a decent job of it.  Once it’s synced with the IMAP server on the (linux) desktop, I can access its local cached copies of my mail, no fuss.  And it’s pretty good at syncing up whenever a connection is available.

Thunderbird, by contrast, hangs and refuses to open the offline account when the IMAP server is unavailable.  Worse, it pops up error messages about it, to interrupt whatever I’m doing.  And worst of all, this morning when I first tried to sync it, the IMAPD was responding slowly because the linux box was running updatedb, and has the slowest of cheapo discs.  Instead of syncing in background, thunderbird started grabbing all my desktop’s resources, and made X11 more sluggish than ever the linux box’s own desktop gets when running updatedb.  It felt like a forkbomb!

So, I want a better mailer.  And here’s the rub: I’ve never run a *X box in the same circumstances, with intermittent availability of an IMAP server.  I do most of my mail on the Linux box, but obviously its own dovecot instance is always up when i use that.  Going back before the days of the mac laptop, I wasn’t running an imapd, so I didn’t have the issue.  Back in the days of dialup, I used fetchmail+local folders, as opposed to fetchmail feeding dovecot, and Pine worked just fine.

So, dear lazyweb, what’s a good mailer for *X with intermittent connectivity?

Have Londoners elected a joke? Or can the exuberant upper-class twit mature, like Prince Hal[1], into a great leader?

My guess is that he can and will, FSVO great leader. But that may not really matter very much: all he really has to do is make the right noises. Beyond that, he’ll get a “media honeymoon” from those whose agenda for the past eight years has been anti-Ken. I think he’s smart enough not to reverse the core good things Ken has done to make London a more pleasant place than in my youth, and Boris’s own agenda is going to make fewer enemies. And he’s got off to a good start, with a generous tribute to his predecessor!

His office is one where character and personality matter, and appear less damaging than in a national leader, not least because he (unlike The Liar et al) is elected to his office by the people he represents. Boris, like Ken, is not lacking in individuality. Even if he goes off and plays fantasy games with his office as The Liar did (and there’s no suggestion that he will), he won’t drag an entire government with him, so potential damage is limited.

Perhaps the biggest winner from this is David Cameron. If one exuberant fortysomething toff can prove himself in office, that’ll (rightly or wrongly) help dispel doubts about the other. The timing is brilliant for him: Boris has his honeymoon just coming, and won’t have much time to tarnish before the next general election.

[1] As in Shakespeare’s portrayal - which is where my knowledge of the relevant history comes from[2].

[2] See the section “Lettice and Lovage” in this page.

Yay! I’ve set up the new solaris box, and I can do things like blog from it. Things are progressing!

There’s still much to do, of course. I had to work around some strange security restrictions just to set up a user account (root has no privilege to create a /home/nick directory, nor even to chmod /home). It feels a little like when you first get bitten by selinux. And plenty of boring routine admin to do, like making sure sshd is the only network daemon to start at boot time!

I’ve also got some logistics to figure out, with two machines now sharing one desk. I think I may be able to plug both computers in to the same monitor, in which case I can just switch keyboard/mouse to move from one to t’other. The Sun monitor is indeed luxury!

My workstation from Sun has just arrived.  It’s in two huge boxes: one containing the workstation itself, the other a 24″ monitor (Luxury!) and some accessories.  The workstation is obscenely big (says 25Kg on the box), but fortunately the delivery man from DHL helped carry it upstairs as a two-man job.

Now my task for the weekend is to clear out some space.  I don’t have room on the desk for two monitors, so I’m going to have to put aside the el-cheapo 19″ jobbie I’ve been using for the past few years.  And I already have a spare monitor: the 19″ CRT that preceded the move to flatscreen serves for just-in-case, and could even see active use again if I get into fast-moving games or watching video.

The workstation itself can live on the floor to the left of the desk.  It’s a space I rarely need to access, and sometimes serves as floor-based filesystem.

Longer-term, I need more desk-space!

We have a history of general-purpose sed-like filtering in apache.  In chronological order:

1. sed-like filter for Apache 1.3.
2. sed with mod_ext_filter
3. mod_line_edit
4. mod_substitute
5. mod_sed

This represents a genuine progression. The first is limited by the apache 1.x architecture, which means it can’t in general be used with dynamic or proxied contents. The second is not thus limited, but incurs a big performance penalty. The third and fourth are similar, and support general-purpose search and replace in apache’s output (mod_line_edit is designed primarily for use in a proxy but works anywhere; mod_substitute has no such preference).

The fifth, mod_sed, is new, and appears to be another big advance on any of its predecessors. Whereas mod_line_edit and mod_substitute are described as sed-like, mod_sed is the real thing: sed itself embedded in an apache filter. mod_sed developer Basant Kukreja (who I am privileged to have as colleague at Sun) has updated original sed code to be thread-safe and reentrant and to use APR pools, and has hooked it in to a filter. That alone means it can run much more complex operations than basic search-and-replace. But it has yet more to offer: mod_sed, unlike its predecessors, can filter input as well as output.

So what’s the cost of this extra power? Well, it’s bleeding-edge, with all that implies. And it’s bigger than its more limited competitors. But in terms of performance it appears to hold its own comfortably against any competition. Neither is it any more complex to configure. Well, I’m suitably impressed!

The question is, what next? I think for general-purpose filtering, mod_sed may be as good as it gets[1]. I’m wondering if this can now move in new directions:

• Can we come up with a framework to plug syntax modules into mod_sed (as we can, for example, make vim syntax-aware)? And if so, could it move into the space of markup-aware modules like mod_proxy_html and mod_publisher, or indeed mod_highlighter?
• Can we usefully apply mod_security-like rulesets with mod_sed to make a powerful untainting and information-disclosure filter? If so, the fact that it streams I/O will offer major performance advantages over scanning request and response bodies with mod_security, for situations where filtering is considered sufficient. This is something I’ve had at the back of my mind for years, but mod_sed offers a more powerful startingpoint than has hitherto been available.

[1] Yeah, right, you could probably do the same thing with perl and have truly the ultimate text processor, at the cost of much more bloat. But mod_perl does no such thing. Ditto other scripting modules, as far as I know.