King Canute takes a step back

Just a fortnight ago I wrote “Losing money and glad of it“, following the Lehmans collapse.  Bizarrely, my holdings survived the next couple of days big falls intact.  That’s now corrected itself firmly downwards, despite the fact I was able to sell my banking shares at a small profit on Sept 19th (and a very substantial profit compared to their value this morning)!

In the intervening time, my optimism over the powers-that-be’s stomach for doing the right thing has taken about as much of a battering as dodgy banks around the world, including the four(?) that collapsed in a single day yesterday.  More scapegoating (short-sellers are parasites but they didn’t cause this mess), and more throwing money, King Canute style, into the system on a breathtaking scale.  Our own government and most of the chattering classes are still wedded to the principle of keep on trying the same failed policies and hope the problem goes away.

Hint: the original problem was too much money.  Throwing ever more money at it will do us as much good as the same policy in Zimbabwe does for its economic collapse.  The Northern Rock bailout bought our surviving banks a year or so before reality crept up on them again, at a terrible price (the tangible market distortion is probably more damaging than the taxpayer losses).  Bear Stearns bought the ‘merkins a few months.  Fannie and Freddie were even bigger, but bought only a few days.

But some of the ‘merkin legislators appear to be quicker on the uptake than ours.  They’re still throwing money at it, but in formulating the Paulson bailout, they’ve started talking about something other than blind, reactive panic.  And in rejecting that, they’ve taken another step forwards from “we must do something – never mind what – at any price“.  Perhaps it’s an admission from those who have an economic clue (Ron Paul keeps getting mentioned) that the bailout now would’ve been lucky to buy good news for long enough even to get through the US presidential election.

The Lehman non-bailout may have been the first step from King Canute denial to facing the storm so we can come through to the other side[1].  The Paulson plan and its rejection are further positive steps.  Eventually – one might venture to hope – it’ll pick up a firm direction, and sweep up our own spineless legislators in its wake.  The [Obama|McCain] presidency will be interesting times.

[1] Unlike the ecological destruction we’re causing, there is another side of economic recession to come through to.  Unless we really do succeed in driving the entire productive economy abroad, by taxing them ever more to prop up house prices (and now banks too).

Royalties[3]

Got my third royalty cheque for the Apache Modules Book today.  It’s well down on the first one (which was no doubt inflated by latent demand in a subject where it is still the only book) and indeed on the second one.

The salient feature this time is a payment for the Chinese translation, which (I presume) came out sometime early this year.  Last time there was a similar payment for the Spanish translation.   DrBacchus told me it was likely to be a one-off payment, and he was right: there’s nothing from the spanish edition this time.  Oh well, I expect the chinese will be the same.

Beware bfu and other gotchas!

More grief with OpenSolaris.

My SXCE seemed a decent, stable desktop platform.  Until, that is, I installed crossbow – experimental support for advanced networking, including a complete virtual network within a box.

Crossbow installation went according to the instructions.  I think a message or two flashed past, but basically it’s what TFM had led me to expect.  On next boot I got quite a few more warnings, but I think that’s at least in part because I’d upped the verbosity and was seeing debug stuff that wouldn’t otherwise hit dmesg.

The network-inna-box worked.  But various other things had gone.  Strangely, punchin VPN still worked, but it had uninstalled my certificate – not hard to fix once I’d run it outside the GUI and got the error message.  And I could live with trivialities like the loss of a system alert beep.  But then I found some of my most-used tools broken: gdb just segfaults, and svn failed with an incomprehensible error message (reinstalling svn from source gave a different message).  Looks like incompatible core system libs somewhere, and google finds nothing relevant.  Ouch!

Chatting to Matt on IRC, it seems the culprit was the installer, bfu.  bfu creates a binary install image tied to an exact system release.  On a later release, as I had been using, it installs but leaves the system in an indeterminate state.  Bah!

Last weekend I backed up the home directory, and reinstalled.  Not just reinstalled, but spent many hours downloading updated versions: the latest SFW tarball took the longest, at less than 20K/sec download rate – compared to over 200K for most downloads.  And I reinstalled a lot of system software.

One upgrade was Sun Studio 12.  The installer told me I had insufficient disc space(!) – seems the system install had put /opt on the root partition, and it wasn’t big enough.  So I tried an alternative install path, and it installed.  OK, fine.

Then my big mistake.  After some build tools had failed to find it, I tried creating a symlink.  Guess I must’ve used “ln -s /my/install/path/SUNWspro /opt/SUNWspro” but there was already an /opt/SUNWspro (dunno whence), so the symlink was – uselessly – at /opt/SUNWspro/SUNWspro.  OK, need to move the directory before I can add the right symlink: something like

cd /opt
mv SUNWspro SUNWspro-bak
mv SUNWspro-bak/SUNWspro .

At this point, something very strange happened.  Instead of moving the symlink, it started copying.  Looking like one of those modern mv versions that uses cp and rm when asked to move across partitions.  Except – I’d only asked it to move a few bytes of symlink, and only within one partition, hadn’t I?  df confirms that something is going on, and I abort the mv before it’s filled the root partition.

Now I have a system where I can neither uninstall nor reinstall sunstudio.  The uninstaller is a dangling symlink, and the installer complains of a partial installation.  Well, actually it just reports failure, but trying it in another directory just gives me “Installation directory does not match directory of current partial installation“.  Googling the exact error message gets me this page, which looks almost like it could be relevant.  pkginfo -p shows nothing, and the prodreg tool shows me a damaged sunstudio installation, but throws a java exception when I try uninstall (it’s the dangling symlink – turns out prodreg’s uninstall is just a wrapper for that).  pkgrm also fails with a “no package associated with <SPROsslnk> ” message.

Right.  Time to cut my losses, and reinstall again from that DVD, and override its default partition sizes this time.   But at least I can skip the big downloads this time  Backed up the newly-downloaded stuff even as I blogged …

[update] I may have been on the point of giving up too soon.  The prodreg tool has a lower-level option than using the package-supplied uninstaller (the broken symlink).  That seemed to uninstall, whereupon reinstalling once again tells me it failed, but leaves me an installation that prodreg thinks is OK, and that seems (so far) to work …

Indian Summer

We have at last a period of warm, dry and sunny weather lasting more than one day. The summer we’ve missed out on 🙂 Started last weekend, and is firmly with us now. Actually it’s not all that warm (a comfortable just-under-20°); it just seems it in the context of the season we’ve had.

For a period of about 14 years, from my teens until I went out to Italy, I became aware of weather patterns beyond the basic “four seasons”. One regular pattern was indeed an “indian summer” – a late spell of summer weather – around the September equinox. I haven’t observed it since my return from Italy, but if it gets any warmer it could fit the pattern.

Alas, it may have come too late for the blackberry season. I picked a decent batch on Friday, but the quality is the worst since the grotty season of 2004. And whatever happened to the plums?

Apache roots spread wide!

I’ve understood for some time that there’s a lot that’s recognisable as Apache HTTPD in certain other webservers, specifically lighttpd and nginx.

I’ve just followed a link from Sergio Talens-Oliag’s blog (via planet) to his new PAM authentication module for nginx.  The commonality is indeed startling: nginx has a similar basic module structure, the same configuration directives handling, configuration structure and even the same dual hierarchy, the request_rec, plus lower-level core structures like pools and tables.  And the fingerprint for (at least) request-processing functions implemented by the module is the same.

There are differences too, of course.  The module structure is split into two, and stripped of Apache 1’s phases.  Rather than Apache 2’s hooks, the phases reappear as something exported by an nginx core module.  At first glance, this looks like broadly similar flexibility to hooks, though the module has to see the core module struct to register a processing function, creating an interdependence that could threaten modular design, especially if a module were to try to emulate optional hooks.

It looks like a fork from Apache 1 (in much the same sense as Apache 2 is): a new server, but one that reuses a lot of what the Apache 1 offered, and builds on it.  Perhaps that’s also just as the original Apache was itself derived from the old NCSA server.  A corollary is that both application programming and sysop skills should be largely transferable between the different servers, with a quick&easy learning curve.

Security by Cookery

Brief thread on apache user support list highlights Doing It Wrong:

Q1: How do I return 404 (not there) instead of 403 (forbidden) for my /cgi-bin/?  IBM Rational AppScan utility tells me to.  I tried […] but it didn’t work, and it blocked my application.

A1: I think you’re misreading your AppScan.  It’s warning about potentially exposing filesystem information.  But there’s nothing secret about a directory containing a web-facing application!  Having said that, [read this doc for one way to do it].

Q2: That may be the case but their recommendation is still: Issue a “404 – Not Found” response status code for a forbidden resource, or remove it completely.

A2: Either they’re wrong or you’re misreading.  But I can see what’s happening.  It’s “chinese whispers”, starting from the CIS benchmark.  Most likely someone along the way (IBM’s tech writer’s boss or somesuch) insisted that a meaningful explanation would be too difficult for their lusers, and either didn’t understand or didn’t care that it’s misleading.

Reminds me of some long and difficult arguments I’ve had over documentation in the past:

Me: (documents something non-trivial)

IdiotManager: You can’t say that, it’s too difficult

Me: I’ve put a lot of time&effort into this.  I can’t see how to simplify further without misleading the reader.

IdiotManager: [suggests a token change that makes no difference to complexity]

Me: NO, THAT’S DOWNRIGHT WRONG!

IdiotManager can’t/won’t back down, and we end up with something like  … well, I guess like the “security by cookery” document our questioner in the above thread was following.

Fortunately when I came to write a book, the publisher was more professional about these things.  The editors would suggest changes, but never forced destructive changes on me.  That was on balance a positive process: commonly an editor’s suggestion would lead me to rethink and improve how I expressed something.

This, I suspect, is a major reason why corporate documentation is generally so very much worse than either books or free software documentation.

Losing money, and glad of it

Today’s news about Lehman Brothers seems likely to hit stock markets hard enough to send my portfolio firmly into the red.  No, I don’t have stock in or near Lehman or its peers, but the expectation is that there will be substantial collateral damage throughout the world’s stockmarkets, including those stocks I do hold.

Why am I happy to make such losses?

Well for one thing, there’s no reason they should be sustained.  They won’t vanish as quickly as the surreal gains that followed news of the fannie/freddie bailouts (gains of 10-15% in UK bank shares on Monday didn’t even last the week).  But neither do they reflect on the fundamental value of unconnected businesses.

More importantly, the end of the bottomless taxpayer purse is long overdue.  The US allowing Lehman to fail is moving on from its King Canute phase to face reality (and so close to an election, they must expect it to be popular – or at least less unpopular than another bailout).  The UK is showing signs of doing likewise, with Mervyn King reportedly taking a stand against throwing ever more taxpayers money into the black hole of housing.  In the meantime both countries have suffered huge losses, but better late than never.

This weekend seems to bring us much closer to drawing a line under “housing rescue” schemes that serve only to prolong the pain.  The Vested Interests can stop talking the market up[1], and start telling vendors to drop 60% from peak prices if they’re serious about selling.  When a £200K house has fallen to £80K we’ll be back to something like the long-term average in terms of income multiples.  Then I’ll be able to afford a house, and those stockmarket losses will cease to matter.

[1] Mainstream predictions – coming from vested interests – started this year at about +1%, moved to -10% in six months, and are now moving to -25% and more amongst those who need buyers as well as sellers.  All in an effort to convince people like me to start buying at prices that are still a long way above their long-term trend, in the expectation they won’t fall very much further.

Stone-age spammers …

Doorbell rang this morning.  Picked up the entryphone, said Hello.  Heard “Hello, we’re Jehovahs Witnesses”; didn’t hang around for more.  End of story – quick and easy.

Except …

Spammers on the ‘net and on the ‘phone go to some lengths to try and push themselves at you.  Jehovahs Witnesses are reputedly all the more tenacious for being there in person.  So why do they make it so easy to get rid of them?  Could that opening line “Hello, we’re Jehovahs Witnesses” really be a cover for something else?  Like, burglars looking for quick confirmation of whether anyone’s in?

Does anyone ever knowingly let Jehovahs Witnesses in?

Footnote: actually I don’t regard Jehovahs Witnesses as such scum as modern spammers.  At least they’re using their own time and effort, rather than weapons of mass abuse.  Nutcases rather than scum.

Energy inefficiency

I got an unsolicited package through the post: four “low-energy” light bulbs.  They’re from British Gas (a domestic energy supplier), and no doubt part of an effort to play “green”.  I guess they can join the spare bulbs I already have sitting in a drawer.

As feelgreen efforts go, it seems mostly harmless: a low-cost effort that could have a very marginal positive outcome.  But as ever, there’s a downside: these are old-fashioned, ugly bulbs, and could reinforce prejudices about “energy-saving” bulbs being horrible in people like my mother.

More problematic is the government’s latest: free or subsidised improvements to the insulation of some peoples homes.  Again, on a narrow view there should be a positive outcome, but this time it’s not cheap&easy: the energy companies could more usefully direct their resources to clean energy.  Rising energy costs are the right stimulus to home insulation.  And, unlike the light bulbs, free home insulation is limited to homeowners, and so completely excludes the poor.

Having said that, there is at least an argument that the government is doing the right thing.  Namely, political expedience.  The fact that energy companies will be paying helps defuse the pressure for a so-called windfall tax: something that would damage their ability to invest in the future, not so much in direct costs, but in scaring investors away.  It could even do collateral damage in other industries.

Alas, none of this does anything for clean energy.  The Alice-in-Wonderland windfall handed to energy generators[1] in free CO2 allowances is genuine and very wrong.  If we accept the carbon market, it should be operated by auction to the highest bidders.  If relief to polluters is considered necessary, give them some measure of corporation tax relief tied to the energy they produce, so clean energy gets the benefits.

[1] who are not the same as domestic providers – something the commentators seem to overlook.

Ode to Joy!

Over the past couple of weeks, we’ve been rehearsing Beethoven’s 9^th (“Choral”) symphony, for the final concert of this year’s Totnes Festival.

Despite the name, it is primarily an orchestral work, with the singers joining only for the final 15 minutes or so. But what a glorious finale! Schiller’s poem may be overblown and absurd, but when set to Beethoven’s glorious and radically groundbreaking music, it is truly inspirational. The Ode to Joy: a final triumph in the symphony’s epic struggle. Whether Beethoven’s personal struggle with the tragedy of his deafness, or Enlightenment Europe’s struggle against the old tyranny.

Yes, I’m enthused about this. More so than I expected: having sung in a number of Beethoven works, I know that his music tends to be thoroughly singer-unfriendly, and a constant effort to bring to life. The choral symphony (in common with the much-longer Missa Solemnis) also inflicts a murderously high tessitura[1] on the voices: we basses get the second-worst deal there, after the poor sopranos. For myself, I guess my operatic experience helps: there are quite a few operas that push the top of the range – though they tend to have a more forgiving musical flow than Beethoven!

It’s a struggle for us. But this music is absolutely worth it! And as the age of liberty closes rapidly behind us, it’s almost a nostalgic flashback to the time when it was opening up ahead of our ancestors!