Older blog entries for etbe (starting at number 988)

Some Proprietary Platform Issues

Android vs iPad

I’m currently in discussions with a client about a potential future project which involves a tablet computer talking to some electronic equipment. The options are an Android tablet and an iPad. One advantage of Android is that it runs on devices of all shapes and sizes, so we can choose a device that fits the need rather than designing everything around the iPad.

But the real problem with iPad is Apple. To run an app on an iPad you need to submit it to Apple, hopefully get it accepted into the App Market, then install it. This process causes some delay, a minor fee, and has the potential to derail the project if Apple doesn’t accept the app on the first try. With Android there is no need to even deal with Google, the app can be installed directly without the Google Play store.

I may end up working with an iPad (which admittedly is really nice hardware), but it seems most likely that the project in question will run on Android only.

Windows vs Linux and Apple OS/X

One of my clients recently paid a web development company to redevelop his web site. I turned out that the web developers in question only knew how to develop for Windows and my client didn’t discover this until too late. Now a site that’s currently using a small fraction of the resources on a $80 per month Linode instance will run on a Windows virtual server costing $300 per month (which includes SQL server license).

The Windows virtual server will probably be managed (because my client uses only Apple and Linux systems and doesn’t employ anyone with Windows skills) which adds an extra $100 per month. If the server isn’t managed then they will have to hire someone to apply patches and that won’t necessarily be cheaper.

So using Windows is going to cost my client an extra $400 per month when compared to the possibility of running a Linux system on the existing virtual server. Even if my client had someone with Windows skills to run the server it would still be an extra $300 per month. If the NBN was available then my client could run a Windows server in their office, but it’s not yet available in their area.

Even for a company that employs people with more Windows skills than Linux skills there are still economic factors in favor of Linux due to smaller hardware requirements and the lack of license fees for all the core software (OS, database server, web server, etc).

Summary

These anecdotes aren’t unusual, it’s the sort of thing that happens all the time. Sometimes the result is good (EG avoiding the iPad), sometimes it isn’t (being stuck with a proprietary web service).

I think I’ll have to suggest to my clients that every contract have a “no proprietary software” clause. Contracts can be amended if there is a reason, but it seems best to make a preemptive strike against companies that sneak proprietary software in and cause significant unexpected expense and difficulty.

Related posts:

  1. The Lenovo U1 Hybrid – an example of how Proprietary OSs Suck Lenovo have announced their innovative new U1 “Hybrid” laptop [1]....
  2. My Prediction for the iPhone I have previously written about how I refused an offer...
  3. Liberty and Mobile Phones I own two mobile phones at the moment, I use...

Syndicated 2012-07-13 11:35:11 from etbe - Russell Cokeretbe - Russell Coker

Breaking SATA Connectors

I’ve just broken my second SATA connector. This isn’t a lot considering the number of hard drives I’ve worked with, but it’s still really annoying as I generally don’t break things.

The problem is that unplugging a SATA cable requires pushing a little clip, this isn’t overly difficult but it unfortunately doesn’t fit well with habits formed from previous hardware. The power cables used for hard drives based on the ST-506 interface which was copied for the IDE interface was large and had a fairly tight fit. Removing such a cable requires a significant amount of force – which is about the same as the amount of force required to break a SATA connector.

When I first started using PCs a reasonably configured AT system cost over $5,000 (maybe something like $10,000 in today’s money). With that sort of price hardly anyone had a set of test PCs. When hardware prices dropped such that hard drives of reasonable size became reasonably affordable on the second-hand market I bought more disks and used some for extra storage and some for testing software. As there was nothing like VMWare for testing OS images the way to test a new OS was to plug in a different hard drive and boot it. So I got a lot of practice at removing IDE power cables with as much force as was necessary.

Now I own a pile of test PCs, SATA disks less than 100G are free, I use Xen for a lot of my testing, and generally I have much less need to swap hard drives around. In most situations in which I would swap hard drives in the 90′s I will now swap PCs and I have piles of PCs ready for this purpose. So I haven’t had enough practice with SATA disks to develop habits for safely removing them.

So far this lack of habit development has resulted in damaging two disks due to changing drives while not concentrating enough. Fortunately duct-tape works well for holding a SATA connector in place when the plastic that attaches to the clip is broken.

Related posts:

  1. Strange SATA Disk Performance Below is a GNUPlot graph of ZCAV output from a...
  2. Vibration and Strange SATA Performance Almost two years ago I blogged about a strange performance...
  3. Dell PowerEdge T105 Today I received a Dell PowerEDGE T105 for use by...

Syndicated 2012-07-09 10:03:18 from etbe - Russell Cokeretbe - Russell Coker

Postfwd and Local Only Email

Over a year ago when I was considering my first Android phone purchase I setup a test account on my mail server so that I could test email clients on phones and tablets. I used a short password because I didn’t want to type a lot on small screens and because typing a password into a random system owned by someone else isn’t particularly secure anyway. Then I forgot about the account until I noticed that my mail server was sending out spam.

Next time I setup such a test account I’ll put rules similar to the following in my Postfwd [1] configuration to stop Postfix from sending such messages. That will prevent the test account from receiving mail from outside or sending mail out of the server. The former is optional (getting a few thousand spam messages in an unused test account is no big deal) but the latter is needed to prevent getting my server blacklisted.

id=R_test_recipient ; recipient==test@coker.com.au ; sender!~.*@coker.com.au ; action=REJECT
id=R_test_sender ; sender==test@coker.com.au ; recipient!~.*@coker.com.au ; action=REJECT

Related posts:

  1. email disclaimers Andre Pang blogs about the annoyance of email disclaimers. For...
  2. Email Passwords I was doing some routine sysadmin work for a client...
  3. Some Postfix Scripts for dealing with Outbound Spamming I’ve just written some small scripts to help me manage...

Syndicated 2012-07-09 09:40:20 from etbe - Russell Cokeretbe - Russell Coker

Links June 2012

This Youtube video is an amusing satire of EULAs and copyright law as applied to uploading consciousness [1].

Washington’s Blog has an insightful article about the way that the lack of trust in the US is killing their economy [2]. It seems that as long as the 1% are allowed to get away with breaking the law the US economy won’t recover. It’s something we should all keep in mind at election time, let’s not be like the US.

AirBnB is an interesting service to allow people to rent a room or an apartment, a quick scan indicates that it’s a lot cheaper than hotels and offers many good locations [3]. It’s probably of most interest to the more social people though which is a down side for me.

Queensland’s highest court has ruled that “vilification of homosexuals is also vilification of bisexuals” because “an essential aspect of bisexuality is a sexual feeling of a person of the same sex, that is, homosexuality” [4]. Anyone who didn’t find that totally obvious could simply consult any dictionary or encyclopedia to find out. But the Australian legal system needed a 46 page ruling. We really need some sanity in the courts.

Father Gregory Boyle founded an organisation named Homeboy Industries with the purpose of providing jobs for people with criminal records [5]. It’s amazing the way he is helping people turn their lives around and it’s apparently a lot cheaper than sending them to jail.

Related posts:

  1. Links February 2012 Sociological Images has an interesting article about the attempts to...
  2. Links March 2012 Washington’s Blog has an informative summary of recent articles about...
  3. Links April 2012 Karen Tse gave an interesting TED talk about how to...

Syndicated 2012-06-30 13:54:32 from etbe - Russell Cokeretbe - Russell Coker

Targeted Advertising

Don Marti has written another blog post about targeted advertising [1]. His main point is that when a company uses the most targeted adverts (such as Google advertising) everyone knows that they are paying a small number of cents per click and nothing for the people who don’t click. This compares to TV adverts which cost a lot of money and for which most viewers either leave the room or use fast-forward. Therefore using Google adverts doesn’t send a signal about the amount of money invested in the products. Don also cited an example of a company sponsoring an OK Go film clip, that was a great idea, it shows that the company can do expensive things which are also a bit creative and fans will thank them (watch all the OK Go videos on Youtube, they are great).

The next question is how else companies can advertise? One thing I’d really like to see is sponsorship of authors. Pick an author and pay them a salary with paid editorial services for releasing a book a year for free in HTML and ebook formats. Having a fixed salary is a significant benefit when it comes time to apply for a mortgage or plan a holiday and being able to freely distribute books would be a significant benefit for an author who hasn’t got a large fan base.

In the computer industry it seems that there’s a lot of potential for sponsoring people who produce free things. That ranges from free software and designs for free hardware to blog posts and documentation. Five years ago Sun had a blogging contest and my friend Dave Hall won a server that was worth $21K [2]. It would be nice if some other companies started doing similar things and if Sun did a repeat so some other people I like could get some free kit.

Related posts:

  1. What is Appropriate Advertising? Colin Charles writes about a woman who is selling advertising...
  2. Advertising Free Software Projects Today I just noticed the following advert on one of...
  3. Friends and Adverts For some time I have been running Google Adsense adverts...

Syndicated 2012-06-24 14:50:36 from etbe - Russell Cokeretbe - Russell Coker

New SE Linux Policy for Wheezy

I’ve just uploaded a new SE Linux policy for Debian/Wheezy. It now works correctly with systemd and Chromium, two significant features that I wanted for Wheezy. Now it turns out that we have until the end of the month for Wheezy updates, so I may get another version of the policy uploaded before then. If so it will only be for relatively minor changes, I think that most SE Linux users would be reasonably happy with policy the way it is. Anything that doesn’t work now can probably be solved by local configuration changes.

execmem

The current version of KDE in Debian is 4.8.4, it seems that large parts of the KDE environment depend on execmem access, this includes kwin and plasma-desktop. Basically there is no possibility of having a KDE desktop environment without those programs and therefore KDE depends on execmem access.

Debugging this is difficult as the important programs SEGV when denied execmem access and the KDE crash handler really gets in the way of debugging it – running /usr/bin/plasma-desktop results in the process forking a child and detaching from the gdb session.

The most clear example of an execmem issue in KDE is from the program /usr/lib/kde4/libexec/kwin_opengl_test which gives the following error:
LLVM ERROR: Allocation failed when allocating new memory in the JIT
Can’t allocate RWX Memory: Permission denied

To make this work you run the command “setsebool -P allow_execmem 1” which gives many domains the ability to create writable-executable memory regions.

I raised this issue for discussion on the SE Linux mailing list and Hinnerk van Bruinehsen wrote an informative message in response summarising the situation [1]. It seems that it’s possible to compile some of the programs in question to not use the JIT and therefore not require such access and there is a build option in Gentoo to allow it. But it’s impractically difficult for me to fork KDE in Debian so the only option is to recommend that people enable the allow_execmem boolean for Debian desktop systems running SE Linux.

Related posts:

  1. /run and SE Linux Policy Currently Debian/Unstable is going through a transition to using /run...
  2. An Update on DKIM Signing and SE Linux Policy In my previous post about DKIM [1] I forgot to...
  3. New SE Linux Policy for Squeeze I have just uploaded refpolicy version 0.2.20100524-1 to Unstable. This...

Syndicated 2012-06-21 14:12:14 from etbe - Russell Cokeretbe - Russell Coker

SASL Authentication and Debian/Wheezy

After upgrading a mail server to Debian/Unstable (which will soon be released as Wheezy) I started getting SASL errors.

535 5.7.8 Error: authentication failed: no mechanism available

The SMTP protocol gave the above error for both LOGIN and PLAIN methods.

SASL LOGIN authentication failed: no mechanism available

The postfix/smtpd process logged messages like the above in syslog.

It turned out that the “auxprop_plugin: mysql” line had to be removed and replaced with the following two lines due to a change in the way SQL plugins are managed:

auxprop_plugin: sql
sql_engine: mysql

Also the SQL query needed to have “%u” replaced with “%u@%r” because we now have user and realm provided separately.

Related posts:

  1. MySQL security in Debian Currently there is a problem with the MySQL default install...
  2. Kernel issues with Debian Xen and CentOS Kernels Last time I tried using a Debian 64bit Xen kernel...
  3. new release of postal Today I have released a significant new version of my...

Syndicated 2012-06-20 02:32:11 from etbe - Russell Cokeretbe - Russell Coker

Debian SE Linux Status June 2012

It’s almost the Wheezy freeze time and I’ve been working frantically to get things working properly.

Policy Status

At the moment I’m preparing an upload of the policy which will support KDE (and probably most desktop environment) logins and many little fixes related to server operations (particularly MTAs). I would like to get another version done before Wheezy is released, but if Wheezy releases with version 2.20110726-6 of the policy that will be OK. It will work well enough for most things that users will be able to use local changes for the things that don’t work.

One significant lack with the current policy is that systemd won’t work. I’ve included most of the policy changes needed, but haven’t done any of the testing and tweaking that is necessary to make it work properly.

I would like to see policy support for systemd in a Wheezy update if I don’t get it done in time for the first release. If I don’t get it done in time for the release and if the release team don’t accept it for an update then I’ll put it in my own repository so anyone who needs it can get it.

/run Labelling

One significant change for Wheezy is to use a tmpfs mounted on /run instead of /var/run. This means that lots of daemon start scripts create subdirectories of /run at boot time which need to have SE Linux labels applied for correct operation. The way things work is that usually the daemon will write to the directory immediately after the init script has created it, so I can’t just have my own script recursively relabel all of /run.

Some packages that need to be patched are x11-common #677831, clamav-daemon #677686, sasl2-bin #677685, dkim-filter #677684, and cups #677580. I am sure that there are others.

[ -x /sbin/restorecon ] && /sbin/restorecon -R $DIR

Generally if you are writing an init script and creating a directory under /run then you need to have some shell code like the above immediately after it’s created. Also the same applies for directories under /tmp and any other significant directories that are created at boot time.

Upgrading

Currently there are some potential problems with the upgrade process, I’m working on them at the moment. Ideally an “apt-get dist-upgrade” would cleanly upgrade everything. But at the moment it seems likely that the upgrade might initially go wrong and then work on the second try. There are some complications such as the selinux-policy-default package owning a config file which is used by mcstransd (which is part of the policycoreutils package), when the config file format changes you get order dependencies for the upgrade.

Kernel Support

My aim when developing a new SE Linux release for Debian is that the policy should work as much as possible with the user-space from the previous release. So if you upgrade from Squeeze to Wheezy you should be able to start the process by upgrading the SE Linux policy (which drags in the utilities and lots of libraries). This means that if you have a server running you don’t have to put it out of action for the entire upgrade, you can get the policy going and then get other things going. I haven’t tested this yet but I don’t expect any problems (apart from all the dependencies).

Also the policy should work with the kernel from the previous release. So if you have a virtual server where it’s not convenient to upgrade the kernel then that shouldn’t stop you from upgrading the user-space and the SE Linux policy. I’ve tested this and found one bug, the sepolgen-ifgen utility that you need to run before audit2allow -R won’t work if the kernel is older than the utilities #677730. I don’t know if it will be possible to get this fixed. Anyway it’s not that important, you can always copy the audit log to another system running the same policy to run audit2allow, it’s not convenient but not THAT difficult either.

The End Result

I think that the result of using SE Linux in Wheezy will be quite good for the people who get the upgrade done and who modify a few init scripts that don’t get the necessary changes in time. I anticipate that someone who doesn’t know much about SE Linux will be able to get a basic workstation or small server installation done in considerably less than an hour if they read the documentation and someone who knows what they are doing will get it done in a matter of minutes (plus download and install time which can be significant on old hardware).

At the moment I’m in the process of upgrading all of my systems to Unstable (currently Testing has versions of some SE Linux packages that are too broken). While doing this I will keep discovering bugs and fix as many of them as possible. But it seems that I’ve already fixed most things that affect common users.

Also BTRFS works well. Not that supporting a new filesystem is a big deal (all that’s needed is XATTR support), but having all the nice new features on one system is a good thing. Now I just need to get systemd working.

Related posts:

  1. SE Linux Status in Debian 2012-01 Since my last SE Linux in Debian status report [1]...
  2. SE Linux Status in Debian 2012-03 I have just finished updating the user-space SE Linux code...
  3. SE Linux Status in Debian 2011-10 Debian/Unstable Development deb http://www.coker.com.au wheezy selinux The above APT sources.list...

Syndicated 2012-06-17 06:48:39 from etbe - Russell Cokeretbe - Russell Coker

New Version of Memlockd

I’ve just released a new version of Memlockd, a daemon to lock essential files in RAM to increase the probability of recovering a system that is paging excessively [1].

The new features are:
Using Debian/Wheezy paths for shared objects on i386 and amd64.

Added a new config file option to not log file not found errors so we don’t see i386 errors on amd64 and amd64 errors on i386.

Added a systemd service file which I haven’t yet tested, but I won’t get to test it for a while so for the moment I’ve released it and hope that the person who submitted the file got it right and that my minor change didn’t break it.

Added a run-parts style config directory, default is /etc/memlock.d and now the config file uses a % to chain to another file or directory.

So I fixed all but one of the Debian bugs in time for Wheezy, provided that the systemd stuff works. If someone has time to test it with systemd for me then that would be great!

Related posts:

  1. New version of Bonnie++ and Violin Memory I have just released version 1.03e of my Bonnie++ benchmark...
  2. new release of postal Today I have released a significant new version of my...
  3. /run and SE Linux Policy Currently Debian/Unstable is going through a transition to using /run...

Syndicated 2012-06-16 10:39:05 from etbe - Russell Cokeretbe - Russell Coker

The Financial Value of a University Degree

I’ve read quite a few articles about the value of a degree. Most of them come from the US where the combination of increasing tuition fees and uncertain job market makes a degree seem like a risky investment. I think that most analysis of the value of a degree are missing some important points.

The Value of Money at Different Times

The value of money is different at various stages of your life. The impression that I get is that when a married couple have their house fully paid off and they either don’t/won’t have children or their children are old enough to leave home the amount of money that they earn seems to matter a lot less. Doing a university degree involves 3 or 4 years not earning money (or more if doing post-graduate studies), which is usually starting at the age of 18. Effectively getting a degree involves giving up some money while young for the opportunity to earn more when older. Any analysis based on directly comparing the money spent on the degree to the amount of financial return without considering when money is needed is not very useful.

I think that a reasonable analysis would exclude income earned after the age of about 45. By that age most people have either achieved a solid financial position and learned to live within their means or messed up their finances so badly that they won’t live long enough to recover.

A Degree as a Signal

The Wikipedia page on economic signalling gives education as an example of a signal. A signal in this case means something that doesn’t inherently mean anything but which signifies something else. So completing a degree doesn’t necessarily mean that you learned anything relevant to work, but if you are able to do it then it means that you can probably also do things which are economically useful for an employer. This raises the question of how else one might signal their ability to work. One obvious answer is by working, someone who has remained steadily employed for 3 or 4 years has demonstrated their ability to work reliably and get along with other people which should be at least as useful as a signal.

It’s Not Only the Degree

Most analysis seem to compare average income of people with degrees with the average of income with people who didn’t attend university. That is based on the assumption that the degree was the only difference.

When I was young my parents spent a moderate amount of money on a full set of paper encyclopedias (about 2 meters of shelf space). I’m sure that this gave me some educational benefit as they intended, and it was something that was apparently quite rare – I don’t recall seeing a full encyclopedia in anyone else’s house before the Wikireader [1].

My parents also bought me quite a lot of computer gear (back when hardware was really expensive), were always available to drive me to computer users’ group meetings etc, and did everything else that seemed likely to have an educational benefit. The value of such learning opportunities is significant.

I think that almost everyone who had similar learning opportunities to me when they were young will probably have experienced similar support and pressure to attend university. I also think that almost everyone who receives such opportunities will be able to earn more than the median income even if they don’t attend university.

To a large extent people who are going to be successful attend university. A university degree doesn’t make anyone successful if they couldn’t succeed without a degree. There are some careers that just aren’t options if you don’t have a relevant degree (such as medicine and law). But I believe that anyone who is capable of completing a difficult course such as medicine or law (or any other career that has legal requirements for a degree) is capable of being successful without a degree in many other fields. So comparing the wages of a doctor or a lawyer to an average person doesn’t make sense, it makes more sense to try and compare their wages to someone of similar skill who didn’t have such a qualification.

Conclusion

It seems to me that the question is, of the people who had great learning opportunities when they were young and who wanted to succeed, would they have earned much less if they hadn’t attended university?

The next question is, of the people who might earn significantly less without getting a degree, would that salary difference really have mattered, or would it just be a matter of earning some luxury money when they are too old to really need it?

Related posts:

  1. Ideas for a Home University There seems to be a recent trend towards home-schooling. The...
  2. university degrees Recently someone asked me for advice on what they can...
  3. Microsoft Hires University Drop-Out for Recruiting Campaign news.com.au reports that MS has hired former Miss Australia Erin...

Syndicated 2012-06-14 01:14:00 from etbe - Russell Cokeretbe - Russell Coker

979 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!