Crossed Wires

Vic’s Blog

DisplayLink and x2x brings back Zaphod mode

May 4

Posted by Vic in Hardware, Linux | 1 Comment

Ever since work issued me a Lenovo T61 and I installed Fedora on it, I have lamented the loss of something that X afficionados referred to as “Zaphod mode”.  By gluing together a few different software and hardware components I managed to get close to the old Zaphod mode days — but first some background…

Usually when you set up a multi-monitor installation you get a single desktop that spans all the screens.  This is great when you have a single desktop, but on Linux multiple desktops are the norm.  When I started using multiple screens in Linux, I loved the extra screen real estate but the fact that switching virtual desktops caused *all* the windows on all the screens to switch really bugged me.  I wanted the ability to have something — like an email program, or a web browser — to stay on one screen while I switched between desktop views on the other screen.  Or better still, the ability for both screens to have virtual desktops that were independent of each other.

Enter “Zaphod mode”, named for Zaphod Beeblebrox from the Hitchhikers Guide to the Galaxy by Douglas Adams.  Beeblebrox, who was President of the Galaxy before he stole the Starship Heart Of Gold, had two heads that were independent of each other.  In X server terms, multiple display devices are often referred to as “heads”.  So you can probably deduce that “Zaphod mode” refers to an operating mode of the X server where the multiple “heads” or display devices function as different displays.

Go back far enough and you get to a point where that was the standard mode of operation of X.  The X extension “Xinerama” was developed to provide the merging of different X displays into a single screen.  NVidia also had a hardware/firmware based equivalent called TwinView, where multiple heads on an NVidia card (and even sometimes heads on different cards) could be joined.  These extensions came not without their problems however: it was common for windows and dialog boxes to get confused about what display to appear on.  You would almost always see dialog boxes that are meant to display in the middle of the screen being split across the two physical displays.  Also, there was the multiple desktop “inconvenience” of not being able to switch the desktops independently.

Zaphod mode fixed these problems.  Because the screens were separate, windows and dialog boxes always appeared in the centre of the physical screen.  You could leave a web browser on one screen while you switched between an e-mail client, an IRC client, and an SSH session in the other.  It wasn’t all beer-and-skittles though, since in Zaphod mode it was not possible to move an application from one screen to the other.  Plus, some applications like Firefox could not have windows running on both screens (the second one to start could not access the user profile).

Zaphod mode largely “went away” during the transition from XFree to Xorg.  The servers dropped support for multiple separate displays in the one server, and only gradually added it back in (with the Intel driver being one of the last to do so, and probably still has not).  Since laptops were the only place I still used multiple screens, and the laptops I used all had Intel integrated graphics, I had to do without Zaphod mode.

Today, I hardly use dual monitors at all.  I used to have a desktop system with a 21″ CRT flanked by 17″ LCDs on either side, but that all got replaced by a single 24″ LCD.  At work we don’t have assigned desks, so setting up a screen to plug the laptop into isn’t going to happen.  I guess I learned to live without Zaphod mode by just going back to a single screen.  I still remember my Zaphod-powered dual-screen days fondly though, and with almost every update to Xorg I would scan the feature list looking for something like “Support for configuration of multiple independent displays (Zaphod mode)”.

A while back I bought a DisplayLink USB to DVI adapter.  I didn’t really know what to do with it at the time, but recently I dug it out and tried setting it up.  Googling for “DisplayLink Fedora” sent me to a couple of very helpful pages and it didn’t take long to get the “green screen of life” that indicates that the DisplayLink driver was active.  It was when I was looking at how to make it work as an actual desktop — part of the process involves setting up a real xorg.conf (that’s right, something about the DisplayLink X server means it can’t be configured by the Xorg auto configuration magic) — that I realised I could do something wonderful.  Instead of making a config file that contained both my standard display and the DisplayLink device (and probably cause havoc for the 90% of times I boot without an additional screen) I would create a config file with *just* the DisplayLink device and start it as a second server.  Run a different window manager in there, and I would have two independent desktops — Zaphod mode!

I did a couple of little experiments just starting an xterm in the second X, and it worked fine (the more alert of you will realise that I’m taking a bit of artistic license with the word “fine” here, and know that three little letters in the title of this post are a clue to what wasn’t yet working…) with the desktop and the xterm appearing in the second monitor.  I installed XFCE, and configured it to start as the window manager of the second X server, which also worked well.

Something was missing though: there was no mouse input to the second screen.  In Zaphod mode, even though the two screens were separate X displays they were managed by the same server.  This meant that the input devices were shared between the two displays.  In this configuration, I was careful to exclude any mouse and keyboard devices from my second display config to avoid any conflicts.  So how was I to get input device data into the second server?  A second display is not much good if you can’t click and type on the applications that run on it…

I remembered about an old program called x2x that could transfer the mouse and keyboard events to a different X server when you moved the mouse to the edge of your display (and, inexplicably, I forgot all about a much younger program called Synergy that can do the same thing).  Since x2x isn’t built for Fedora I found the source and built it and started it up…  and it worked first time!  When I moved the mouse to the edge of the screen, it appeared on the other screen!  I could start apps and type into them exactly as I wanted.

It wasn’t perfect, however.  I found that when I returned the mouse to the primary screen, the second screen was still getting keyboard events.  I figured this would be particularly inconvenient when, for example, I was entering user and password details into an app on the primary screen while an editor or terminal program had focus on the second screen…  I checked the Xorg.1.log file, and found that even though I had not specified a “keyboard” input device Xorg was automatically defining one for me.  I turned off the udev options, but it still happened.  My initial enthusiasm was starting to fade.

What fixed it was to manually define a “dummy” keyboard device.  There must be some logic in Xorg that it refuses to allow a configuration with no configured keyboard (which makes sense), so in this rather unusual case where I don’t want a keyboard I have to define one but give it a dummy device definition.  Defining the dummy keyboard stopped Xorg from defining its automatic one, and everything worked as expected!  Even screensavers work more-or-less as designed (although I haven’t actually spent much time in front of the setup yet so haven’t had to unlock the screen that often).

I’m away from the computer in question right now, otherwise I would post configs and command lines (and even a pic of the end result).  I’ll update this post with the details — leave a comment if you think I need to hurry up!  :)

 

Tags: , , , , ,

Hi, I’m Vic… and I have depression

Mar 4

Posted by Vic in Life, Personal | 1 Comment

This is perhaps the hardest thing I’ve ever had to write.  There is a lot of emotion behind the words I write here, and I’m trying to keep that out.  If you were expecting the latest snippet of technical insight from me, I’m sorry.  Maybe next time.  This post is about me.

In the first six months of 2004 I changed employer, my first child was born, and I suffered a mild heart attack.  For some time I’ve believed that this set of major events occurring over such a short period was responsible for the way I feel.  If I’m honest though, there’s every likelihood that it was there long before, and 2004 just pushed me off the top of the slippery slope.

People’s reactions to near-death experiences vary almost as widely as the events that bring them to near-death.  To me, how someone recovers from such an experience will depend very much on how they can rationalise who is at fault for the experience.  Experiences like being a victim of armed robbery or a car accident are fundamentally different from health-related near-death because when it’s health-related there’s no-one to blame but yourself — you ate the wrong food, you didn’t exercise enough, you got bad genes, etc.  You can try to blame someone or something else (blame the fast-food chains for your diet, blame the TV programs or the computer games for your lack of exercise, blame your parents for your genes) but deep down you know it’s all on you.  The effect this can have on self-esteem and self-worth are immeasurable.

I say this all in my context of course — for me it was too tempting to blame that heart attack for feeling bad.  I’m sure others have felt the same: despite all the other things in their life that might be causes of concern — stressful or unrewarding job, young children, difficult relationships, money problems — the health problem that nearly killed them becomes what they use to define themselves.  This was definitely the case for me: I was 34 years old, I had been overseas for a week for work and was supposed to be at home helping to look after my 3-month old son, what the f**k was I doing in a cardiac hospital after suffering a myocardial infarction?  I was broken, a product of a gene pool that produced 11 out of 13 immediate blood relatives with cardiac issues.  People would tell me this was my “wake-up call”, my “second chance”, but nothing could break my resignation that the deck was stacked against me.

I saw a psychologist for a while in 2005-06, and was on antidepressants for a while around the same time.  I thought I was feeling good about life again.  My last visit with the psychologist was just before I went on an overseas business trip with a colleague in March 2006.  I got a script for more meds before I went overseas (the doctor actually joked with me about how having a psychotic break while going through US airport security wouldn’t be a good thing), but when that script ran out I didn’t bother getting a new one.  Looking back, I was in Zoloft-fuelled denial of my real mental and emotional state.  I actually thought I was better, so I didn’t need the drugs any more.

The denial of my mental state has continued until almost the present day — except that it was no longer fuelled by antidepressants.  Over the last six months or so, denial came from a self-fulfilling belief that there was nothing worth doing.  When I thought I was feeling good about life, I failed to see that what I was really feeling good about were things in my life; in times when things to feel good about became fewer and farther between, so too would my moods get darker and darker.  I’d have good days and bad days, but even on good days I’d be a hair’s breadth from falling into a dark black mood in which even just moving seemed like too much effort.  I have been denying my state of mind — except when it suited me to say “I don’t feel like it” to get out of doing something.  I’ve told myself that my poor diet and lack of exercise led to my heart problems, which in turn made me depressed, causing me to want to withdraw further from family and social situations.

Recently though, I’ve realised that the opposite is true: that all the things that I thought have derived from the heart attack have actually come from a different — but no less real — condition: clinical depression, or “a major depressive illness”.  I’m actually on the border of bipolar disorder, but I’m told my “highs” aren’t quite manic enough to fit that profile.

Some of you reading this will unfortunately think that now that I know what my problem is I can just get over it.  While knowing what my problem is allows me to find proper treatment, it’s a long way from getting over it.  Let me ask you: if someone has a broken leg, does being told that they have a broken leg make the leg any less broken?  ”Okay,” someone might reply, “so you just pop some pills to feel better.”  Again: if someone has a broken leg and they take medication for the pain, is the leg any less broken?  “Well, go and talk to a shrink then.”  If you’ve got a broken leg and you talk to someone about the experience of having a broken leg, is the leg any less broken?

Our protagonist with the broken leg starts the road to recovery when the break is set and the leg is cast.  Pain killers might be needed, along with crutches or a wheelchair for mobility, perhaps even a ruler to scratch the skin irritated by the cast.  Physiotherapy to rebuild muscle and supporting tissue might be needed as well, once the bone is sufficiently restored.  Our protagonist might walk with a limp for a while, but will eventually return to full health.

I have started to get help, but I have no idea what my road to recovery will look like.  I saw my GP a few weeks ago and he referred me to a psychiatrist, with whom I’ve had my first session.  Medication will be involved, but I’ve already felt the effects of the other actions I’ve taken: exercise, eating well, and treating my after-hours as my own time instead of an extension of the work day.  I’ve started to lose weight as well (2-3kg so far) — something that I’d always wanted to do but felt was beyond my mood-locked abilities.  I still have dark times though.

Now the really hard part.  Some of you might be wondering if there was a catalyst to all this self-realisation and affirmative action.  I’m not ready to talk about that, except to say one thing: this illness I have is like a cancer — ruthless, vicious, absolutely silent, and often detected way too late.  Unlike cancer though, many people don’t take it seriously.  Don’t take anything for granted.  Depression will take things away from you that you don’t know you’ve lost until they’re gone, and what you lose might be the very things you’ve always needed to make it through to the end of each day.

Don’t wait until RU OK? Day…  if you’re depressed, talk to someone; if you know someone who might be depressed, talk to them.  Please.

Online resources in Australia for depression and bipolar disorder (not an exhaustive list, nor a list of endorsements):

 

Another year over…

Dec 31

Posted by Vic in Life | No Comments

As I type this, 2011 draws to a close (in this timezone at least) — in fact if I keep going long enough it’ll be my first post to span two years.

I would like to have blogged a bit more in 2011. It’s not like I had any shortage of things to write about, in fact that’s probably the crux of the matter: not enough time to write due to many things going on. No promises about writing more next year though — I can’t imagine I’ll magically have more time for writing next year!

Wherever you are, best wishes for the coming year. Here’s hoping that 2012 brings health and fortune to you and your family.

Happy New Year!

Oracle Database 11gR2 on Linux on System z

Aug 31

Posted by Vic in Linux, Operating Systems, Work | No Comments

Earlier this year (30 March, to be precise) Oracle announced that Oracle Database 11gR2 was available as a fully-supported product for Linux on IBM System z.  A while before that they had announced E-Business Suite as available for Linux on System z, but at the time the database behind it had to be 10g.  Shortly after 30 March, they followed up the 11gR2 announcement with a statement of support for the Oracle 11gR2 database on Linux on System z as a backend for E-Business Suite — the complete, up-to-date Oracle stack was now available on Linux on System z!

In April this year I attended the zSeries Special Interest Group miniconf[1], part of the greater Independent Oracle Users Group (IOUG) event COLLABORATE 11.  I was amazed to discover that there are actually Oracle employees whose job it is to work on IBM technologies — just like there are IBM employees dedicated to selling and supporting the Oracle stack.  Never have I seen (close-up) a better example of the term “coopetition”.

On my return from the zSeries SIG and IOUG, I’ve become the local Oracle expert.  However, I’ve had no more training than the two days of workshops run at the conference!  The workshops were excellent (held at the Epcot Center at Walt Disney World, no less!) but they could not an expert make.  So I’ve been trying to build some systems and teach myself more about running Oracle.  I thought I’d gotten off to a good start too — I’d installed a standalone system, then went on to build a two-node RAC.  I communicated my success to one of my sales colleagues:

“I’ve got a two-node RAC setup running on the z9 in Brisbane!”

“Great!  Good work,” he said.  ”So the two nodes are running in different LPARs, so we can demonstrate high-availability?”

” . . . ”

In my haste I’d built both virtual machines in the same LPAR.  Whoops.  (I’ve fixed that now, by the way.  The two RAC nodes are in different LPARs and seem to be performing better for it.)

Over the coming weeks, I’ll write up some of the things that have caught me out.  I still don’t really know how all this stuff works, but I’m getting better!

Links:

IBM System z: www.ibm.com/systems/z or www.ibm.com/systems/au/z

Linux on System z: www.ibm.com/systems/z/os/linux/index.html

Oracle zSeries SIG: www.zseriesoraclesig.org

Oracle Database: www.oracle.com/us/products/database/index.html

[1] Miniconf is a term I picked up from linux.conf.au — the zSeries SIG didn’t advertise its event as a miniconf, but as a convenient name for a “conference-in-a-conference” I’m using the term here.

 

 

 

Tags: , , , , ,

What a difference a working resolver makes

Aug 7

Posted by Vic in Linux, Networks, Work | No Comments

The next phase in tidying up my user authentication environment in the lab was to enable SSL/TLS on the z/VM LDAP server I use for my Linux authentication (I’ll discuss the process on the DeveloperWorks blog, and put a link here).  Apart from being the right way to do things, LDAP authentication appears to require SSL or TLS in Fedora 15.

After I got the Fedora system working, I thought it would be a good idea to have other systems in the complex using SSL/TLS also.  The process was moderately painless on a SLES 10 system, but on the first SLES 11 system I went to YaST froze while saving the changes.  I (foolishly) rebooted the image, and it hung during boot.  Not fun.

After a couple of attempts to fix up what I thought were the obvious problems (each attempt involving logging off the guest, connecting its disk to another guest, mounting the filesystem, making a change, unmounting and disconnecting, and re-IPLing) with no success, I went into /etc/nsswitch.conf and turned off LDAP for everything I could find.  This finally allowed the guest to complete its boot — but I had no LDAP now.  I did a test using ldapsearch, which reported it couldn’t reach the LDAP server.  I tried to ping the LDAP server by address, which worked.  I tried to lookup the hostname of the LDAP server, and name resolution failed with the traditional “no servers could be reached” message.  This was odd, as I knew I’d changed it since it was pointing to the wrong DNS server before…  I could ping the DNS by address, and another system resolved fine.

I thought it might have been a configuration problem — I had earlier had trouble with systems not being able to do recursive DNS lookups through my DNS server.  I went to YaST to configure the DNS Server, and it told me that I had to install the package “bind”.  WHAT?!?!?  How did the BIND package get uninstalled from the system…

Unless…  It’s the wrong system…

I checked /etc/resolv.conf on a working system and sure enough I had the IP address wrong.  I was pointing at a server that was NOT my DNS server.  Presumably the inability to resolve the name of the LDAP server I was trying to reach is what made the first attempt to enable TLS for LDAP fail in YaST, and whatever preload magic SLES uses to enable LDAP authentication got broken by the failure.  Setting the right DNS and re-running the LDAP Client module in YaST not only got LDAP authentication working but got me a bootable system again.

A simple fix in the end, but I’d forgotten the power of the resolver to cause untold and unpredictable havoc.  Now, pardon me while I lie in wait for the YaST-haters who will no doubt come out and sledge me…  :-)

Tags: , , , , , ,

RACF Native Authentication with z/VM

Jul 20

Originally posted on z/Blog -- with Vic Cross. Categories: DeveloperWorks

 In 2009 I was part of the team that produced the Redbook "Security for Linux on System z" (find it at http://www.redbooks.ibm.com/abstracts/sg247728.html).  Part of my contribution was a discussion about using the z/VM LDAP Server to provide Linux guests with a secure password authentication capability.  I probably went a little overboard with screenshots of phpLDAPadmin, but overall I think it was useful.

I’ve come back to implement some of what I’d put together then, and unfortunately found…  not errors as such, but things I perhaps could have discussed in a little more detail.  I’ve been using the z/VM LDAP Server on a couple of systems in my lab but had not enabled RACF.  I realised I need to "eat my own cooking" though, so decided to implement RACF and enable the SDBM backend as well as switch to using Native Authentication in the LDBM backend.

Native Authentication provides a way for security administrators to present a standard RFC 2307 (or equivalent) directory structure to clients while at the same time taking advantage of RACF as a password or pass phrase store.  Have a look in our Redbook for more detail, but basically the usual schema is loaded into LDAP and records are created using the usual object classes like inetOrgPerson, but the records do not contain the userPassword attribute.  Instead of comparing a presented password against the field contained in LDAP, the z/VM LDAP Server (when Native Authentication is enabled) issues a RACROUTE call to RACF to have it check the password.

In my existing LDAP database, I had user records that were working quite successfully to authenticate logons to Linux.  My plan was simply to enable RACF, creating users in RACF with the same userid as the uid field in LDAP (I have access to a userid convention that fits RACF’s 8-character restriction, so no need to change it).  After going through the steps in the RACF program directory, and various follow-up tasks to make sure that various service machines would work correctly, I did the LDAP reconfiguration to get Native Authentication.

At this point I probably need to clarify my userid plan.  The documentation for Native Authentication in the TCP/IP Planning and Administration manual says that the LDAP server needs to be able to work out which RACF userid corresponds to the user record in LDAP to be able to validate the password.  It does this by either having the RACF userid explicitly specified using the ibm-nativeId attribute (the object class ibm-NativeAuthentication has to be added to the user object), or by matching the existing uid attribute with RACF.  This is what I hoped to be able to do; by using the same ID in RACF as I was already using in LDAP, I planned to not require the extra object class and attribute.  In the Redbook, because my RACF ID was different from the LDAP one I went straight to using the ibm-nativeId attribute and didn’t go back and test the uid method.

So, I gave it a try.  I had to disable SSH public-key authentication so that my password would actually get used, and once I did that I found that I couldn’t log on.  It didn’t matter whether I tried with my password or pass phrase, neither was successful.  I read and re-read all the LDAP setup tasks and checked the setup, but it all looked fine.  In one of those "let’s just see" moments, I decided to see if it worked with the ibm-nativeId attribute specified in uppercase…  and it did!

Okay, so it appeared that the testing of uid against a RACF id was case-sensitive.  I decided to try creating a different ID, with an uppercase uid, in LDAP to double-check.  Since phpLDAPadmin wouldn’t let me create an uppercase version of my own userid (since that would be non-unique), I created a different LDAP id to test:

[viccross@laptop ~]$ ssh MAINT@zlinux1
Password:
Could not chdir to home directory /home/MAINT: No such file or directory
/usr/X11R6/bin/xauth:  error in locking authority file /home/MAINT/.Xauthority
MAINT@zlinux1:/>

My MAINT user in LDAP has no ibm-nativeId attribute, so the only operational difference is the uppercase uid (the error messages are caused by the LDAP userid not having a home directory; I use a NFS shared home directory had I hadn’t bothered setting up the homedir for a test userid).

The final test was to change the contents of the ibm-nativeId attribute in my LDAP user record to lower-case — and it broke my login.  So that would seem to indicate that the user check against RACF is case sensitive wherever LDAP gets the userid from.  I’m going to have a look through documentation to see if there’s something I need to change, but this looks like something to be aware of when using Native Authentication.

I also noticed that I didn’t describe the LDAP Server SSL/TLS support in the Redbook, but that’s a post for another day…

Tags: , , , , , , ,

OpenSSL speed revisited

May 17

Originally posted on z/Blog -- with Vic Cross. Categories: DeveloperWorks

 I realised I never came back and reported the results of my OpenSSL "speed" testing after our 2096 got upgraded.  For reference, here was the original chart, from when the system was sub-capacity:

image

… and the question was, does the CPACF run at the speed of the CP (i.e. it runs sub-capacity if the CP is sub-capacity) or does it run at full speed like an IFL, zIIP or zAAP.  If the latter, the result after the upgrade should be the same as before — that would indicate the speed of crypto operations does not change with the CP capacity, and that CPACF is always full speed.  If the former, we should see an improvement between pre- and post-upgrade, indicating that the speed of CPACF follows the speed of the CP.

Place your bets…  Okay, no more bets…  Here’s the chart:

image 
The graph compares the results from the first chart in blue (when the machine was at capacity setting F01) with the full-speed (capacity setting Z01) results in red.

Okay, so did you get it right?  If you know your z/Architecture you would have!  As the name suggests, the Central Processor Assist for Cryptographic Function (or CPACF) is pretty-much an adjunct to each CP, just like any standard execution unit (like the floating point unit, say).  It is not like the Crypto Express cards, which are actually an I/O device and totally separate from the CP.  Because it is directly associated with each CP, for sub-capacity CPs its CPACF is bound to the speed of that CP.

If you look closer, further evidence that CPACF performance scales with capacity setting can be seen in the respective growth rates of each set of data points.  To see this a little clearer (because I don’t know the right mathematical terms to describe the shape of the curve, so I’ll just show you) I drew a couple more graphs:

image image  

Looking at the left graph (which is the same as the bar graph above, just drawn in lines) you can see that in both the software and the CPACF case the lines for before and after the upgrade follow the same trend with respect to the block size.  If these lines followed different trends — for example if the Z01 CPACF line was flat across the block size range instead of a gently falling slope like the F01 line — I’d suspect something else was affecting the result.  Looked at a different way, the right-hand graph above shows the "times-X" improvement between software and CPACF.  You can see that the performance multiplier (i.e. the relative performance improvement between software and hardware; CPACF speed is 16x software at 8192 byte blocks) was the same for each block size.

Now, just to confuse things…  Although I’ve used OpenSSL on Linux as the testing platform for this experiment, most Linux customers will never see the effects I’ve demonstrated here.  Why?  Because Linux is usually run on IFLs, and the IFL always runs at full speed!  Even if there are sub-capacity CPs installed in a machine with IFLs, the IFLs run at full speed and so to does the CPACF associated with the IFLs.  I’ll say again: CPACF follows the speed of the associated CP, so if you’re running Linux on IFLs the CPACF on those IFLs will be full capacity just like the IFLs themselves.  If you have sub-capacity CPs for z/OS workload on the same machine as IFLs, the CPACF on the CPs will appear slower than CPACF on the IFLs.

As far as the actual peak number is concerned, it looks like a big number!  If I understand it right, 250MB/sec would be more than enough speed to have a server doing SSL/TLS traffic driving a Gigabit Ethernet at line speed (traffic over connected sessions, NOT the certificate exchange for connection establishment; the public key crypto for certificate verification takes more hardware than just CPACF, at least on the z9 anyway).  And that’s just one CP!  Enabling more CPs (or IFLs, of course) gives you that much more CPACF capacity again.  Keep in mind that these results are using hardware that is two generations old — I would expect z10 and z196 hardware to get higher results on any of these tests.  Regardless, these are not formal, official measurements and should not be treated as such — do NOT use any of these figures as input to system sizing estimates or other important business measurements!  Always engage IBM to work with you for sizing or performance evaluations.

Tags: , , , , ,

My local Borders is no more

May 8

Posted by Vic in Life, Soapbox | 1 Comment

I had two book-related experiences today, one of which was obvious and prompted this post. The other I had almost forgotten about, but should not have. First, the one I forgot.

I went to the shopping centre today (Garden City, in Upper Mt Gravatt) with my seven-year-old son. On the way there we were discussing the various things we might do there, foremost among them was eating (he seems to be inordinately interested in food at the moment; I suspect a growth spurt). After finding somewhere to park and finding our way from the car to the shops, we resumed the where-will-we-go conversation. We decided that the main purpose of the shopping trip was to get something for Mummy for Mothers’ Day, but we did agree it was okay to do a little bit of looking at things for ourselves. I was explaining the concept of “window shopping” to him when he suddenly said “or we could go to the library.”

I managed to choke back my reflex response of “The LIBRARY?!?” and instead managed something a little more fatherly. “But Mummy has the library card, I don’t have one,” I had to say, thinking he wanted to borrow.

“That’s okay,” he said, “we can just go and look at the books and maybe read one and then we could have some lunch.”

Which is exactly what we did. My seven-year-old son took me to the library. We looked through the books, found one that he liked which he read aloud, and then left and had sushi for lunch. I was definitely proud but at the same time stunned that a visit to the library was as interesting a prospect as anything else the shopping centre had to offer — especially since the library is immediately next door to a Toys-R-Us!

So what has this to do with Borders?

I was a little disappointed, but not too surprised, when the local Borders franchise announced it had entered administration. All of the Australian Borders stores that have touched me in some way, including the Brisbane City and Mt Gravatt stores, are to be closed. The hammer is even going to fall on the Jam Factory store in South Yarra, the first Borders I ever set foot in (the novelty of visiting that store was part of what kept me entertained when I was working in Melbourne).

Shortly after we’d been to the library, had our lunch, and looked at a couple of other shops, my son and I went into the Borders — it, along with the other stores to be closed, are open while the administrators try to wring every last dollar out of them. There were people everywhere, picking over the remains of the stock. How ironic that the busiest many stores are is their last days of trade.

It was pretty depressing: many shelves were bare, even a couple of complete sections had been abandoned (and were being used as impromptu play areas by kids bored by their parents’ sudden interest in books). Because all the stock was 50% off, people seemed to be treating it as having 50% less value — books were being disdainfully rummaged through, in a similar way to how a pile of laundry gets treated when you’re looking for that one lost sock.

I looked at the remnants of the computer books area, and was quickly reminded why I haven’t bought a tech book from Borders for years. I saw an O’Reilly title, one which I wasn’t sure I had, and the price on it was almost $100. When I got home I checked and I did have it: bought via Amazon at a price, even including shipping (and an exchange rate at the time that was nowhere near as attractive as it is now), that was less than even the Borders administrators 50% discount would have yielded. Nevertheless, I did take a few books to the register — not technical books, rather some light stuff in the vein of Richard Hammond’s “As You Do”.

The final depressing twist came as we left the store. I got a partial smile from the cashier when I placed my purchases on the counter for payment, but by the time she’d handed the bag to me her look was more “enjoy your books and your discount, I’ll be jobless in a few days”.

From the safe and insular confines of a blog, it’s easy to rant about bookstores and big publishing companies that try to ignore the international market and continue pricing domestically as if the Internet doesn’t exist and it really does cost a fortune to ship books to a tiny place like Australia. It’s a different matter when that bookstore you used to love going to can’t afford to keep the lights on any more.

But then, as I was thinking of how to wrap this post, the thought occurred to me… what kind of place would be good for someone who likes looking at books but never buys them…

Sometimes when I’d go to Borders I’d get quietly mad at the people who’d sit themselves in the comfy chairs and read the books for hours and hours. What did they think Borders was… a library? It was a library — the problem was, in their kind of library you had to buy the books instead of borrowing them.

I’ve got a feeling that the initial success of Borders was driven by the same enthusiasm for libraries that my son showed me today. We all remembered this incredible place where there were thousands of books, and we could pick them up, turn their pages… and read a bit of them, then put them back. And to the eventual demise of Borders, that’s what we all did.

So to anyone thinking “now that Borders is going, I’ve got nowhere to read a good book” I say “find your local library!” And to any passing librarians I say “I hear there’s some books hitting the market cheap, might be a chance to build the collection because you never know when traffic might pick up”.

Tags: , , ,

Another IPv6 instalment (subtitled: Watch Your Tech Library Currency!)

Mar 26

Posted by Vic in Gadgets, Hardware, Networks | No Comments

I made a somewhat cryptic tweet a little while ago about how I spent a crazy-long period of time researching what was, I believed, the next-big-thing in DNS resolution for IPv6 (or so my 2002 edition of “IPv6 Essentials” told me).  I could not work out why I saw nothing about A6 records in any of the excellent Hurricane Electric IPv6 material or in any other documentation I came across.

The answer should have been obvious: DNS A6 records (and the corresponding DNAME records) never caught on.  RFC 3363 recommended that the RFC that defined A6 and DNAME (RFC 2874) be moved back into Experimental status.  If I hadn’t been using an old edition of the IPv6 book, I might never have even known the existence of A6 and not have wasted any time.

In my previous post on IPv6 I theorised that we are in the early-adoption phase of IPv6 where things aren’t quite baked, and yet now I’ve picked up a 9 year old text on the topic and acted all surprised when it got something wrong.  It was a bit stupid of me; had I bought a book about IPv4 in 1976, might it have been similarly out of date in 1985?

As always though I’m richer for the experience!  Or so I thought…  Like many, I’m becoming increasingly time-poor.  When I bought a book on IPv6 some years ago I thought I was making an investment, but it turned out that my investment actually lost for me in several ways:

  1. The book took up physical space in my bookshelf for all that time I wasn’t using it
  2. I didn’t actually use the information at the time I acquired it
  3. The time I could have got value from it was wasted by it idly sitting on the shelf
  4. Once I did try to use it, it actually cost me time rather than saved time

I came to think about the other books on my shelf.  It’s pretty easy to recognise that a book that proclaims to be up-to-date because it “Now covers Red Hat 5.2!” will be anything but.  Also, from the preface of a Perl programming book that says “this was written about Perl 5.8, but it should apply to 5.10 as well” I’ll be forewarned that things will be fairly applicable to 5.12 but maybe not to Perl 6 when it’s out.

Technology usually has a somewhat abbreviated lifespan, so therefore the corresponding documentation will have a lifespan correspondingly short…  Here, however, is an example of a technology that will have a far greater lifespan (we hope) than much of the documentation that currently exists around it.  I emphasise “currently exists”, because it won’t always be that way: IPv4 was pretty well-baked by the time I had anything to do with it, so I could have bought a book on IPv4 with next to no concern that it was going to lead me astray (indeed, I bought W. Rich Stevens’ TCP/IP programming texts during the 1990s, and still use them to this day).  I keep forgetting that I’m on a completely different point of the IPv6 adoption curve, and the “experts” are learning along with me.

So, a new tech library plan then:

  • Reduce dependence on physical books (okay, this one is already a work-in-progress for me) — they don’t come with you on your travels as easily, and (more important in this context) they’re harder to keep up to date.
  • Before regarding the book on the shelf as authoritative, check its publication date.  If it’s more than three years old, depending on the subject matter it might be out of date.  Check if there’s a new edition available, and consider updating.  If there’s no new edition, check for recent reviews (Amazon, etc).  Someone who just bought it last month might have posted an opinion on its currency.
  • If you have to buy a paper book, don’t buy a book on any technology that is a moving target.  On the same shelf as my copy of “IPv6 Essentials” there is a book entitled “Practical VoIP Using VOCAL”.  I never even installed VOCAL, and I’m sure many current VoIP practitioners never heard of it.  (Side note: I think it’s strange that I bought that book, and a Cisco one, but still to this day have never owned a book on Asterisk.  Maybe I have some kind of inability to pick the right nascent-technology book to buy.)
  • Use bookmarking technology more! I have a Delicious account, and I went through a phase of bookmarking everything there.  I realise now that, if I was a bit more disciplined, I could actually use it (or a system like it, depending on what Yahoo! does to it) as my own personal index to the biggest tech library in existence: the Internet.

That first point is harder than it sounds (especially for someone like me who has a couple of books on his shelf with his name on the cover).  My Rich Stevens books are littered with sticky-note bookmarks for when I flick to-and-fro between different programming examples.  Electronic readers are still not there when it comes to the “handy-hints-I-keep-on-my-lap-while-coding” aspect of book ownership.

I have a Sony Reader which I purchased with the intent of making it my mobile tech library.  It’s just not that great for tech documents though, since it doesn’t render diagrams and illustrations well (it also isn’t ideal for PDFs, especially in A4 ratio).  This may change as publishers of tech docs start releasing more titles on e-reader formats like ePub.  The iPad is working much better for tech library tasks; I’m using an app called GoodReader which renders PDFs (especially RedBooks!) quite well and has good browsing and syncing capability as well.

More on these topics later, I’m sure!

Update: I omitted another option in my “tech library plan” — since IPv6 Essentials is an O’Reilly book, I could have registered with their site to get offers on updating to new editions.  Had I done so, the events of this post might not have happened!  Now that I’ve registered my books with O’Reilly, I’m getting offers of 40% off new paper editions and 50% off e-book editions.  Also, in line with my reduce-paper-book-dependence policy, I can “upgrade” any of the titles I own in paper to e-book for US$4.99.  If you haven’t already, I encourage anyone who has O’Reilly books that they rely on as part of their tech library to register them at members.oreilly.com.  (This is an unsolicited endorsement from a happy customer, nothing more!)

Tags: , , , , ,

Another round of Gentoo fun

Mar 5

Posted by Vic in Linux, Operating Systems | No Comments

A little while back I did an “emerge system” on my VPS and didn’t think much more about it.  First time back to the box today to emerge something else, and was greeted with this:

>>> Unpacking source…
>>> Unpacking traceroute-2.0.15.tar.gz to /var/tmp/portage/net-analyzer/traceroute-2.0.15/work
touch: setting times of `/var/tmp/portage/net-analyzer/traceroute-2.0.15/.unpacked’: No such file or directory

…and the emerge error output.  Took me a little while to get the answer, but it was (of course) caused by a new version of something that came in with the system update.  This bug comment had the crude hack I needed to get back working again, but longer-term I obviously need to fix the mismatch between the version of linux-headers and the kernel version my VPS is using (it’s Xen on RHEL5).

Tags: , , , , ,