Usually when you set up a multi-monitor installation you get a single desktop that spans all the screens.  This is great when you have a single desktop, but on Linux multiple desktops are the norm.  When I started using multiple screens in Linux, I loved the extra screen real estate but the fact that switching virtual desktops caused *all* the windows on all the screens to switch really bugged me.  I wanted the ability to have something — like an email program, or a web browser — to stay on one screen while I switched between desktop views on the other screen.  Or better still, the ability for both screens to have virtual desktops that were independent of each other.

Enter “Zaphod mode”, named for Zaphod Beeblebrox from the Hitchhikers Guide to the Galaxy by Douglas Adams.  Beeblebrox, who was President of the Galaxy before he stole the Starship Heart Of Gold, had two heads that were independent of each other.  In X server terms, multiple display devices are often referred to as “heads”.  So you can probably deduce that “Zaphod mode” refers to an operating mode of the X server where the multiple “heads” or display devices function as different displays.

Go back far enough and you get to a point where that was the standard mode of operation of X.  The X extension “Xinerama” was developed to provide the merging of different X displays into a single screen.  NVidia also had a hardware/firmware based equivalent called TwinView, where multiple heads on an NVidia card (and even sometimes heads on different cards) could be joined.  These extensions came not without their problems however: it was common for windows and dialog boxes to get confused about what display to appear on.  You would almost always see dialog boxes that are meant to display in the middle of the screen being split across the two physical displays.  Also, there was the multiple desktop “inconvenience” of not being able to switch the desktops independently.

Zaphod mode fixed these problems.  Because the screens were separate, windows and dialog boxes always appeared in the centre of the physical screen.  You could leave a web browser on one screen while you switched between an e-mail client, an IRC client, and an SSH session in the other.  It wasn’t all beer-and-skittles though, since in Zaphod mode it was not possible to move an application from one screen to the other.  Plus, some applications like Firefox could not have windows running on both screens (the second one to start could not access the user profile).

Zaphod mode largely “went away” during the transition from XFree to Xorg.  The servers dropped support for multiple separate displays in the one server, and only gradually added it back in (with the Intel driver being one of the last to do so, and probably still has not).  Since laptops were the only place I still used multiple screens, and the laptops I used all had Intel integrated graphics, I had to do without Zaphod mode.

Today, I hardly use dual monitors at all.  I used to have a desktop system with a 21″ CRT flanked by 17″ LCDs on either side, but that all got replaced by a single 24″ LCD.  At work we don’t have assigned desks, so setting up a screen to plug the laptop into isn’t going to happen.  I guess I learned to live without Zaphod mode by just going back to a single screen.  I still remember my Zaphod-powered dual-screen days fondly though, and with almost every update to Xorg I would scan the feature list looking for something like “Support for configuration of multiple independent displays (Zaphod mode)”.

A while back I bought a DisplayLink USB to DVI adapter.  I didn’t really know what to do with it at the time, but recently I dug it out and tried setting it up.  Googling for “DisplayLink Fedora” sent me to a couple of very helpful pages and it didn’t take long to get the “green screen of life” that indicates that the DisplayLink driver was active.  It was when I was looking at how to make it work as an actual desktop — part of the process involves setting up a real xorg.conf (that’s right, something about the DisplayLink X server means it can’t be configured by the Xorg auto configuration magic) — that I realised I could do something wonderful.  Instead of making a config file that contained both my standard display and the DisplayLink device (and probably cause havoc for the 90% of times I boot without an additional screen) I would create a config file with *just* the DisplayLink device and start it as a second server.  Run a different window manager in there, and I would have two independent desktops — Zaphod mode!

I did a couple of little experiments just starting an xterm in the second X, and it worked fine (the more alert of you will realise that I’m taking a bit of artistic license with the word “fine” here, and know that three little letters in the title of this post are a clue to what wasn’t yet working…) with the desktop and the xterm appearing in the second monitor.  I installed XFCE, and configured it to start as the window manager of the second X server, which also worked well.

Something was missing though: there was no mouse input to the second screen.  In Zaphod mode, even though the two screens were separate X displays they were managed by the same server.  This meant that the input devices were shared between the two displays.  In this configuration, I was careful to exclude any mouse and keyboard devices from my second display config to avoid any conflicts.  So how was I to get input device data into the second server?  A second display is not much good if you can’t click and type on the applications that run on it…

I remembered about an old program called x2x that could transfer the mouse and keyboard events to a different X server when you moved the mouse to the edge of your display (and, inexplicably, I forgot all about a much younger program called Synergy that can do the same thing).  Since x2x isn’t built for Fedora I found the source and built it and started it up…  and it worked first time!  When I moved the mouse to the edge of the screen, it appeared on the other screen!  I could start apps and type into them exactly as I wanted.

It wasn’t perfect, however.  I found that when I returned the mouse to the primary screen, the second screen was still getting keyboard events.  I figured this would be particularly inconvenient when, for example, I was entering user and password details into an app on the primary screen while an editor or terminal program had focus on the second screen…  I checked the Xorg.1.log file, and found that even though I had not specified a “keyboard” input device Xorg was automatically defining one for me.  I turned off the udev options, but it still happened.  My initial enthusiasm was starting to fade.

What fixed it was to manually define a “dummy” keyboard device.  There must be some logic in Xorg that it refuses to allow a configuration with no configured keyboard (which makes sense), so in this rather unusual case where I don’t want a keyboard I have to define one but give it a dummy device definition.  Defining the dummy keyboard stopped Xorg from defining its automatic one, and everything worked as expected!  Even screensavers work more-or-less as designed (although I haven’t actually spent much time in front of the setup yet so haven’t had to unlock the screen that often).

I’m away from the computer in question right now, otherwise I would post configs and command lines (and even a pic of the end result).  I’ll update this post with the details — leave a comment if you think I need to hurry up!  :)

In the first six months of 2004 I changed employer, my first child was born, and I suffered a mild heart attack.  For some time I’ve believed that this set of major events occurring over such a short period was responsible for the way I feel.  If I’m honest though, there’s every likelihood that it was there long before, and 2004 just pushed me off the top of the slippery slope.

People’s reactions to near-death experiences vary almost as widely as the events that bring them to near-death.  To me, how someone recovers from such an experience will depend very much on how they can rationalise who is at fault for the experience.  Experiences like being a victim of armed robbery or a car accident are fundamentally different from health-related near-death because when it’s health-related there’s no-one to blame but yourself — you ate the wrong food, you didn’t exercise enough, you got bad genes, etc.  You can try to blame someone or something else (blame the fast-food chains for your diet, blame the TV programs or the computer games for your lack of exercise, blame your parents for your genes) but deep down you know it’s all on you.  The effect this can have on self-esteem and self-worth are immeasurable.

I say this all in my context of course — for me it was too tempting to blame that heart attack for feeling bad.  I’m sure others have felt the same: despite all the other things in their life that might be causes of concern — stressful or unrewarding job, young children, difficult relationships, money problems — the health problem that nearly killed them becomes what they use to define themselves.  This was definitely the case for me: I was 34 years old, I had been overseas for a week for work and was supposed to be at home helping to look after my 3-month old son, what the f**k was I doing in a cardiac hospital after suffering a myocardial infarction?  I was broken, a product of a gene pool that produced 11 out of 13 immediate blood relatives with cardiac issues.  People would tell me this was my “wake-up call”, my “second chance”, but nothing could break my resignation that the deck was stacked against me.

I saw a psychologist for a while in 2005-06, and was on antidepressants for a while around the same time.  I thought I was feeling good about life again.  My last visit with the psychologist was just before I went on an overseas business trip with a colleague in March 2006.  I got a script for more meds before I went overseas (the doctor actually joked with me about how having a psychotic break while going through US airport security wouldn’t be a good thing), but when that script ran out I didn’t bother getting a new one.  Looking back, I was in Zoloft-fuelled denial of my real mental and emotional state.  I actually thought I was better, so I didn’t need the drugs any more.

The denial of my mental state has continued until almost the present day — except that it was no longer fuelled by antidepressants.  Over the last six months or so, denial came from a self-fulfilling belief that there was nothing worth doing.  When I thought I was feeling good about life, I failed to see that what I was really feeling good about were things in my life; in times when things to feel good about became fewer and farther between, so too would my moods get darker and darker.  I’d have good days and bad days, but even on good days I’d be a hair’s breadth from falling into a dark black mood in which even just moving seemed like too much effort.  I have been denying my state of mind — except when it suited me to say “I don’t feel like it” to get out of doing something.  I’ve told myself that my poor diet and lack of exercise led to my heart problems, which in turn made me depressed, causing me to want to withdraw further from family and social situations.

Recently though, I’ve realised that the opposite is true: that all the things that I thought have derived from the heart attack have actually come from a different — but no less real — condition: clinical depression, or “a major depressive illness”.  I’m actually on the border of bipolar disorder, but I’m told my “highs” aren’t quite manic enough to fit that profile.

Some of you reading this will unfortunately think that now that I know what my problem is I can just get over it.  While knowing what my problem is allows me to find proper treatment, it’s a long way from getting over it.  Let me ask you: if someone has a broken leg, does being told that they have a broken leg make the leg any less broken?  ”Okay,” someone might reply, “so you just pop some pills to feel better.”  Again: if someone has a broken leg and they take medication for the pain, is the leg any less broken?  “Well, go and talk to a shrink then.”  If you’ve got a broken leg and you talk to someone about the experience of having a broken leg, is the leg any less broken?

Our protagonist with the broken leg starts the road to recovery when the break is set and the leg is cast.  Pain killers might be needed, along with crutches or a wheelchair for mobility, perhaps even a ruler to scratch the skin irritated by the cast.  Physiotherapy to rebuild muscle and supporting tissue might be needed as well, once the bone is sufficiently restored.  Our protagonist might walk with a limp for a while, but will eventually return to full health.

I have started to get help, but I have no idea what my road to recovery will look like.  I saw my GP a few weeks ago and he referred me to a psychiatrist, with whom I’ve had my first session.  Medication will be involved, but I’ve already felt the effects of the other actions I’ve taken: exercise, eating well, and treating my after-hours as my own time instead of an extension of the work day.  I’ve started to lose weight as well (2-3kg so far) — something that I’d always wanted to do but felt was beyond my mood-locked abilities.  I still have dark times though.

Now the really hard part.  Some of you might be wondering if there was a catalyst to all this self-realisation and affirmative action.  I’m not ready to talk about that, except to say one thing: this illness I have is like a cancer — ruthless, vicious, absolutely silent, and often detected way too late.  Unlike cancer though, many people don’t take it seriously.  Don’t take anything for granted.  Depression will take things away from you that you don’t know you’ve lost until they’re gone, and what you lose might be the very things you’ve always needed to make it through to the end of each day.

Don’t wait until RU OK? Day…  if you’re depressed, talk to someone; if you know someone who might be depressed, talk to them.  Please.

Online resources in Australia for depression and bipolar disorder (not an exhaustive list, nor a list of endorsements):

• Black Dog Institute – www.blackdoginstitute.org.au
• beyondblue – The National Depression Initiative – www.beyondblue.org.au
• DepNet – www.depnet.com.au
• RU OK? Day – www.ruokday.com.au

I would like to have blogged a bit more in 2011. It’s not like I had any shortage of things to write about, in fact that’s probably the crux of the matter: not enough time to write due to many things going on. No promises about writing more next year though — I can’t imagine I’ll magically have more time for writing next year!

Wherever you are, best wishes for the coming year. Here’s hoping that 2012 brings health and fortune to you and your family.

Happy New Year!

In April this year I attended the zSeries Special Interest Group miniconf[1], part of the greater Independent Oracle Users Group (IOUG) event COLLABORATE 11.  I was amazed to discover that there are actually Oracle employees whose job it is to work on IBM technologies — just like there are IBM employees dedicated to selling and supporting the Oracle stack.  Never have I seen (close-up) a better example of the term “coopetition”.

On my return from the zSeries SIG and IOUG, I’ve become the local Oracle expert.  However, I’ve had no more training than the two days of workshops run at the conference!  The workshops were excellent (held at the Epcot Center at Walt Disney World, no less!) but they could not an expert make.  So I’ve been trying to build some systems and teach myself more about running Oracle.  I thought I’d gotten off to a good start too — I’d installed a standalone system, then went on to build a two-node RAC.  I communicated my success to one of my sales colleagues:

“I’ve got a two-node RAC setup running on the z9 in Brisbane!”

“Great!  Good work,” he said.  ”So the two nodes are running in different LPARs, so we can demonstrate high-availability?”

” . . . ”

In my haste I’d built both virtual machines in the same LPAR.  Whoops.  (I’ve fixed that now, by the way.  The two RAC nodes are in different LPARs and seem to be performing better for it.)

Over the coming weeks, I’ll write up some of the things that have caught me out.  I still don’t really know how all this stuff works, but I’m getting better!

Links:

IBM System z: www.ibm.com/systems/z or www.ibm.com/systems/au/z

Linux on System z: www.ibm.com/systems/z/os/linux/index.html

Oracle zSeries SIG: www.zseriesoraclesig.org

Oracle Database: www.oracle.com/us/products/database/index.html

[1] Miniconf is a term I picked up from linux.conf.au — the zSeries SIG didn’t advertise its event as a miniconf, but as a convenient name for a “conference-in-a-conference” I’m using the term here.

After I got the Fedora system working, I thought it would be a good idea to have other systems in the complex using SSL/TLS also.  The process was moderately painless on a SLES 10 system, but on the first SLES 11 system I went to YaST froze while saving the changes.  I (foolishly) rebooted the image, and it hung during boot.  Not fun.

After a couple of attempts to fix up what I thought were the obvious problems (each attempt involving logging off the guest, connecting its disk to another guest, mounting the filesystem, making a change, unmounting and disconnecting, and re-IPLing) with no success, I went into /etc/nsswitch.conf and turned off LDAP for everything I could find.  This finally allowed the guest to complete its boot — but I had no LDAP now.  I did a test using ldapsearch, which reported it couldn’t reach the LDAP server.  I tried to ping the LDAP server by address, which worked.  I tried to lookup the hostname of the LDAP server, and name resolution failed with the traditional “no servers could be reached” message.  This was odd, as I knew I’d changed it since it was pointing to the wrong DNS server before…  I could ping the DNS by address, and another system resolved fine.

I thought it might have been a configuration problem — I had earlier had trouble with systems not being able to do recursive DNS lookups through my DNS server.  I went to YaST to configure the DNS Server, and it told me that I had to install the package “bind”.  WHAT?!?!?  How did the BIND package get uninstalled from the system…

Unless…  It’s the wrong system…

I checked /etc/resolv.conf on a working system and sure enough I had the IP address wrong.  I was pointing at a server that was NOT my DNS server.  Presumably the inability to resolve the name of the LDAP server I was trying to reach is what made the first attempt to enable TLS for LDAP fail in YaST, and whatever preload magic SLES uses to enable LDAP authentication got broken by the failure.  Setting the right DNS and re-running the LDAP Client module in YaST not only got LDAP authentication working but got me a bootable system again.

A simple fix in the end, but I’d forgotten the power of the resolver to cause untold and unpredictable havoc.  Now, pardon me while I lie in wait for the YaST-haters who will no doubt come out and sledge me…  :-)

I’ve come back to implement some of what I’d put together then, and unfortunately found…  not errors as such, but things I perhaps could have discussed in a little more detail.  I’ve been using the z/VM LDAP Server on a couple of systems in my lab but had not enabled RACF.  I realised I need to "eat my own cooking" though, so decided to implement RACF and enable the SDBM backend as well as switch to using Native Authentication in the LDBM backend.

Native Authentication provides a way for security administrators to present a standard RFC 2307 (or equivalent) directory structure to clients while at the same time taking advantage of RACF as a password or pass phrase store.  Have a look in our Redbook for more detail, but basically the usual schema is loaded into LDAP and records are created using the usual object classes like inetOrgPerson, but the records do not contain the userPassword attribute.  Instead of comparing a presented password against the field contained in LDAP, the z/VM LDAP Server (when Native Authentication is enabled) issues a RACROUTE call to RACF to have it check the password.

In my existing LDAP database, I had user records that were working quite successfully to authenticate logons to Linux.  My plan was simply to enable RACF, creating users in RACF with the same userid as the uid field in LDAP (I have access to a userid convention that fits RACF’s 8-character restriction, so no need to change it).  After going through the steps in the RACF program directory, and various follow-up tasks to make sure that various service machines would work correctly, I did the LDAP reconfiguration to get Native Authentication.

At this point I probably need to clarify my userid plan.  The documentation for Native Authentication in the TCP/IP Planning and Administration manual says that the LDAP server needs to be able to work out which RACF userid corresponds to the user record in LDAP to be able to validate the password.  It does this by either having the RACF userid explicitly specified using the ibm-nativeId attribute (the object class ibm-NativeAuthentication has to be added to the user object), or by matching the existing uid attribute with RACF.  This is what I hoped to be able to do; by using the same ID in RACF as I was already using in LDAP, I planned to not require the extra object class and attribute.  In the Redbook, because my RACF ID was different from the LDAP one I went straight to using the ibm-nativeId attribute and didn’t go back and test the uid method.

So, I gave it a try.  I had to disable SSH public-key authentication so that my password would actually get used, and once I did that I found that I couldn’t log on.  It didn’t matter whether I tried with my password or pass phrase, neither was successful.  I read and re-read all the LDAP setup tasks and checked the setup, but it all looked fine.  In one of those "let’s just see" moments, I decided to see if it worked with the ibm-nativeId attribute specified in uppercase…  and it did!

Okay, so it appeared that the testing of uid against a RACF id was case-sensitive.  I decided to try creating a different ID, with an uppercase uid, in LDAP to double-check.  Since phpLDAPadmin wouldn’t let me create an uppercase version of my own userid (since that would be non-unique), I created a different LDAP id to test:

[viccross@laptop ~]$ ssh MAINT@zlinux1
Password:
Could not chdir to home directory /home/MAINT: No such file or directory
/usr/X11R6/bin/xauth:  error in locking authority file /home/MAINT/.Xauthority
MAINT@zlinux1:/>

My MAINT user in LDAP has no ibm-nativeId attribute, so the only operational difference is the uppercase uid (the error messages are caused by the LDAP userid not having a home directory; I use a NFS shared home directory had I hadn’t bothered setting up the homedir for a test userid).

The final test was to change the contents of the ibm-nativeId attribute in my LDAP user record to lower-case — and it broke my login.  So that would seem to indicate that the user check against RACF is case sensitive wherever LDAP gets the userid from.  I’m going to have a look through documentation to see if there’s something I need to change, but this looks like something to be aware of when using Native Authentication.

I also noticed that I didn’t describe the LDAP Server SSL/TLS support in the Redbook, but that’s a post for another day…

… and the question was, does the CPACF run at the speed of the CP (i.e. it runs sub-capacity if the CP is sub-capacity) or does it run at full speed like an IFL, zIIP or zAAP.  If the latter, the result after the upgrade should be the same as before — that would indicate the speed of crypto operations does not change with the CP capacity, and that CPACF is always full speed.  If the former, we should see an improvement between pre- and post-upgrade, indicating that the speed of CPACF follows the speed of the CP.

Place your bets…  Okay, no more bets…  Here’s the chart:

 
The graph compares the results from the first chart in blue (when the machine was at capacity setting F01) with the full-speed (capacity setting Z01) results in red.

Okay, so did you get it right?  If you know your z/Architecture you would have!  As the name suggests, the Central Processor Assist for Cryptographic Function (or CPACF) is pretty-much an adjunct to each CP, just like any standard execution unit (like the floating point unit, say).  It is not like the Crypto Express cards, which are actually an I/O device and totally separate from the CP.  Because it is directly associated with each CP, for sub-capacity CPs its CPACF is bound to the speed of that CP.

If you look closer, further evidence that CPACF performance scales with capacity setting can be seen in the respective growth rates of each set of data points.  To see this a little clearer (because I don’t know the right mathematical terms to describe the shape of the curve, so I’ll just show you) I drew a couple more graphs:

Looking at the left graph (which is the same as the bar graph above, just drawn in lines) you can see that in both the software and the CPACF case the lines for before and after the upgrade follow the same trend with respect to the block size.  If these lines followed different trends — for example if the Z01 CPACF line was flat across the block size range instead of a gently falling slope like the F01 line — I’d suspect something else was affecting the result.  Looked at a different way, the right-hand graph above shows the "times-X" improvement between software and CPACF.  You can see that the performance multiplier (i.e. the relative performance improvement between software and hardware; CPACF speed is 16x software at 8192 byte blocks) was the same for each block size.

Now, just to confuse things…  Although I’ve used OpenSSL on Linux as the testing platform for this experiment, most Linux customers will never see the effects I’ve demonstrated here.  Why?  Because Linux is usually run on IFLs, and the IFL always runs at full speed!  Even if there are sub-capacity CPs installed in a machine with IFLs, the IFLs run at full speed and so to does the CPACF associated with the IFLs.  I’ll say again: CPACF follows the speed of the associated CP, so if you’re running Linux on IFLs the CPACF on those IFLs will be full capacity just like the IFLs themselves.  If you have sub-capacity CPs for z/OS workload on the same machine as IFLs, the CPACF on the CPs will appear slower than CPACF on the IFLs.

As far as the actual peak number is concerned, it looks like a big number!  If I understand it right, 250MB/sec would be more than enough speed to have a server doing SSL/TLS traffic driving a Gigabit Ethernet at line speed (traffic over connected sessions, NOT the certificate exchange for connection establishment; the public key crypto for certificate verification takes more hardware than just CPACF, at least on the z9 anyway).  And that’s just one CP!  Enabling more CPs (or IFLs, of course) gives you that much more CPACF capacity again.  Keep in mind that these results are using hardware that is two generations old — I would expect z10 and z196 hardware to get higher results on any of these tests.  Regardless, these are not formal, official measurements and should not be treated as such — do NOT use any of these figures as input to system sizing estimates or other important business measurements!  Always engage IBM to work with you for sizing or performance evaluations.

I went to the shopping centre today (Garden City, in Upper Mt Gravatt) with my seven-year-old son. On the way there we were discussing the various things we might do there, foremost among them was eating (he seems to be inordinately interested in food at the moment; I suspect a growth spurt). After finding somewhere to park and finding our way from the car to the shops, we resumed the where-will-we-go conversation. We decided that the main purpose of the shopping trip was to get something for Mummy for Mothers’ Day, but we did agree it was okay to do a little bit of looking at things for ourselves. I was explaining the concept of “window shopping” to him when he suddenly said “or we could go to the library.”

I managed to choke back my reflex response of “The LIBRARY?!?” and instead managed something a little more fatherly. “But Mummy has the library card, I don’t have one,” I had to say, thinking he wanted to borrow.

“That’s okay,” he said, “we can just go and look at the books and maybe read one and then we could have some lunch.”

Which is exactly what we did. My seven-year-old son took me to the library. We looked through the books, found one that he liked which he read aloud, and then left and had sushi for lunch. I was definitely proud but at the same time stunned that a visit to the library was as interesting a prospect as anything else the shopping centre had to offer — especially since the library is immediately next door to a Toys-R-Us!

So what has this to do with Borders?

I was a little disappointed, but not too surprised, when the local Borders franchise announced it had entered administration. All of the Australian Borders stores that have touched me in some way, including the Brisbane City and Mt Gravatt stores, are to be closed. The hammer is even going to fall on the Jam Factory store in South Yarra, the first Borders I ever set foot in (the novelty of visiting that store was part of what kept me entertained when I was working in Melbourne).

Shortly after we’d been to the library, had our lunch, and looked at a couple of other shops, my son and I went into the Borders — it, along with the other stores to be closed, are open while the administrators try to wring every last dollar out of them. There were people everywhere, picking over the remains of the stock. How ironic that the busiest many stores are is their last days of trade.

It was pretty depressing: many shelves were bare, even a couple of complete sections had been abandoned (and were being used as impromptu play areas by kids bored by their parents’ sudden interest in books). Because all the stock was 50% off, people seemed to be treating it as having 50% less value — books were being disdainfully rummaged through, in a similar way to how a pile of laundry gets treated when you’re looking for that one lost sock.

I looked at the remnants of the computer books area, and was quickly reminded why I haven’t bought a tech book from Borders for years. I saw an O’Reilly title, one which I wasn’t sure I had, and the price on it was almost $100. When I got home I checked and I did have it: bought via Amazon at a price, even including shipping (and an exchange rate at the time that was nowhere near as attractive as it is now), that was less than even the Borders administrators 50% discount would have yielded. Nevertheless, I did take a few books to the register — not technical books, rather some light stuff in the vein of Richard Hammond’s “As You Do”.

The final depressing twist came as we left the store. I got a partial smile from the cashier when I placed my purchases on the counter for payment, but by the time she’d handed the bag to me her look was more “enjoy your books and your discount, I’ll be jobless in a few days”.

From the safe and insular confines of a blog, it’s easy to rant about bookstores and big publishing companies that try to ignore the international market and continue pricing domestically as if the Internet doesn’t exist and it really does cost a fortune to ship books to a tiny place like Australia. It’s a different matter when that bookstore you used to love going to can’t afford to keep the lights on any more.

But then, as I was thinking of how to wrap this post, the thought occurred to me… what kind of place would be good for someone who likes looking at books but never buys them…

Sometimes when I’d go to Borders I’d get quietly mad at the people who’d sit themselves in the comfy chairs and read the books for hours and hours. What did they think Borders was… a library? It was a library — the problem was, in their kind of library you had to buy the books instead of borrowing them.

I’ve got a feeling that the initial success of Borders was driven by the same enthusiasm for libraries that my son showed me today. We all remembered this incredible place where there were thousands of books, and we could pick them up, turn their pages… and read a bit of them, then put them back. And to the eventual demise of Borders, that’s what we all did.

So to anyone thinking “now that Borders is going, I’ve got nowhere to read a good book” I say “find your local library!” And to any passing librarians I say “I hear there’s some books hitting the market cheap, might be a chance to build the collection because you never know when traffic might pick up”.

The answer should have been obvious: DNS A6 records (and the corresponding DNAME records) never caught on.  RFC 3363 recommended that the RFC that defined A6 and DNAME (RFC 2874) be moved back into Experimental status.  If I hadn’t been using an old edition of the IPv6 book, I might never have even known the existence of A6 and not have wasted any time.

In my previous post on IPv6 I theorised that we are in the early-adoption phase of IPv6 where things aren’t quite baked, and yet now I’ve picked up a 9 year old text on the topic and acted all surprised when it got something wrong.  It was a bit stupid of me; had I bought a book about IPv4 in 1976, might it have been similarly out of date in 1985?

As always though I’m richer for the experience!  Or so I thought…  Like many, I’m becoming increasingly time-poor.  When I bought a book on IPv6 some years ago I thought I was making an investment, but it turned out that my investment actually lost for me in several ways:

1. The book took up physical space in my bookshelf for all that time I wasn’t using it
2. I didn’t actually use the information at the time I acquired it
3. The time I could have got value from it was wasted by it idly sitting on the shelf
4. Once I did try to use it, it actually cost me time rather than saved time

I came to think about the other books on my shelf.  It’s pretty easy to recognise that a book that proclaims to be up-to-date because it “Now covers Red Hat 5.2!” will be anything but.  Also, from the preface of a Perl programming book that says “this was written about Perl 5.8, but it should apply to 5.10 as well” I’ll be forewarned that things will be fairly applicable to 5.12 but maybe not to Perl 6 when it’s out.

Technology usually has a somewhat abbreviated lifespan, so therefore the corresponding documentation will have a lifespan correspondingly short…  Here, however, is an example of a technology that will have a far greater lifespan (we hope) than much of the documentation that currently exists around it.  I emphasise “currently exists”, because it won’t always be that way: IPv4 was pretty well-baked by the time I had anything to do with it, so I could have bought a book on IPv4 with next to no concern that it was going to lead me astray (indeed, I bought W. Rich Stevens’ TCP/IP programming texts during the 1990s, and still use them to this day).  I keep forgetting that I’m on a completely different point of the IPv6 adoption curve, and the “experts” are learning along with me.

So, a new tech library plan then:

• Reduce dependence on physical books (okay, this one is already a work-in-progress for me) — they don’t come with you on your travels as easily, and (more important in this context) they’re harder to keep up to date.
• Before regarding the book on the shelf as authoritative, check its publication date.  If it’s more than three years old, depending on the subject matter it might be out of date.  Check if there’s a new edition available, and consider updating.  If there’s no new edition, check for recent reviews (Amazon, etc).  Someone who just bought it last month might have posted an opinion on its currency.
• If you have to buy a paper book, don’t buy a book on any technology that is a moving target.  On the same shelf as my copy of “IPv6 Essentials” there is a book entitled “Practical VoIP Using VOCAL”.  I never even installed VOCAL, and I’m sure many current VoIP practitioners never heard of it.  (Side note: I think it’s strange that I bought that book, and a Cisco one, but still to this day have never owned a book on Asterisk.  Maybe I have some kind of inability to pick the right nascent-technology book to buy.)
• Use bookmarking technology more! I have a Delicious account, and I went through a phase of bookmarking everything there.  I realise now that, if I was a bit more disciplined, I could actually use it (or a system like it, depending on what Yahoo! does to it) as my own personal index to the biggest tech library in existence: the Internet.

That first point is harder than it sounds (especially for someone like me who has a couple of books on his shelf with his name on the cover).  My Rich Stevens books are littered with sticky-note bookmarks for when I flick to-and-fro between different programming examples.  Electronic readers are still not there when it comes to the “handy-hints-I-keep-on-my-lap-while-coding” aspect of book ownership.

I have a Sony Reader which I purchased with the intent of making it my mobile tech library.  It’s just not that great for tech documents though, since it doesn’t render diagrams and illustrations well (it also isn’t ideal for PDFs, especially in A4 ratio).  This may change as publishers of tech docs start releasing more titles on e-reader formats like ePub.  The iPad is working much better for tech library tasks; I’m using an app called GoodReader which renders PDFs (especially RedBooks!) quite well and has good browsing and syncing capability as well.

More on these topics later, I’m sure!

Update: I omitted another option in my “tech library plan” — since IPv6 Essentials is an O’Reilly book, I could have registered with their site to get offers on updating to new editions.  Had I done so, the events of this post might not have happened!  Now that I’ve registered my books with O’Reilly, I’m getting offers of 40% off new paper editions and 50% off e-book editions.  Also, in line with my reduce-paper-book-dependence policy, I can “upgrade” any of the titles I own in paper to e-book for US$4.99.  If you haven’t already, I encourage anyone who has O’Reilly books that they rely on as part of their tech library to register them at members.oreilly.com.  (This is an unsolicited endorsement from a happy customer, nothing more!)

>>> Unpacking source…
>>> Unpacking traceroute-2.0.15.tar.gz to /var/tmp/portage/net-analyzer/traceroute-2.0.15/work
touch: setting times of `/var/tmp/portage/net-analyzer/traceroute-2.0.15/.unpacked’: No such file or directory

…and the emerge error output.  Took me a little while to get the answer, but it was (of course) caused by a new version of something that came in with the system update.  This bug comment had the crude hack I needed to get back working again, but longer-term I obviously need to fix the mismatch between the version of linux-headers and the kernel version my VPS is using (it’s Xen on RHEL5).

I did a bit of playing with IPv6 over the years, but it was too early and too broken when I did (by “too broken” I refer to the immaturity of dual-stack implementations and the lack of anything actually reachable on the IPv6 net).  However, with the bell of IPv4 exhaustion tolling, I had another go.

Freenet6, who now goes alternatively as gogonet or gogo6, was my first point-of-call.  I had looked at Gogo6 most recently, and still had an account.  It was just a matter of deciding whether or not I needed to make a new account (hint: I did) and reconfiguring the gw6c process on my router box.  Easy-as, I had a tunnel — better still, my IPv6-capable systems on the LAN also had connectivity thanks to radvd.  From Firefox (and Safari, and Chrome) on the Mac I could score both 10/10 scores on http://test-ipv6.com!

My joy was short-lived, however.  gw6c was proving to be about as stable as a one-legged tripod, and not only that Gogo6 had changed the address range they allocated me.  That wouldn’t be too bad, except that all my IPv6-capable systems still had the old address and were trying to use that — looks like IPv6 auto-configuration doesn’t un-configure an address that’s no longer valid (at least by default).  I started to look for possible alternatives.

Like many who’ve looked at IPv6 I had come across Hurricane Electric — in the countdown to IPv4 exhaustion I used their iOS app “ByeBye v4″.  They offer free v6-over-v4 tunneling, and the configuration in Gentoo is very simple.  I also get a static allocation of an IPv6 address range that I can see in the web interface.  The only downside I can see is that I had to nominate which of their locations I wanted to terminate my tunnel; they have no presence in Australia, the geographically-nearest location being Singapore.  I went for Los Angeles, thinking that would probably be closest network-wise.  The performance has been quite good, and it has been quite reliable (although I do need to set up some kind of monitoring over the link, since everything that can talk IPv6 is now doing so).

In typical style, after I’d set up a stable tunnel and got everything working, I decided to learn more about what I’d done.  What is IPv6 anyways?  Is there substance to the anecdotes flying around that are saying that “every blade of grass on the planet can have an IPv6 address” and similar?  Well, a 128-bit address provides for an enormous range of addresses.  The ZFS guys are on the same track — ZFS uses 128-bit counters for blocks and inodes, and there have been ridiculous statements made about how much data could theoretically be stored in a filesystem that uses 128-bit block counters.  To quote the Hitchhiker’s Guide to the Galaxy:

Space is big. Really big. You just won’t believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it’s a long way down the road to the chemist’s, but that’s just peanuts to space.

The Guide, The Hitchhiker’s Guide To The Galaxy, Douglas Adams, Pan Books 1979

Substitute IPv6 (or ZFS) for space.  To try and put into context just how big the IPv6 address range is, let’s use an example: the smallest common subnetwork.

When IPv4 was first developed, there were three address classes, named, somewhat unimaginatively, A B and C.  Class A was all the networks from 1.x.x.x to 127.x.x.x, and each had about 16 million addresses.  Class B was all the networks from 128.0.x.x to 191.255.x.x, each network with 65 534 usable addresses.  Class C went from 192.0.0.x to 223.255.255.x, and each had 254 usable addresses.  Other areas, such as 0.x.x.x and the networks after 224.x.x.x, have been reserved.  So, in the early days, the smallest network of hosts you could have was a network of 254 hosts.  After a while IP introduced something called Classless Inter-Domain Routing (CIDR) which meant that the fixed boundaries of the classes were eliminated and it became possible to “subnet” or “supernet” networks — divide or combine the networks to make networks that were just the right size for the number of hosts in the network (and, with careful planning, could be grown or shrunk as plans changed).  With CIDR, since the size of the network was now variable, addresses had to be written with the subnet mask — a format known as “CIDR notation” came into use, where an address would have the number of bits written after the address like this: 192.168.1.42/24.

Fast-forward to today, with IPv6…  IPv4′s CIDR notation is used in IPv6 (mostly because the masks are so huge).  In IPv6, the smallest network that can be allocated is what is called a “/64″.  This means that out of the total 128-bit address range, 64 bits represent what network the address belongs to.  Let’s think about that for a second.  There are 32 bits in an IPv4 address — that means that the entire IPv4 Internet would fit in an IPv6 network with a /96 mask (128-32=96).  But the default smallest IPv6 subnet is /64 — the size of the existing IPv4 Internet squared!

Wait a second though, it gets better…  When I got my account with Gogo6, they offered me up to a /56 mask — that’s a range that covers 256 /64s, or 256 Internet-squareds!  Better still, the Hurricane Electric tunnel-broker account gave me one /64 and one /48!  Sixty-five thousand networks, each the size of the IPv4 Internet squared! And how much did I pay for any of these allocations?  Nothing!

I can’t help but think that folks are repeating similar mistakes from the early days of IPv4.  A seemingly limitless address range (Vint said that 32 bits would be enough, right?) was given away in vast chunks.  In the early days of IPv4 we had networks with two or three hosts on them using up a Class C because of the limitations of addressing — in IPv6 we have LANs of maybe no more than a hundred or so machines taking up an entire /64 because of the way we designed auto-configuration.  IPv6 implementations now will be characterised not by how well their dual-stack implementations work, or how much more secure transactions have become thanks to the elimination of NAT, but by how much of the addressable range they are wasting.  So, is IPv6 just Same Sh*t, Different Millennium?

Like the early days of IPv4 though, things will surely change as IPv6 matures.  I guess I’m just hoping that the folks in charge are thinking about it, and not just high on the amount of space they have to play with now.  Because one day all those blades of grass will want their IP addresses, and the Internet had better be ready.

Update 16 May 2011: I just listened to Episode 297 of the Security Now program…  Steve Gibson relates some of his experience getting IPv6 allocation from his upstream providers (he says he got a /48).  In describing how much address space that is, he made the same point (about the “wasteful” allocation of IPv6).  At about 44:51, he starts talking about the current “sky is falling” attitude regarding IPv4, and states “you’d think, maybe they’d learn the lesson, and be a little more parsimonious with these IPs…”.  He goes on to give the impression that the 128-bit range of IPv6 is so big that there’s just no need to worry about it.  I hope you’re right, Steve!

The worst part of this was the fact that the feelings have worsened after I had made what I thought was positive changes in my outlook.  I’ve been more focused on exercise and physical activity, and trying really hard to spend more time with the family.

On the bus on the way home from work on Friday I was looking out the window and thinking about… nothing.  I closed my eyes for a moment, and the feeling of relaxation I had — for just a moment — was blissful.  At that point I realised that my problem was probably little more than the fact that I am completely and utterly burnt-out.

I began to think about the times recently that I’ve been away from work.  We went to the beach for a couple of days in January, but as every parent knows a family holiday (particularly with young kids) is just all the same stuff with some different scenery.  Last September we went to Melbourne, but I was working.  A few days here and there for trips to the beach and so on.  In November 2009 I did my European trip, which is probably the closest thing to a vacation I’ve had in the last two years, but again I was working.

I realised, again like just about every parent does, that I haven’t had a proper “holiday” since before our first child arrived — for me that means 2003 (I’m guessing it was when S and I went to Rotorua while I was working in NZ, but again that was only a couple of days).

So what’s my plan?  After all, a realisation is worthless unless it is acted upon.  Well I do have a holiday in mind, but that won’t be until toward the end of the year (and I’ve probably given away too much already).  In the meantime, I plan to keep up the physical activity (maintaining health in the long term is surely more important than giving in to a bit of moodiness) and will be doing my best to find enjoyment wherever it exists or how trivial it may seem.  I think I’ll also get back into the blogging habit — I find that the time it takes to put a good post together is quite therapeutic!

The process was well organised, except at the location I went to where the buses departed from a nearby bus terminal — mildly inconvenient if you’d transported yourself to the bus terminal and walked to the marshalling site, only to have to walk yourself back to the bus terminal… But honestly, mild inconvenience was probably far from most people’s minds right then.

The registration process was quick and easy, but I missed the briefing entirely because in a crowded high school hall with a couple of hundred (at least) people inside our briefing was delivered by a lady equipped with a librarian’s clipboard and the voice to match.  A couple of people near me managed to pick up Oxley and Chelmer as potential locations, but I heard nothing else.

Council also seemed to have been a bit unprepared for the number of volunteers.  Two shifts — one morning, one afternoon — were planned, and 6000 volunteers were expected across the four sites over the day. By lunchtime it was announced that 7000 people had arrived for the morning shift alone!   There were not enough buses available after I’d been processed, so I and a couple of hundred other volunteers had to wait for transportation.

Part of the queue of volunteers waiting to be bussed to flood-devastated parts of Brisbane. The South-East Freeway is in the left of field -- that's where the horns of encouragement were coming from.

While we were standing in line for buses, the line stretched from the bus stop near Garden City across a bridge over the South East Freeway.  We must have been clearly visible to the freeway traffic below, standing there with our shovels and brooms and buckets, because several cars and trucks blew their horns in encouragement as they passed below.

Eventually we were on a bus, and along the way I got my first view of some of the devastation.  On Riawena Rd, muddy leaves on a roadside shrub near the bank of Stable Swamp Creek while we stood at traffic lights waiting to cross Beaudesert Road.   I looked up to the creek bank and saw a couple of porta-loos that had been unceremoniously dumped on the other side of the creek.   Then the traffic got moving, and we crossed Beaudesert Road to Granard Road, which was badly affected.  Riding in a council bus, I was looking out the window to business that were well higher than the road level, and the water line was a good metre or so up the wall — had my bus been there at the flood peak, it likely would have been submerged.  The front parking areas of the shops along Granard Road were littered with the contents of the various shops.  My breath caught in my throat.

And then, suddenly, everything was normal again as we crested the high ground midway along Granard Road.  I couldn’t help thinking “is that all?”.  I was quickly answered “No”, as the bus turned onto the Ipswich Motorway.

I would find out later we were headed for Oxley Road, but the off-ramp was still under a metre or so of water.   The Harvey Norman store at that off-ramp had a watermark at least a metre up the wall, and there was no-body around.  It was eerie, since the car park of the Good Guys store just up the road was teeming with people…  I later worked out that the HN store was probably still inaccessible.  So because the off-ramp we needed was inundated, we had to go well up the Motorway and backtrack, and since none of us really knew where we were going (other than generalities) we wondered if our driver was lost.  We did turn off onto Oxley Road however, to see a more human side of the tragedy.

I say “more human” now, looking back on my reaction to what I saw.  When it was stores and industry, it wasn’t as personal as seeing those first few houses along Oxley Road and the nearby streets…  Suddenly it was people’s homes, people’s lives, and it seemed somehow more real.  Some of the side streets were full of equipment helping clean up, others just seemed like normal streets (albeit very dirty and messy-looking streets).  Then, suddenly, just like happened on Granard Road, everything was normal again as we got to some high ground.

The roundabout at Oxley Station Road was under police control; they were stopping normal traffic from going any further up Oxley Road.  The roundabout was under a couple of inches of water still.  I realised that I was close to the house where a friend and former colleague used to live with his brother and a few mates.  I couldn’t remember exactly where the house was, but there’s a good chance it would have gone under.

A mud-slick Bridge Street in Chelmer. Walking in vehicle wheel-tracks was essential.

I expected that we would be dropped off at any time, but we kept driving, back into high ground now, through Oxley, then Corinda, then at Sherwood we jockeyed across onto Honour Avenue (our spirits still fairly high, as we cheered the driver through a very tight left turn onto Sherwood Road from Oxley Road).  Still we drove on, leaving Sherwood and on through Graceville…

Just before the crest of the hill to get onto the Indooroopilly Bridge, at the intersection of Bridge Street, the bus stopped and the doors opened.  We were in Chelmer, and the support I was pretty-much expecting to be awaiting us, to direct our efforts and so-on, was non-existent.  We worked out fairly quickly that we simply had to find a place that looked like they needed help, and… help.

I took a couple of photos in that first part of the walk, but it was becoming too difficult to walk on the mud-slick streets and footpaths while looking for photo opportunities.  Besides, I realised that I was turning into a “flood tourist”.

Intersection of Oxley Road and Bridge Street -- starting to get very hazardous here. That mud was really slippery, and thick enough that once you started to slide there was no stopping you.

I was there to work — I put the camera away.

My sense of direction being pretty good, I wandered in the direction where I knew the river to be, expecting that closer to the river would be where most help was needed.  My sense of local geography however being pretty lousy, I didn’t realise that the houses closest to the river in that part of Chelmer (near Gordon Thompson Park) were actually among the highest, and therefore the least in need.  For a little while I actually wondered if I was walking in completely the wrong direction.

I found myself near another small group of volunteers and tagged a long for a little while. We encountered a house which had a lot of activity around it — but they, thanks for asking, were going okay for now.  I turned one corner, then another, and found myself in Campsey Street, in front of a house where a man was pushing mud down the driveway.  I found myself saying something like “you look like you need a hand”, and he replied with something like “I certainly do”.

And I worked at that little house in Campsey Street for the rest of the morning, alongside people I’d never met and likely will never meet again. Shovelling mud, pushing mud, bucketing mud, barrowing mud. There was a couple who lived nearby who just decided to go looking for somewhere to help and, like me, found that house. A young lady who I assume lived nearby, but will soon be going back to Europe where she’s doing overseas study.  An off-duty policeman from Logan who might have known the owner (owners? I don’t even know that much).

There were some light moments.  We had been shovelling and sweeping mud down the driveway for almost an hour when a guy with a bobcat came by.  He’d found a dumped mattress and had pinched it in the bucket of the bobcat and was using it like a big squeegee to clear footpaths and driveways.  In about five minutes work he’d done as much as we had done in that hour.  A couple of us looked at each other, grinned a wry grin and said “we needed him an hour ago”.  That would have been funny enough, but within another hour it happened again — we started clearing the path up the side of the house (where a bobcat wouldn’t be able to go) and another guy came by on a dingo (a kind-of mini bobcat) and did the same thing on that side path.  Same looks, same wry grins…  I make light of them, but the contribution guys like that made was excellent.  They were just riding around the streets on their dingos and bobcats, looking for places that could use them, five minutes here and five minutes there.  Brilliant.

It wasn’t just the ones working that I need to mention.  At about morning tea time a lass came around with a Tupperware tray of slices and biscuits in one hand, and a tray of jam donuts in the other — “Sugar hit?” she asked.  Too right!  Earlier in the morning I’d noticed a van parked in the intersection nearby with signs saying “TEA COFFEE AND MILO, FREE FOR VOLUNTEERS”.  My workmates and I eventually took a break and visited the van, which remarkably was still there, with the signs, and were offered hot tea by a couple from Lismore in NSW (who I hope had other business in Chelmer that day and didn’t, as much as I appreciated the tea, just come up all that way to make refreshing beverages for everyone).

Thankfully the sun didn’t get too strong, as it was the back of my shirt was totally drenched and I kept having to pace myself (of all the times to be out of my heart meds!).

I had taken a bucket with me, but hadn’t used it for anything more than protecting the bag I’d taken.  After we’d had our cuppa the activity moved to the house next door where there was suddenly an absolute army of people (earlier there had been almost no-one) moving mud.  A swarm of wheelbarrows came with them, and people were using shovels to try and get the very viscous mud out of the gutter and into the barrows.  A few small round-edged buckets started to appear, but at that minute I was glad that I’d resisted the temptation to leave that square-edged bucket at home.  The mud was gone from that part of the street in pretty short order with about a dozen people with shovels, small buckets and one big flat-sided bucket and the half-dozen wheelbarrows we were filling!

There was one other man working at that Campsey Street house who had also come on the council bus from Macgregor, and we’d discussed earlier in the day that neither of us knew for sure how to get home when our “shift” was finished.  Between us we decided that we would just make our way back to roughly where the bus dropped us off, and we’d be collected.  Well while I was scooping mud with the bucket, I started thinking about the time and wondering if I’d have to make a move.  Sure enough, it was 11:25 by the time I was able to check what time it was, and my fellow council volunteer seemed to have already left.  I cleaned the broom (a new broom that was definitely coming home), decided to donate the bucket (an old bucket, now covered in mud, that was likely to get much more meaningful use in Chelmer than at my house), and turned to go… but the strangest thing happened.

I didn’t want to go.

If you’ve read this blog before, you’ll have read that I experience a kind of “travellers’ regret” when I visit somewhere that has touched me (the regret part is usually the result of knowing that I may never visit there again). It happens strongest in places that have really moved me — I felt it in Lake Louise, Canada, at the Kennedy Space Center, and in the shadow of the London Eye.  I felt it at Paris Gare du Lyon, and at New York’s Grand Central Terminal.  It was not so strong in Newport, Rhode Island (I visited there because it’s where the Aussie yacht Australia II won the Americas Cup in 1982); very strongly at le Viaduc de Millau.

On Campsey Street, Chelmer, in my own home town, it was as strong as I’ve ever felt it.  Despite the place looking like arse — no: because the place looked like arse — I needed to stay; there was so much more to do…  but it was more than that even.  I felt in some way connected to the other people who were helping there, even though I knew no-one’s name.  I probably would have stayed, had I not arranged with Susan that she would do the afternoon shift.  I tore myself away and headed back toward Honour Avenue.

I had to wait for a while, as the buses were being delayed getting through Toowong and Indooroopilly to pick us up.   Then, we went on a crazy route that seemed to loop through Sherwood and Graceville a couple of times before we headed back via Coronation Drive to Macgregor.  This gave me a chance to see some other things I’d only seen on TV — the Regatta Hotel looked almost normal again, and so too did the Drift restaurant.

It turned out that Susan didn’t get her turn to volunteer.  Thanks to my delayed return, it was almost 1:30 before she got to the marshalling area and by then they already had more than enough people in line and didn’t want any more.

So that was my first volunteering effort.  I was absolutely wrecked by it, and days later I’m still sore.  The best part has been knowing that I’ve actually helped someone (maybe multiple someones) start to get some order back in their life.  The kudos earned from friends and family has been a nice fringe benefit also, I have to admit.  I got a SMS message of appreciation from Lord Mayor Campbell Newman today as well (okay, so it wasn’t the actual Lord Mayor — the giveaway was the words “Stop messages? reply STOP” at the end of the message — but it’s the thought that counts, right?).

I was in the CBD yesterday as the water started to rise. Shops were closed, and normally traffic-choked streets were almost empty, adding to the nervous tension that was building even then, some 24 hours ago. On the bus crossing the Brisbane River via the Victoria Bridge (in fact, if bridges were named so it would be Victoria Bridge the Third, because at least one but I’m pretty sure two previous bridges also called Victoria and in the same spot have been washed away in previous floods) I could see the river having broken its banks at the Queensland Museum and Southbank precincts. Today, as the first of the tidal peaks hits, streets in the CBD are starting to go under — and there’s another metre of water coming with the next peak, due tomorrow morning.

The heavy rain of the last month-or-so that has exacerbated this drama has eased today, but as I type this a sun shower has just started to fall. I guess Mother Nature wants to remind us that she’s still in charge…

One of the problems I needed to fix was the service check for IAX connections into my Asterisk box.  The script (the standard check_asterisk.pl from the Nagios Plugins package) was set up correctly, but it would fail with a “Got no reply” message.

I started doing traces and “iax2 debug” in Asterisk, but got nowhere — Asterisk was rejecting the packet from the check script.  Finally I decided to JFGI, and eventually I found this page with the explanation and the fix.  Basically, sometime in the 1.6 stream Asterisk toughened up security on the control message the Nagios service check used to use.  Thankfully, at the same time a new control message specifically designed for availability checking was implemented, and the fix is to update the script to use the new control message.  Easy!

BTW, while on Nagios, I got burned by the so-called “vconfig patch” which broke the check_ping script.  I’ve had to mask version 1.4.14-r2 and above of the nagios-plugins package until the issue is fixed.

Firstly my arrival was disrupted by the Iceland volcano.  About 45 minutes away from Amsterdam I noticed that the little diamond that represented our destination on the flight-map display had jumped somewhere into western Germany, and the plane’s direction had changed — we were now flying almost due south instead of following the gentle arc that traced almost all the way back to Hong Kong.  About 5 minutes later, the captain announced that due to volcanic ash we had been diverted to Frankfurt: “we’re 40 minutes away from Amsterdam, but they’re closing the airport in 20″.  To the credit of Cathay Pacific, however, they had arrangements for our “connection” to Amsterdam underway before we had landed.  Cathay’s airport manager at FRA boarded the plane almost as soon as the door opened, and made an announcement that we would be bussed to Amsterdam and what the process would be.  Once we made it into the Frankfurt terminal we only had a couple of hours wait before we got to shuffle ourselves to some waiting coaches for our unexpected bus tour of north-west Germany and north Holland.

The bus ride was uneventful — except that I don’t ever tire of seeing fine German automobiles at-speed in their natural habitat: the autobahn.  As it turned out, the whole event actually solved a problem for me: how to fill in the nine hours between arrival at Schiphol and being allowed to check in to the hotel (S thought I was being way too positive when I told her that).  It actually was not an unpleasant way to spend a day post-long-haul-flight.

After catching a train from Schiphol to Centraal, finding my hotel, checking in, and cleaning up from the trip, it was time to get a bit of rest before meeting the rest of the Australian contingent to BrainShare for dinner.  We dined at Restaurant d’Vijff Vlieghen, a fine restaurant that (unbeknown to me beforehand) is one of the best in Amsterdam for traditional Dutch cuisine.  I’m amazed I stayed awake through the five courses, but luckily my travel didn’t catch up with me until I made it back to the hotel.

I had Tuesday pretty-much to myself.  I did quite a bit of walking around, trying to push through the jet-lag.  Early afternoon I walked with a couple of colleagues from Novell to the conference venue to register, and had a late lunch afterward. By late afternoon I realised that I wasn’t over the jet-lag and decided to rest up for the start of the conference.

The next couple of days are a bit of a blur.  Keynotes, demos, technical sessions, product launch parties, beer, food, sunsets after 10pm…  It was an incredible week.  As far as the BrainShare content goes, even though Linux is just a part of the Novell “story” I was never really starved for something interesting.  I enjoyed the demos of SUSE Studio, and learned some things about the High Availability extension for SLES and the Subscription Management Tool.

I had a great time.  The crew from Novell that hosted me were fantastic, and every time I go there I fall a little bit more in love with Amsterdam.

I had always resisted runing Linux on the PowerMac, thinking that the last thing I needed was yet another Linux box in the house. I had tried a couple of times, but it was in the early days of support for the liquid cooling system in the dual-2.5Ghz model and those attempts failed dismally. I figured that by now those issues would be resolved and I would have a much better time.

I assumed that Yellow Dog was still the ‘benchmark’ PPC Linux distro, so I went to their site. I saw a lot of data there about PS3 and Cell; it seems that YDL is transitioning to the cluster and/or research market by focussing on Cell.

The next thing I discovered is the lack of distributions that have a PPC version, even as a secondary platform. My old standby Gentoo still supports PPC, as does Fedora (I think: I saw a reference to downloading a PPC install disk, bit didn’t follow it), but every other major distro has dropped it — openSUSE, for example, with their very latest release (their download page still has a picture of a disc labelled “ppc”, but no such download exists, oops). I guess that since the major producer of desktop PPC systems stopped doing so, the distros saw their potential install base disappear. Unfortunately for those distros, I can see the reverse happening: now that Apple has fully left PPC behind, plenty of folks like me who have moderately recent G4 and G5 hardware and who still want to run a current OS will come to Linux looking for an alternative… I guess time will tell who is right on this one.

So I went to install Gentoo, and to cut a long story short I had exactly the same problem as before: critical temperature condition leading to emergency system power-off. I found that if I capped the CPU speed to 2Ghz I could stay up long enough to get things built, but then the system refused to boot because it couldn’t find the root filesystem. Probably something to do with yaboot, SATA drives and OpenFirmware. So again I’m putting it aside.

My next plan was to treat it as a file server. Surely a BSD would support my G5 hardware: after all, Mac OS X is BSD at heart… Well, no. FreeBSD has no support for SATA on ppc, OpenBSD specifically mentioned liquid-cooled G5s as having no support, and I don’t think I saw any ppc support on NetBSD more recent than G3 [1].

This is one of the things that annoys me about the computer industry: that somehow it’s okay to so completely disregard your older releases. What if the automotive industry worked that way?

So I may yet try Fedora, or give the game away for another year or so and see what the situation looks like then.

[1] I may have mixed up a couple of these details.

Edit: Gentoo’s yaboot has managed to make it so that I can’t boot Mac OS X on the machine any more.  Oh dear.

(The other method of combining VLAN-tagging and bridging is to bridge the physical interface first, then create VLANs on the bridge.  I couldn’t work out how to get VLAN-unaware guests attached to this kind of setup, and it didn’t work for me even to give IP access to the host using a br0.100 for example.  Still, it must work for someone as it’s written about a lot…)

I realised that from particular virtual machines I needed to get access to the VLAN tags — I needed VLAN-awareness.  Now I knew up-front that the way I could do this was to just throw another NIC into the machine and either dedicate it to the virtual guest or set up a bridge with VLAN tags intact.  I really wanted to exhaust all possible avenues to solve the problem without throwing hardware around (as I’ve been doing a bit of that recently, I have to admit).

First, I tried to use standard Linux bridges as a solution, but discovered that an interface can’t belong to more than one bridge at a time, which put paid to my plan to have one or more VLAN-untagging bridges and a VLAN-tagged bridge.  I figured it could be done with bridges, but I envisaged a stacked mess of bridge-to-tap-to-bridge-to-tap-to-guest connections and decided that wasn’t the way to go.

Next I checked out VDE, which I had first seen a couple of years ago — but something gave me the impression that VDE either wasn’t really going to give me anything more than bridging would, or was not flexible enough to do what I needed.  I like the distributed aspect of VDE (the D in the name) but I’d rarely use that capability so it wasn’t a big drawcard.  I widened my search, and found two interesting projects — one that eventually became my solution, and another that I think is quite incredible in its scope and capability.

First, the amazing one: ns-3, “a great network simulator for research and education”.  As the name suggests, it simulates networks.  It is completely programmable (in fact your network “scripts” are actually C++ code using the product’s libraries and functions) and can be used to accurately model the behaviour of a real network when faced with network traffic.  The project states that ns-3 models of real networks have produced libpcap traces that are almost indistinguishable from the traces of the real networks being modelled…  I’ll take their word for that, but when you get to configure the propogation delay between nodes in your simulated network it seems to me it’s pretty thorough.  Although the way that I found ns-3 was via a forum posting from someone who claimed to have used it to solve a similar situation as me, and ns-3 does provide a way to “bridge” between the simulated network and real networks, the simulation aspect of ns-3 seems to be more complexity than I’m looking for in this instance.  It does look like a fascinating tool however, and one I’ll definitely be keeping at least half-an-eye on.

To my eventual solution, then: Open vSwitch.  Designed with exactly my scenario in mind–network connection for virtualisation–it has at least two functions that make it ideal for me:

• a Linux-bridging compatibility mode, allowing the brctl command to still function
• IEEE 802.1Q VLAN support (innovatively at that)

The Open vSwitch capability can be built as a kernel module (there’s a second module that supports the brctl compatibility mode), or very recent versions have the ability to be run in user-space (with a corresponding performance drop).

On the surface, configuring an OvS bridge does seem to result in something that looks exactly like a brctl bridge (especially if you use brctl and the OvS bridging compatibility feature to configure it), but its native support for VLANs really brings it into its own for me.  In summary, for each “real” bridge you configure in OvS, you can configure a “fake” bridge that passes through packets for a single VLAN from the real bridge (the “parent” bridge).  This is exactly what I needed!

For the guest interfaces that needed full VLAN-awareness, I simply provided the name of my OvS bridge as the name of the bridge for libvirt to connect the guest to–OvS bridge-compatibility mode took care of the brctl commands issued in the background by libvirt.  The VLAN-unaware guest interfaces presented a bit of a challenge–the OvS “fake” bridge does not present itself like a Linux bridge, so it doesn’t work with libvirt’s bridge interface support.  This ended up being moderately easy to overcome as well, thanks to libvirt’s ability to set up an interface configured by an arbitrary script–I hacked the supplied /etc/qemu-ifup script and made a version that adds the tap interface created by libvirt to the OvS fake bridge.

The only thing I might want from this now is an ability for an OvS bridge to have visibility over a subset of the VLANs presented on the physical NIC.  The OvS website talks about extensive filtering capability though, so I’ve little doubt that the capability is there and I’m just yet to find it.  From a functionality aspect, OvS is packed to the gills with support for various open management protocols, including something called OpenFlow that I’d never heard of before (but I hope that some certain folks in upstate New York have!) but is apparently an open standard that enables secure centralised management of switches.

Detail of exactly how I pulled this all together will come in a page on this site; I’ll make a bunch of pages that describe all the mucky details of my KVM adventures and update this post with a link, so stay tuned!

N’s school recently decided to distribute the weekly school newsletter via e-mail, and had allowance for one e-mail address per family.  Not wanting the additional overhead of having to have either S or me receive it and then having to forward it to the other, I thought it would be neat to have a single common address that, when items arrived, distributed the mail to multiple boxes.  Of course I took the stupid path of providing the school with a yet-to-be-created e-mail address, foolishly trusting my ability to set the system up before they tried to send anything to it…  but in the end it was not so foolish after all, as unbeknown to me I already had everything I needed to achieve my objective.

Unfortunately the first thing I did was assume that I needed mailing list software.  I installed Mailman, and started to read-up on the process to get it working.  I did this on my yet-to-be-commissioned KVM-hosted mail server (a blog post for another day), and started trying to diagnose why mail wasn’t getting delivered.  I had set up Postfix on this mail server to point to my existing LDAP to test, and thought that there was a problem there (but also started to work out if there was a way to use the LDAP server to manage the Mailman aliases).  I re-found the Postfix LDAP HOWTO, and stumbled over the section entitled “Example: expanding LDAP groups”.  Et voila: multidrop incoming mail without the need for a mailing list manager!

I had always assumed that e-mail aliases were a one-to-one mapping of alias address to real destination.  Not the case: an alias can have multiple destinations.  It doesn’t just apply to LDAP alias support, either: as per the “aliases” man page you can do

name: value1, value2, ...

In my LDAP situation, all I need to do is list the alias in the “mailLocalAddress” attribute of which ever users need to receive mail for that alias.  Done!

I may have to keep Mailman, however.  Shortly after this success, I wondered how cool it would be to have the notification SMS messages for voicemail received at home, that currently go only to S, come to me as well.  I’m using a hosted email-to-SMS gateway service for this, so the “alias” would have to expand to multiple external e-mail addresses.  I’m not sure if you can alias mail addresses that are not in your domain…  I’ll have to try and see–might be easier to do that than subscribing to a Mailman list via SMS-to-email! 

Since I’ve been back home now for almost a month, it seems silly to call these posts “travel updates”. 

With the experience of visiting le Viaduc de Millau still buzzing in my head, I pointed my trusty Peugeot back toward Montpellier for the journey to Germany.  The run down the mountain back toward the coast was a really nice drive, but by the time I was back in Montpellier it was back to nasty busy city driving.  I think I made a little bit of an error: instead of following the path that Google found for me to get to the A9 (which was more-or-less back through the middle of town), I followed the first sign I saw that said “A9 NIMES”.  This ended up taking me on a Cooks Tour of bypass roads around the south outskirts of the city, past industrial estates and the consequent heavy workaday traffic.  The city path was very likely to have been quicker and easier.  Oh well.

Once I made it to the A9 for the trip north, I was able to settle in and enjoy the drive again.  The autoroutes in France are excellent, with a great smooth driving surface (in spite of the heavy-vehicle traffic they carry) and plenty of visibility and clearance for cars to be able to carry the 130km/h speed limit (again, in spite of the heavy-vehicle traffic, which is only permitted to do about 90km/h).  Mind you I ended up paying around 50€ in tolls while I was in France!  If it’s a demonstration of how tolling a road can lead to better quality, I don’t mind at all.

The traffic bogged down a bit going through Lyon, but soon opened up again.  I was starting to get a bit worried about the time: I’d left Montpellier three or four hours before, yet seemed to be only a third of the way there!  Night was starting to fall as I turned east onto the A36 — the car was at last actually pointing toward Germany!  A short while after that, I stopped for some dinner before making the last part of the drive.   I was not far from the border by this time, and it looked like I was making good time after all.

I hadn’t planned for my first drive on an autobahn to be at night, but that’s how it worked out.  About the only indication that I’d actually crossed into Germany was the change in the road signage!  The speed limit dropped to 120km/h, but a little while later I saw a sign that showed the 120 crossed-out.  This, I eventually worked out, was the only indication I would get that I was on one of the famous speed-unlimited autobahnen (well, the Mercs and Beemers and Audis rocketing past me were another indication).  Because it took me so long to work out what was going on, I almost didn’t get to go for a rocket myself — I had wound the Peugeot up to about 140-150 and was still getting passed like I was stationary, so I decided to give it a run.  In a few seconds the little Pug was at 195km/h, and seemed like it could have gone a bit higher, but slower traffic ahead meant I had to back off.  As it turned out, I didn’t get another chance to wind it out because we were in and out of roadworks for the last part of the run to Stuttgart.

Eventually I found the last motorway exit I had to take, and I was on the streets of Sindelfingen.  I had made it all the way from Montpellier, without a single wrong turn!  Before congratulating myself too heartily though, I had to find my hotel…  and this was a bigger challenge than I had thought.  I found it, eventually, but not before I’d driven up the same street three times (at least) and done at least one U-turn in front of the place without realising it…

As I was planning my drive from Montpellier to Stuttgart, I suddenly remembered “that stonking-great bridge somewhere in France that those pommie tossers drove those cars over”.  I really had no idea where it was — I couldn’t even remember the name of it.  Somehow, however, I managed to locate it — and found that it was only a bit over an hour’s drive from Montpellier.

So Google Maps told me at least, and my record with that site was not great.  When first I consulted the Googleplex for how to get from Montpellier to Stuttgart, I’m sure it said it would take 3-4 hours.  Just before I’d found le Viaduc de Millau, though, I asked it again and it said more like 8 hours.  More on that later…  but now I was contemplating making my 8-plus hour trip to Stuttgart into at least 11.  I was seriously considering giving up on the tentative plan to see the bridge.  Then I thought: how would I feel if I went home, knowing that I was so close and didn’t bother going?  I made my mind up: I was going to Millau.

I planned my departure the following morning to be a little earlier than originally scheduled, and packed the bags the night before.  The next day I got moving nice and early, right in the middle of Montpellier weekday-peak morning traffic!  It didn’t take long for that to clear, though, and I was on the A750 heading west.  The A750 joined the A75, and then I was heading up into higher altitude.  The diesel Peugeot I was driving ate up the twisting climb with no trouble, and before long the road had levelled- and straightened-out a bit.

I saw a tourist sign saying “Viaduc de Millau”, and realised I was almost there.  Then, I was there!

Darned windscreen wiper! Actually it doesn't matter really, since there's no way a photo from a moving car could do it justice.

You can see the towers of the bridge pylons in the distance: the seventh (and most distant) one is still over two kilometers away! The sign in this photo is for the tourist stop on the north side of the valley, which is three kilometers down the road, and the bridge starts just past the sign…

I tried to take a couple of photos as I was going over the bridge to get a sense of the height and distance involved, but it was a wasted effort.  Not only was the camera unable to focus on anything but the blurring side barrier of the bridge, but the valley floor below was probably too far away for a camera to be able to convey the scene from a car.  So I concentrated on driving the rest of the way over, and trying to enjoy some of the view.

On the north side (as the signpost said) there is an information kiosk and observation area, so I pulled off the road and stopped there.  The observation point turned out to be the peak of a hill accessed by a very steep climb up a bitumen path… but when I made it to the top, the pain of the climb was soon forgotten.

The bridge actually looked to me like it was from another world: it is so big, so high, so amazing and different, that it just doesn’t seem like it could have been made here.  It was truly an amazing thing to see, and it didn’t matter about the lung-bursting climb up the hill or the finger-numbing-face-freezing wind blowing up the Tarn valley or the drizzle of rain that just refused to go away — I could not bear the thought of having to leave there.

Le Viaduc de Millau. I'm surprised I got these photos, I was beginning to wonder about my chances of frostbite thanks to the wind and rain!

I took a stupid number of photos, and stood for a while and just gazed.  I realised it was still (just) daytime in Australia and phoned home, but must have sounded like an idiot just banging on about a bridge.

Eventually I realised that I would have to leave in order to get to Stuttgart in a reasonable time, so reluctantly I set off back down the hill.  I went through the souvenir shop and picked up a trinket or two, along with a brochure or two that N might take an interest in.  Then, with even more reluctance, I got in the car and departed.  I wasn’t able to avoid the toll plaza — 12 euro (6€ each way) in tolls!  It was a small price to pay though — besides, I got to drive over it again!

The Millau Viaduct is a wonder of the modern world, and I am so glad that I didn’t talk myself out of driving up to see it.

I took a few photos then loaded my gear on the train (big bag in the luggage space at the end of the carriage, smaller stuff in the overhead rack), then went back onto the platform to get a few more photos.  I’m sure I was still acting like a stunned mullet as I wandered around the station!

As departure time drew closer, I headed back to my train and got comfortable.  I faintly heard the sound of the doors closing and then, without a sound, the train started moving.  It picked up speed as it started to snake along the lines heading out of Paris: there were a couple of curves where I could see the front of the train as we went.  Even though we were still in the suburbs and the tracks were eight-wide, the TGV was moving at quite a pace as we headed south.

Some breakfast came by, and the next time I looked out I noticed that the other tracks were gone and we were moving a lot faster now.  At no time had I felt any great acceleration, I suppose for comfort’s sake they let the train wind up gradually.

Then we got faster still.  And faster.  And faster.  And faster.

Again I have to reiterate: if you’re not a train-fan, you probably won’t appreciate how exciting, exhilarating and mildly terrifying it was for me.  I realised that I was actually on the ground at 300+km/h, and that if I was in a plane I’d be airborne by then!  In the dark the night before, I hadn’t been able to appreciate going through tunnels or passing under bridges at that speed.  The line ran near a highway at one stage, and I just couldn’t get my head around seeing the cars that I knew were going in the same direction as I was moving backward!

I could see trackside distance markers, and did a rough timing of our travel over one kilometre: “one-onethousand-two-onethousand … 12-onethousand”.  Math it out: that’s 300km/h.

I expected that the train would stop a couple of times, but there was only one stop (Nimes, about 100km from Montpellier).  The remaining run from Nimes down to Montpellier was fast, but not TGV-fast.  As we pulled into Montpellier, I gathered up my gear and got ready to leave the train.  My first TGV journey was over!

When the train did arrive, it was three minutes late.  I was amazed: over all those hundreds of kilometres, we only accrued a delay of three minutes.

I used a map in the Montpellier railway station to find that my hotel was literally a stone’s throw away.  I hauled my bags up the street and into what seemed like a dingy alley to the hotel and checked in.  My room had a dodgy double doorway onto the dingy alley, and I looked out at the street and watched a few cars go by.  I also got my first spectator view of French contact-parallel-parking!  That evening I met up with my residency colleague and a couple of his workmates over a couple of Belgian beers, and went for a stroll through the city after taking a slightly wrong turn when I was dropped off near the station.

The next day, since the plan to go to IBM didn’t work out, I had a chance to look around.  First order of business was to do some planning for the drive to Germany the next day, so I did some internetting before going to pick up my car.  The car was a diesel Peugeot 308, and I went for a bit of a drive to familiarise myself.  Thankfully the streets of Montpellier are a bit more forgiving than metropolitan Paris!  I managed to get lost a couple of times, but did my usual Zen navigation to get back on track (thank-you, Douglas Adams).

After the car adventure, I went for a bit of a walk around the old part of the city and took a couple of photos along Esplanade Charles de Gaulle.  Once again I saw that although large cities around the world are starting to become more and more alike (town square, shopping mall, etc.), European cities still have the charm of the “old town”.  I really like the narrow cobbled streets with people walking along seemingly day or night, and the food stalls and shops every couple of doors — real food shops, like a patisserie or coffee shop, not your chain-of-the-week like Starbucks or McDonalds.  Yes, I could really get the hang of Europe: I need to put more effort into learning more of the local language though.  I found myself too cautious about my inability to order from those patisseries and coffee shops to be able to enjoy them.  Dinner one night in Montpellier was Subway, and as I walked back to the hotel to eat I found myself looking at the local shops and regretting that I wasn’t confident enough to try.

The time came for me to leave Montpellier though, and start my journey to Sindelfingen in Germany.  My research on the route yielded an interesting fact: the Millau Viaduct is only a little over an hour’s drive from Montpellier…

While my Thalys journey to Paris was coming to an end, I got a phone call.  I wasn’t going to answer it for the combined reasons of being in a foreign country, being on a train in a foreign country, and being in a small room not normally associated with telephone communication while on a train in a foreign country.  Something made me answer the damned thing though.

It was someone claiming to be from my bank in Australia, asking me if I’d just used my credit card to buy something from the Apple Store in the US.  Now I did very nearly say yes, and to stop bothering me with such stuff: this was the card that had been associated with my Apple ID, and there was a chance that N had picked up my iPod and stumbled through and found the App Store and bought something.  They’d never contacted me before about App Store purchases however, and then I remembered that card was not on my Apple ID any more.  So I replied non-committally (and very helpfully, in hindsight)…

“Well, maybe.”

“This was only in the last couple of minutes,” said the bank.

“Oh,” said I.  That changed things.  Knowing that the card was not linked to my Apple ID any more, there was very little chance that N might have done something.  It definitely wasn’t me either, given where I had been during the few minutes in question.  ”No, then,” I replied.

At this, the VISA machinery sprang into action.  Within seconds I had been recited the standard dialogue about how my card(s) had now been cancelled and that I would soon receive new card(s) and PIN(s), so on and so on.  Being none too happy about having to re-arrange scheduled charges to the account (the only use that particular card gets, as it turns out) I started to think about how the number had got into the wild.

In spite of knowing that there are card number generators that the bad guys use to generate valid card numbers to try on unsuspecting e-commerce sites, something gave me the thought that it was more likely I had lost the small wallet that card was kept in.  I started thinking about the other cards that were in that case.  Hotel/car loyalty cards: painful, but not a problem.  Unused AMEX: cancellation drama only.  Travel-backup credit card: hmm, that might be a problem.  What else…

Oh, wait a minute…

OH CRAP.

Last I saw that wallet it was wrapped around…

O. M. F. G.

My PASSPORT.

Instantly I understood the feeling described by the term “heart in my mouth”.  There I was, standing on a train pulling into Paris Gare du Nord with my knees buckling contemplating the possibility that my passport was lost.

I started to look through the bags I was carrying, the places where I knew the wallet should have been.  Nothing.  By this time the train had stopped, and I alighted the train with the other passengers and took my frantic search to the Gare du Nord platform.  Still nothing.

My mind was racing.  Do I continue my journey to Montpellier as planned, and sort out the passport later?  Maybe ironically, the thing I was most upset about was having lost all the stamps in my passport!

I decided that I couldn’t think properly standing on a train platform and that I had to get to my hotel and sort it out there.  I managed to find the subway that links the SNCF station to the RER, but halfway through the subway I realised that I couldn’t go any further without having a proper search.  So in the middle of a railway station subway in Paris I started rifling my luggage like a sniffer-dog looking for the stash (and it wasn’t until later that I realised how much trouble that might have got me into).

FOUND.

The wallet, all cards secure and still encasing my passport, had worked its way into the lowest portion of the wheeled laptop bag I use.  I suffered the joyous feeling of my heart returning to its rightful place, combined with the return of my ability to breathe.  As I put stuff back into my bags and resumed my journey, I tried to concentrate on the task of getting the right ticket, the right RER line and the right train to get me to Gare de Lyon (thanks to the signage in the station, this was made very easy).

Once I was on the RER, with other commuters around me and me trying to marshall my luggage, I realised how I could not have done the trip thinking that I had lost my stuff.  I also realised that that was the closest I ever want to come to actually losing my passport while overseas.

Oh, and the credit card?  Like I said, it was in the wallet all along.  The card hasn’t been out of that same wallet for over twelve months, and the regular deductions (and my automatic payment to cover them) have been the only transactions on the account for at least that long, so I guess a card generator just happened to get lucky with my number.

So if you happen to get that phone call from your bank, think seriously about your card’s whereabouts and recent activity… and for heaven’s sake don’t do what I did and jump to the conclusion that the card was lost or stolen — your imagination might just take you someplace you really don’t want to go.

Update: Before I left Australia I had asked the bank to reissue the card for a promotion they were having, but the new one didn’t reach me before I left the country. When I got home, I had a look at the card that had been issued — the one that got hacked.  I think I know now why I got pinged: the CVV number (the three-digit printed number on the back of the card that is supposed to increase security) was the last digit of the card number followed by “00″ — I’d have to think that would be about the weakest CVV number the card could possibly have had! I feel much better now that this was simply a random selection by a card-number generator, facilitated by a stupidly-insecure CVV.

I’m not going to talk about the work stuff in these updates: for one, this is not actually a work blog so I probably shouldn’t anyway.  Secondly, it’s a bit on the boring side of things and I’d rather talk about the travel.  So, with that decided, let’s continue…

So Monday arrived and I did my presentation, then picked up my bags from the hotel and went to Schiphol.  I made use of the NS HiSpeed lounge (a little bit like an airline club lounge, but on a smaller scale) to have a refreshment before heading down to the platform for my train.  My final destination was Montpellier, France, but because of the time I thought I had to be there I had to overnight in Paris: so it was Thalys to Paris on Monday, then TGV to Montpellier on Tuesday morning.

I feel the need here to reiterate what I mentioned in the previous post: I’m a rail-fan.  When TGV was introduced in the 1980s, I made it one of my life’s goals to make a TGV journey one day.  I marked the goal halfway complete when a colleague and I travelled on Thalys in 2006: half-complete because we only went from Amsterdam to Brussels, which is not true high-speed (although I saw that it has been upgraded, and Thalys will run high-speed to Amsterdam from December 2009).

As I boarded Thalys for Paris that Monday night, I realised that my goal was about to become fully-complete.  I settled in as the train departed into the Dutch night, and started to enjoy the comforts of Thalys “Comfort 1″.  I hooked up to the Wi-Fi and made a couple of silly Facebook updates, and saw a nice little map feature they provided on their portal page:

My train was just south of Antwerp at this time... Cool, eh!

Due to the dark outside, it was difficult to get a sense of how fast the train was moving: the only way to know for sure was the occasional lit-up building or car that went by.  As I said, having travelled on Thalys before I knew that the best was yet to come (in other words, after we went through Brussels).

Eventually we pulled into Brussels, and my excitement built a little more.  The wait in Brussels-Midi station was almost unbearable!  Finally though, we got moving again.

I read an article by a UK travel reviewer when the TGV first ran.  He described a dramatic surge of acceleration as the 1k5V standard French pantograph was lowered and the 25kV circuit was activated on the high-speed line to Lyon.  I didn’t experience any such hard surge, but as we picked up speed out of Brussels I just knew that something was different.  I guess I was seeing enough points-of-reference outside to know that we were moving much faster than before, but whatever it was I could tell that now we were really moving.

I sat and enjoyed it all for a while: the surreal feeling of approaching the continuous lights of a stream of traffic on a road or highway impossibly fast, and realising that the train was actually going to pass over it…  and then the lights were gone as the train flashed over the highway.  The thrilling hum and vibration of the train itself: not disturbing at all, just the feeling of being on board a piece of machinery that was working hard.  After a while I checked back on the ThalysNet map, and realised that the map was clickable…  I clicked, and was rewarded with an enlarged view, with a speedometer! I refreshed the view a couple of times to make sure it wasn’t something static…

I did refresh and get one that said 300km/h, but it looked a bit staged

I refreshed each time I felt a large change in speed (and before anyone asks, no at 300km/h you can’t tell a change of 5km/h), and saw enough change in the display to be confident that it was a real representation of the train’s speed.

Unfortunately the journey had to come to an end.  I’ll write a separate post about the terrible experience I had as I arrived in Paris, but once I got over that I worked on the task of getting myself from Gare du Nord (where Thalys operates from) across town to Gare de Lyon (where the southbound TGVs run from, near which I’d booked my room for the night).  I ended up managing very easily to find the way to the RER station, buy my ticket, find the right train — a direct train, where my research had told me I’d need to change trains — and hop off at Gare de Lyon.  After a little mixed-up street navigation (unbeknownst to me I’d left the station from the back entrance, and ended up walking all the way around to the front) I made it to my hotel, checked in, and negotiated an old-style elevator (with a swinging outer door!) to my floor and my room.

The next morning I went for a little walk.  I realised I was quite close to the River Seine, so thought I couldn’t go home without seeing it.  What can I say: yes, it’s a river.  I thought I’d be able to see perhaps just the top of the Eiffel Tower, but there were too many buildings in the way.  Back to the hotel then, to check out and go to the station.

When I got to the plaza in front of the station, I had to pause.  There I was, actually standing in front of Paris Gare de Lyon!  Okay, a railway station… but which railway station!  This is where TGV basically started it’s first passenger services.  I was having another one of those dream-about-to-come-true moments.  Then I went inside and saw a real TGV! If you’ve seen the movie Cars, you’ll know the scene at the end when the Michael-Schumacher-Ferrari drives into Luigi’s Casa Della Tires and Luigi ends up fainting (“a REAL FERRARI!”).  For me, seeing not one but at least five TGVs was much like that.  Okay, they aren’t the old TGV Orange that I knew when I was a kid, and the design is a bit updated, but they’re TGV and they’re where modern high-speed commuter rail began.

Next update I’ll describe more of my TGV experience, as well as my first European drive!

I arrived in Amsterdam on Sunday morning, and decided that rather than get bounced by the hotel trying to check in too early that I’d fill in some time at Schiphol Airport.  While I was there I had a chance to reflect on the flight over from Hong Kong.

My stop in Hong Kong turned out to be just long enough to create a risk of me missing the flight.  I was sitting in a comfortable chair in the lounge and getting occasional snacks and drinks, and successfully dozing for ten or fifteen minutes at a time.  Our boarding time was delayed by about an hour, and whether I became just a bit more relaxed because of the delay or because the noodle dinner I had settled in my stomach I ended up falling into a proper sleep.  Like many airlines overseas, Cathay Pacific doesn’t make boarding announcements in their lounges…  I awoke to find the departure monitor flashing “Final Call” next to my flight.

The terminal building of Hong Kong’s Chek Lap Kok Airport is shaped a bit like a big letter-Y with an upside-down capital-T overlaid.  You guessed it, to get to my flight I had to go from the tip of one arm of the T (where the Cathay Lounge is located) to the fork of the Y (where my departure gate was).  Doesn’t sound like far, does it: perhaps I didn’t mention that this munged-up T-Y shape got stretched out in the middle and is about three-times longer than it is wide…  As I fast-walked along travelators, I kept looking at monitors and expecting the dreaded “Gate Closed” to appear.  I drew closer to the gate, and could see no queue of people waiting to board–now I knew I was pretty late.  I saw someone in a green uniform starting to walk away from the gate toward the main terminal building (toward me), and as I got closer I saw that she was carrying a card with my flight number on it in large letters.  At this point I relaxed: they’re still looking for the latecomers.  I waved at her when I realised this, and when I reached her she asked my seat number.  It looked like I would be okay.

When I finally got to the gate I saw that I did actually have a bit of time available: the queue was actually on the aerobridge waiting to actually get on the plane.  It took at least five minutes in the bridge before I was on the aircraft, so it wasn’t like I was keeping them from closing the doors.  Still, a bit of panic to teach me to be careful about being inattentive in an airline lounge.

The flight was bad.  Actually I take that back: in the context of other long-distance flights I’ve taken it compares badly, but really it was probably just your normal Cathay Pacific long distance economy-class flight.  Cathay’s seat in Economy though is weird: it’s actually a little enclosure, a bit like a discount version of the Qantas Business-class cocoon.  What’s weird is that the seat doesn’t recline, instead the seat cushion slides forward and back.  The bottom of the seat back is attached to the back edge of the seat cushion, and the top of the seat back slides in runners in the seat frame.  So the angle of the seat back does in fact change, but for someone tall like me instead of being able to actually recline with a straight back I got curled up by the crazy thing.  The only good thing about it is that it eliminates that feeling of intrusion you get when you want to sit fairly straight but the person in front wants to recline all the way back.

The arrival into Amsterdam’s Schiphol Airport was uneventful.  The reason we were delayed from departing Hong Kong was actually so that we didn’t arrive too early to be allowed into Schiphol; the flight time was about an hour shorter than scheduled.  So even though we left late, we arrived on-time (if not a bit early).  The arrival hall in the airport was a mess however: I’m sure that they put us into the smallest passport hall in the place, and our full 747 from Hong Kong arrived at the same time as a United flight from the US.  The place was packed–they had to switch off the escalator into the hall to stop people from getting jammed into this room like sardines.

After I made it out to pick up baggage I waited another 10 minutes or more.  I had thought that the length of time it took to get through passport control would have given plenty of time for the bags to get off the plane, but it wasn’t so.  It took almost an hour to get landside–perhaps the messiest arrival at Schiphol I’ve ever had.

I decided to save some time for the next day and went to pick up my ticket for the train to Paris.  The airport terminal is actually built behind the railway station–if you were to arrive at Schiphol by taxi for the first time, you’d be tempted to think that the taxi driver misunderstood and took you to the train station instead of the airport.  Entering through the front doors, you have to walk past all the railway kiosks and ticket machines and timetables before you get to anything that even remotely looks like something to do with air travel.  I’m a train-guy though, so I like it that way.

I am so much a train-guy in fact that after I had some breakfast I decided to throw my bags in a locker and hop on a train to fill in some time.  I went to Utrecht, which I thought would be an hour or so away and would fill in a nice chunk of time, but actually only turned out to be 30 minutes away.  On this little trip I saw some Dutch countryside and was stunned at how green it looked.

When I got back to Schiphol I picked up my bags and got the airport shuttle to the hotel.  ”Yes, sir, your room is ready”–how wonderful those words can sound when you’re tired and filthy from a long plane ride!

I’d love to break my blogging drought now, as I have about five hours before I board my next flight, but I have a splitting headache which I’m sure you understand is not conducive to effective computer usage (which is a shame, as the Wi-Fi here is excellent).  Maybe later.

By the way, what brings me to Hong Kong?  I’m going to Europe for my remaining ITSO Workshop presentations.  Amsterdam on Monday, then Montpellier (France) on Tuesday.  I make some things up for a few days, then London next Monday followed by Milan on Thursday, then flying home via Rome and HK (again, three fortnights in a row).

I’m in Poughkeepsie for a couple of ITSO projects. For the last week I’ve been working on the development of material for the ITSO’s Workshop World Tour. I’m helping out with the “System z Virtualization” stream, and I’m lucky enough to be presenting in a half-dozen cities around the world. Only problem with that is that the first one is only a few days away, and the material probably needs a bit longer in the oven (so to speak). Still, I’m looking forward to the event as a way to help build the Linux on System z community (and to do a bit of travel to some new places).

Starting this week I’ll be doing a residency with the ITSO. The book will be “Security on z/VM” — I don’t know if it was made so open-ended on purpose, but there’s a lot that could go into a book with that title so I’m looking forward to a busy time as the project develops.

More on my US travel as I get settled (I’ve been here a week and my sleep is still all wrong).

I’ve been a user of Cisco IP phones, buying 7960s and a couple of 7970s through a well-known internet site (maybe it starts with an “e”, not sure).  The phones have been excellent, and I’ve even written a few XML apps to supplement their use here.  The 7960s are getting a bit dated now, however, and I found myself contemplating buying 7971s (or even something newer, like the 7965 or 7975).  Before I committed myself further into the relationship with Cisco, though, I thought about what I was really getting out of using Cisco phones.

Like many users of second-hand Cisco gear, I only purchased the hardware.  I do occasionally succumb to a nagging feeling of being an “outlaw” (at least in the eyes of Cisco), but admittedly that feeling usually only comes when I find out that Cisco has released another new version of SIP software that I can’t get because I haven’t paid for SmartNet.  The last time I had this thought though, I had a realisation: even if I did pay for SmartNet, the only thing I’d get would be the firmware: Cisco will only support their phone software when connected to their CallManager server (yes, even the SIP firmware).  Anyone running Cisco phones against anything other than CUCM gets no support from Cisco in the event something doesn’t work–and based on the information floating around, the problems are many.

So basically I would be paying Cisco to allow me to run one of the worst SIP implementations in embedded existence, with no opportunity to report problems with it in my environment.  Hmm, let me think about that for a minute…

At around the same time, I happened across the NerdVittles site, and in particular the post where NerdUno nominated the Aastra 57i as the “World’s Best Asterisk Phone“.  I started to do some research into it, and was astounded at the level of support the manufacturer (a Canadian company which a few years ago acquired the telephony business of a little mob called Nortel) and the community provide for this phone and Asterisk.  Looking through the phone manual, I found functions that only work with Asterisk! I found a full set of integration scripts that provide XML applications, right through to automatic provisioning tools.  Possibly the best thing was that on the product page for their phones — right there on the page that descibes the product — are links to current versions of firmware, documentation, XML application development guides, even a Linux-based application to encrypt the phone configuration files.  Not hidden in some obscure hard-to-find portal, or behind a registration-only support site.

I started to think of the possibilities…  I’d be able to freely modify the phone configuration (even via a HTTP interface if I so chose), without having to make trial-and-error changes to a cryptic and totally undocumented configuration file.  I’d be able to write XML apps without having to do laborious debugging to cater for why the parser was choking on XML that was perfectly okay according to the documentation but apparently tripped over an undocumented field length restriction or character encoding limitation.  I could get access to things like Visual Voicemail, BLF, integration with Asterisk functions like day/night mode and call parking.  I could keep the phones up-to-date for new functions and bug fixes.  With a click of a mouse I could get proper Australian tones!

So, I decided to give one a try.  Finding nothing on that “e” site I went looking for a vendor locally, and found several places that would sell one to me (legitimate e-tailers, no less!  Zounds!  A VoIP phone with a warranty?  You jest!).  It took a while for my chosen vendor to source it for me, but I’ve had it now for a couple of weeks.  It’s probably going to take a while for it to live up to it’s full potential in my installation, but since that potential is so much greater than what I have been able to do with the Ciscos I think I’m already ahead.

More in the coming weeks as the Aastra settles in.

I figured this would be an ideal way to make use of an old Nokia 6230 with a broken speaker.  Somewhat foolishly, on the assumption that it would Just Work (and that all the troubles experienced by others would not beset me) I went and bought a two-pack of prepaid mobile SIM cards and went through the adventure of activating them.  One of these SIMs I threw into the 6230, the other I kept on hand for after I got everything working.  The plan, you see, was to be able to take advantage of free calls between the two accounts by taking one of the phones with me when travelling and leaving the other strapped to Asterisk at home.

I think it’s probably fair to say that I’ve had more success with it than a lot of other folk have.  The process of configuring Asterisk to use the Bluetooth dongle is quite straightforward, and it’s even quite easy to configure the chan_mobile driver to have calls enter your Asterisk system in a routable way.  When I dialled the “tethered” mobile from another phone, I was rewarded with the ringing of my desk phone–and at this point, I think I gave myself the kiss-of-death.  “Wow, that was easy,” I thought…

When I picked up the desk phone, I was rewarded with silence.  Not just the silence of the phone not ringing any more, but also the silence of no audio being passed either way over the call path.  Nothing put the pure, desolate sound of FAIL.

Things actually went downhill from there, believe it or not.  I have tried a total of four different Bluetooth dongles, with results ranging from the aforementioned signalling-but-no-audio to why-the-@#%$-won’t-this-thing-pair.  The three different phones I’ve tried elicited a similar spectrum of results.  “Make sure your dongle has a Cambridge Silicon radio, they definitely work” say the forum experts…  Sorry guys, one of the biggest failures I had–failure of Asterisk to pick up the call–was on the last dongle I tried and, yes, it was a CSR.  I’ve even had two different versions of the bluez stack and (I think) two different asterisk-addons versions.

The one thing that I’ve distilled from all the experiences I read through is that there is a ridiculously high level of sensitivity to particular phone and dongle features.  For example, great success has been reported with the Nokia 6230i.  I figured that I was lucky and that a 6230 would be close enough…  Doesn’t look like it.  There is one model of D-Link Bluetooth device–no longer in production, by the way–generally reported to give the most success.  Tweaking the device class reported by the bluez stack in the Linux host is said to give success too, but led to me being unable to get a connection to Asterisk.  Unfortunately, I have neither the time nor the patience to spend too much time trying to go through the motions of getting it working.  I tell you, if it really is that difficult to get two Bluetooth devices to talk to each other it’s no wonder that the majority of folks still use wired headsets!

Luckily all this little experiment has cost me so far is time.  The two-pack of SIM cards cost me the grand total of $2, and they had enough start-up credit on them to allow me to receive calls without a top-up.  The handsets are from that ever-growing pile of GSM hardware that just about every modern household is accumulating now (well, at least the ones that house a gadget-freak who can’t even bear to part with a broken one).  The kernel version I’m running on the system could be an issue, since I get ugly error messages from the btusb module when I take a call, so a kernel update might help.  After that though it’s likely to cost real money–buying a new/different Bluetooth dongle, for example.

If anyone out there has suggestions on something else to try, I’m listening (reading? watching?).  I don’t mean to complain, after all I am one that usually subscribes to the “it’s Open Source, it’s the hard work and dedication of others, you got it for nothing, you’ve got no right to complain” philosophy.  It is really frustrating to come away from a couple of days’ effort with nothing to show for it, though.

I’m implementing a router box on an old low(-ish)-power PC that will be backed up by a virtual machine on my main virt-box.  I’ve already done most of the preparation of using keepalived to implement VRRP, and a colleague has given me some pointers in using the Linux-HA tools like Heartbeat and DRBD to make services like e-mail and Samba redundant.

I’ve had a soft spot for LDAP for ages; I’ve always thought that putting as much backend data into LDAP as you can would be a really good way to get failover and redundancy.  Instead of having to deal with every single server’s different way of doing replication and failover, just bung everything into LDAP and get that replicating.  Sounds good in theory, but in a nutshell it’s not working out that way for the two least-celebrated but most important components of my (arguably any) network: DNS and DHCP.

There are a number of LDAP-backed DNS projects out there.  If I’m willing to go to the bleeding edge with BIND on my Gentoo build I can get access to the two most talked-about ones (bind9-sdb-ldap and the BIND DLZ LDAP driver), and other solutions like PowerDNS and ldapdns are available.  But none of them offer integration with DHCP, and I’m currently using dhcpd’s “interim DDNS update method” to make sure that hostnames are seen in my DNS when a lease is granted (okay, there’s a Perl daemon that goes with bind9-sdb-ldap, but it seems like a sort-of clunky afterthought).

Speaking of DHCP, LDAP backends for it are virtually non-existent.  The only LDAP-enablement I’ve found for ISC DHCP involves putting the config file into LDAP, not the leases…  I actually used that for a few days a while ago and pulled it out because it was actually more work to do it that way (and for no benefit in failover).

It seems to me it would be a project ripe for the picking: take an integrated DNS/DHCP server like dnsmasq and make it write into LDAP instead of to a file.  If I had more free time I’d probably have a go at it, except for the fact that no-one really seems to be that interested in storing DNS and DHCP in LDAP: that it hasn’t been done says to me that there’s no demand for it, and it’d end up being a big waste of time and effort.

Over to you, lazyweb…  Is this a yawning chasm of unfulfilled networking dreams, or a case of me trying to make something more complex than it needs to be?  After all, the rest of the world gets by with DNS master-slave and DHCP failover, they should be good enough for me too, right? 

Nerd Vittles linked to this blog, which alludes to the possibility of mobile carriers putting pressure on Nokia to remove “free” calling capability (i.e. VoIP) from their phones.  Within the comments on that blog post comes a link to a post on Nokia Conversations (I’ve never seen that site before, but it seems to simply be a bit of a PR site…).

“Charlie” from Nokia Conversations tries to spin the changes to Nokia’s SIP support.  Firstly, in what seems to be almost believable at first he says “no, the SIP stack is still there, in fact it is actually better in FP2 than previous versions”.  Apparently, the improvements meant that the integrated VoIP client had to be dropped because it wasn’t ready.  This explanation loses credibility, however, when you see that Charlie’s blog post was made on 27 August 2008: nearly one year ago! And folks are still commenting on that thread, saying “where’s my VoIP client?”.  I cannot believe that it would take Nokia a full year to update the VoIP client and package a firmware update for these phones–especially given that two other S60 3rd-ed FP2 phones released after the N78 and N96, namely the N79 and N85, apparently do have the VoIP client!

On 8 December 2008, Charlie posts a follow-up on Nokia Conversations.  In it he says “well we made some folks unhappy, but we’ve made a fix”.  He points to something called the “SIP VoIP Settings” application that was supposed to bring back what people were asking for.  Problem is, it’s not a VoIP client at all: it’s simply a configuration tool allowing more detailed control over the configuration of a SIP profile.

In the final insult it appears that the new N97, Nokia’s current flagship also has no VoIP client.  The N97 is based on S60 5th edition and not 3rd edition, but 5th is supposedly just 3rd updated for touch-screen anyway (not a significant change in technology).

Looking more closely at the specifications pages for these N-series phones, the tiny-tiny text that says “VoIP” is missing.  It’s probably arguable therefore that Nokia never advertised the phones as having VoIP capability[1], so anyone who bought one without checking has created their own situation.  However, Nokia, why is the “upgrade” to the N95 missing one of that phone’s most popular features?

At one point Nokia’s story changes… it seems that VoIP is a function that doesn’t fit the product direction of N-series and belongs in the E-series phones (indeed both the E75 and the soon-to-be-released E72, reportedly S60 3rd-ed FP2 phones, list VoIP capability).  Why, then, do other S60 3rd-ed FP2 phones like the N79 and N85 have VoIP?

This whole “affair” seems to have been handled really poorly by Nokia.  Firstly, claim a technical limitation.  When that fails (because you discover that your users actually know something about tech), claim that your third-party providers have developed a solution.  When it turns out that the third-party products are steamers that don’t even use the infrastructure your OS provides (something you didn’t know before either), claim that the product has been “realigned” and doesn’t service that market any more–while simultaneously marketing a product in the same series with the same technology that still has the disputed feature.

I must admit to being a lot less angry about this after researching this post than when I started it.  I’m more angry about the survey I completed earlier today when I visited the Nokia website–I was very complimentary about .  My shopping-slash-wish list just lost an item–not that I was seriously contemplating buying the N97, but it’s nice to have a technical reason not to buy it rather than the boring can’t-really-justify-it line.

[1] Of course it’s easy to make this statement based on what the product pages look like now…

Unless, of course, I don’t get it.

(The first result got fixed, this version (courtesy Google’s cache) has the goodness.)

I have an ISDN phone line coming into my Asterisk system.  One of the indials is for our home number, the other is one I use for work.  Before I found FreePBX, I had manually worked the Asterisk dialplan to have calls made from my work phone(s) appear from the work phone number–useful not just for Caller-ID, but also required for the long-distance provider I use to bill calls for work.  With FreePBX I was able to use a custom context to pre-select a route that dialled the provider override prefix to send the calls through the other provider, but it was a bit of a hack using hand-written dialplan code and a bit of luck.

Before I changed to device-and-user, I naively assumed that FreePBX would allow a user to be associated with a context in the same way a device/extension can be.  This is not the case, and the context of the device is still used for routing.  This meant that I could not use a device for either work or personal calls without having to log onto FreePBX and change the device context (logging on as the work user was not enough).  I was back to square one…

I did a little research.  Firstly, I rediscovered how I was making the existing routing work.  The ISDN interface I use (driven by chan_capi in Asterisk) simply uses the outgoing caller-id of the call to select from available MSNs[1].  So I had one route that had the “normal” MSN set as the outbound caller-id, another route with the “work” MSN (plus the rewrites to add the long-distance override code at the front), and a custom context for the work devices that made only the route with the work MSN available.

Looking more closely at the user definition page, I saw that there is an “Outgoing Caller-ID” field.  By using this field, I was able to do away with the separate route and the custom context and set the work MSN there instead.  This gives me just what I need: a way to control my outbound MSN on a per-user basis!  This got me half-way there, as I still needed a way to set the long-distance override codes for work calls.  A bit more research turned up a predialling macro hook that the FreePBX folks made available.  With a bit of code to test the caller-id and the number dialled (the long distance company doesn’t handle free calls, for instance) I get just what I need.

Here’s the macro hook (this is added to extensions_custom.conf):

[macro-dialout-trunk-predial-hook]
exten => s,1,NoOp(Trunk is ${OUT_${DIAL_TRUNK}}, CallerID ${CALLERID(num)} calling ${OUTNUM} )
exten => s,n,GotoIf($["${CALLERID(num)}" != "xxxxxxxxx"]?endit)
exten => s,n,GotoIf($["${OUT_${DIAL_TRUNK}:4:11}" != "CAPI/contr1"]?endit)
exten => s,n,GotoIf($["${OUTNUM}:0:4}" = "1800"]?endit)
exten => s,n,Set(OUTNUM=1xxx${OUTNUM})
exten => s,n(endit),MacroExit()

So I’m now a happy device-and-user user!

Last time I looked at this I thought there were some problems with the way it was implemented that meant it didn’t work for my installation, so I ended up hacking together a mess of fake extensions, ring groups and queues that more-or-less reimplemented the good parts of device-and-user mode and still letting me use things from extensions mode.  Doing this however meant that FreePBX always complained about what it called “invalid destinations”, and I had to use some custom logic for doing something simple like a common voicemail access number.

What won me over to device-and-user mode again though was the ability to log a device on and off from a number.  I have a couple of Nokia handsets that have SIP clients now, and it’s handy to just have one device that all my work calls (for example) arrive on.  After-hours though, I didn’t want that device to still be tied up to the work line; it made more sense to be able to use that device for home calls.  To do that with extensions mode and my ring-group hack would mean reprogramming the ring-group (and one other change, which I’ll talk about later) when I wanted to switch over.  Presumably I could write some script or AGI logic that I could tie to a feature code in FreePBX, but I’d simply be making more custom modifications for little real gain.

In the end, I realised that the main thing keeping me in extensions mode–the ability to call a device by it’s “extension” number regardless of who’s logged on to it–wasn’t something I used often enough to warrant all the work I’d have to do to make extensions mode do what I needed.  With that in mind, I edited amportal.conf and made the all-important change:

AMPEXTENSIONS=deviceanduser

I had to reload the FreePBX admin page a couple of times, but eventually the “Extensions” tab changed into two tabs, “Devices” and “Users”.  True to the description of extension and device-and-user modes given in the FreePBX doco, the Devices and Users tabs had the same number of entries.  All I needed to do was delete the users that were no longer required (i.e. almost all of them) and the devices that belonged to the voicemail extensions from my original setup.  I then ran through each of the device definitions and correctly assigned them as either “Fixed” (statically allocated to a user) or “Ad-Hoc” (able to be logged on to a user).

This was the point at which I worked out a solution to my original dial-a-device-directly problem.  I realised that the majority of times I need that functionality is when testing.  So, for those devices that I use for testing, I left the user definition in place and made it the “default” user for that device.  This means that when I log out of the real user from that device it is reachable by the default user number, and I can dial it directly for testing.  The other use for direct-connection to a device, the intercom, requires a separate SIP endpoint anyway (due to the Cisco phones not adhering to the SIP command for remote off-hook) so I need to keep those as separate users too.

I’m quite happy with how it’s turned out–at least, I was once I’d overcome the showstopper I found!  Read about that in part two.

I imported all the entries from the old engine (I’m even gradually working through them to categorise and tag them).  I even found some Perl and SQL mojo I never knew I had to make nice redirections from the old blog to the new.

As I said when I first started this blog, none of this coolness is likely to make me write more…  But here’s hoping! 

I’d recently updated the machine that provides the transparent web proxy function for the network; one of the updates took Squid up to version 3.0 (from 2.6). This was the first thing I was suspicious of.

There’s an option in Squid that controls how it handles an “If-Modified-Since” request from a client. The default is for Squid to respond based on the age of the item in the cache, not based on the real item on the source web page. The comments in the Squid config file indicate that some clients use an IMS when requesting a reload — looks like APT is one of those clients.

Setting this option to “on” (from the default of “off”) in squid.conf fixed the issue for me:

refresh_all_ims on

The first thing was obviously to get hold of the audio file. This turned out to be surprisingly easy, thanks to Google pointing me to a piece of software called MacTracker. MacTracker is actually a reference guide for Apple products (computers all the way back to the Macintosh XL, the MessagePads, printers, displays, even iPods and mice), but part of the information it holds about the computers is their startup and death chimes.

There’s no option in MacTracker to export the audio files, but by opening the app package (“Show Package Contents” in Finder) it’s possible to navigate to where the chime sound files are stored. Then from Finder, all I had to do was zap the file to the phone via Bluetooth. On the phone, opening the Bluetooth message gave me an option to save the “music” file, which I did — this adds the file to the Music Player, but importantly makes it easily selectable in the configuration of the alert tones.

So now when I receive an SMS I hear the death chime of a Macintosh LC, and the startup sound of the Twentieth Anniversary Macintosh alerts me to incoming e-mail. I’m going to apply similar configuration to my desktops: on-and-off for the last ten years I’ve been using a Homer Simpson soundbite to advise incoming mail, and it’s a bit tired now…

Next task will be to replace the startup sound on my N810 with something a bit retro-Mac!

I've turned off the comment capability, until I can get something in place to bring the rubbish under control (a recent update to PolarBlog helped a bit, in that the crap doesn't display on the site any more, but when I log on I get to see the mess). I'm thinking of a new site, where I can discuss technical stuff a bit more and thoroughly while keeping the private stuff separate if I need to.

The site has had a bit of downtime recently, due to my non-existent monitoring of what's happening on my hosted server. This will change shortly, and I'm looking forward to things returning to the stability they had when I was self-hosting.

S's and my respective creative sides are being adequately satisfied by the iLife suite on the Mac, but there are times when we need to get the pictures out of the silver tower and onto other media—on this occasion paper, for albums and so on. A large retailer here has part of their floor space in each store set aside for those photo printing kiosks, and I introduced S to the art of putting photos onto a USB stick so that she could print some photos when next she went there…

On her return from the shop, she reported that we hadn't successfully put the photos she wanted onto the stick. When she'd plugged the stick in, she'd found only less than half of the photos we'd stored there. Sure enough, when I plugged the stick in all the files were there safe and sound. Strange thing was I could find nothing in common about the files (uppercase/mixedcase filename, long or 8.3 filename, datestamp, etc) that would have yielded the number of photos that the kiosk had found on it.

Annoying, but life is too short to worry about it. After all, this same retailer was plastering adverts of their new web-based photo printing service… S could submit the photos online for printing and pick them up from the store later.

<sarcasm>This is where the fun really started.</sarcasm>

Their app is Flash-based but seems to have some Java involved as well. While it loaded quickly enough, the app portion of the web page had an incongruous grey background that just looked dodgy. S had to create an account and sign onto the site just to get this far though, which was a bit annoying.

The workflow seemed to be to create an album, upload pictures to the album, then select photos from the album for processing. Creating the album went fine, but when the upload function was selected there were no action buttons visible to complete the operation! S was using Safari, but Firefox made no difference.

Then I suggested she use her laptop, which runs Ubuntu 8.04. The situation actually seemed a bit better to start with, as instead of the upload function showing an embedded file selection dialog like it did on the Mac we got a "normal" GNOME file dialog box. However, only some of the photos showed again: this time, it was because they had hard-coded a non-modifiable filename filter for the dialog that was only picking lower-case file extensions!

Trying to work around this, I mounted the stick manually with different mount options. I succeeded in getting all but one of the files showing with a lowercase name, and a rename fixed that one. Back in the web page however, it still didn't like us: any file chosen from the dialog box resulted in a nonsensical error message followed by a "You have selected no files to upload" dialog.

S was beyond caring by this stage (she has a very low threshold for being stuffed around by technology). She went to Snapfish after a friend's recommendation, and found a well-designed and easy to use WEB site that required no downloads or other junk.

So why did this wind me up to the point of spending all this time blogging it? Because nowhere on Big-W's site is there any mention of browser or operating system compatibility. Not even a "we've tested only on Windows, Mac users may experience difficulty"[1]. Not a blessed thing. Their Help page has a single paragraph about trouble uploading, blaming "your IT Department" for "setting certain network properties that inhibit the upload tool from working".

I wonder if the developers of the app were just so blind to believe that their gunk would just work wherever it was run, or whether they really think that it's a Windows world. Of the two I hope it's the former.

So Snapfish gets a recommendation for being not just an application hosted on the web but a web application. They do good photos too!

[1] I never expect to see Linux mentioned on these things and get pleasantly surprised on the occasions it is; even if it says "Linux is not supported", someone there at least knows enough to mention it.

While the screen of the 7970 looks nice on it’s own, and is certainly a drastic improvement over the 7940/7960, it doesn’t have the resolution to be able to display anything useful other than text and simple images. The BOM images are 524×564, while the largest image the Cisco can show is 298×168.

Here’s an example of my app in action:

Because the phone’s image viewer can’t scroll a large image I’ve had to scale and crop it, losing a fair amount of detail in the process (I did try just scaling it to fit the entire image, but it was totally useless to view). Plus, one of the key attractions of the BOM radar site is the animated images, and the phone has no way to display animations.

So what do you think, lazyweb? I’ve learned a bit more about coding Cisco XML apps, but other than that have I wasted my time? I will put it up on my Projects site eventually (once I’ve put in some more error handling etc), but let me know with a comment here…

I think what finally did it for me was the App Store. I love being able to simply go to an app on the device and easily look for software, installing what I like with no fuss. I especially like the fact that my downloads are synced with my computer, so that I don't have to keep track of all the individual items I've installed (unlike my phone; I can't think where all the sis and sisx files for different stuff I've installed might be).

My Facebook friends will know that I'm much more active there suddenly. Why? The Facebook app on the Touch — I no longer have to start up a computer or open a browser to update my status or reply to comments. I had a bit of this function with Fring's Facebook interface on my phone, but the large screen of the Touch makes things like this much more friendly.

I came very close to getting an iPhone actually — but not to use as a phone. This was after I'd realised that it's just as valuable as an Internet-connected device as an actual phone. The cost of iPhone service is still a bit prohibitive to me though, especially for an occasional-use device.

One of the things that had turned me off was the closed nature of the iTunes ecosystem (iPod, iPhone, Apple TV, iTunes). People sometimes ask me about Skype, and I say that the worst thing about it is that it Just Works. I mean, it's a closed system with no interconnections other than those provided by Skype themselves — by this nature it should fail, and yet because it works (arguably) better than any other desktop VoIP product it enjoys immense success. Same goes for Apple's stuff: the iTunes ecosystem Works And Works Bloody Well.

I've been thinking for ages about sync for calendar and contacts and stuff; I've been hunting for services and software and tools for ages. I could build something myself, and indeed started to (I've looked at Google Apps, used Chandler, checked out Ovi, and played with Sync4J before it was called Funambol). I could spend time and effort coming up with something myself…

Or I could just buy an iPod.

The problem is that Synergy and the VMware console don’t play well together (I could have sworn that when I first started using Synergy I had no trouble with it, but there are a few hits around that describe problems like I’ve now hit). The problems people are reporting are that keys like Shift and Ctrl are not passed to the VM (some described here and here).

My problem is slightly different: the screen of my Synergy client (the one that’s running VMware) locked while a VMware guest had focus. Now, the Shift and Ctrl keys are not picked up by gnome-screensaver to unlock the screen. Even the real keyboard attached directly via USB doesn’t work. Big problem, for the following reasons:

* Thanks to password strength rules enforced on the Linux build I use, my password now has a Shift-obtained punctuation character.
* I can’t switch to a virtual console, since that requires Ctrl (e.g. Ctrl-Alt-F1).

Okay, so the keyboard doesn’t work. This client machine just happens to be a tablet PC, and I had hacked gnome-screensaver (to display the onscreen keyboard to allow the screen to be unlocked in tablet mode). I grabbed the pen and tapped out my password, but it *still* didn’t work: even the output of the virtual keyboard gets the Shift modifier dropped. Hmm… Starting to fume now.

Never mind, I’ll connect via the network…

* Fedora does not start SSH by default (okay, yes, and I didn’t make sure it gets started after I’d finished the install).
* There is no remote desktop (VNC server, XDMCP) configured.
* The shiny web-based management interface on VMware Server 2.0 only listens on 127.0.0.1 (or is being blocked by the Fedora firewall).

So with no way to get access to the machine to try and fix it, a power-off is the only solution. Some readers are probably thinking “boo-hoo, diddums had to kill-switch his widdle poota, how tewwible,” but I hate having to do that; not because the system doesn’t recover, but it’s “problem resolution, Windows-style”.

Even though the real problem was between Synergy and VMware, I’m blaming the (perceived) need for security since without that I wouldn’t have a cryptic password that I can’t enter without Shift and a system I can’t administer over the network. Red Hat and Fedora doing everything in their power to ensure I don’t fall prey to nasty Internet fiends (rich analogies to governmental nannying, but that’s probably over-thinking things).

So in summary: Synergy is great, just as long as you’re not using VMware console and have a password with punctuation or uppercase… Remember to have your SSH or other network access enabled before you play!

The post I made here last night was going to be a comment about how ironic it was that we didn’t want to know our baby’s gender and yet the time of the birth was known. Well as fortune would have it, I would have been wrong on both points!

We were due to arrive at hospital at 1:30pm today for a 2pm induction, but our baby had different plans! S went into labour spontaneously at about 1:30am this morning, so we had the dash to the hospital that we never thought we’d have. By 2:30am we were in the birthing suite, and just over one hour after that our baby girl K arrived!

As for the gender thing, although we were obviously going to be happy to have a healthy baby of either gender we’d both been hoping for a girl. This time, something was telling me that it was in fact a girl–I guess you’d say I was very confident. So confident in fact, that S was quite angry at me about a week ago for not committing to a name for a boy.

N met his baby sister this morning… he has a very proud-looking smile on his face whenever he looks at her! He’s a wakeup to our grownup tricks though–we’d bought him a present to take home with him “from the baby”. When given the present, he reportedly (and in his best “hang-on-a-minute-you-can’t-trick-me” voice) said “that’s not from the baby, babies can’t go shopping!”

PS: What’s Clinker? That’s the nickname that S’s work friends gave to her baby-bump!

Every so often I found that some random junk would show up in comments to my blog posts. When I saw it I’d just delete it, and it didn’t occur often so I didn’t really think much of it.

This was until I spied a comment that I actually needed to reply to, and found I couldn’t. I started looking at why the record number of the comment was so high, and found that my blog of little-more than 100 entries had become home to over 13000 items of blog-spam.

I blame myself, obviously, as the software I use had introduced spam-filtering techniques a couple of versions ago and I hadn’t kept up.

In cleaning up the garbage, behind the red mist of rage I saw at having my blog being violated so, I noted something interesting. The issue had been going on for some time, and I realised that in front of me, in my humble little blog, I had a snapshot of the evolution of blog-spam.

The early stuff was primitive, and easily identified by querying for the names of erectile dysfunction drugs and other medications. The later stuff was harder and harder to detect until I was virtually picking it record-by-record out of the database. Some of it made absolutely no point to me at all: strings of random alphabetics with not even a URL in sight; maybe this was a worm just looking for the kudos of a DOS.

The thought occurred to me that perhaps I should have kept it, in much the same way as someone I know keeps copies of PC viruses and worms in a little (hopefully isolated) folder. Then I realised two things:

* Preserving something, or putting it in a museum, gives it some legitimacy. I don’t want to legitimise blog-spam; and

* The art (if any) in blog-spam is in the code that generates it, not in the crap it leaves behind.

As for all the hits on my ClustrMap, I figure 80% are the spambots infecting the blog and about 19% are the poor folk that got drawn to my site as a result of the spam. I had been thinking of a different blog platform, perhaps this episode shows that I need something a little harder.

Of course another way to fight blog-spam is to get your network disconnected from the ‘Net, and my ever-so-unfriendly ISP went out of their way to do that for me this weekend. Unsolicited, of course, which is even better. On a Friday afternoon, too — better still, as if you do actually manage to get someone on the phone it’s too late for them to find anyone who can do anything about it (apparently).

Recommendations of a good ADSL ISP accepted: although keep it to yourself if your ISP’s called wwkjukhkkjlpuggh or qjkdfsdfaksjkulkfhg…