Wednesday Jul 02, 2008
How ironic. After years of ignoring the problem of sensitive data stored on laptops, many companies are finally re-evaluating their policies and procedures about that data, instituting processes to encrypt or otherwise protect that data. Losing that data or having it fall into the wrong hands has always been a threat and has happened to many companies many times in the past. But by and large, many companies choose to ignore the problem, viewing the chances as too small to be worth the burden.
What has changed their minds? Recent news and a Supreme Court decision that reveals that the U.S. Customs can seize a laptop at the border with no probable cause, on nothing more than a whim. That's right, if they want to examine the data in the laptop, they can seize it and hold it indefinitely. The threat of criminals stealing the laptop has deemed too unlikely to worry about, but the U.S. Government seizing a laptop, well, that is another matter.
Monday Jun 30, 2008
The Senate voted on Friday to postpone the vote on the FISA Amendments Act of 2008 until after the July break. While this may not sound like much of a reprieve, it is actually huge. The mainstream press was predicting that the bill would breeze by and pass handily. Given the voting proportions in the House, it did indeed seem likely. But the number of calls and emails directly to the Senators have made them take another look at this and ask for more time to decide. This is great news, because it gives the opponents of the bill a chance to talk to the Senators and let them see what the bill really means. Good Job!
Wednesday Jun 25, 2008
Last Friday, the U.S. House of Representatives approved H.R. 6304 The FISA Amendments Act of 2008. This is a not the compromise that proponents of the bill would like you to think, but one thing is that it provides immunity for the Telecom companies that allowed the U.S. Government to perform warrant-less wiretaps.
For quite some time, the U.S. Government has been doing wiretaps without warrants, and the telecom companies have aided it in this process. Of course, it is illegal to aid anyone in the furtherance of a crime and an important part of the checks and balances of our system is that people must be held accountable for their actions. The government is largely immune to investigation into the matter because it would take someone whose rights had been violated to bring suit and only the government and the telecoms know who these are and the names are a matter of national security and cannot be released. But this is not the case for suits against the telecoms. The courts have already ruled that it is not impossible to prosecute the cases against them without violating national security, because the names and reasons for the wiretaps are not at issue. These lawsuits may be the only way to find out the true extent of the constitutional violations made by this administration.
The FISA Amendments ACT basically says that the telecom companies are immune to prosecution if they were obeying the orders of the government. See? If the government says it is okay, then you can violate the Constitution with impunity. That's the Nuremberg defense, plain and simple.
Now, I understand that when approached by the government, one needs to think long and hard about violating its orders. But do we really want to start the precedent that you are absolved from responsibility if you do what it says? The accountability provided by the responsibility everyone has for his or her actions is an important part of the checks and balances that allow our system to work. Any government that can expect its citizens to obey its orders without question is by definition a totalitarian one; much worse that its citizens submit willingly.
So, I urge you to call your senators and tell them to vote no on this bill. It comes before the Senate on Friday, so call today.
Monday Jun 23, 2008
I am stunned. I can't believe it. I just read that George Carlin died yesterday.
I remember buying his albums when I was a kid. I used to know all of the routines on those albums by heart. Just last night, as I put my daughter to bed, I quoted one of his routines: "Tonight's forecast--dark, with continued dark followed by widely scattered light in the morning." That's how much George Carlin affected my life, even to this day.
We need people like him, the "Class Clown", the "Foole" that makes us laugh and makes us think at the same time. He could look at life's absurdities and see them for what they were, and then make you realize just how absurd they really were. I will miss him terribly.
Thursday Jun 05, 2008
As you may know, several women here at Sun were recently honored by the YWCA of Silicon Valley with the annual YWCA Tribute to Women (TWIN) award. The honorees here at Sun were Cheryl Cook, Beverly Glasser, Noreen Krall and Karen Tegan Padir. Congratulations, ladies!
Now the thing is, the news service System News rightfully had an article about this event. The article was called Women Impacting Sun's Success. Did you catch the problem with this title?
According to Webster's dictionary the definition of the word "impact" is to "affect" or "influence" which I am sure was how the author of the piece meant it. But there is more to the definition than that. The full definition is "To affect or influence, especially in a [...] undesirable manner." You see? When your schedule is impacted by something, it is never a good thing, right? I wonder what a better headline would have been?
Thursday Jun 05, 2008
As you probably know, Sun is now offering support for the OpenSolaris distribution. This means that critical bug fixes will be made in versions of packages that can be installed on prior releases of OpenSolaris. That mechanism is coming online right now, and I was the first person to integrate a fix into the newly created source tree for the 2008.05 release of OpenSolaris. I can't tell you just yet what the fix is, because it is a critical security related fix, and we have to co-ordinate the release of the info about the bug and the binary fix itself for all supported releases in order to avoid the "zero-day" effect.
Let me tell you, making co-ordinated fixes like this is a lot of work. I had to create the fix for this bug for six (6!) different releases simultaneously. We have to have all the patches, packages and the SunAlert all ready to go at the same time. Phew!
Thursday May 15, 2008
-
A list of web service API's, all ripe for mashups.
-
How to explain to your grandma what DRM is about and why it is bad.
Monday Apr 07, 2008
This weekend was an exercise in frustration. I was locked in a maze of twisty little passages, all different. I was following the dreaded tree of open source dependencies.
I have all of the familiy photographs and MP3's on a Solaris file server. We primarily use the MP3 on my kids iPods. The kids are always complaining that they don't have any good music on their iPods, but this is primarily because they don't really know what songs we already have. So, my wife went to play them some music that she thought they would like. Much to her chagrin, she discovered that when she played the music through the computer monitor speakers, they sounded awful. She wants to play the music through our home theater. One button, no configuration.
I used to have the audio output of the sound card routed to the home theater, but we could hear the TV sound through monitor speakers which was quite annoying. I had no idea how to fix that, so I ended up just disconnecting the cables. Now, we have a Tivo, and I know that Tivo can stream music and video from a server, so the obvious solution was to play the music through the Tivo.
I had played with this a couple of years ago on my previous file server, but the streaming daemon used more memory than I could afford on that system, so I couldn't just let it run, which defeated the purpose. But since then I got a new server with a lot more memory, so it was probably feasible to just let the service run.
The most popular Tivo server is a piece of software called "Galleon". It is highly configurable, has lots of plugins for different applications and is written in Java. Great, I thought, I had it working before, it's probably even better now. So I went and downloaded Galleon.
First thing I noticed is that it isn't a lot different than it used to be. When Tivo released their SDK, there was a flurry of activity around making all kinds of applications, but after about 6 months or so the novelty apparently wore off, and the development since then is at a trickle, mostly around keeping things working when a new version of the Tivo software comes out. There is some new work being done, but not much. Too bad.
So, anyway, I download Galleon, and install it and the first thing I discover is that although it is written in Java, it uses a native executable wrapper program to start the JVM, and the Main class has been removed, so it can no longer start standalone. Doh! I start looking around, and I find a message from somebody else with the same problem, wanting to run it on Solaris and noting that the wrapper is not available on Solaris. Darn. But a little more looking and I find that it actually is now available on Solaris. Yah. What were the Galleon developers thinking? They had a 100% "write once, run anywhere" application, and they tied it to specific platforms over a minor convenience function.
Okay, now I can start galleon and get it running. It just sits there, because I haven't configured it yet. I'm almost home free right? Wrong. There is virtually no documentation on how to configure it directly. There is a gui program you need to run to configure it. The only thing is, when I run the gui function, the JVM cores. There used to be docs on how to configure it manually, but they are no longer on the site. Game over.
Back to Google. I know there are other applications for the Tivo. Maybe I can't have the swiss army knife, but a steak knife will get the meat cut anyway. So for the next half an hour I go through various apps one by one, trying to find one that is suitable. I finally found pyTivo.
The pyTivo program is a Tivo application written in Python. I looked at the docs and checked the system, and lo and behold, I have a suitable version of python already installed. So I went to get the latest version of pyTivo and discovered that it uses a download protocol called "git", and no, I don't already have git installed.
Well, I figure that git should be easy enough to build and install. So I download git. I configure and try to build it, then discover that git needs "curl". So then, back to google, but before looking for curl, I look around a little more and finally find a link to a zipped archive of pyTivo source, so I don't need git or curl after all.
So, now I build pyTivo and discover that it needs a package called ffmpeg to do the transcoding of the formats into Tivo native format. I find ffmpeg and discover that it is so complex that I don't even want to start on porting it. Luckily, i found that a fairly recent version is already available on blastwave. So off to blastwave.
I already have blastwave installed, but it was a long time ago, so when I run pkg-get from blastwave, it wants to upgrade itself. But to upgrade itself, it also wants to upgrade its own dependent packages. And so on and so on. And unfortunately, although you can tell it to just go ahead and upgrade everything, it still runs pkgrm and pkgadd, which each have a yes/no prompt that pkg-get apparently will not answer for you. So for the next half hour I sit there typing "y" and
"return" over and over again.
Finally, it's done and ffmpeg is installed. I configure pyTivo (2 lines changed in a text file) and start the server up, and bingo! Music over the Tivo. Unfortunately, the interface is a little clunky for the Tivo. I have the music organized by genre, artist and album, but since the Tivo can only display about 10 lines at a time and starts from the beginning at each level, it means you might have to scroll through a lot of pages at the artist level to find the one you want. Using iTunes and Media Monkey, you usually do a direct keyword search to find something you want. I might be able to add another layer just for the Tivo with each letter of the alphabet, I'll have to play with it some more. Actually the worst thing about having to scroll through the whole artist list is now my wife is seeing all the music that I have that she didn't know about. Our tastes in music don't exactly coincide.
Unfortunately, the saga doesn't end there. Having this capability with the Tivo led to having to reprogram the universal remote, which meant I had to track down the users guide, etc., etc. It just never ends.
Monday Mar 24, 2008
I was recently pulled into a problem with system clocks. Because I am the "go to guy" for NTP at Sun, I often get involved with system clock problems because they are often only noticed with the customer starts running NTP
Anyway, in this particular case, a customer was evaluating some systems and noticed that the computer clock was seemed to be jumping around quite a bit. The account team set up a couple of test systems and were able to see the same problem. That's when I was called in.
The first thing to do in this kind of situation is to get NTP out of the picture. NTP can only correct clock drifts up to a certain point, and beyond that you start getting some nasty interactions that can obscure the real issues. So, we turned xntpd off and started running "ntpdate -s -q" in a cron job every minute.
This revealed something interesting. The system was drifting to a two second offset in about half an hour and then jumping back to zero offset. This is a typical symptom when you are not running NTP. There is a battery backed hardware TOD (time of day) clock built into almost all modern systems which is used to set the time at boot up. It is also used to double check the system clock. When the system clock and the TOD clock differ by 2 seconds or more, one is set to match the other. Which happens depends on other variables, but in the set up I described, the system clock is almost always reset to match the TOD clock.
So, in this case what was happening was clear. The system clock drifted by 2 seconds each half hour and then was reset by the TOD clock. If you checked less often than once each half hour, it would appear to jump around randomly.
So why was the system losing time? We calculated this out, and it works out to about a 0.125% error rate. This rang a bell with one of the other engineers I was working with. It turns out that the system clock is modulated by 0.25%. I had never heard of this before. It is called "spread-spectrum clock".
Here's the deal. Systems throw off a lot of EMI (electrical magnetic interference) and there are regulations by the FCC as to exactly how much EMI you are allowed to have. One reason that computers throw off this EMI is that they are run using a digital clock signal that synchronizes all of the system components. All of the parts are in sync at exactly the same frequency, so they throw off a lot of EMI at exactly that frequency, with lesser amounts at the harmonics.
The FCC regulations determine the peak EMI at a particular frequency allowed. So, to lower the peak EMI, the idea is to slightly modulate the system frequency, so that the EMI thrown off is spread over a range of frequencies. This lowers the peak while keeping the total energy released constant. At first I thought it sounded like cheating, but I looked it up and the FCC is totally okay with this.
So, in this case, the system frequency is modulated downward by 0.25% three thousand times a second. I guess that because it was modulated so quickly (3KHz) by such a small amount (0.25%) the designers figured that nothing in the software would be affected. The only thing is, when you are counting by nanoseconds, those errors can add up. The average frequency is of course 0.125% slower than the rated frequency which as I said above works out to an error of 2500 part per million. NTP can correct errors of up to 500 PPM, so NTP was way out of its league.
We normally require a maximum error of 2 seconds per day on Sun systems, which is an accuracy of 0.0023%. Makes you appreciate how finely tuned these things are.
So, as a result, the firmware is being changed to report the average frequency to the system, not the peak frequency. See? Even a small error can add up
Friday Mar 14, 2008
-
Open project to document all the species ever discovered.
-
Peach, the opensource, collaborative animated movie rendered with blender
Friday Mar 14, 2008
Today is "Pi day". That is, the date today is 3.14. In another the local time will be 1:59:26.535. In celebration, my daughter Sarah memorized Pi to 50 digits last night. Way to go Sarah!
Like the Indiana State legislature, Sarah's mom said that all she needed to remember was that is was 3. Just no spirit of fun.
|
|
|
|
