What happens downstream?: Scott Mattoon's blog

No sooner had we put the wrap on an April 9 Commonwealth Club panel interview on Collaborating for Change, than PBS announced a really cool collaborative project on Nova to design the "Car of the Future".   Both of these recent productions focus on the application of open source design to social and economic needs beyond software.  The promise of open source economics is popping up everywhere.  It must be something in the water, (or the atmosphere).   Network based open source design efforts have been written about before, and there's more than a few established non-software open source design projects, but they were hardly regarded as mainstream.  And open source as a business model has been a fringe enterprise.  But all that is changing.

The upcoming Nova special, and the Commonwealth Club interview (with Amy Novogratz, Kate Stohr, Maria Giudice, and myself (video courtesy fora.tv)) serve as proof points that this phenomena has exceeded meme status and is spilling over into the broader socioeconomic graph.   But we knew this was inevitable, right?  We just needed the right conditions for humanity's collaborative tendency to come out of the proprietary deep freeze.

The substrate upon which this new culture is rising pairs flexible licensing models a'la Creative Commons with accessible technology for building collaborative online communities a'la Drupal and Wordpress,  Yahoo!groups and PBWiki.  Among the catalysts for this reaction are frustration over obscene economic inequities around the world, abuses of people and planet for profit, and utter neglect by federal governments.  As was discussed here in the video interview about the Open Architecture Network, these frustrations can be overcome by collaborating for change on the net.

Need more proof of the trend toward an open source economy?  Just check with the folks at Open Everything.  They're tracking numerous open collaboratives, which are exogenous to  the software world, but infused with many of the same principles, practices and tools as open source software projects. 

One of the most prominent tools applied to these new collaboratives is Drupal, and we discuss it's role in the Open Architecture Network in the video (at :37:30, :46:30, and :51:00).

Ten years ago who would have imagined that:

• IBM would begin opening their patent portfolio?
• Major news bureaus would sponsor citizen journalism?
• Educational curriculum would be opened and shared for free?
• The Pirate party could get on a national election ballot?
• Sun Microsystems would convert its software portfolio to open source, and it would be profitable?  (Well, that one you might have imagined.)
  

Yet these, and plenty of other examples show that collaborative culture is on the rise.  Does this signal the next generation economy in which businesses profit less from market lockout and legal protection and more from direct value delivered in open markets?  Or does it lead to a more fundamental shift wherein socioeconomic prosperity derives less through commerce than through collaborations for which the primary incentive to contribute is sociocentric good? 

Back now from DrupalCon, I'm parsing all that happened last week in Boston.  For me it was a whirlwind, interrupted by a plethora of hassles, including a nasty head cold, keyboard and trackpad on my MBP crapping out, a crashed demo, and several hours separated from my Treo while it rode around in the back of a Boston cab.  All that negative energy converging on me was more than offset by the positive vibe at the four day conference.  The kindness of the cabbie who drove crosstown to return my phone helped too.

One of the highlights for sure was spending time with a new Sun colleague, Brian Aker from MySQL.  We had breakfast at Henrietta's near Harvard Square before his keynote on Wednesday.   I asked him about the merger with Sun, what's next for MySQL, and how he'd like to see our field organizations work together.   He said the merger has been pretty well received and there was a general appreciation at MySQL for Sun's commitment to open source (something I hope will rub off on Brian's Slashdot amigo Chris Dibona, who conspicuously left Sun off of his Tuesday keynote list of companies that "get" open source).  There is a tradition of collaboration between Sun and MySQL too, which Brian indicated ought to help smooth the integration.   Lot's of his work is going into memcached these days, particularly in the libmemcached client.  He cleared up a misconception for me regarding Innodb: since Innodb is GPL'd, the risk of Oracle smothering it is nil - the community is driving it, and it's not the dead end many had feared.   What's next?  Don't expect to see MySQL 5.1 until 2009; do expect a maturing and further specializing application of the MySQL engines MyISAM, Innodb, BDB, and Archive; and plan for an adoption ramp for DRBD.  Brian had some great advice for Sun's field engineers: get familiar with MySQL technology by taking advantage of the many training resource available at MySQL.com.  MySQL University is a great place to start, (be sure to catch Brian's talk on EC2 March 29).  I also caught some good audio one-on-one with Brian after his keynote which I will post separately, along with his advice on scaling up your database.

RDF and Semantic Web were topics of much conversation and at least one BoF session.  With the addition of RDF modules in Drupal 6, developers can mashup data from multiple sites in very interesting ways.  If Web3.0 is massively distributed data mining, indexing, and mashing it all up, then Drupal is positioned to be the portal for this convergence, as Dries Buytaert resolutely declared in his Monday keynote

I gave a talk on running Drupal on Sun, with some help from Chris Cheetham from Project Caroline, at the end of the day on Wednesday (slides at right).  As luck would have it, my demo froze up, but I did manage to show Drupal running in a Solaris Zone, and DTrace to count function calls from Drupal.  Chris's demo of Drupal deployment to Project Caroline went much smoother.

Another highlight was awarding the grandprize Sun Fire T1000 server to the winners of the Showcase Site competition.  PingVision won it for their work on Popular Science Magazine.  Congratulations to Kevin Bridges and the rest of the crew at PingVision.

There was a lot of support for the next DrupalCon to be held in Hungary this fall.  It will be hard to top the Boston event, but I know this community will do their best to have the best one yet.

• DrupalCon Boston 2008 on flickr
• Recordings of DrupalCon Boston 2008 sessions
  

Here are just a few of the highlights I've had the privilege to experience at TED in Monterey:

Phil Zimbardo prepared Tedsters to become everyday heros by informing us just how closely we dance with evil.  Evoking Solzhenitsyn, who said "The line between good and evil cuts through the heart of every individual," Zimbardo's research reveals how susceptible we all are to falling in with Bad Apples.  But we're able to resist it best when we're not in a Bad Barrel, i.e., the situations and institutions we inhabit must foster cooperation not separatism, empathy not blame.  I.e., the opposite of the conditions in Abu Graib pre-scandal.

Irwin Redlener prepared us for survival in the wake of a nuclear attack by elucidating a few relatively unknown tips:  (1) post blast radioactivity within a mile or so of the blast is lethal on the ground, so get shelter below ground or on the 10th floor or above, (2) know the prevailing wind direction (and ideally the actual wind direction at time of blast) and head perpendicular or away from it,  (3) don't rely on the government or other government preparedness programs to protect yourself.  They're not ready to deal with it, and (4) keep your mouth open so your sinuses don't burst in the aftershock of the blast.

Samantha Power prepared us to recognize heros who embody the knowledge so precious to dealing with today's most difficult challenges by giving tribute to champions like Sérgio Vieira de Mello, and reminding us to seek them when working to avert social atrocities and humanitarian crises.  She put American pride on notice with a reminder that our "Never again" ethos was nowhere to be found during the Rwandan genocide.

A brief "trailer(?)" for Pangea Day debuted to the delight of Tedsters.

And then there were the Prize Winners:

Neil Turok, whose dream is that the next Einstein will be African.  He's building a model for higher science education in Africa with the AIMS school, delivering RICH (Relevant, Innovative, Cost Effective, High quality) education in major African countries.

Dave Eggers, founder of 826 Valencia and merchant to buccaneers.  His model for neighborhood driven afterschool tutoring in the back of a kids emporium is being imitated all over America, and has even sprung up in Dublin.

Karen Armstrong, author and scholar of comparative religions.  Her wish is perhaps the most audacious TED wish to date, which is has something to do with getting Jews, Muslims, and Christians together on matters of universal justice and respect, but I'm a little vague on the details.  I thinks she wants some help with that part. 

Anyway, Karen and the rest made a believer out of me.

Sitting in the Is Beauty Truth? session at TED2008 today, I am reminded of a phone conference with TED Curator Chris Anderson last fall to bring him up to date on the status of one of the previous year's TED wishes.

When Sun wrapped up its formal role in developing the Open Architecture Network (OAN) it handed over a sustaining challenge to the site's owner and community leader, Architecture for Humanity (AFH).   When TED Curator Chris Anderson asked Sun why the TED Prize winner was left in a lurch I gave a short answer, "It was primarily due to reasons of expediency".  In actual fact, Sun never walked away from AFH.  Sun was, and continues to be, committed to their success and continues to be involved.  As of today, we now we see a clear path to a sustaining model that leverages the Drupal community and frees AFH from the dependence cycle it was caught in with Sun.  I look forward to bringing that good news to Chris before the conference wraps up on Saturday.

The first step on this path is to refactor the site such that it runs on an unadulterated Drupal core.  To do that AFH and Sun have contracted with CivicActions to migrate the OAN from a hacked Drupal 4.7 to a clean Drupal 5.X.  (It was the hacking aspect that I explained away to Chris Anderson as "expediency".  Corners were cut, compromises were made, but AFH's and TED's primary goal, to launch the site at TED2007, was achieved.  Incidentally, of the three TED2006 prize winner, only AFH's wish was realized by TED2007.)  CivicActions won the bid to perform the migration by doing a professional and efficient assessment of the OAN's current state and the effort required to bring it up to the high standards of a showcase Drupal site.

My next few posts will describe the process of setting up this development environment as we open Chapter 2 in the OAN's odyssey.  I'll describe how we use OpenSolaris to enable efficient development, testing, and deployment for multiple contributors working on multiple tasks and timelines.

For more on why OpenSolaris was chosen as the development and deployment platform for the OAN, see this article on the Sun Developer Network, and this brief interview.

Whilst installing Drupal 6.0 on Solaris Express Developer Edition (SXDE) 1/08 I ran into a few glitches with the brand new Webstack, which makes it's debut in this build of OpenSolaris.  (SXDE is Sun's distro of OpenSolaris.  It's the best way to get access to all the latest stuff in a relatively feature complete distro of OpenSolaris without having to build the whole O/S yourself.)  With the advent of Webstack integration you don't need a separate download to get all the AMP stack integration and optimizations previously only available in Coolstack.

The executive summary of the solution to the Drupal 6.0 install glitches is:

1. Edit  /etc/php5/5.2.4/php.ini  to add '.' and Drupal's base dir (/opt/drupal-6.0, in my case) to PHP's include_path:

   include_path = ".:/usr/php5/5.2.4/include/php:/opt/drupal-6.0"  

2. Spoof PHP into thinking it's using an older MySQL client:
   

   ln -sf /usr/mysql/5.0/lib/mysql/libmysqlclient.so.15 \ 
   /usr/mysql/5.0/lib/mysql/libmysqlclient.so.12 

Now, with these fixes in place, I have the advantages of the Service Management Framework (SMF) and DTrace, plus an AMP stack compiled with optimizations for Solaris and the processor architecture (AMD64, in my case). 

If you're interested in a more detailed account of the glitches and fixes, read on...

The first glitch prevented the Drupal index.php page from rendering, and appeared in the apache error_log as:

PHP Warning:  include_once() [<a href='function.include'>function.include</a>]: Failed opening 
'includes/install.inc' for inclusion (include_path='/usr/php5/5.2.4/include/php' 

which was remedied by adding '.' to the include path in include_path in /etc/php5/5.2.4/php.ini

include_path = ".:/usr/php5/5.2.4/include/php" 

Then, proceeding to the database setup, MySQL gave an error:

"Client does not support authentication protocol requested"

This was easily resolved by the procedure posted on http://dev.mysql.com/doc/refman/5.0/en/old-client.html, but that's a compromise on MySQL password strength, so not ideal.   This allowed me to proceed to the next glitch, which apache error_log explained as:

"ld.so.1: httpd: fatal: relocation error: file 
/usr/php5/5.2.4/modules/mysqli.so: symbol 
mysql_set_local_infile_handler: referenced symbol not found" 

ln -sf /usr/mysql/5.0/lib/mysql/libmysqlclient.so.15 \
/usr/mysql/5.0/lib/mysql/libmysqlclient.so.12  

and another addition to include_path in /etc/php5/5.2.4/php.ini to add Drupal's base dir

include_path = ".:/usr/php5/5.2.4/include/php:/opt/drupal-6.0" 

Turns out that spoofing the library name like this also solved the "Client does not support authentication protocol ..." problem too, so I'm back to full MySQL password strength.

After these three simple but obscure fixes it was all clean sailing.  I now have Drupal running in six zones across two separate instances of SXDE 1/08 using the latest Webstack. 

The final two days of Drupalcon 2007 were competing with the phenomenal La Merce Festival for conference attendees' time and attention.  Had Sun not paid my airfare to be at the conference I'd have been at the festival catching as many of the 100+ bands playing in Ciutat Vella as I could. 

As such, on Day Three I dutifully presented a session entitled “Industrial Grade Deployment on SAMP” to many of the more prominent developers in the Drupal community.  The session followed an outline that I think helped establish Sun's relevance to the community:

1. How is Sun already connected to the Drupal community?
2. What has Sun been up to all these months/years since you last heard?
3. What are some Drupal specific Use Cases that are interesting on Sun technology?
4. How do you get started using Sun technology?

The slideshow embedded here answers in some depth each of these questions.  Lot's of other presentations from DrupalCon are posted over on Slideshare.net

Day Four was capped by some updates and insight from Dries, the father of Drupal and spiritual leader of the conference.  Dries Buytaert created Drupal at age 22.  Seven years later he continues to lead the Drupal community and actively contributes innovations to the platform.  He is a PhD student at University of Ghent where he has published several papers on Java performance, and has developed tools and frameworks for JIT compiler analysis and Java performance tuning.  The irony that Drupal is built on PHP is not lost on the Drupal community or Dries.

One of the most important updates presented by Dries was the 2007 developer survey results.  Sun's value to the community came into sharper focus when he flashed the answers to the question, "What are you good at and what skills do you want to invest in?"  Performance, Scalability, and High Availability were areas in which over 80% had little experience or wanted to learn.

Drupalcon was a great experience.  I'm looking forward to the next one, which is likely to be somewhere in North America this coming spring.

Sometimes the relevance of a technology only becomes apparent after examining it's origins.  For the uninitiated, I'll drop back a few sentences here to help understand Drupal's roots, before talking about some of the interesting things people are doing with it. 

Drupal was created by Dries Buytaert in 2001.  Drupal is licensed under the GPL and is written in  PHP.  It is typically deployed in a LAMP environment although a few prominent sites have deployed Drupal on Solaris.  Drupal 5 is the current release with Drupal 6 due out in fall of 2007.

The popularity of Drupal has been driven by a passionate group of developers who come from very diverse backgrounds and who have applied Drupal to an equally diverse range of needs. 

The early community of Drupal developers grew primarily through rapid adoption by Web 2.0 hobbyists, nonprofits, and political activist organizations.  Howard Dean's push for the U.S. Presidency in 2004, noted for leveraging online tools and communities, owes much of its success to the Drupal powered 'Deanspace'.  This highly visible use of Drupal drew much attention to the community and triggered a huge wave of Drupal adoption. 

One of the most interesting uses of Drupal that I've seen is that which was presented at DrupalCon by Ivan Labra from SPAWAR, the Space and Naval Warfare division of the U.S. DoD.  He is using it as a integration platform in support of SPAWAR's peace and stabilization efforts, in which basic integrated ICT capability must be deployed into austere and sometime unstable environments.  Known as Speed-to-Capability, this project defines a technical architecture and deployment strategy for quickly building communication and collaboration capacity FOSS components combining PBX (Asterisk), Instant Messaging/Chat (Jabber), email (Postfix) and software provisioning (HostMaster) capabilities on the Drupal framework.   In my role advising on technology capacity in the developing world, I hope to work with Ivan in the future to apply this important communication and collaboration capacity.

• OpenID: It's in core... now what?   by James Ransom Walker.   James is clearly an OpenID advocate and says the risks associated with it are manageable, or at least acceptable.  OpenID has been added to the Drupal 4.7, with updates for 5 and 6 coming soon (I'm not sure whether that's and Iraq pullout-style timetable, or a clever call for volunteers to lend a hand - James did say he could use some help).  This much heralded addition to Drupal gives developers an "out of the box" provider and  relying party status if they want it. It also comes with a new set of concerns for developers whose permutations are myriad: What is the trust model I want to deploy?  What level of protection do my users need from my provider service? As a relying party, what level of authentication do I need from a provider?  How do I choose to providers to accept?   Do I care whether a user's ID is globally unique *forever*, or just for now?  The OpenID spec. itself leaves the developer with all of these choices and more.  OpenID's flexibility is both a virtue and a failing.  Maybe someone in the OpenSSO community can lend a hand to James and avert the sedimentation of a partial solution to an omnipresent problem.  OpenSSO is moving quickly to support OpenID provider implementations.  It has support for the relevant federation standards, and it even has a PHP Client SDK and a PHP library for SAML 2.0 Relying Party.  When it comes to Identity Management, I'm not convinced that today's "good enough" won't be tomorrow's compliance regulation headache or M&A due diligence hiccup.  My vote is for an OpenSSO based identity module for Drupal 5 and 6 rather than an OpenID only module.
  

• "Enterprise" Drupal  by Ken Rickart.   Ken works for Morris Communications, a very stodgy, family run corporation.  Drupal adoption at Morris would seem a long shot for the traditionalist culture of this media giant.  But with the aid of Ken's obvious leadership and technical skills, Drupal is shaking things up.  If Ken's experience at Morris is any indication, I'd expect we'll hear about more tremors rippling through vaunted institutions and enduring companies triggered by Drupal's "time to market", low cost advantage.  Ken talked about how he rapidly delivered some high value business services to internal users (contract renewal reports) and external media consumers (online editions of local newspapers) with Drupal, demonstrating just how true the "good enough" axiom can be for certain classes of problems, and why that mattered to the big cheese at Morris whose main functions are to manage the bottom line and shake hands with the pros at Augusta National).
  

Start Up style enthusiasm was in no short supply at the second CommunityNext conference held at the Plug And Play Tech Center in Sunnyvale last Saturday.  Several companies represented were not even online as of the first CommunityNext conference held last February, yet many have since built thriving communities with millions of users.  The secret to their success, and the theme of this gathering, was viral marketing.

While February's day long event featured lessons on How to Tap The Wisdom of Crowds, Saturday's teachings might best be described as Getting Inside The Teenage Brain.  The scope of possibilities seemed to have devolved in the intervening six months to a level more concerned with how 14 year old girls will place a widget on their MySpace page than how the network effect can improve the lives of millions.  I left the event feeling like the social networking party had moved to the trailer park and the Anchor Steam on Draught had been supplanted by Pabst in cans.   But I don't spend much time on MySpace, so take my sentiments with a grain of salt (and a lime).

Amid the inanity of Profile Bling and Breakup Alert best practices there were sensible exchanges about building net communities the viral way.  Some insights from the viral front lines :

• Metrics matter - measuring effectiveness against goals are as important to running a widget based viral marketing campaign as any Madison Avenue ad campaign.  
  
• It turns out that wikis are for everyone - given a wiki as easy as making a peanut butter sandwich, teachers will use it to develop curriculum and engage their classes, as PBwiki discovered.
  
• The Facebook platform was deemed by many widget developers here as the API sine qua non.
  

Perhaps most relevant to a field architect like me was the implicit adoption pattern threaded throughout the presentations: widgets get combined with other widgets to make new and interesting platforms that are essentially loosely coupled composites of fine grained apps.  This seemingly chaotic trend toward Widget-dom foreshadows an adoption pattern that runs orthogonal to the SOA model so many enterprises are pursuing, where heavy duty governance is critical and service discovery with its attendant infrastructure represent costly overhead.  Corporations are spending millions planning multi-year SOA initiatives.  Meanwhile the Facebook platform allows developers to build composite applications quickly, all the governance is essentially embedded in the client libraries, and services are discovered virally - registries and WSDL are not critical to the ecology of a Widget World.  Granted, student social calendars and virtual food fights are a far cry from a CRM/ERP/BI mashup, and identity management and access control through a RockYou widget would make any CIO cringe, but with the addition of JSON support to platforms like Facebook I expect we'll see more complex integrations emerge soon, and WS-XACML shows promise for protecting data exchange between loosely coupled apps according to some rich policy.  How quickly will this hosted RESTful approach displace enterprise owned and operated SOA infrastructure is hard to predict.  No doubt the transformation is driven by many of the same factors driving the redshift market transformation Sun is betting on.

The explosive growth experienced by many of the companies at CommunityNext reaffirms Sun's focus on designing for network services at scale.  The results of that focus, such as Project Blackbox, the Niagra processor, and the Sun Grid, ought to figure heavily in the future of many of these start ups.  Sun's SOA technology, which looks more and more RESTful by the day, could be the best bridge for Enterprise IT to cross into Widget-dom, and a good platform for social networking platforms to adopt in order to penetrate the Enterprise market.

My cryptic and incomplete notes from this Sun sponsored event are below.

The People Formerly Known As The Audience landed a piece on Wired.com today about the Open Architecture Network (OAN).  

The story was part of a pro-am journalistic experiment orchestrated through Assignment Zero that produced 80 distinct articles dealing with crowdsourcing, of which 12 earned a spot on Wired's home page.  As one of the OAN story contributors, I bagged my first byline on Wired.com, one in which I was decidedly on the am side of pro-am.  While my contribution was relatively small, it was enough to give me a taste of the post-edit blues - most of my copy was either red-lined, or reduced to the point of inaccuracy.   My original reporting expanded on the technology choices and process of developing a collaboration site using the open source CMS Drupal.   The final piece gives a nod to Drupal and Sun Microsystems, but leaves the wrong impression:

"Even the software powering the site -- designed by Sun Microsystems -- is open source: the Drupal content management system chosen by thousands of nonprofits for its ease of use."

Sun did not design Drupal, and while ease of use is one of the virtues of Drupal it's an oversimplified view of why so many nonprofits use it.  Granted, the focus of the story was not so much on technology as the potential for open source design, but one of the points red-lined from my copy was perhaps one of the most relevant given the context of this crowdsourcing experiment:

"Organizations that use Drupal for their online communities include... Assignment Zero."

Drupal is everywhere.   Drupal's integral role in the explosion of collaboratives born of open sharing and grass roots participation is worthy of an entire Wired issue, if not more than just a mention buried deep in one story.  Even among citizen journalism sites, it's a dominant software platform - witness The Witness Project, for example.

Still, good to see the momentum for Architecture for Humanity continuing in the media - in addition to the Wired piece, another story about the OAN appeared this week in Business Week, and AFH's founder, Cameron Sinclair, was added to the distinguished list of "Thinkers of Tech" for Fortune's iMeme conference next week in San Francisco.

We're still the audience, we just have something to say now. 

Planetizen, the online commmunity for urban planners and designers, ranked the Open Architecture Network as one of the Top Ten websites for 2007.  Like the OAN, Planetizen is built on the Drupal CMS. 

While browsing through Planetizen I came across a link to AssignmentZero a crowdsourcing journalistic experiment.  The site is also built on Drupal, and they've got an assignment posted to write about Architecture for Humanity, who they describe as "one of numerous organizations practicing open design".   Along with three other writers, I took the assignment, natch.

The Open Architecture Network has posted a "project" chronicling in photos the process of bringing this community online.  Except for one particularly unflattering photo of me, there's a good sequence of photos of the SunFire X2200 M2 servers and Storagetek 3511 storage array racked in AMD's data center. 

With all the available space in that rack why did we stick the shiny new gear at the bottom of the rack?  In densely populated racks, servers mounted in the top half of the rack have as much as a 50% lower MTBF than servers in the bottom half.  The working rule of thumb is for every 10^o F above 68^o the failure rate doubles.  The gear that is typically most sensitive to high temperature is the power supply, hard drive, and fan.  Good thing we've got two of each in these boxes, but I wouldn't expect a heat problem anyway - the cold air blowing on my head whilst working on these machines reminded me of winter in Duluth.

Resources for managing data center cooling:

• Site Planning Guide for Sun Servers
• 42U.com rack cooling solutions
  
• Computational Fluid Dynamics FAQ for the Data Center 
  

TED's roots and core values are no better represented than in the person of Lawrence Lessig.  It was he who really Gestalt² the content of the conference.  ("If you love a word, use it."  Erin McKean told the TED crowd today.  As a criteria for choosing the right word, she says, being in the dictionary is an unnecessary and artificial constraint.  What are the odds a word with exponentiation in it will make it into the publication she looks after?  As a word and feeling, I love Gestalt².  It's entertainment's Metcalfe's Law on steroids.)

In Lessig's TED talk he recounted John Philip Sousa's passionate opposition to the advance of phonographs and the recording industry. "These talking machines are going to ruin the artistic development of music in this country," Sousa warned, and went on to say, "The vocal cord will be eliminated by a process of evolution, as was the tail of man when he came from the ape."

So, in an abstract sense, goes the tired argument for the prevailing commercial model of copyright protection.  But that wasn't Lessig's point.  His point was that the Read Only culture that is ardently protected by institutions like the RIAA, the big five recording companies, and portions of the publishing industry, is a culture "where the vocal chords of the millions have been lost."

The stark irony presented was that, indeed the same voice Sousa sought to protect by preventing  technology's indiscriminate trampling over humanity's means of expression is again the voice that, several technological generations hence, is opening up for all humanity to hear.   Without our common sense recognition of Fair Use, artists like Javier Prato, and Johan Soderberg would not be able to reach most us.  Of course, fair use alone does not get such artistic works to the people.  You also need a network.

Implicit in all this was more validation that the redshift market projection that Sun is betting on is a very good bet.

For me, Lessig answered an important question that was not asked.  Which is more precious to our freedom of expression, fair use or network neutrality?  In the RW culture, these convictions to freedom are inextricably connected and equally important.

The Coolstack 1.1 AMP package installs the 32-bit version of MySQL by default.  We want to let the horses out of the corral on this SunFire X2200 M2, so we also install the 64-bit version, which is provided as a separate package.  Since we need the 32-bit version in order to compile php5, we keep it in its original  /opt/coolstack/mysql_32bit  location.

After running  mysql_install_db and the other steps in  /opt/coolstack/mysqlREADME we then to prep MySQL to be a first class citizen on Solaris 10.

Convert MySQL to SMF

Like the the CoolStack 1.1 Apache, CoolStack 1.1 MySQL is not integrated with SMF.    Here are the resulting manifest and method files to get MySQL working cleanly as a service:

/var/svc/manifest/network/mysql.xml : 

<?xml version='1.0'?>
 <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<!--
        Manifest for MySQL
 -->

 <service_bundle type='manifest' name='CSKmysql:mysql'>

 <service
         name='network/mysql'
         type='service'
         version='1'>
         <create_default_instance enabled='false' />
         <single_instance />

       <!--
                  Wait for network interfaces to be initialized.
        -->
                <dependency name='network'
                    grouping='require_all'
                    restart_on='error'
                    type='service'>
                    <service_fmri value='svc:/milestone/network:default'/>
                </dependency>

                <!--
                  Wait for all local filesystems to be mounted.
                -->
                <dependency name='filesystem-local'
                    grouping='require_all'
                    restart_on='none'
                    type='service'>
                    <service_fmri
                        value='svc:/system/filesystem/local:default'/>
                </dependency>

         <exec_method
                 type='method'
                 name='start'
                 exec='/lib/svc/method/CSKmysql start'
                 timeout_seconds='60'>
         </exec_method>

         <exec_method
                 type='method'
                 name='stop'
                 exec='/lib/svc/method/CSKmysql stop'
                 timeout_seconds='60'>
         </exec_method>

         <exec_method
                 type='method'
                 name='restart'
                 exec='/lib/svc/method/CSKmysql restart'
                 timeout_seconds='60'>
         </exec_method>

 </service>
 </service_bundle> 

/lib/svc/method/CSKmysql :

#!/usr/bin/sh
#
#        Method file for MySQL
#
# This uses the MySQL packages from CoolStack 1.1
# CSKmysql
#
# Modify accordingly!
#
# NOTE: Make sure DB_DIR is owned BY the mysql user and group and chmod
# 700.
#

. /lib/svc/share/smf_include.sh

DB_DIR=/site-data0/data
PIDFILE=${DB_DIR}/`/usr/bin/uname -n`.pid

case "$1" in
        start)
        /opt/coolstack/mysql/bin/mysqld_safe --user=mysql --datadir=${DB_DIR} --pid-file=${PIDFILE} > /dev/null &
                ;;
        stop)
                if [ -f ${PIDFILE} ]; then
                /usr/bin/pkill mysqld_safe >/dev/null 2>&1
                /usr/bin/kill `cat ${PIDFILE}` > /dev/null 2>&1 && echo -n ' mysqld'
                fi
                ;;
'restart')
        stop
    while pgrep mysqld > /dev/null
      do
      sleep 1
    done
        start
        ;;
        *)
                echo ""
                echo "Usage: `basename $0` { start | stop | restart }"
                echo ""
                exit 64
                ;;
esac

Then import the service:

# svccfg import /var/svc/manifest/network/mysql.xml

Before starting MySQL we need to put a config file in  /etc.  The example small config provided with MySQL is just right for now.

# cp /opt/coolstack/mysql/share/mysql/my-small.cnf /etc/my.cnf

Then change the datadir setting in /etc/my.cnf to point to the 1.3TB zfs pool on the external StorageTek 3511:

39  datadir=/site-data0/data

Finally, set the data dir with proper ownership:>

# chown myqsql:mysql /site-data0/data

And make sure it starts:

# svcadm -v enable mysql

At this point we're ready to set up the content management system, Drupal.

Additional tips for MySQL on Solaris:

• Configuring MySQL to use SMF
  
  

The new Solaris AMP stack, a.k.a. CoolStack 1.1 is here. And not a moment too soon, as I sit down to build another server for the Open Architecture Network. This is server #2, which will provide the n+1 scaling and redundancy necessary to keep the the OAN up and functional in the face of any one component failure and through a good slash-dotting. 

Of all the goodies in this new release, it was the GD library that we needed in particular. It is also nice to see suhosin from the hardened-php project included in this release. Here's a quick breakdown of version differences between CoolStack 1.0 and 1.1:

Convert CoolStack Apache to SMF 

First, I notice that the services in coolstack are not integrated with SMF. We need apache to run under SMF so its privileges can be easily limited.  I convert it to SMF, and prepare it for limited privileges by creating a service manifest and service method based on the original apache service shipped with Solaris 10.

# cp /lib/svc/method/http-apache2 \
/lib/svc/method/http-CSKapache2
# cp /var/svc/manifest/network/http-apache2.xml \
/var/svc/manifest/network/http-CSKapache2.xml

In /lib/svc/method/http-CSKapache2 change

 
    11  APACHE_HOME=/usr/apache2
    12  CONF_FILE=/etc/apache2/httpd.conf
    13  PIDFILE=/var/run/apache2/httpd.pid


    20          /bin/mkdir -p /var/run/apache2 

to

    11  APACHE_HOME=/opt/coolstack/apache2
    12  CONF_FILE=/opt/coolstack/apache2/conf/httpd.conf
    13  PIDFILE=/var/apache2/run/httpd.pid


    20          /bin/mkdir -p /var/apache2/run
 

In /var/svc/manifest/network/http-CSKapache2.xml change

    10  <service_bundle type='manifest' name='SUNWapch2r:apache'>

    23          <instance name='apache2' enabled='false'>

   100                                  manpath='/usr/apache2/man' />

to

    10  <service_bundle type='manifest' name='CSKapch2r:apache'>

    23          <instance name='CSKapache2' enabled='false'>

   100                                  manpath='/opt/coolstack/apache2/man' />

Then import the service:

# svccfg -v import /var/svc/manifest/network/http-CSKapache2.xml

Minimize Apache's Service Privileges

Next, we configure the new service to run with minimal privileges following the example in 
Glenn's Limiting Service Privileges BluePrint.  After the procedure the CSKapache2 privileges
should look like this:

# svcprop -v -p start CSKapache2
start/timeout_seconds count 60
start/type astring method
start/exec astring /lib/svc/method/http-CSKapache2\ start
start/user astring webservd
start/group astring webservd
start/privileges astring basic,!proc_session,!proc_info,!file_link_any,net_privaddr
start/limit_privileges astring :default
start/use_profile boolean false
start/supp_groups astring :default
start/working_directory astring :default
start/project astring :default
start/resource_pool astring :default

Note that the changes to the PidFile and LockFile directives specified in this minimization procedure will be overridden  by the Server-pool management configuration that is loaded by

474  Include conf/extra/httpd-mpm.conf

Unless the corresponding directives are commented out of  /opt/coolstack/apache2/conf/extra/httpd-mpm.conf

Increase Semaphores for PHP 

By default the php5_module is loaded in the CoolStack 1.1 apache.  I observed that PHP was causing the maximum number of semaphores to be exceeded, so I created a project  httpd.php  to bump the max from 128 up to 256:

# projadd -c "Apache-PHP" -U webservd httpd.php
# projmod -sK "project.max-sem-ids=(privileged,256,deny)" httpd.php

then added the project to the service configuration:

svccfg -s http:CSKapache2 setprop start/project = astring: httpd.php

Enable suhosin

Because the site is expected to receive lots of publicity, and it will not have a 24x7 SWAT team ready to jump in and thwart the bad guys, we want it to be as hardened to attacks as possible.  Suhosin gets us a long way toward that goal.  Since it's already built for us in CoolStack, we just need to enable it by  uncommenting  extension="suhosin.so"  in  /opt/coolstack/php5/lib/php.ini

Now we're ready to setup the CoolStack 1.1 MySQL ...

Additional SMF resources:

• BigAdmin: developing services to run within SMF
• OpenSolaris SMF Community
  
• SMF BluePrint
• Converted Services: Manifests and Methods on OpenSolaris.org