The Open Road

Geekfest in San Francisco

My friends Rick, Brandon and I rode "Paradise Loop" yesterday. This is an outlandishly beautiful bike tour that takes you around the Tiburon Peninsula in Marin County, north of San Francisco. The David-modified version of this loop includes a detour to Larkspur before the final climb of the day up Camino Alto. The reason for the detour is a trip to Caffe Rulli, a place that makes you feel as though you've left California and entered Siena.

So we were enjoying our cappuccinos, cake, and gelato after our nice 27 mile ride, when Rick and Brandon started arguing whether I was really a geek.

Brandon: Well, he actually enjoys talking about virtualization.

Rick: Yeah, but he doesn't play video games.

David: Yeah, and I don't like Star Trek either, but I do like The Simpsons. Especially that episode where Brandine tells Custis, "You're the best husband and son I've ever had."

Brandon: He's too athletic to be a geek. He's this kind of weird combination of bike rider / techie.

David: Athletic? I was always the one picked last at sports.

Brandon and Rick, almost in unison: So was I...

Rick: Well, he's kind of geeky.

I brought that conversation home with me after the ride, because my desk looked like this:

There I was with my geek stuff all spread out, trying to figure out how to get my new laptop hard drive to have the same files on it as the old hard drive.

My favorite new toy is the Vantec SATA / IDE to USB 2.0 Adapter. Our group's lab services guy, Chris, had suggested it and sent me his as a loaner. This thing is pure genius. First you pull the old drive out of the laptop. Then you stick the new drive in and format it. I did this by doing a quick and dirty SuSE 10.2 installation. During installation, I partitioned the drive as I wanted (I wanted bigger /home and /vm partitions) but made sure to keep the size of the root partition the same size as the root partition on the old drive. I instinctively thought it would help - my inner geek was speaking to me loud and clear on that one.

The installation was simple and took about half an hour. Aren't modern Linux distros wonderful? Next, I cut a Fedora 7 rescue CD. If you've never used one of these things, it's worth knowing about. The rescue CD lets you boot from the CD, then mounts the root directory from your hard drive (if it can access it) under /mnt/sysimage so you can fix things like /etc/fstab or /boot/grub/menu.lst. Turns out this rescue CD is smart enough to know how to mount a USB device, too.

So I attached the old drive (which at this point was out of the laptop) to the Vantec adapter, stuck its USB cable in my laptop's USB port, and booted my system from the rescue CD. It worked like a champ - after boot up finished, I could see all the partitions on my new drive (which by this time I had installed in the laptop), and could mount partitions on the old drive.

Then it was time to move the data over to the new drive. I only have 3 partitions on the drive, and I got the data over using the following technique:

• dd if=/dev/sdb2 of=/dev/sda2 to copy the root partition
• mkdir /mountpoint to create a mount point
• mount /dev/sdb6 /mountpoint to mount the /home directory from the old drive
• cd /mountpoint
• find . -xdev | cpio -padm /mnt/sysimage/home to copy all the files in /home from the old drive to the new drive
• umount /mountpoint
• mount /dev/sdb7 /mountpoint to mount the /vm directory from the old drive
• find . -xdev | cpio -padm /mnt/sysimage/vm to copy all the files in /vm from the old drive to the new drive
• Modified the /mnt/sysimage/etc/fstab and /mnt/sysimage/boot/grub/menu.lst files so that system would be able to boot and all the file systems would be mounted correctly
• grub-install /dev/sda to write the boot loader to the new drive

I rebooted the laptop, this time from the hard drive, and it came up looking exactly like it did with the old drive, except with bigger /home and /vm partitions just as I wanted.

I did go down one wrong path, which was to copy the files in the root partition to the new drive with the find | cpio command instead of dd. After doing this, the system booted but none of the passwords worked so I couldn't log in as any user. I don't know why I had problems, perhaps there was some cruft left over from the quick and dirty SuSE 10.2 install caused problems. But when I switched dd to copy the root partition, the problem went away.

Posted at 06:42AM Oct 08, 2007 by dgolds in Other  |  Comments[0]

Fedora 7, VMware Workstation 6, and Solaris 10 Update 3

Sheesh, I haven't blogged since February?

Well, I've been busy. Last spring I was putting in 120-150 miles per weekend preparing for doing AIDS/LifeCycle 6. All that training paid off, and I made it all the way. Every. Single. Mile. 2,300 riders raised a total of 11 million dollars, and I'm proud to have been a part of that.

This is me with the Cookie Lady. Out of the goodness of her heart, the Cookie Lady bakes (yes, by hand) one cookie for each rider, then sets up a table somewhere along our route, at a point when we've been riding about 80 or 90 miles that day. Then as the riders come through, we stop, get a cookie, and sometimes get our pictures taken with the Cookie Lady.

Oh, and I got a new laptop. I love taking my time setting up a machine the way I want it, everything just right. As a Linux user, this can be a challenge. I went to install Ubuntu on it. Seems like I always get bit by screen resolution problems with Ubuntu. Same with this version on this laptop. Sigh, maybe one day they will get that right. I actually have liked the distro when I've been able to get it to work. Next SuSE 10.2 - great, except that ssh did not work correctly and I couldn't display X windows back to my laptop from my server at the office. Since being able to do that is critical to my day to day work, no SuSE.

So I downloaded Fedora 7. I haven't used a Red Hat-based Linux variant since Red Hat 9 days. Well, Fedora 7 installed and worked just fine, once I figured out how to get all the little bits and pieces that I like to use, like Flash and Acrobat Reader. Heck, the updater even works. Well, sort of. As long as it doesn't run into dependency problems. For example, it will tell me I have 17 packages to update, but if one of them has a dependency issue, it will stymie the entire update. Brilliant.

OK, so now I've got this really interesting new project to work on. More about it in a later entry, but the first task involves creating a Solaris 10 Update 3 VMWare image. I install VMWare no problem. I cut a Solaris 10 U3 DVD. I create a new virtual machine for Solaris 10 and then boot it.

And it crawls through the installation. I mean really crawls. 3 hours to install Solaris 10. It all works, but man, is it slow.

It try the obvious stuff. Bump up memory. Still slow. Try preallocating the disk space. Still slow. Google. I find an entry that suggests creating an ISO file, putting it on your hard drive, and pointing the virtual CD-DVD drive at the ISO file instead of using the real DVD.

So I do it.

Bingo! Solaris installs in a very reasonable amount of time. Same laptop, same everything.

After installation, I remove the DVD and reboot the OS. And wait. And wait. And wait. Solaris takes about 15 minutes to come up.

So, no longer clueless, I reconfigure the virtual machine so that it is running with the virtual CD-DVD drive disconnected. Once again, I reboot.

Voila! Now Solaris boots up under VMWare Workstation 6 in a very reasonable amount of time, just a minute or two.

I've obviously hit some bug where Solaris 10 does not handle my stock ATAPI CD-DVD drive on my stock laptop very well. I think it might be this one: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6227829. I have not tried playing around with the dma-enable settings as the bug circumvention recommends, mainly because disconnecting the virtual CD-DVD drive seems to have done the trick and is acceptable. It is unlikely that I will need the drive for the particular solution I'm building, but if I do need it, I can always re-enable it in VMWare Workstation, use it as needed, then disconnect it again.

Posted at 04:30PM Jul 10, 2007 by dgolds in Virtualization  |  Comments[11]

A Fun New Toy, Part 1

No, not the carbon fiber bike I've been lusting over. This time, my toy is a fun new site on the web.

SSOCircle is a site developed by Hu Liu, a consultant based in Steinbach, Germany. As it says on SSOCircle's home page, "SSOCircle is for those who want to federate their applications or just want to get some SSO experience. SSOCircle provides a ready to use Identity Provider."

My plate has been very full at work lately - I've been updating the Access Manager training course, AKA AM-3480 for Access Manager 7.1 among other things - but when I saw the February 2 entry on Pat's blog, I couldn't resist giving this thing a try.

Hu Liu has set up a SAML 2.0 identity provider based on the OpenSSO project. It should work with any SAML 2.0-compliant service provider (SP), and there's functionality at SSOCircle to add your own SP to the SSOCircle circle of trust (CoT). For demonstration purposes, I used the the sample service provider site that Pat mentions in his blog entry. This site has already been set up as an SP in the SSOCircle CoT. (Setting up an SP to go in the SSOCircle CoT is now on my "to do" list, and when I get around to doing it, I'll blog about it.) It took all of two minutes to set up my account at SSOCircle and federate with the sample SP site. Here are the steps I followed, if you want to try it out:

1. From the SSOCircle home page, I click Login / Register and register as a new user.


2. I wait for my registration confirmation e-mail to come back, and when it does, I follow the instructions in it to complete the account registration process.


3. I go back to the SSOCircle home page and log in.


4. I look at my cookies (because it is always a good idea to look to the cookie) and find a cookie named iPlanetDirectoryPro with a reference to an SSO token - a sure sign that OpenSSO is in the house.
   
   
   
   
5. So at this stage, I'm authenticated with the identity provider, and have the SSO token reference to prove it. Now I go to the SP site. It is important to notice that the page heading reads "ZXID SP Federated SSO (user NOT logged in, no session)."


6. I click Login to idp.ssocircle.com (SAML20: Artifact).


7. A new screen comes up with the title, "ZXID SP Management (user logged in, session active)."

So, voila, I'm an authenticated user at the SP without having had to log in there. The SP delegated authentication to the IdP. I have an account at the IdP but not at the SP, but I am still able to use the SP's site. That's Internet SSO functionality - one of the basic features of federated identity.

Imagine if you are the administrator at the SP. Your company or organization has established a business relationship with the identity provider that says that you trust anyone who has authenticated to the IdP to let them use your web services. No provisioning, no account maintenance, and - we hope - a very quick ramp up time.

I'll check out the ramp up time - how long it takes me to set up an SP and enter the SSOCircle CoT - in a future entry.

Posted at 08:28AM Feb 06, 2007 by dgolds in Open Source  |  Comments[0]

My "Hot Topic" Presentation

Stacy Thurston asked me to record a short presentation about Identity Federation last month. This presentation is going to be used in the new Hot Topics series.

More about Hot Topics when my presentation is available on the web.

I've posted the slides I used here.

Posted at 09:08AM Jan 02, 2007 by dgolds in Open Source  |  Comments[1]

An Unusual Experience With openSUSE 10.2

Yesterday was a gray, rainy day in the Bay Area. No chance for a bike ride, and I procrastinated until it was too late to go to the gym and take a spinning class. I've been wanting to upgrade my OS on my home computer, a screaming, dual-Opteron Sun Ultra 40, for a while now but didn't have the free weekend I figured I'd need to do it. But now with all this free time on my hands...

I considered trying Ubuntu 6.10 (Edgy Eft) but remembered what happened the last time I tried installing Ubuntu. I booted up the install CD and the OS froze when it got to the screen when you click the icon to install the thing. Seems as though the Ubuntu installer it didn't like my Logitech diNovo Bluetooth Keyboard and Mouse. I couldn't find anything about this problem on Google, and I didn't have another mouse and keyboard I could switch out for the installation. So I decided I liked my diNovo more than I liked Ubuntu, so I decided to try SUSE 10.2.

SUSE 10.1 has been reasonably good, although there were problems with the software updater early in the release cycle. Fairly early on, maybe a couple of months into the release cycle, the problems got worked out and it has operated flawlessly ever since.

So yesterday I decided I still liked my diNovo better than Ubuntu, so why bother with Ubuntu? I downloaded SUSE 10.2, burned a DVD, and started the installation.

That's when I had my unusual experience.

SUSE 10.2 installed flawlessly, and I did not encounter a single problem getting all my software and hardware working with it. (Well, there was one minor issue with Thunderbird. More below.)

This was something I had never had happen with a Linux distribution. I usually allow a full day for installing and working out issues, then a few days to get everything just right. In this case, I started the installation at around noon, and was done with all my system configuration around 2.

Kudos to whoever at SUSE is responsible for making 10.2 so easy to get up and running!

There seems to be a drumbeat among Linux tech types lately that "Ubuntu is the distribution you want to have." I don't get it. I like Ubuntu, but I don't think it is any better than SUSE. And, I have run into problems getting it to install with my diNovo, and getting it to display in the screen resolution I want (a well known issue with Ubuntu), and I don't care for the look and feel (all that brown - yuck - looks so seveties). When I first used Ubuntu, apt-get was a compelling reason to switch to this distro. But now that zen seems to be working well in SUSE (probably just in time to switch to yet another package installer in SUSE.next), that advantage has gone away.

Here are some things I really like about SUSE 10.2:

• It installs non-OSS packages that I need, like Acroread and Flash
• zen installer works well (with one exception - see below)
• You can now get an ISO for the OS on a single DVD - no more 5 CD sets
• Nice clean default look and feel
• Everything works

Here are some SUSE 10.2 lessons learned:

• You can't install Thunderbird using zen. You have to go to YAST for some reason.
• You now add fonts to /usr/share/fonts instead of the old X11R6 location. I suppose this is part of the Xorg upgrade.

Here are general things that you might find helpful if you are installing SUSE:

• If you need to add a user with a user number greater than 60000, you have to use the CLI. The GUI tools do not let you add users with high user numbers.
• If you want to use CUPS from a browser, you have to add a user with lppasswd.
• If you use VMWare, make sure you have the most current update before installing a new Linux kernel.
• If you hate beagle (desktop indexer) like I do, disable it by removing the cron script out of /etc/cron.daily. I created a directory called /etc/cron.never just for this pig, which SUSE installs and has you run by default. You can get rid of all the files in your .beagle directory. I had 2 GB of these on my system before I removed them, and they were all little bitty files that made my system backups take forever. Couldn't someone come up with something better?

It's still raining. Off to spinning class.

Posted at 09:26AM Dec 10, 2006 by dgolds in Open Source  |  Comments[0]

San Francisco to San Jose

My friend and co-worker Blair is a member of the Almaden Cycle Touring Club, a very nice bunch of folks that organize group rides in the South Bay. They were taking Caltrain up to The City this weekend, then riding back down, and Blair asked me if I'd like to join. I'd ridden from Sun's Santa Clara campus up to San Francisco a couple of times, and it had practically killed me, but since it was a long weekend, I figured I'd at least have a couple of days to recover.

The ride leader, Benjamin, took a really nice route:

• Up Townsend to 7th Street
• Up 7th to McAllister
• Up McAllister to Baker
• Down Baker into the Panhandle, and then across Golden Gate Park to 35th Avenue
• Down 35th and over to Skyline
• Down Skyline, up the big hill, into San Bruno Park
• Into the park system and down the Camp Sawyer Trail
• Down the trail, back onto Skyline across 92, then down Canada Road, into Woodside, and down Mountain Home
• Down Arastradero, Page Mill, Foothill, and working our way across the Santa Clara Valley until we got back to the Caltrain station at Santa Clara, where most of the folks had parked
• Down El Camino to San Jose Caltrain

Total ride distance, approximately 68 miles.

Gorgeous day, nice people, great ride leader, a lot of fun. And not too sore the next day!

Here are some pictures:

Members of the Almaden Cycle Touring Club on their way up to San Francisco on Caltrain.

In front of a Victorian in the Western Addition after a short climb up McAllister.

Lunch next to the Crystal Springs watershed in the San Mateo County park system.

Detail from the Pulgas Water Temple. A few of us who had never been there before made a short stop to have a look.

Posted at 10:02AM Nov 29, 2006 by dgolds in Cycling  |  Comments[0]

Open Federation Comes On-Line

The Open Federation effort, part of the OpenSSO project, came on-line today. To view the announcement, click here.

Posted at 11:52AM Nov 14, 2006 by dgolds in Open Source  |  Comments[0]

A Very Cool Time to be Working at Sun

Wow. Second day out blogging about open source, and this news about Java becoming available under GPL v2 comes out.

So now we've got OpenSSO, OpenSolaris, GlassFish, OpenOffice, and Netbeans. I guess that makes us far and away the biggest contributor to the open source movement.

It's a very cool time to be working at Sun.

Posted at 07:21AM Nov 13, 2006 by dgolds in Open Source  |  Comments[0]

Heading out

Hello, world. I'm David Goldsmith, a training course developer at Sun, and, lately, I've been finding myself doing a bunch of new things at work and at play:

• Writing a blog
• Working with an open source project - OpenSSO
• Training to ride a bicycle 560 miles next June

I'm going to write about my adventures (and misadventures) in these three areas in The Open Road, and about other topics that pique my interest. To start:

Blogging

I've never written a blog before. Most of the writing I do is technical, wonky stuff. I write lab instructions, develop lecture slides, and write course notes. I spent most of my career in engineering and don't really see myself as a writer, more a programmer who happens to know how to write. So blogging is a new experience.

I hope I can come up with something interesting for you.

Open Source

I've used open source products for four years now. On my Sun Ultra 40 (a beautifully-designed, screeching-fast, dual-Opteron system that I bought a few months ago with my employee discount), I run SuSE Linux 10.1 with OpenOffice.org, Firefox, Thunderbird, gnucash, the Gimp, ImageMagick, k3b, and all my other favorite freeware. I also have a license for VMWare Workstation 5.5. At work, on my Sun Java Workstation W2100z, I run all the same software, plus multiple versions of Solaris.

At home, I have been "Microsoft-free since 2003." Well, with one exception. I still have a VMWare image running my trusty, rusty old copy of Windows 2000, which I bring up once a year when I do my taxes. I haven't figured out a pleasing way to do my taxes in Linux yet, other than using tax software for the Web, which doesn't sound like a great idea.

Why Linux instead of Solaris? I use Linux as a host OS for virtualizing operating systems using VMWare. That's the only reason. I like Solaris better than Linux, even on the desktop, but VMWare does not support Solaris as a host OS. Xen does, but I prefer VMWare, so I'm sticking with Linux. For now.

Although I've used a lot of open source software, I've never before been involved in the development of an open source project before, and that's the big new adventure. The technologies I work with - access management and federation - are in the process of going open source. While I don't engineer those products, I do work extensively with them. So like everyone else on the Sun Java System Access Manager and Federation Manager team, open source is a big new part of my life.

Cycling

I'm training to ride from San Francisco to Los Angeles - 545 miles on a bicycle - in the sixth AIDS Lifecycle, which takes place from June 3-9, 2007.

This ride is a big fundraiser for the San Francisco AIDS Foundation. It brings in millions of dollars, which this organization depends on to provide vital services to people living with AIDS and their friends and families.

I had hoped to do this ride in 2006 but a bad bicycle accident got in the way. I am fully recovered from the wreck now, and think I am ready to take on a 545 mile ride.

If you would like to read more about my personal reasons for doing this ride, or, even better, help me raise money for the San Francisco AIDS Foundation by sponsoring my efforts, click here.

Well, time to hit the road. I'm going over to Marin today, at least up to the Panoramic Highway and maybe as far as the Pantoll Ranger Station on Mt. Tam if my riding partner and I are up for the climb.

Posted at 07:07AM Nov 12, 2006 by dgolds in Introduction  |  Comments[0]