I love it to bits

I hate text boxes. You know these boxes you get on Gmail, twiki, etc .. where you are supposed to write your text. Then they only have limited editor functions. No delete line, No goto beginning, but this has an end now with
you can edit these boxes with the editor of your choice. And it is amazing. Just click the little edit button and your defined editor fires up and you can start editing in real time.

If you are stuck with twiki you should have a look at http://www.neilvandyke.org/erin-twiki-emacs/
this combination makes wiki pages actually usable

This really made me think for the whole weekend

What row of numbers comes next in this series?

Cern Week 18

The first few days where spent migrating lxserv (lx = linux, serv = server) from slc3 to slc 4. Basically it was to install a new machine to do the job of the old 32bit slc3 machine. This is quite difficult as lots of people have installed little workarounds on the old machine. But now all the servers are running slc4 on 64 bit machines. Further I started writing a patch set for libuser. This is really something that has to be done to use it in production as there are lots of small errors that need fixing. On Friday I went to OpenCon the OpenBsd conference in Venice. This was really cool. Even if I didn't succeed in pushing my patch into stable.

Cern Week 17

The first few days of the week were spent trying to figure out why getpwent() kept failing. I had to do quite a lot of debugging and reading the source code of Perl to find out how the wrapper worked. At the end it turned out to be something insanely easy and stupid. What getpwent does when it realizes that you are going to loop through the whole list is it gets all the user names and then queries each one of them every time you call the function. But it kept the connection open, for the specific user query. But in the config file I had specified that no connection should be open for over 30 seconds. (As getting the whole list takes:

real 0m4.536s

So now the connection was closed but the program still tried to read data from it. So basically there was a dead lock. After setting up the limit the problem disappeared. Further Marco and Me looked into using the Coda file system for our Laptops. We have now requested a server and hopefully we can start installing next week. This should be really cool as this is a networked file system that will sync when it reconnects. So you can take your laptop home work offline and when you come back to work you can keep on working on your big work pc. I further did some research into shadow-utils and userlib. Without going into to much detail userlib is really nice. I don't really understand why so many people still use shadow-utils. I am currently lobbing for userlib to become the standard at Cern. I started thinking about disaster recovery and disaster management. I wrote a script that will run on a server and query the Ldap server every 15 minutes about it's entries then it creates the /etc/passwd, /etc/groups and /etc/shadow. So in the unlikely event that Ldap goes down and Kerberos is still up. The files can just be copied to all the machines and users can still use them.

I started to have a look at the quattor sendmail component that automatically configures the sendmail program. The syntax is really horrible of the sendmail config file. But more to come about this. While writing this I am waiting for my sendmail patches to be commit to the test cluster. Through some minor changes I reduced the run time from about 1 1/2 minutes (real 1m12.017s ) to half a second. (real 0m0.875s).

Further I attended quite a few meetings. And a talk about the new castor scheduler.

I was quite happy to hear that the average uptime is 99.73 % for the machines my department maneges.

Added some licenses

I added a GPLv3 and a BSD compatible version of the PACIFIST PUBLIC LICENSE. Please think about using it :

Cern Week 16

This week my Perl script or quattor module went into production. I build the rpm and then did loads of testing on my cluster. I had to pretty much try all the different scenarios under which my program could be run (Dan: installed a machine... lots of times). There were some minor problems but now it is on swrep (the Cern software repository). Because it was such a huge change I got my own version number. Normally the counting is done 2.0.x or something like that, but because I changed so much I now started the 3.0.0 tree. I did some benchmarking on my code and found that it behaved quite linear.


After some research I found out that the library function, I was calling to execute a shell command, had a sleep(1) in it. The idea behind this is to be sure that all buffers have been flushed before it returns. But this of course has a linear execution time as a result. As I don’t rely on the output I simply created a work around, but for the long run I am thinking of changing my program to be multithreaded.

Further I helped Dan to design his new Aims replacement. A system to distribute pxe images, and get the right machine to boot the right OS.

I had a look at the new Google Android mobile development SDK. It seems to be really cool. I wrote a little “hello world” program in it. Currently I am thinking about something I could write for it. Ideas will come.

Dinosaur Brains: Dealing with All Those Impossible People at Work

So another book review. After Ruth told me that my social skills needed improving I bought this book. It is really good and worth reading. It is not one of those boring, this is how your brain works type of books. It takes a different approach. More like this is the situation, this is how Mr. X responds WHY.

I can notice the difference at Work. How I see the people I work with and how I interact with them. For 3 Euro this was one of the best books I have read. Another really good point is the size. It is so small that you can easily fit it in a pocket and big enough to nicely read it.

Cern Week 15

So it is a little late, to write my weekly review, on a Sunday afternoon. I spent most of the week rewriting the Quattor module, I was already working on last week. But now it should be finished. I spent quite some time finding errors in the core libraries. The way Quattor works is actually quite simple. There is the core program that, depending on the configurations passed to it (xml), calls so called Components. These are little Perl scripts that then do the appropriate things according to the XML config file. So the error I found was that if there was an exception in one of these Components the error would propagate down the call tree and then get the core to exit. This is not a good thing as it will leave the system in an inconsistent state. I can't believe this hasn't happened before. Further I went on some further training. This time it was advanced Perl. The really nitty gritty of that horrible language (Don't get me started again). I have now been to a week worth of Perl training. What is quite nice and will look nicely on my CV, I guess. So the summary of the week would be programming Perl and learning Perl. I hope next week I can do some more research into why getpwent() keeps failing in Perl.

Buy the way my Week count is still correct. So i haven't missed writing a entry :)

Dan about tonight

> So how are we going to get drunk tonight

Well, one usually enters a drinking establishment, with money in ones
pocket. One then approaches the bar, inquires to what selection of
drinks are available and based on the reply, selects the cheapest drink
with the high percentage of alcohol. Upon delivery of the drink, one
then adjusts the angle of the glass to allow the liquid to fall down
ones throat. The above is then repeated until one can long complete any
of the above actions, either due to intoxication, lack of money or gets
lucky and takes the barmaid home.


Marco and me have been solving riddles for fun this afternoon. Here is one:

And another one:

This is a classic. I really love it. It has a long description, but stick with me because it's worth it.

There are 4 people who need to cross a narrow bridge at night with only one torch.

The four people each have different travelling times:

Person 1 crosses in 1 minute
Person 2 crosses in 2 minutes
Person 1 crosses in 5 minutes
Person 1 crosses in 10 minutes

Only two people can cross at a time and one person has to come back over the bridge to give the torch to the others still waiting to cross.

While crossing, you have to use the slowest time of the two people because they have to walk the same pace.

You have to add the person who comes back to your total time.

They need to cross in 17 minutes. How?

Here's an example:

5 and 10 go over (that's 10 minutes) and then 5 comes back with the torch (that's a total of 15 minutes). Then 5 and 2 go over (that's 20 minutes---and you're already over the time limit . . . )

How can you get all four people to the other side in 17 minutes?

Note that there is a logical answer. It won't be anything like "they can throw the torch to the other side instead of walking it over", or "they can all wait till sunrise", or "why don't they jog over and increase their times", etc!

Try them, it is really good fun. Don't Google it. We didn't

Some web development tools

Hey some FireFox plugins Jay and Filipe told me about, to make web development easier:

Bournemouth University email security

At Cern we are can use Microsoft Outlook Web Access©, so I thought is this as secure as at my Uni (a little sarcasm here). Yes, it is far more secure, everything is done over https (you have to use it). But because of the horrible state of security at Bournemouth I want to enlighten some people. If you access the uni mail through a web browser you get a pop up dialog similar to this

So now you think ahhh brilliant this will be nice and secure. So you enter your User Name and your password. Lets assume my name is 'r2d2' and my password is 'security'. Lets have a look at the package that is sent over the so trustworthy Internet.

Cookie: sessionid=1245b528-ae7e-4022-9300-0f580a07f33e:0x409; ASPSESSIONIDCC DRTSCS=NKDGCHNAEPBLGGFDAOHGPAHM\r\n
Authorization: Basic cjJkMjpzZWN1cml0eQ==\r\n
Credentials: r2d2:security

Can you spot the password. This is in plain text, I just caught the packet, with wireshark. So lets create a little scenario here. I am sitting in the Library with my laptop over wireless, I want to read my email so I log into the email server. Now someone in the reach of my wireless can sniff the package and get my password. Because this password is used all around uni he can now see everything I see, so my results (mybu), my assignments(h drive), ....
If you want you can use https but it is not enforced.
You can view the whole package here


Date: Tue, 6 Nov 2007 15:31:22 +0100
From: Luis Fernando Mu�oz Mej�as
To: project-quattor@cernNOSPAM.ch
Subject: Re: AFS usage

On Tuesday 06 November 2007 15:25, Marco Emilio Poleggi wrote:
> , such as Kerberos (I don't think, f.i., that NFS supports it, though
> I might be wrong).

NFS v4 supports Kerberos, although, you know, NFS=Not For Security. ;)


Cern Week 14

I came back from my Girlfriends place in Berlin on Wednesday. So I literally only worked two days. On Thursday I started fixing some Quator modules. These are basically Perl scripts that get called from the underlying framework. In particular I had a look at accounts.pm and kerberos5.pm. I created a little patch set that will hopefully be committed into production by next week. I added some error catching and some extended options. Further there were some serious bugs, like that usermod didn't check if there was a home directory and if it should be created through the 'creatHome' flag. Then I did some research in the carpool project I want to start at Cern. I am now contributing to an open source project (https://launchpad.net/carpool/) to create a nice little app, which can be used at Cern. I spent most of Friday listing to talks about projects at Cern. They were really interesting. The first one was on how to create and distribute virtual machine images around the network. The talker had invented a method where the images are hashed and then only little parts are transferred, through this he could save up to 90% bandwidth. Really intelligent stuff. Further I listened to a talk about IPMI and 'The dark side of vitalisation'. Then I started to debug a Perl script that kept crashing when using Ldap. After a few hours of debugging I found that the getpwent() method in Perl is broken. I am currently trying to fix the bug and then create a Patch.

Perl and OpenBsd

I am currently patching Perl. Here is something I found in reentr.inc
Waiting to go to OpenCon :)

* As of OpenBSD 3.7, reentrant functions are now working, they just are
* incompatible with everyone else. To make OpenBSD happy, we have to
* memzero out certain structures before calling the functions.
#if defined(__OpenBSD__)
# define REENTR_MEMZERO(a,b) memzero(a,b)
# define REENTR_MEMZERO(a,b) 0

# Must make OpenBSD happy
my $memzero = '';

Google Apps

I still had a URL I wasn't really using (http://www.sexmitmoebeln.de) So I thought I might as well give Google Apps a try. For now it looks really sexy. You can have emails with [something]@sexmitmoebeln.de, web pages, a start page, docs, chat and so on. Really everything a small company could want. And it is for free. I think this is really useful as otherwise this would all be scattered throughout the whole firm. Now one admin can do everything over one web interface. Further, you get all the storage and backup for free and if you want to pay without adds.

Cern Week 13

This week I attended a python training that went over three days. After learning Pearl, I though it would be very useful to learn the other big scripting language. This course was extremely good. Through the interactive learning style I could grasp the concepts far quicker than, if I would have just heard about them. I really like python. I like the concept that everything is an object. And the interpreter just calls predefined methods on these objects __add__ for example. This is a nice thing between Java and C++. Through this you can easily program objects than can be added through the (+) operator. I can equally understand that some hard core object oriented programmers can’t cope with the way it handles encapsulation. My personal opinion is that it is useful for little scripts where the algorithm is the priority. But I don’t think it can be used for a very big program except when there are only exceptionally good people at work.
The rest of the week I took holidays to go to Germany and pick up my snowboard.