Michael's musings

Sat, 26 Dec 2009

IPv6 with mcast UserModeLinux backends

I am doing some work with IPv6. (see http://bluerose.sandelman.ca/projects/show/unstrung )

I have a test network shown at: http://bluerose.sandelman.ca/repositories/changes/unstrung/doc/network-1.png

In automated testing I would normally use the daemon mode, with uml_netjig. In casual use, I was using the mcast backend, because it has fewer moving parts.... but my network interfaces kept remaining in state "tentative" and I could not send packets.

What was the problem, I debugging for awhile through the IPv6 code, and finally thought that it had something to do with the UserModeLinux network interface never providing low-level LINK "UP" signal, and so it never did Duplicate Address Discovery, and remove the tentative mark.

5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::1000:ff:fedc:bcff/64 scope link tentative
       valid_lft forever preferred_lft forever
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::1000:ff:fe64:6423/64 scope link tentative
       valid_lft forever preferred_lft forever

Note that it says "tentative".

NO! DAD was occuring just fine, but it FAILS. Why? Because it thinks it has a duplicate... finally I noticed

eth0: duplicate address detected!
eth1: duplicate address detected!

Why is this? It's because the mcast interface gets a copy of the packets that are output. I.e. it hears itself. DAD should work even when that happens, I think.

I need to look at whether the mcast interface should be fixed (remember it's own packets and ignore them? Drop packets that originate from it's own MAC address?), or should DAD be fixed?

Wed, 02 Dec 2009

Profit on Farmville

I'm level 14 on Facebook's Farmville. Why do I play? Because my 4yr old likes it. Of course, I want to maximize my profit.

I only run it about once a day, so crops that wither before I can harvest them are out, but what next? It costs 15 coins to plow the field each time.

It turns out that longer growing crops aren't worth much more. I did a spreadsheet to work things out.

cost sell harvest profit profit/day wheat 35 115 3.0 65 21.7 eggplant 25 88 2.0 48 24.0 artichokes 70 204 4.0 119 29.8 daffodils 60 135 2.0 60 30.0 squash 40 121 2.0 66 33.0 soybeans 15 63 1.0 33 33.0 cotton 75 207 3.0 117 39.0 bell-peppers 75 198 2.0 108 54.0 aloe vera 56 85 0.2 14 56.0 strawberries 10 35 0.2 10 60.0 cranberries 55 98 0.4 28 67.2 pumpkin 30 68 0.3 23 69.0 rice 45 96 0.5 36 72.0 peppers 70 162 1.0 77 77.0 raspberries 20 46 0.1 11 132.0 </pre>

Raspberries take 2 hours. Sometimes worth it, but the profit margin is very low unless you do it all day long.

Ruling out the things that take less than a day, leaves me with peppers, bell-peppers, and cotton as the highest grossing.

Too bad that the market price didn't depend upon other factors, like how many other people were growing it... or if you grew some things properly, you could keep the seed.

Or maybe you have to rotate your crops. Or grow eggplants next to pumpkin will keep away the racoons, or the blight.

Wed, 25 Nov 2009

Port forwarding from something not your firewall

I have a number of web servers which want to express their port 443 to the world. These machines also have IPv6, and that's what I hope many clients will use. Since HTTPS servers can not do virtual hosting, and port 443 on CREDIL's firewall is already taken, what can I do?

We have other public IPs, with other (virtual) machines that have internal and external connections. I could use their port 443s.

I previously did this for port-119 (NNTP). I had set things up like:

iptables -A PREROUTING -d ${myexternalip}/32 -p tcp -m tcp --dport 119 -j DNAT --to-destination ${serverinternalip}:119
iptables -A POSTROUTING -d ${serverinternalip}/32 -p tcp -m tcp --dport 119 -j MASQUERADE

The first statement is relatively ordinary. Change the destination address. The second statement is annoying. It is critical on machines when the default route does not point at it. Basically, it changes the source IP that connects to the ${myinternalip} to be the internal address of the firewall.

This actually necessary even on the default route: without this, internal connections to port 119 do not work — this is because the internal machine sees a connection originating from the internal client IP, to the internal IP. The problem is that the internal client actually has a connection from it's IP, to the external IP of the firewall.

The above method works fine, except.... the internal machine sees the connection as being from the internal IP of the firewall. That really sucks from a point of view of logging!

How to solve it? The problem is that packets with an origin of port 443 needs to go to the other machine... this is what I did:

On the gateway machine:

iptables -A PREROUTING -d ${myexternalip}/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination ${serverinternalip}:443

On the target machine:

iptables -A OUTPUT -t mangle '!' -d ${myinternalnetwork}/24 -j MARK --set-mark 443
ip rule add fwmark 443 table 443
ip route add 0.0.0.0/0 via ${myinternaliP} table 443

It's very important that you set the mark using the mangle chain. It will not work on the NAT or the regular OUTPUT chain!

The result is now that packets with origin port 443, go via this alternate firewall, and the web server itself will see the correct originating IP.

Mon, 23 Nov 2009

Xmas lights with white cords

Apparently, at Canadian Tire, and online, if I want multicolour Xmas lights (ideally LEDs), that I have to have a green cord. Only white cords are with white LEDs.

I considered buying one of each and moving the "bulbs", but many of the systems are not socketed.

I want Xmas lights I can put up on the house, staple in, and LEAVE there.

Wed, 18 Nov 2009

My personal MBA

I blame Mike Charlton. I'm pretty sure it was some email of his that suggested that I read The Goal. This was back in Winter 2008, I think. Wait, can Amazon tell me... Yup. Ordered the book in February 1, 2008.

The Goal is a novel, in it we learn about the fate of a branch manager, who learns that his branch, in his original home town, is going to be shutdown, unless he can figure something out in just three months. Our hero learns the Theory of Constraints http://en.wikipedia.org/wiki/Theory_of_Constraints and saves the day... except that now Peter's principle gets applied to him, and in the next book he has to save the division. A great read, and I learnt lots that I didn't think I'd ever use. When I got the second book It's Not Luck, Amazon suggested I get Critical Chain, and I did.

It turns out Critical Chain is about project management of all sorts, including software. It's written ten years later (mid-1990s), and some of it's a bit naive about things, but the essential theory is great, and furthermore, it's very much compatible with Agile Methods.

I wanted more. I wondered how to get more. In early 2009, I started to wonder if I business school might teach me more. I had not quite understood part of the underlying story in Critical Chain was probably autobiological, and that the frustrations of the business professor in the novel expressed Goldratt's experience that it was very hard to get TOC accepted into business schools.

I also began to understand that a difficulty I've had in many companies is that I'm a techie, and I explain things from that point of view often. Unlike other techies, I tend to be pretty good, given some face to face time with a non-technical executive to explain things in terms that he can use, but I am missing many of the shortcuts that would come form having more language in common. It's not enough to talk about ROI, sometimes I think it might have helped to be able to start from the CFO's terminology and relate it back to mine. (i.e. to lead them from where they are, to where I am, instead of having to entice them to start where I am, and discover the path back to where they are)

I investigated executive MBAs. Ottawa U failed to impress me at all. A meeting with the director was offered, but the whole thing just didn't feel right. I went to a Queens executive MBA session, and they got me the information that I wanted... yes it is expensive, yes, the content is mostly there, but doing it in Ottawa is probably a mistake. I won't meet the people that I really want to understand.

The Theory of Constraints does not figure prominently in either program. At least Queens mentioned it. I started from the other end, who teaches this? Google told me that it's popular at one university in Mumbai, at the Goldratt Institute, and that the Harvard MBA also teaches it now. I talked to my mother's cousin about all of this, and he pointed me at Henry Minceberg. http://www.henrymintzberg.com/

I highly recommend reading: http://www.henrymintzberg.com/pdf/productivity2008.pdf

He hasn't got nice things to say about the MBA. I certainly agree. MBAs should only be done as executive MBAs, you need ten years out there before any it can make any sense. Harvard only offers the residential 2 year MBA.

Many of my colleagues and mentors quietly discouraged me from an MBA. One of them pointed me at http://www.personalmba.com/ --- essentially a reading list. In August, I decided, this would do, and the price was right.

So far I've read:

10 days to faster reading

Crucial Conversations: Tools for Talking When Stakes Are High

Indispensable: How To Become The Company That Your Customers Can't Live Without

Necessary But Not Sufficient: A Theory of Constraints Business Novel

I'm in the middle of reading:

Results Without Authority: Controlling a Project When the Team Doesn't Report to You, A Project Manager's Guide

The Unwritten Laws of Business

Throughput Accounting

Managing

Necessary But Not Sufficient is another novel. Set in 1998/1999, and apparently written just after the dot-bust, it explains the dot-bust very well, but also talks a lot about software companies, and manufacturing companies, and ERP systems. It's supportive of Agile Methods (even though I don't think Goldratt knows that term, it certainly wasn't coined until after the book was in print).

More important, it basically concludes that software is best sold as a service, not a product, and that actually there no value in the software itself, only in how it reduces or eliminates limitations, permitting a person or company to do more.

I take this to suggest that open source licensing of a lot of software is the right way to go, particularly for anything which is targetted at business.

Fri, 06 Nov 2009

Fido Dollars suck

Dear Fido:

Please cease telling me about my fido dollars. (I've received two emails in the last 24 hours)

Your fido dollars have no value. Not only are they not going to keep me as a customer --- I prefer to have an unlocked phone, and I'll pay for it.

In fact, your recent change to prevent me from spending my credits on whatever I want means that I will look for alternate GSM providers as soon as they appear.

I'd gladly trade my 284 fido dollars for a bluetooth headset, (now required in Ontario), and I tried to do so a year ago. You changed your rules without any real notice last March.

But, it's hard to pick the right headset when you can not see it. And I can not redeem through your stores. and your web site was totally useless.

No, I do not think Fido Cares about me. I think Fido is busy humping Ted Roger's leg.

dumping list of active services

From the shell of your rooted android phone run:

# dumpsys activity.services
Currently running services:
  activity.services
-------------------------------------------------------------------------------
DUMP OF SERVICE activity.services:
Services in Current Activity Manager State:
  Active services:
  * ServiceRecord{43a3dca0 com.android.inputmethod.latin/.LatinIME}
    intent={act=android.view.InputMethod cmp=com.android.inputmethod.latin/.LatinIME}
    packageName=com.android.inputmethod.latin
    processName=com.android.inputmethod.latin
    permission=android.permission.BIND_INPUT_METHOD
    baseDir=/system/app/LatinIME.apk/system/app/LatinIME.apk dataDir=/data/data/com.android.inputmethod.latin
    app=ProcessRecord{43a3e670 660:com.android.inputmethod.latin/10002}
    isForeground=false lastActivity=-296633
    startRequested=false startId=0 executeNesting=0 executingStart=-296565 crashCount=0
    totalRestartCount=0 restartCount=0 restartDelay=0 restartTime=-296633 nextRestartTime=-329523
    * IntentBindRecord{43a3e110}:
      intent={act=android.view.InputMethod cmp=com.android.inputmethod.latin/.LatinIME}
      binder=android.os.BinderProxy@4392a698
      requested=true received=true hasBound=true doRebind=false
      * Client AppBindRecord{43a3e288 ProcessRecord{439c0190 572:system/1000}}
        Per-process Connections:
          ConnectionRecord{43a3e400 com.android.inputmethod.latin/.LatinIME:@43a3da60}
    All Connections:
      ConnectionRecord{43a3e400 com.android.inputmethod.latin/.LatinIME:@43a3da60}

  Connection bindings to services:
  * ConnectionRecord{43a3e400 com.android.inputmethod.latin/.LatinIME:@43a3da60}
    binding=AppBindRecord{43a3e288 com.android.inputmethod.latin/.LatinIME:system}
    conn=android.app.ActivityThread$PackageInfo$ServiceDispatcher$InnerConnection@43a3da60 flags=0x1

If you run it without any arguments, you get a big huge dump of all sorts of interesting things. I do not yet know how to get it to give me a list of just the services that have registered themselves, or are actively running.

Sun, 25 Oct 2009

The pitchfork is skeptical about plan

Over at: http://thepitchfork.blogspot.com/2009/10/time-for-trusteeship-were-you-shocked.html Citizen Ellie wonders if we are shocked by the $2.1B price tag for the tunnel.

My answer is no. It's really important to understand that the consultants that do the actual work for the city, are not interested in light rail. That's not their product: their product is busways. McCormick Rankin sells busways worldwide, and Ottawa is their reference city.

McCormick Rankin rewarded former City of Ottawa planning staff Helen Gault and Peter Steacey with plum positions. It's a good reward after decades of throwing consulting work their way, even hiring them to creat a evaluation system system called "TRANS", that only they have experience with, guaranteeing that future contracts could be answered only by them.

It would be very embarassing for McCormick Rankin to loose their reference city. That's why there is the mantra amount staff and some councillors that we "have to complete the transitway". That's why the 2006 NSLRT plan did not have any transfer stations, and why it terminated at Ottawa U (a dead end), rather than continue to Hurdman (which would have turned it into a downtown system).

But, light rail is in the air, and sometimes you can not fight it, even if former regional chair, and continuing bus-freak Andy Haydon (anyone ever seen HIM on the bus?) keep talking about bus tunnels.

Since you can not fight some kind of light rail, and Ottawa already has a massively successful 5 station system (the O-Train), with 5 stations, and 10,000 riders/day, what can you do? Well, busways are designed (we have been told many times), to be turned into LRT if you need to grow. So, do not fight light rail, but it's gotta be more expensive than bus rapid transit.

If LRTs cheaper than BRT (to build), then why build BRT first? In Houston, they found that it was cheaper to just build the LRT first. This is very much accute if you actually do a full system cost (i.e. include operating costs, such as labour and diesel), and not just capital costs.

That's why we have to have a tunnel. It's not because it's better, it's because it costs more. That's why we have to have the "cross-country" option, rather than the cheaper cut&cover option. That's why we have to convert the Hurdman/Blair part of the transitway, because that part was among the most expensive part of the system, and the cost of it was never properly justified.

What would a sane system look like? We (Friends of the O-Train) presented the base of a system in 2006. It would have 3-car trains from Hurdman to Tunney's Pasture. It would have major developments at Lebreton/Bayview and Hurdman, where transfers would occur to transitway bus, and also to NSLRT (O-train), connecting people to South Keys and across the Prince of Wales bridge to Terasse de la Chaudiere, and the Casino. (And it could continue all the way out old Gatineau if STO was interested)

It would cost $400M for the expensive downtown electric system, and an additional $39M would extend O-train-style LRT to Kanata, Barrhaven ("Barrhaven Bullet"), and to a new Earl-Armstrong Park'n'Ride in the South.

All of this would take about 2 construction seasons. It could have been ready NOW if we had started in December 2006, when council wisely shelved the broken plan. The work could have been done by Siemens/PCL, using the same vehicles we had already contracted to buy. No lawsuit, no $37 penalty.

The first expansion would have been to (South) Orleans along the cooridoor reserved for it. An extension from Hurdman through the General Hospital complex, behind the Pearly Hospital, and out Innes Rd. It would be quiet, electric, light rail. It would occupy less than 10m width of space, and people could walk dogs or ride bikes next to it without getting $55 fines from transit-cops.

We can still do this. All that we need to do is tell our councillors to stop the insanity.

The plans we have proposed have are well researched, and have been examined by multiple professional engineers (unlike the city's plans, which have never been signed off by a professional engineer).

Tue, 20 Oct 2009

T42p laptop booted with 2.6.31.4

In case this helps anyone. <pre> Linux version 2.6.31.4 (mcr@marajade.sandelman.ca) (gcc version 4.3.2 (Debian 4.3.2-1.1) ) #1 PREEMPT Mon Oct 19 15:36:45 EDT 2009 KERNEL supported cpus:

Intel GenuineIntel AMD AuthenticAMD NSC Geode by NSC Cyrix CyrixInstead Centaur CentaurHauls Transmeta GenuineTMx86 Transmeta TransmetaCPU UMC UMC UMC UMC BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f000 (usable) BIOS-e820: 000000000009f000 - 00000000000a0000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000005ff60000 (usable) BIOS-e820: 000000005ff60000 - 000000005ff77000 (ACPI data) BIOS-e820: 000000005ff77000 - 000000005ff79000 (ACPI NVS) BIOS-e820: 000000005ff80000 - 0000000060000000 (reserved) BIOS-e820: 00000000ff800000 - 0000000100000000 (reserved) DMI present. last_pfn = 0x5ff60 max_arch_pfn = 0x100000 MTRR default type: uncachable MTRR fixed ranges enabled: 00000-9FFFF write-back A0000-BFFFF uncachable C0000-CFFFF write-protect D0000-DBFFF uncachable DC000-DFFFF write-back E0000-FFFFF write-protect MTRR variable ranges enabled: 0 base 000000000 mask FC0000000 write-back 1 base 040000000 mask FE0000000 write-back 2 base 05FF80000 mask FFFF80000 uncachable 3 disabled 4 disabled 5 disabled 6 disabled 7 disabled Warning only 895MB will be used. Use a HIGHMEM enabled kernel. initial memory mapped : 0 - 01c00000 init_memory_mapping: 0000000000000000-0000000037fe2000 0000000000 - 0000400000 page 4k 0000400000 - 0037c00000 page 2M 0037c00000 - 0037fe2000 page 4k kernel direct mapping tables up to 37fe2000 @ 7000-c000 ACPI: RSDP 000f6d70 00024 (v02 IBM ) ACPI: XSDT 5ff6a672 0004C (v01 IBM TP-1R 00003230 LTP 00000000) ACPI: FACP 5ff6a700 000F4 (v03 IBM TP-1R 00003230 IBM 00000001) ACPI Warning: 32/64X length mismatch in Gpe1Block: 0/32 20090521 tbfadt-527 ACPI Warning: Optional field Gpe1Block has zero address or length: 000000000000102C/0 20090521 tbfadt-558 ACPI: DSDT 5ff6a8e7 0C530 (v01 IBM TP-1R 00003230 MSFT 0100000E) ACPI: FACS 5ff78000 00040 ACPI: SSDT 5ff6a8b4 00033 (v01 IBM TP-1R 00003230 MSFT 0100000E) ACPI: ECDT 5ff76e17 00052 (v01 IBM TP-1R 00003230 IBM 00000001) ACPI: TCPA 5ff76e69 00032 (v01 IBM TP-1R 00003230 PTL 00000001) ACPI: BOOT 5ff76fd8 00028 (v01 IBM TP-1R 00003230 LTP 00000001) 895MB LOWMEM available. mapped low ram: 0 - 37fe2000 low ram: 0 - 37fe2000 node 0 low ram: 00000000 - 37fe2000 node 0 bootmap 00008000 - 0000f000 (6 early reservations) ==> bootmem [0000000000 - 0037fe2000] [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000] [0001000000 - 00018bc708] TEXT DATA BSS ==> [0001000000 - 00018bc708] [000009f000 - 0000100000] BIOS reserved ==> [000009f000 - 0000100000] [00018bd000 - 00018c4128] BRK ==> [00018bd000 - 00018c4128] [0000007000 - 0000008000] PGTABLE ==> [0000007000 - 0000008000] [0000008000 - 000000f000] BOOTMAP ==> [0000008000 - 000000f000] Zone PFN ranges: DMA 0x00000000 -> 0x00001000 Normal 0x00001000 -> 0x00037fe2 Movable zone start PFN for each node early_node_map² active PFN ranges 0: 0x00000000 -> 0x0000009f 0: 0x00000100 -> 0x00037fe2 On node 0 totalpages: 229249 free_area_init_node: node 0, pgdat c17fd05c, node_mem_map c18c5000 DMA zone: 32 pages used for memmap DMA zone: 0 pages reserved DMA zone: 3967 pages, LIFO batch:0 Normal zone: 1760 pages used for memmap Normal zone: 223490 pages, LIFO batch:31 ACPI: PM-Timer IO Port: 0x1008 PM: Registered nosave memory: 000000000009f000 - 00000000000a0000 PM: Registered nosave memory: 00000000000a0000 - 00000000000dc000 PM: Registered nosave memory: 00000000000dc000 - 0000000000100000 Allocating PCI resources starting at 60000000 (gap: 60000000:9f800000) Built 1 zonelists in Zone order, mobility grouping on. Total pages: 227457 Kernel command line: PID hash table entries: 4096 (order: 12, 16384 bytes) Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Initializing CPU#0 Memory: 899940k/917384k available (5206k kernel code, 16964k reserved, 3007k data, 408k init, 0k highmem) virtual kernel memory layout: fixmap : 0xfffe4000 - 0xfffff000 ( 108 kB) vmalloc : 0xf87e2000 - 0xfffe2000 ( 120 MB) lowmem : 0xc0000000 - 0xf7fe2000 ( 895 MB) .init : 0xc1806000 - 0xc186c000 ( 408 kB) .data : 0xc1515892 - 0xc18056fc (3007 kB) .text : 0xc1000000 - 0xc1515892 (5206 kB) Checking if this processor honours the WP bit even in supervisor mode...Ok. Hierarchical RCU implementation. NR_IRQS:16 Extended CMOS year: 2000 Fast TSC calibration using PIT Detected 1698.634 MHz processor. Console: colour VGA+ 80x25 console [tty0] enabled Calibrating delay loop (skipped), value calculated using timer frequency.. 3397.26 BogoMIPS (lpj=6794536) Mount-cache hash table entries: 512 CPU: L1 I cache: 32K, L1 D cache: 32K CPU: L2 cache: 2048K mce: CPU supports 5 MCE banks CPU: Intel(R) Pentium(R) M processor 1.70GHz stepping 06 Checking 'hlt' instruction... OK. ACPI: Core revision 20090521 ACPI: setting ELCR to 0200 (from 0800) Booting paravirtualized kernel on bare hardware NET: Registered protocol family 16 ACPI: bus type pci registered PCI: PCI BIOS revision 2.10 entry at 0xfd8d6, last bus=15 PCI: Using configuration type 1 for base access bio: create slab <bio-0> at 0 ACPI: EC: EC description table is found, configuring boot EC ACPI: EC: non-query interrupt received, switching to interrupt mode ACPI: Interpreter enabled ACPI: (supports S0 S3 S4 S5) ACPI: Using PIC for interrupt routing ACPI: EC: GPE = 0x1c, I/O: command/status = 0x66, data = 0x62 ACPI: EC: driver started in interrupt mode ACPI: Power Resource [PUBS] (on) ACPI: ACPI Dock Station Driver: 3 docks/bays found ACPI: PCI Root Bridge [PCI0] (0000:00) pci 0000:00:00.0: reg 10 32bit mmio: [0xd0000000-0xdfffffff] pci 0000:00:1d.0: reg 20 io port: [0x1800-0x181f] pci 0000:00:1d.1: reg 20 io port: [0x1820-0x183f] pci 0000:00:1d.2: reg 20 io port: [0x1840-0x185f] pci 0000:00:1d.7: reg 10 32bit mmio: [0xc0000000-0xc00003ff] pci 0000:00:1d.7: PME# supported from D0 D3hot D3cold pci 0000:00:1d.7: PME# disabled pci 0000:00:1f.0: quirk: region 1000-107f claimed by ICH4 ACPI/GPIO/TCO pci 0000:00:1f.0: quirk: region 1180-11bf claimed by ICH4 GPIO pci 0000:00:1f.1: reg 10 io port: [0x00-0x07] pci 0000:00:1f.1: reg 14 io port: [0x00-0x03] pci 0000:00:1f.1: reg 18 io port: [0x00-0x07] pci 0000:00:1f.1: reg 1c io port: [0x00-0x03] pci 0000:00:1f.1: reg 20 io port: [0x1860-0x186f] pci 0000:00:1f.1: reg 24 32bit mmio: [0x000000-0x0003ff] pci 0000:00:1f.3: reg 20 io port: [0x1880-0x189f] pci 0000:00:1f.5: reg 10 io port: [0x1c00-0x1cff] pci 0000:00:1f.5: reg 14 io port: [0x18c0-0x18ff] pci 0000:00:1f.5: reg 18 32bit mmio: [0xc0000c00-0xc0000dff] pci 0000:00:1f.5: reg 1c 32bit mmio: [0xc0000800-0xc00008ff] pci 0000:00:1f.5: PME# supported from D0 D3hot D3cold pci 0000:00:1f.5: PME# disabled pci 0000:00:1f.6: reg 10 io port: [0x2400-0x24ff] pci 0000:00:1f.6: reg 14 io port: [0x2000-0x207f] pci 0000:00:1f.6: PME# supported from D0 D3hot D3cold pci 0000:00:1f.6: PME# disabled pci 0000:01:00.0: reg 10 32bit mmio: [0xe0000000-0xe7ffffff] pci 0000:01:00.0: reg 14 io port: [0x3000-0x30ff] pci 0000:01:00.0: reg 18 32bit mmio: [0xc0100000-0xc010ffff] pci 0000:01:00.0: reg 30 32bit mmio: [0x000000-0x01ffff] pci 0000:01:00.0: supports D1 D2 pci 0000:00:01.0: bridge io port: [0x3000-0x3fff] pci 0000:00:01.0: bridge 32bit mmio: [0xc0100000-0xc01fffff] pci 0000:00:01.0: bridge 32bit mmio pref: [0xe0000000-0xe7ffffff] pci 0000:02:00.0: reg 10 32bit mmio: [0xb0000000-0xb0000fff] pci 0000:02:00.0: supports D1 D2 pci 0000:02:00.0: PME# supported from D0 D1 D2 D3hot D3cold pci 0000:02:00.0: PME# disabled pci 0000:02:00.1: reg 10 32bit mmio: [0xb1000000-0xb1000fff] pci 0000:02:00.1: supports D1 D2 pci 0000:02:00.1: PME# supported from D0 D1 D2 D3hot D3cold pci 0000:02:00.1: PME# disabled pci 0000:02:01.0: reg 10 32bit mmio: [0xc0240000-0xc025ffff] pci 0000:02:01.0: reg 14 32bit mmio: [0xc0200000-0xc020ffff] pci 0000:02:01.0: reg 18 io port: [0x8000-0x803f] pci 0000:02:01.0: reg 30 32bit mmio: [0x000000-0x00ffff] pci 0000:02:01.0: PME# supported from D0 D3hot D3cold pci 0000:02:01.0: PME# disabled pci 0000:02:02.0: reg 10 32bit mmio: [0xc0210000-0xc021ffff] pci 0000:02:03.0: supports D1 D2 pci 0000:00:1e.0: transparent bridge pci 0000:00:1e.0: bridge io port: [0x4000-0x9fff] pci 0000:00:1e.0: bridge 32bit mmio: [0xc0200000-0xcfffffff] pci 0000:00:1e.0: bridge 32bit mmio pref: [0xe8000000-0xefffffff] pci 0000:09:01.0: reg 10 io port: [0x9020-0x9027] pci 0000:09:01.0: reg 14 io port: [0x9014-0x9017] pci 0000:09:01.0: reg 18 io port: [0x9018-0x901f] pci 0000:09:01.0: reg 1c io port: [0x9010-0x9013] pci 0000:09:01.0: reg 20 io port: [0x9000-0x900f] pci 0000:09:01.0: supports D1 D2 pci 0000:09:02.0: reg 10 32bit mmio: [0xb2000000-0xb2000fff] pci 0000:09:02.0: supports D1 D2 pci 0000:09:02.0: PME# supported from D0 D1 D2 D3hot D3cold pci 0000:09:02.0: PME# disabled pci 0000:09:02.1: reg 10 32bit mmio: [0xb3000000-0xb3000fff] pci 0000:09:02.1: supports D1 D2 pci 0000:09:02.1: PME# supported from D0 D1 D2 D3hot D3cold pci 0000:09:02.1: PME# disabled pci 0000:02:03.0: transparent bridge pci 0000:02:03.0: bridge io port: [0x00-0xfff] pci 0000:02:03.0: bridge 32bit mmio: [0x000000-0x0fffff] pci 0000:02:03.0: bridge 32bit mmio pref: [0x000000-0x0fffff] pci_bus 0000:00: on NUMA node 0 ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.AGP_._PRT] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCI1._PRT] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCI1.DOCK._PRT] ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 7 9 10 11) *0, disabled. ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 7 9 10 11) *0, disabled. ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 7 9 10 11) *0, disabled. ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 7 9 10 *11) SCSI subsystem initialized usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb PCI: Using ACPI for IRQ routing pci 0000:02:03.0: BAR 7: can't allocate resource pci 0000:02:03.0: BAR 8: can't allocate resource pci 0000:02:03.0: BAR 9: can't allocate resource Bluetooth: Core ver 2.15 NET: Registered protocol family 31 Bluetooth: HCI device and connection manager initialized Bluetooth: HCI socket layer initialized cfg80211: Calling CRDA to update world regulatory domain pnp: PnP ACPI init ACPI: bus type pnp registered pnp: PnP ACPI: found 12 devices ACPI: ACPI bus type pnp unregistered system 00:00: iomem range 0x0-0x9ffff could not be reserved system 00:00: iomem range 0xc0000-0xc3fff could not be reserved system 00:00: iomem range 0xc4000-0xc7fff could not be reserved system 00:00: iomem range 0xc8000-0xcbfff could not be reserved system 00:00: iomem range 0xcc000-0xcffff could not be reserved system 00:00: iomem range 0xdc000-0xdffff could not be reserved system 00:00: iomem range 0xe0000-0xe3fff could not be reserved system 00:00: iomem range 0xe4000-0xe7fff could not be reserved system 00:00: iomem range 0xe8000-0xebfff could not be reserved system 00:00: iomem range 0xec000-0xeffff could not be reserved system 00:00: iomem range 0xf0000-0xfffff could not be reserved system 00:00: iomem range 0x100000-0x5fffffff could not be reserved system 00:00: iomem range 0xfec00000-0xffffffff could not be reserved system 00:02: ioport range 0x1000-0x107f has been reserved system 00:02: ioport range 0x1180-0x11bf has been reserved system 00:02: ioport range 0x15e0-0x15ef has been reserved system 00:02: ioport range 0x1600-0x162f has been reserved system 00:02: ioport range 0x1632-0x167f has been reserved system 00:02: ioport range 0x1630-0x1631 has been reserved pci 0000:00:01.0: PCI bridge, secondary bus 0000:01 pci 0000:00:01.0: IO window: 0x3000-0x3fff pci 0000:00:01.0: MEM window: 0xc0100000-0xc01fffff pci 0000:00:01.0: PREFETCH window: 0xe0000000-0xe7ffffff pci 0000:02:00.0: CardBus bridge, secondary bus 0000:10 pci 0000:02:00.0: IO window: 0x005000-0x0050ff pci 0000:02:00.0: IO window: 0x005400-0x0054ff pci 0000:02:00.0: PREFETCH window: 0xe8000000-0xebffffff pci 0000:02:00.0: MEM window: 0xc4000000-0xc7ffffff pci 0000:02:00.1: CardBus bridge, secondary bus 0000:14 pci 0000:02:00.1: IO window: 0x005800-0x0058ff pci 0000:02:00.1: IO window: 0x005c00-0x005cff pci 0000:02:00.1: PREFETCH window: 0xec000000-0xefffffff pci 0000:02:00.1: MEM window: 0xc8000000-0xcbffffff pci 0000:09:02.0: CardBus bridge, secondary bus 0000:0a pci 0000:09:02.0: IO window: 0x004000-0x0040ff pci 0000:09:02.0: IO window: 0x004400-0x0044ff pci 0000:09:02.0: PREFETCH window: 0x6c000000-0x6fffffff pci 0000:09:02.0: MEM window: 0x64000000-0x67ffffff pci 0000:09:02.1: CardBus bridge, secondary bus 0000:0e pci 0000:09:02.1: IO window: 0x004800-0x0048ff pci 0000:09:02.1: IO window: 0x004c00-0x004cff pci 0000:09:02.1: PREFETCH window: 0x70000000-0x73ffffff pci 0000:09:02.1: MEM window: 0x68000000-0x6bffffff pci 0000:02:03.0: PCI bridge, secondary bus 0000:09 pci 0000:02:03.0: IO window: 0x4000-0x4fff pci 0000:02:03.0: MEM window: 0x64000000-0x6bffffff pci 0000:02:03.0: PREFETCH window: 0x6c000000-0x73ffffff pci 0000:00:1e.0: PCI bridge, secondary bus 0000:02 pci 0000:00:1e.0: IO window: 0x4000-0x9fff pci 0000:00:1e.0: MEM window: 0xc0200000-0xcfffffff pci 0000:00:1e.0: PREFETCH window: 0xe8000000-0xefffffff pci 0000:00:1e.0: setting latency timer to 64 ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 11 PCI: setting IRQ 11 as level-triggered pci 0000:02:00.0: PCI INT A -> Link[LNKA] -> GSI 11 (level, low) -> IRQ 11 ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 11 pci 0000:02:00.1: PCI INT B -> Link[LNKB] -> GSI 11 (level, low) -> IRQ 11 ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 11 pci 0000:09:02.0: PCI INT A -> Link[LNKC] -> GSI 11 (level, low) -> IRQ 11 pci 0000:09:02.1: PCI INT A -> Link[LNKC] -> GSI 11 (level, low) -> IRQ 11 pci_bus 0000:00: resource 0 io: [0x00-0xffff] pci_bus 0000:00: resource 1 mem: [0x000000-0xffffffff] pci_bus 0000:01: resource 0 io: [0x3000-0x3fff] pci_bus 0000:01: resource 1 mem: [0xc0100000-0xc01fffff] pci_bus 0000:01: resource 2 pref mem [0xe0000000-0xe7ffffff] pci_bus 0000:02: resource 0 io: [0x4000-0x9fff] pci_bus 0000:02: resource 1 mem: [0xc0200000-0xcfffffff] pci_bus 0000:02: resource 2 pref mem [0xe8000000-0xefffffff] pci_bus 0000:02: resource 3 io: [0x00-0xffff] pci_bus 0000:02: resource 4 mem: [0x000000-0xffffffff] pci_bus 0000:10: resource 0 io: [0x5000-0x50ff] pci_bus 0000:10: resource 1 io: [0x5400-0x54ff] pci_bus 0000:10: resource 2 pref mem [0xe8000000-0xebffffff] pci_bus 0000:10: resource 3 mem: [0xc4000000-0xc7ffffff] pci_bus 0000:14: resource 0 io: [0x5800-0x58ff] pci_bus 0000:14: resource 1 io: [0x5c00-0x5cff] pci_bus 0000:14: resource 2 pref mem [0xec000000-0xefffffff] pci_bus 0000:14: resource 3 mem: [0xc8000000-0xcbffffff] pci_bus 0000:09: resource 0 io: [0x4000-0x4fff] pci_bus 0000:09: resource 1 mem: [0x64000000-0x6bffffff] pci_bus 0000:09: resource 2 pref mem [0x6c000000-0x73ffffff] pci_bus 0000:09: resource 3 io: [0x4000-0x9fff] pci_bus 0000:09: resource 4 mem: [0xc0200000-0xcfffffff] pci_bus 0000:09: resource 5 pref mem [0xe8000000-0xefffffff] pci_bus 0000:09: resource 6 io: [0x00-0xffff] pci_bus 0000:09: resource 7 mem: [0x000000-0xffffffff] pci_bus 0000:0a: resource 0 io: [0x4000-0x40ff] pci_bus 0000:0a: resource 1 io: [0x4400-0x44ff] pci_bus 0000:0a: resource 2 pref mem [0x6c000000-0x6fffffff] pci_bus 0000:0a: resource 3 mem: [0x64000000-0x67ffffff] pci_bus 0000:0e: resource 0 io: [0x4800-0x48ff] pci_bus 0000:0e: resource 1 io: [0x4c00-0x4cff] pci_bus 0000:0e: resource 2 pref mem [0x70000000-0x73ffffff] pci_bus 0000:0e: resource 3 mem: [0x68000000-0x6bffffff] NET: Registered protocol family 2 IP route cache hash table entries: 32768 (order: 5, 131072 bytes) TCP established hash table entries: 131072 (order: 8, 1048576 bytes) TCP bind hash table entries: 65536 (order: 6, 262144 bytes) TCP: Hash tables configured (established 131072 bind 65536) TCP reno registered NET: Registered protocol family 1 kvm: no hardware support has_svm: not amd kvm: no hardware support Simple Boot Flag at 0x35 set to 0x1 IBM machine detected. Enabling interrupts during APM calls. apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac) apm: overridden by ACPI. HugeTLB registered 4 MB page size, pre-allocated 0 pages fuse init (API version 7.12) msgmni has been set to 1757 alg: No test for cipher_null (cipher_null-generic) alg: No test for ecb(cipher_null) (ecb-cipher_null) alg: No test for digest_null (digest_null-generic) alg: No test for compress_null (compress_null-generic) alg: No test for stdrng (krng) Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252) io scheduler noop registered io scheduler anticipatory registered (default) io scheduler deadline registered io scheduler cfq registered pci 0000:01:00.0: Boot video device pci_hotplug: PCI Hot Plug PCI Core version: 0.5 acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 decode_hpp: Could not get hotplug parameters. Use defaults acpiphp: Slot ¹ registered acpiphp_ibm: ibm_acpiphp_init: acpi_walk_namespace failed radeonfb 0000:01:00.0: power state changed by ACPI to D0 radeonfb 0000:01:00.0: PCI INT A -> Link[LNKA] -> GSI 11 (level, low) -> IRQ 11 radeonfb: Retrieved PLL infos from BIOS radeonfb: Reference=27.00 MHz (RefDiv=6) Memory=320.00 Mhz, System=210.00 MHz radeonfb: PLL min 20000 max 35000 radeonfb: Monitor 1 type DFP found radeonfb: EDID probed radeonfb: Monitor 2 type CRT found radeonfb: EDID probed Display is GTF capable radeonfb: Dynamic Clock Power Management enabled radeonfb: IBM Thinkpad T42 detected, enabling workaround Console: switching to colour frame buffer device 210x65 Switched to high resolution mode on CPU 0 radeonfb (0000:01:00.0): ATI Radeon 4e50 "NP" uvesafb: failed to execute /sbin/v86d uvesafb: make sure that the v86d helper is installed and executable uvesafb: Getting VBE info block failed (eax=0x4f00, err=-2) uvesafb: vbe_init() failed with -22 uvesafb: probe of uvesafb.0 failed with error -22 ACPI: AC Adapter [AC] (on-line) input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: Power Button [PWRF] input: Lid Switch as /devices/LNXSYSTM:00/device:00/PNP0C0D:00/input/input1 ACPI: Lid Switch [LID] input: Sleep Button as /devices/LNXSYSTM:00/device:00/PNP0C0E:00/input/input2 ACPI: Sleep Button [SLPB] input: Video Bus as /devices/LNXSYSTM:00/device:00/PNP0A03:00/device:02/device:03/input/input3 ACPI: Video Device [VID] (multi-head: yes rom: no post: no) Marking TSC unstable due to TSC halts in idle ACPI: CPU0 (power states: C1[C1] C2[C2] C3[C3]) processor LNXCPU:00: registered as cooling_device0 ACPI: Processor [CPU0] (supports 8 throttling states) thermal LNXTHERM:01: registered as thermal_zone0 ACPI: Thermal Zone [THM0] (48 C) ACPI: Battery Slot [BAT0] (battery present) intel_rng: FWH not detected Linux agpgart interface v0.103 agpgart-intel 0000:00:00.0: Intel 855PM Chipset agpgart-intel 0000:00:00.0: AGP aperture is 256M @ 0xd0000000 [drm] Initialized drm 1.1.0 20060810 [drm] Initialized radeon 1.31.0 20080528 for 0000:01:00.0 on minor 0 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a NS16550A 00:09: ttyS0 at I/O 0x3f8 (irq = 4) is a NS16550A serial 0000:00:1f.6: PCI INT B -> Link[LNKB] -> GSI 11 (level, low) -> IRQ 11 serial 0000:00:1f.6: PCI INT B disabled floppy0: no floppy controllers found brd: module loaded loop: module loaded usbcore: registered new interface driver ub Uniform Multi-Platform E-IDE driver piix 0000:00:1f.1: IDE controller (0x8086:0x24ca rev 0x01) pci 0000:00:1f.1: enabling device (0005 -> 0007) pci 0000:00:1f.1: PCI INT A -> Link[LNKC] -> GSI 11 (level, low) -> IRQ 11 piix 0000:00:1f.1: not 100% native mode: will probe irqs later ide0: BM-DMA at 0x1860-0x1867 ide1: BM-DMA at 0x1868-0x186f Probing IDE interface ide0... hda: FUJITSU MHT2060AH, ATA DISK drive hda: host max PIO4 wanted PIO255(auto-tune) selected PIO4 hda: UDMA/100 mode selected Probing IDE interface ide1... hdc: TOSHIBA MK4018GAP, ATA DISK drive hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO4 hdc: UDMA/100 mode selected ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 ide1 at 0x170-0x177,0x376 on irq 15 cmd64x 0000:09:01.0: IDE controller (0x1095:0x0648 rev 0x01) pci 0000:09:01.0: PCI INT A -> Link[LNKB] -> GSI 11 (level, low) -> IRQ 11 cmd64x 0000:09:01.0: 100% native mode on irq 11 ide2: BM-DMA at 0x9000-0x9007 ide3: BM-DMA at 0x9008-0x900f Probing IDE interface ide2... hde: HL-DT-STCD-RW/DVD DRIVE GCC-4242N, ATAPI CD/DVD-ROM drive hde: host max PIO5 wanted PIO255(auto-tune) selected PIO4 hde: UDMA/33 mode selected Probing IDE interface ide3... ide2 at 0x9020-0x9027,0x9016 on irq 11 ide3 at 0x9018-0x901f,0x9012 on irq 11 ide_generic: please use "probe_mask=0x3f" module parameter for probing all legacy ISA IDE ports ide-gd driver 1.18 hda: max request size: 128KiB hda: 117210240 sectors (60011 MB) w/8192KiB Cache, CHS=65535/16/63 hda: cache flushes supported hda: hda1 hda2 < hda5 hda6 hda7 hda8 hda9 hda10 hda11 hda12 hda13 hda14 > hdc: max request size: 128KiB hdc: 78140160 sectors (40007 MB), CHS=65535/16/63 hdc: cache flushes supported hdc: hdc2 < hdc5 hdc6 hdc7 hdc8 hdc9 hdc10 > ide-cd driver 5.00 ide-cd: hde: ATAPI 24X DVD-ROM CD-R/RW drive, 2048kB Cache Uniform CD-ROM driver Revision: 3.20 SCSI Media Changer driver v0.25 Intel(R) PRO/1000 Network Driver - version 7.3.21-k3-NAPI Copyright (c) 1999-2006 Intel Corporation. e1000 0000:02:01.0: PCI INT A -> Link[LNKA] -> GSI 11 (level, low) -> IRQ 11 e1000: 0000:02:01.0: e1000_probe: (PCI:33MHz:32-bit) 00:0d:60:fa:7f:03 e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection e1000e: Intel(R) PRO/1000 Network Driver - 1.0.2-k2 e1000e: Copyright (c) 1999-2008 Intel Corporation. Intel(R) Gigabit Ethernet Network Driver - version 1.3.16-k2 Copyright (c) 2007-2009 Intel Corporation. Intel(R) Virtual Function Network Driver - version 1.0.0-k0 Copyright (c) 2009 Intel Corporation. pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de arlan: No Arlan devices found PPP generic driver version 2.4.2 PPP Deflate Compression module registered PPP BSD Compression module registered NET: Registered protocol family 24 tun: Universal TUN/TAP device driver, 1.6 tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> usbcore: registered new interface driver asix usbcore: registered new interface driver cdc_ether usbcore: registered new interface driver net1080 usbcore: registered new interface driver zaurus orinoco 0.15 (David Gibson <hermes@gibson.dropbear.id.au>, Pavel Roskin <proski@gnu.org>, et al) orinoco_cs 0.15 (David Gibson <hermes@gibson.dropbear.id.au>, Pavel Roskin <proski@gnu.org>, et al) orinoco_plx 0.15 (Pavel Roskin <proski@gnu.org>, David Gibson <hermes@gibson.dropbear.id.au>, Daniel Barlow <dan@telent.net>) orinoco_pci 0.15 (Pavel Roskin <proski@gnu.org>, David Gibson <hermes@gibson.dropbear.id.au> & Jean Tourrilhes <jt@hpl.hp.com>) orinoco_tmd 0.15 (Joerg Dorchain <joerg@dorchain.net>) spectrum_cs 0.15 (Pavel Roskin <proski@gnu.org>, David Gibson <hermes@gibson.dropbear.id.au>, et al) airo(): Probing for PCI adapters airo(): Finished probing for PCI adapters Loaded prism54 driver, version 1.2 yenta_cardbus 0000:02:00.0: CardBus bridge found [1014:0552] yenta_cardbus 0000:02:00.0: Using INTVAL to route CSC interrupts to PCI yenta_cardbus 0000:02:00.0: Routing CardBus interrupts to PCI yenta_cardbus 0000:02:00.0: TI: mfunc 0x01d21b22, devctl 0x64 yenta_cardbus 0000:02:00.0: ISA IRQ mask 0x04f8, PCI irq 11 yenta_cardbus 0000:02:00.0: Socket status: 30000086 pci_bus 0000:02: Raising subordinate bus# of parent bus (#02) from #0f to #13 yenta_cardbus 0000:02:00.0: pcmcia: parent PCI bridge I/O window: 0x4000 - 0x9fff pcmcia_socket pcmcia_socket0: cs: IO port probe 0x4000-0x9fff: clean. yenta_cardbus 0000:02:00.0: pcmcia: parent PCI bridge Memory window: 0xc0200000 - 0xcfffffff yenta_cardbus 0000:02:00.0: pcmcia: parent PCI bridge Memory window: 0xe8000000 - 0xefffffff yenta_cardbus 0000:02:00.1: CardBus bridge found [1014:0552] yenta_cardbus 0000:02:00.1: Using INTVAL to route CSC interrupts to PCI yenta_cardbus 0000:02:00.1: Routing CardBus interrupts to PCI yenta_cardbus 0000:02:00.1: TI: mfunc 0x01d21b22, devctl 0x64 yenta_cardbus 0000:02:00.1: ISA IRQ mask 0x04f8, PCI irq 11 yenta_cardbus 0000:02:00.1: Socket status: 30000086 pci_bus 0000:02: Raising subordinate bus# of parent bus (#02) from #13 to #17 yenta_cardbus 0000:02:00.1: pcmcia: parent PCI bridge I/O window: 0x4000 - 0x9fff pcmcia_socket pcmcia_socket1: cs: IO port probe 0x4000-0x9fff: clean. yenta_cardbus 0000:02:00.1: pcmcia: parent PCI bridge Memory window: 0xc0200000 - 0xcfffffff yenta_cardbus 0000:02:00.1: pcmcia: parent PCI bridge Memory window: 0xe8000000 - 0xefffffff yenta_cardbus 0000:09:02.0: CardBus bridge found [1014:0148] yenta_cardbus 0000:09:02.0: Using INTVAL to route CSC interrupts to PCI yenta_cardbus 0000:09:02.0: Routing CardBus interrupts to PCI yenta_cardbus 0000:09:02.0: TI: mfunc 0x00001002, devctl 0x66 yenta_cardbus 0000:09:02.0: ISA IRQ mask 0x04f8, PCI irq 11 yenta_cardbus 0000:09:02.0: Socket status: 30000006 yenta_cardbus 0000:09:02.0: pcmcia: parent PCI bridge I/O window: 0x4000 - 0x4fff pcmcia_socket pcmcia_socket2: cs: IO port probe 0x4000-0x4fff: clean. yenta_cardbus 0000:09:02.0: pcmcia: parent PCI bridge Memory window: 0x64000000 - 0x6bffffff yenta_cardbus 0000:09:02.0: pcmcia: parent PCI bridge Memory window: 0x6c000000 - 0x73ffffff yenta_cardbus 0000:09:02.0: pcmcia: parent PCI bridge I/O window: 0x4000 - 0x9fff yenta_cardbus 0000:09:02.0: pcmcia: parent PCI bridge Memory window: 0xc0200000 - 0xcfffffff yenta_cardbus 0000:09:02.0: pcmcia: parent PCI bridge Memory window: 0xe8000000 - 0xefffffff yenta_cardbus 0000:09:02.1: CardBus bridge found [1014:0148] yenta_cardbus 0000:09:02.1: Using INTVAL to route CSC interrupts to PCI yenta_cardbus 0000:09:02.1: Routing CardBus interrupts to PCI yenta_cardbus 0000:09:02.1: TI: mfunc 0x00001002, devctl 0x66 yenta_cardbus 0000:09:02.1: ISA IRQ mask 0x04f8, PCI irq 11 yenta_cardbus 0000:09:02.1: Socket status: 30000006 yenta_cardbus 0000:09:02.1: pcmcia: parent PCI bridge I/O window: 0x4000 - 0x4fff pcmcia_socket pcmcia_socket3: cs: IO port probe 0x4000-0x4fff: clean. yenta_cardbus 0000:09:02.1: pcmcia: parent PCI bridge Memory window: 0x64000000 - 0x6bffffff yenta_cardbus 0000:09:02.1: pcmcia: parent PCI bridge Memory window: 0x6c000000 - 0x73ffffff yenta_cardbus 0000:09:02.1: pcmcia: parent PCI bridge I/O window: 0x4000 - 0x9fff yenta_cardbus 0000:09:02.1: pcmcia: parent PCI bridge Memory window: 0xc0200000 - 0xcfffffff yenta_cardbus 0000:09:02.1: pcmcia: parent PCI bridge Memory window: 0xe8000000 - 0xefffffff usbmon: debugfs is not available ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver uhci_hcd: USB Universal Host Controller Interface driver uhci_hcd 0000:00:1d.0: power state changed by ACPI to D0 uhci_hcd 0000:00:1d.0: PCI INT A -> Link[LNKA] -> GSI 11 (level, low) -> IRQ 11 uhci_hcd 0000:00:1d.0: setting latency timer to 64 uhci_hcd 0000:00:1d.0: UHCI Host Controller uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1 uhci_hcd 0000:00:1d.0: irq 11, io base 0x00001800 usb usb1: New USB device found, idVendor=1d6b, idProduct=0001 usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb1: Product: UHCI Host Controller usb usb1: Manufacturer: Linux 2.6.31.4 uhci_hcd usb usb1: SerialNumber: 0000:00:1d.0 usb usb1: configuration #1 chosen from 1 choice hub 1-0:1.0: USB hub found hub 1-0:1.0: 2 ports detected uhci_hcd 0000:00:1d.1: power state changed by ACPI to D0 ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 11 uhci_hcd 0000:00:1d.1: PCI INT B -> Link[LNKD] -> GSI 11 (level, low) -> IRQ 11 uhci_hcd 0000:00:1d.1: setting latency timer to 64 uhci_hcd 0000:00:1d.1: UHCI Host Controller uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2 uhci_hcd 0000:00:1d.1: irq 11, io base 0x00001820 usb usb2: New USB device found, idVendor=1d6b, idProduct=0001 usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb2: Product: UHCI Host Controller usb usb2: Manufacturer: Linux 2.6.31.4 uhci_hcd usb usb2: SerialNumber: 0000:00:1d.1 usb usb2: configuration #1 chosen from 1 choice hub 2-0:1.0: USB hub found hub 2-0:1.0: 2 ports detected uhci_hcd 0000:00:1d.2: PCI INT C -> Link[LNKC] -> GSI 11 (level, low) -> IRQ 11 uhci_hcd 0000:00:1d.2: setting latency timer to 64 uhci_hcd 0000:00:1d.2: UHCI Host Controller uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3 uhci_hcd 0000:00:1d.2: irq 11, io base 0x00001840 usb usb3: New USB device found, idVendor=1d6b, idProduct=0001 usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb3: Product: UHCI Host Controller usb usb3: Manufacturer: Linux 2.6.31.4 uhci_hcd usb usb3: SerialNumber: 0000:00:1d.2 usb usb3: configuration #1 chosen from 1 choice hub 3-0:1.0: USB hub found hub 3-0:1.0: 2 ports detected usbcore: registered new interface driver usblp Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. usbcore: registered new interface driver libusual usbcore: registered new interface driver ums-datafab usbcore: registered new interface driver ums-jumpshot usbcore: registered new interface driver ums-usbat usbcore: registered new interface driver usbserial USB Serial support registered for generic usbcore: registered new interface driver usbserial_generic usbserial: USB Serial Driver core USB Serial support registered for Belkin / Peracom / GoHubs USB Serial Adapter usbcore: registered new interface driver belkin belkin_sa: v1.2:USB Belkin Serial converter driver USB Serial support registered for Reiner SCT Cyberjack USB card reader usbcore: registered new interface driver cyberjack cyberjack: v1.01 Matthias Bruestle cyberjack: REINER SCT cyberJack pinpad/e-com USB Chipcard Reader Driver USB Serial support registered for Digi 2 port USB adapter USB Serial support registered for Digi 4 port USB adapter usbcore: registered new interface driver digi_acceleport digi_acceleport: v1.80.1.2:Digi AccelePort USB-2/USB-4 Serial Converter driver USB Serial support registered for Edgeport 2 port adapter USB Serial support registered for Edgeport 4 port adapter USB Serial support registered for Edgeport 8 port adapter USB Serial support registered for EPiC device usbcore: registered new interface driver io_edgeport io_edgeport: v2.7:Edgeport USB Serial Driver USB Serial support registered for Edgeport TI 1 port adapter USB Serial support registered for Edgeport TI 2 port adapter usbcore: registered new interface driver io_ti io_ti: v0.7mode043006:Edgeport USB Serial Driver USB Serial support registered for empeg usbcore: registered new interface driver empeg empeg: v1.2:USB Empeg Mark I/II Driver USB Serial support registered for FTDI USB Serial Device usbcore: registered new interface driver ftdi_sio ftdi_sio: v1.5.0:USB FTDI Serial Converters Driver USB Serial support registered for PocketPC PDA usbcore: registered new interface driver ipaq ipaq: v0.5:USB PocketPC PDA driver usb 1-1: new full speed USB device using uhci_hcd and address 2 USB Serial support registered for IR Dongle usbcore: registered new interface driver ir-usb ir_usb: v0.4:USB IR Dongle driver USB Serial support registered for Keyspan PDA USB Serial support registered for Keyspan PDA - (prerenumeration) USB Serial support registered for Xircom / Entregra PGS - (prerenumeration) usbcore: registered new interface driver keyspan_pda keyspan_pda: v1.1:USB Keyspan PDA Converter driver USB Serial support registered for KL5KUSB105D / PalmConnect usbcore: registered new interface driver kl5kusb105d kl5kusb105: v0.3a:KLSI KL5KUSB105 chipset USB->Serial Converter driver USB Serial support registered for KOBIL USB smart card terminal usbcore: registered new interface driver kobil kobil_sct: 21/05/2004:KOBIL USB Smart Card Terminal Driver (experimental) USB Serial support registered for MCT U232 usbcore: registered new interface driver mct_u232 mct_u232: z2.1:Magic Control Technology USB-RS232 converter driver USB Serial support registered for ZyXEL - omni.net lcd plus usb usbcore: registered new interface driver omninet omninet: v1.1:USB ZyXEL omni.net LCD PLUS Driver USB Serial support registered for pl2303 usbcore: registered new interface driver pl2303 pl2303: Prolific PL2303 USB to serial adaptor driver USB Serial support registered for Handspring Visor / Palm OS USB Serial support registered for Sony Clie 3.5 USB Serial support registered for Sony Clie 5.0 usbcore: registered new interface driver visor visor: USB HandSpring Visor / Palm OS driver usbcore: registered new interface driver emi26 - firmware loader PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12 serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 mice: PS/2 mouse device common for all mice rtc_cmos 00:06: RTC can wake from S4 rtc_cmos 00:06: rtc core: registered rtc_cmos as rtc0 rtc0: alarms up to one month, y3k, 114 bytes nvram usb 1-1: New USB device found, idVendor=04b3, idProduct=4481 usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: configuration #1 chosen from 1 choice Driver for 1-wire Dallas network protocol. hub 1-1:1.0: USB hub found hdaps: inverting axis (0) readings. hdaps: IBM ThinkPad T42 detected. hub 1-1:1.0: 4 ports detected input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input4 hdaps: initial latch check good (0x01). hdaps: device successfully initialized. input: hdaps as /devices/platform/hdaps/input/input5 hdaps: driver successfully loaded. md: linear personality registered for level -1 md: raid0 personality registered for level 0 md: raid1 personality registered for level 1 md: multipath personality registered for level -4 md: faulty personality registered for level -5 device-mapper: ioctl: 4.15.0-ioctl (2009-04-01) initialised: dm-devel@redhat.com device-mapper: multipath: version 1.1.0 loaded device-mapper: multipath round-robin: version 1.0.0 loaded cpuidle: using governor ladder cpuidle: using governor menu usbcore: registered new interface driver hiddev usbcore: registered new interface driver usbhid usbhid: v2.6:USB HID core driver Advanced Linux Sound Architecture Driver Version 1.0.20. Intel ICH 0000:00:1f.5: PCI INT B -> Link[LNKB] -> GSI 11 (level, low) -> IRQ 11 Intel ICH 0000:00:1f.5: setting latency timer to 64 usb 1-1.3: new full speed USB device using uhci_hcd and address 3 IBM TrackPoint firmware: 0x0e, buttons: 3/3 usb 1-1.3: New USB device found, idVendor=05e3, idProduct=0608 usb 1-1.3: New USB device strings: Mfr=0, Product=1, SerialNumber=0 usb 1-1.3: Product: USB2.0 Hub usb 1-1.3: configuration #1 chosen from 1 choice input: TPPS/2 IBM TrackPoint as /devices/platform/i8042/serio1/input/input6 hub 1-1.3:1.0: USB hub found hub 1-1.3:1.0: 4 ports detected usb 1-1.3.4: new low speed USB device using uhci_hcd and address 4 usb 1-1.3.4: New USB device found, idVendor=046d, idProduct=c03d usb 1-1.3.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0 usb 1-1.3.4: Product: USB-PS/2 Optical Mouse usb 1-1.3.4: Manufacturer: Logitech usb 1-1.3.4: configuration #1 chosen from 1 choice input: Logitech USB-PS/2 Optical Mouse as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.3/1-1.3.4/1-1.3.4:1.0/input/input7 generic-usb 0003:046D:C03D.0001: input: USB HID v1.10 Mouse [Logitech USB-PS/2 Optical Mouse] on usb-0000:00:1d.0-1.3.4/input0 intel8x0_measure_ac97_clock: measured 55455 usecs (2672 samples) intel8x0: clocking to 48000 usbcore: registered new interface driver snd-usb-audio usbcore: registered new interface driver snd-usb-usx2y ALSA device list: Intel 82801DB-ICH4 with AD1981B at irq 11 Netfilter messages via NETLINK v0.30. nf_conntrack version 0.5.0 (14334 buckets, 57336 max) IPv4 over IPv4 tunneling driver GRE over IPv4 tunneling driver ip_tables: (C) 2000-2006 Netfilter Core Team ClusterIP Version 0.8 loaded successfully arp_tables: (C) 2002 David S. Miller TCP westwood registered TCP vegas registered TCP veno registered TCP illinois registered NET: Registered protocol family 10 lo: Disabled Privacy Extensions tunl0: Disabled Privacy Extensions Mobile IPv6 ip6_tables: (C) 2000-2006 Netfilter Core Team IPv6 over IPv4 tunneling driver sit0: Disabled Privacy Extensions NET: Registered protocol family 17 RPC: Registered udp transport module. RPC: Registered tcp transport module. CCID: Activated CCID 2 (TCP-like) CCID: Activated CCID 3 (TCP-Friendly Rate Control) lib80211: common routines for IEEE802.11 drivers lib80211_crypt: registered algorithm 'NULL' lib80211_crypt: registered algorithm 'WEP' lib80211_crypt: registered algorithm 'CCMP' lib80211_crypt: registered algorithm 'TKIP' TIPC: Activated (version 1.6.4 compiled Oct 19 2009 15:35:24) NET: Registered protocol family 30 TIPC: Started in single node mode Installing 9P2000 support P-state transition latency capped at 20 uS PM: Checking image partition hda11 PM: Resume from disk failed. rtc_cmos 00:06: setting system clock to 2009-10-19 22:04:02 UTC (1255989842) BIOS EDD facility v0.16 2004-Jun-25, 2 devices found md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: Scanned 0 and added 0 devices. md: autorun ... md: ... autorun DONE. kjournald starting. Commit interval 5 seconds EXT3-fs: mounted filesystem with ordered data mode. VFS: Mounted root (ext3 filesystem) readonly on device 3:5. Freeing unused kernel memory: 408k freed Write protecting the kernel text: 5208k Write protecting the kernel read-only data: 2580k Clocksource tsc unstable (delta = -271773305 ns) pcmcia_socket pcmcia_socket1: cs: IO port probe 0x100-0x4ff: excluding 0x4d0-0x4d7 pcmcia_socket pcmcia_socket1: cs: IO port probe 0x800-0x8ff: clean. pcmcia_socket pcmcia_socket0: cs: IO port probe 0x100-0x4ff: excluding 0x4d0-0x4d7 pcmcia_socket pcmcia_socket0: cs: IO port probe 0x800-0x8ff: clean. pcmcia_socket pcmcia_socket2: cs: IO port probe 0x100-0x4ff: excluding 0x4d0-0x4d7 pcmcia_socket pcmcia_socket3: cs: IO port probe 0x100-0x4ff: excluding 0x4d0-0x4d7 pcmcia_socket pcmcia_socket3: cs: IO port probe 0x800-0x8ff: clean. pcmcia_socket pcmcia_socket1: cs: IO port probe 0xc00-0xcff: clean. pcmcia_socket pcmcia_socket1: cs: IO port probe 0xa00-0xaff: clean. pcmcia_socket pcmcia_socket0: cs: IO port probe 0xc00-0xcff: clean. pcmcia_socket pcmcia_socket2: cs: IO port probe 0x800-0x8ff: clean. pcmcia_socket pcmcia_socket2: cs: IO port probe 0xc00-0xcff: clean. pcmcia_socket pcmcia_socket3: cs: IO port probe 0xc00-0xcff: clean. pcmcia_socket pcmcia_socket3: cs: IO port probe 0xa00-0xaff: clean. pcmcia_socket pcmcia_socket0: cs: IO port probe 0xa00-0xaff: clean. pcmcia_socket pcmcia_socket2: cs: IO port probe 0xa00-0xaff: clean. Adding 979924k swap on /dev/hda11. Priority:0 extents:1 across:979924k EXT3 FS on hda5, internal journal kjournald starting. Commit interval 5 seconds EXT3 FS on hda12, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on hda8, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on hda9, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on hda6, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on hda7, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3-fs warning: maximal mount count reached, running e2fsck is recommended EXT3 FS on dm-1, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3-fs warning: maximal mount count reached, running e2fsck is recommended EXT3 FS on dm-0, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3-fs warning: maximal mount count reached, running e2fsck is recommended EXT3 FS on dm-2, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3-fs warning: maximal mount count reached, running e2fsck is recommended EXT3 FS on dm-4, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3-fs warning: maximal mount count reached, running e2fsck is recommended EXT3 FS on dm-3, internal journal EXT3-fs: mounted filesystem with ordered data mode. Adding 1048568k swap on /dev/mapper/MaraUltraBay-UltraBaySwap. Priority:0 extents:1 across:1048568k warning: `miredo' uses 32-bit capabilities (legacy support in use) teredo: Disabled Privacy Extensions ADDRCONF(NETDEV_UP): eth0: link is not ready e1000: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready ADDRCONF(NETDEV_UP): eth0: link is not ready e1000: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready kjournald starting. Commit interval 5 seconds EXT3 FS on dm-5, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on dm-13, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds kjournald starting. Commit interval 5 seconds EXT3 FS on dm-10, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on dm-16, internal journal EXT3-fs: mounted filesystem with ordered data mode. EXT3 FS on dm-14, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds kjournald starting. Commit interval 5 seconds EXT3 FS on dm-9, internal journal EXT3-fs: mounted filesystem with ordered data mode. EXT3 FS on dm-8, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on dm-7, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on dm-12, internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS on dm-15, internal journal EXT3-fs: mounted filesystem with ordered data mode. agpgart-intel 0000:00:00.0: AGP 2.0 bridge agpgart-intel 0000:00:00.0: putting AGP V2 device into 4x mode radeonfb 0000:01:00.0: putting AGP V2 device into 4x mode [drm] Setting GART location based on new memory map [drm] Loading R300 Microcode [drm] Num pipes: 1 [drm] writeback test succeeded in 1 usecs ... </pre>

Split-DNS no longer a panacea

Split-DNS (or Split-horizon DNS) is a technique that has been around for nearly 20 years of firewalls. It used to be an absolutely required mechanism of deployment. When I designed the Milkyway Networks Blackhole back in 1994, specific support was put into place to support and encourage easy configuration of split-DNS.

Here are some more links to what it is:

http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html http://en.wikipedia.org/wiki/Split-horizon_DNS http://wiki.zimbra.com/index.php?title=Split_dns

And while split-DNS worked great in 1995, when all sites had a single upstream firewall, and there was no remote users, or mobile laptops that could move in out, it is no longer such a great thing.

As soon as you have multiple sites (with or without VPN), then you have to make sure that ALL the sites all use the same internal DNS. That means that every site has a recursive internal name server. That's not always easy when you have a lot of sites, or if some of them are small, or have not got much in the way of infrastructure.

Then you need to realize that everyone's laptop may well be a site, if it can move around. And sometimes laptops move to another organizations' Intranet, and then they need two (or more) internal views!!! Which one to pick?

Split-DNS can be made to work if you set up recursive DNS server on every laptop as a stealth secondary for the internal zone, and always use 127.0.0.1 in "/etc/resolv.conf". All of this is easy to do on a *NIX laptop, but how can you do it on a windows laptop? Yeah, you can install the NT version of bind9, and this isn't a bad idea for a lot of other reasons.

What if you need have a VPN/RemoteAccess system on the laptop that won't bring up the VPN until packets flow... so you can't resolve a name until the VPN is up, but you won't bring the DNS up until the name is resolved... Having the names locally also helps for that as well.

With the rise of virtual corporations, where in fact there is no office, just a lot of nomadic laptops with a few central servers, and maybe a cabinet (bay) of servers with VPNs to access things, it can become a major pain to mainitain.

But, it's worth stepping and asking yourself: is it really worth it? What did split-DNS really buy you?

Split-DNS was a way to keep private IP addresses out of the public DNS. To have privacy, and to avoid confusion, because someone else has 10.1.2.3 as their internal mail server too!!!

A subdomain (i.e. 'intra.example.com') mostly works just as well to avoid the confusion. Put "intra.example.com" into people's domain search order, and most of the issues go away.

And the reason for the privacy was because it was belt-and-suspenders on the proper operation of the firewall. Today, firewalls are irrelevant --- they mostly work, and the real concern is compromised Windows PCs... those PCs, if inside, already have access to the internal DNS.... so why make it harder to manage by having split-DNS (or no internal DNS), when that front has already been lost?

And then there is IPv6, coming VERY SOON. (Many of us already use it daily) IPv6 has no RFC1918, so you'll never have confusion. But, where do you put the AAAA records? You have hosts which are "inside", and you may have IPv6 firewalls that prevent most access to these hosts. Part of the whole point of IPv6 is that you can now directly address those hosts, and you can selectively permit access to them via firewall or access control lists. (Remember the client machines are now also directly addressable, and so ACLs work very well now).

Do you put these AAAA records in the internal DNS, or the external one?

Now, add DNSSEC to the equation --- how will you trust the internal zone? It does not have any link to the outside world. Once your external zone is secured, your internal "trusted" zone will look insecure!!! That's another reason to actually make your internal zone (even if you implement it with split-DNS), a sub-zone of your external zone.

Tue, 29 Sep 2009

DomainsAtCost.ca only supports Microsoft Windows

I was told by customer support that domainsatcost.ca supports Firefox and IE, but only on Windows. Lots of things worked, but "DomainMove" (to transfer a zone to another domainsatcost.ca account) does not, and they are not interested in fixing their system at this time.

I will be switching to another registrar. One with a clue. Suggestions welcome.

Mon, 24 Aug 2009

Canadian Blood Services new interview system a failure

On Friday there was a plea from Canadian Blood Services (CBS) for donations. I had deferred/cancelled in the spring because I had a cold, and I didn't reschedule, so I called and made an appointment today for 8:35am.

After they pic my finger, and have me wait ten minutes so that I can have an interview room so that I can answer 58 questions (yet again), I get into the room. I noticed my printout did not have the questions on the back, and I was given a touch screen to answer on. Interesting.

First thing I notice is that there is a Start menu on the lower right, and some icons in the lower right. Huh? The nurse tells me that I can not answer the question (Yes/No/Back/Skip/Replay are the buttons) until it finishes talking. There is a printer in the corner, and the PC is bolted to the bottom of the table, in a nice position so that I can get to all the wires in the back. There is a blue network cable connecting the PC into the wall.

I had my laptop, my N800, and I think I had my DamnSmallLinux USB boot key in my bag too. This is just what I carry on my regular way to work. I also had a projector in a bag, which I was returning to my office. I have to carry it all, since I'm on transit. Sometimes I have a USB powered 5-port hub with me too.

After 7 questions, I poke the Start menu, and see "Run" and poke that. It flashes, but it doesn't come up. (I learn later that there is some "security" system. But, the program did start. Lotus Notes was even installed on the system!)

The questions continue to be read to me, and I continue to be able to answer Yes/No, but the screen does not display the question to me. Once I finish the questions, I read the little plasticized note table about their "eQuestionnaire", I'm told it is going to print the result out, and I'm going to sign them.

The top of the display had my name, birthdate on it. The nurse scan used a bar code reader to scan my admission paper in to bring that data up, I guess. Either it pulled it up out of their database, or the bar code has that information encoded in it. I hope it was all self-contained, and that the computer did not in fact have database/network access.

I go to open the door to let them know that I'm ready.

I explain that the system display froze. It continued to read me questions, and it accepted my answers and it continued on.

The nurse is surprised and annoyed at the computer, and I explain that I do not feel that this system is secure. She asks me to write a suggestion. She says that someone else had commented on this too. Said it was "mickey-mouse" She goes to get another person, and I explain again. She brings me a paper, and I write a message about this.

She is gone for awhile, and I look at my watch. 9:25am, and they haven't even poked my arm yet. This is ridiculous, shouldn't the computer someone speed things up, or make them cheaper, or... ?

Why does it take 45+ minutes just to start giving blood? What is the gain of having the computer ask me questions, possibly violate my privacy, possibly expose the entire CBS database? The eQuestionnaire card says that my answers will be filled in a warehouse in Ottawa. The paper copy!

Let's forget about the security aspect: why are they using XP? (is it even cost effective?) Why do they have explorer.exe running at ALL? Why is the cabling accessible to me, while I sit privately in a room, likely on the inside of their "firewall"?

Let's just focus on what this project is supposed to do? How does adding a computer save any money here? Seriously. What is the opportunity? What is the savings? My guess is that the opportunity is not very large, thus they do not really have much incentive to spend very much to do this correctly. Ironically, they aren't even doing this "cheaply"

I got up, collected by donation card, left the suggestion note and left without leaving any of my blood.

CBS, I think this is scandalous. I think you should keep the manager that approved this --- people need to take chances and try things.

Make sure that we all know who this manager is, because they will be contacting everyone that filled in this touch screen form and explaining that it was their poor judgement that possibly disclosed peoples very private answers.

I think you should fire the "IT" people that were involved. Publically. This should affect their reputation. I don't care if they wrote you a memo that said that you shouldn't do this: they should have refused to do this work.

Tue, 18 Aug 2009

Arnprior Solar Project

On my twice-summer pilgramage to Arnprior to fetch parts to fix things at the (Charlebois) cottage, I passed the Arnprior Solar Project. It is on Galetta (Side) Road, just east of old-Hwy 17. (is it's new name 29?)

I never heard about this before... but they were all these metal easels sticking out of the ground with a cardboard box in front of each, waiting to be assembled.

Some links I found:

http://globalsolartechnology.com/index.php?option=com_content&task=view&id=3233&Itemid=9 http://bcag.mybrockville.com/node/788

The company doing this is: http://www.edf-energies-nouvelles.com/ which seems to be a French company of about 1700 people!

What amazed me is that this location is prime agricultural land. Not something I'd want to repeat that often, but as it's the first of it's kind in Canada, I guess it's a good experiment. I wonder how it will stand up to snow load. I guess EDF will find out.

Thu, 13 Aug 2009

Using mysqldump to do automated backups

One of my annoyances of MySQL is that all authentication is "password" based. I very much prefer PostgresQL's use of Unix sockets, such that if you login as the "postgres" user (or whatever user you are running the cluster as), you are effectively root.

So, one has passwords for the root database user spread all over scripts when you have a MySQL install. Very annoying.

On debian systems (including Ubuntu and JEOS), there is a special userid created called "debian-sys-maint", the init scripts use this ID for shutting down. The password is randomly created and is stored into /etc/mysql/debian.cnf. Read /etc/init.d/mysql if you want details.

How do use this with mysqldump? it does not have a --config option.

Finally, after a lot of googling, I came across the page:

http://dev.mysql.com/doc/refman/5.1/en/option-files.html

it says:

defaults-extra-file The file specified with --defaults-extra-file=path, if any

So, mysqldump can be told to read additional config files!

sudo mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --database myfoo

Wed, 15 Jul 2009

La Ronde -- montreal expo island roller coaster

I went to La Ronde last night after my http://linuxsymposium.org talk. $25 after 5pm, $20 if you buy online. (Internet at my hotel was stuffed, so I couldn't buy online) http://www.laronde.com/

Take Metro to BERI-UQAM, and then take Yellow line south one stop to the island, then take 167 bus "La Ronde" for 5 minutes. It's too far to walk, alas. I got there at 7:30pm, alas. I wish I had got there earlier. (There were plenty of buses at 9pm to deal with the people leaving when the park closes)

I managed to ride "le Monstre" which is one of the larger wooden roller-coasters in North America, apparently. It is fast. They had only one of the two tracks running, otherwise, you'd be "racing" the other track.

I also rode the Goliath, which is a metal coaster. It's not as fast overall, but it has more up-gforces.. I.e. you get weightless as you go over the rises. You are almost standing. I didn't get to ride the one where you hang, and your feet are out, and you go up-side-down.

I did see, next to the Goliath, a diving pool spectacle. It's called Y'Eau. Now I know what happens to retired Olympic divers. Very cool... I just sat down there to finish my food before I lined up for the Goliath... line ups on Monday were not bad... 25 minutes each...

I gotta go back.

I gotta go back with Liam when he is tall enough to ride! I hope he will be into roller coasters.

Amtrak trip to New York state field

It's 3:35pm. We've been sitting in a field in upstate New York State for 45 minutes. Finally, the northbound train just passed us, and we are now proceeding. I guess this is because we were too late to get to the next passing track.

I think we were late leave, the train bridge was under construction, so we were slow leaving, and the border crossing at "Rousse Point" was very slow. 2 hours, I think.

PLEASE, can we not work something out so that US border guards get on the train in Montreal, and work as the train moves?

I understand that there are issues with the US boarder guards being armed... well, the Canadian ones are now (unfortunately, I think) now also armed. At least, could we arrange for Canadian immigration to board at Rousse Point, and process people while the train moves?

(Finally, at 3:50pm, after going around some more of Lake Champlain, we got to Port Henry. I think we are 4 hours late now... Apparently there is no train on Thursday/Friday due to track work. I hope they can improve things)

Mon, 06 Jul 2009

Rails 2.3.x requires new test_helper

I was getting weird errors like:

.../test/test_helper.rb:11: undefined method `use_instantiated_fixtures=' for Test::Unit::TestCase:Class (NoMethodError)

When trying to run "rake test" on an application that actually had no tests defined, (my goal is to add a few) that was built with rails 2.3.2.

It turns out that in rails 2.3 (?- maybe 2.2, my other applications are at

2.1), the unit test cases are now subclassed from ActiveSupport::TestCase

instead of Test::Unit::TestCase.

This matters for both test_helper.rb and the *_test.rb files.

Open proxies vs network censorship vs security issues

http://www.renesys.com/blog/2009/06/the-proxy-fight-for-iranian-de.shtml

this is a very good read as are the previous posts about Iran.

http://www.renesys.com/blog/2009/06/strange-changes-in-iranian-int.shtml http://www.renesys.com/blog/2009/06/iran-and-the-internet-uneasy-s.shtml

The conclusion is sad, but it does remind me of various Verner Vinge books (both Deepness in the Sky and Rainbows End) about needing little mote sized routers....

People we talk to inside Iran say that almost no proxies are usable any more. Freegate, a Chinese anti-censorship application that makes use of networks of open proxies, has proven popular in Iran. But this week, it, too, has been experiencing problems. Many popular applications, like Yahoo! Messenger, have stopped working. The authorities are said to be using power interruptions as a cyberweapon, causing brief outages during rallies that cause computers to reboot, just as people are trying to upload images and video. The net result, as Arbor's excellent analysis shows, has been a drastic reduction in inbound traffic on filtered ports since the election.

If there's a lesson here for the rest of the world, perhaps it's this: Install a few proxy instances on machines you control. Learn how to lock them down properly. Swap them with your friends overseas who live in places where the Internet is fragile. Set up your tunnels and test them. And don't wait until the tanks are in the streets to figure this out, because by that point, you may have already lost the proxy war.

This is why people need to be using privacy and security tools on a regular basis. That was one of the major reasons behind the FreeS/WAN project.

Fri, 26 Jun 2009

BBQ Pizza Recipe

My wife wrote this in a facebook post... while we were watching TV, and I thought it was worth sharing. We first learnt this recipe from a LCBO magazine.

In a jug with 3/4 cup warm water, dissolve 1 packet yeast and 1 teaspoon sugar let it become frothy when it is frothy, add 1/2 Tablespoon of olive oil (extra virgin) spoon not scoop out 1 1/4 cups Tipo 00 flour (found at Italian shops) pour it onto a board and make a well, add a pinch of (sea) salt.

Pour the yeast mixture in to the centre bit by bit working it in moving flour in to middle to incorporate work with flour dusted hands knead dough a few minutes place in a flour dusted bowl & on the top of dough cover with a cloth and let sit in a dark corner of counter 1/2 hr or so.

Divide dough into up to 3 pieces ( you can do 1, 2 or 3) and roll out to desired thickness without it breaking. You can go very thin (2mm or so) if you use the Tipo 00 flour.

Heat grill both sides hot. Very hot. Crank it. When my temperature gauge says 700F, it's ready. We actually had one of the (plastic) handles on the side of our BBQ melt off.

{You will later turn one side down to low when putting pizzas with ingredients on on to the grill}

Brush the rolled out dough with olive oil on one side, and immediately place oil side down 60 seconds. You will have to experiment as different BBQs are different, so have extra dough, or have a back-up meal plan.

Remove from BBQ, (pop on another dough if you have one), and oil the side that was not oiled, (it should be already up), flip it oil down, and grill 15 seconds just to set it.

(In the original recipe, where you aren't using Tipo flour, then flip it over to the cooler side, and let it hang there)

Remove from BBQ, when side 2 (the one currently cooking), just starts to cook. You will finish cooking it later.

Do not flip the dough. Put on your sauce or oil on the side that is cooked the most, the least cooked side will go back on the low heat side.

Put on your ingredients, place back onto the grill on the low heat side with the other side on high cook until the cheese begins to melt (don't pile on a lot) make sure crust is not burning. You need to keep the lid closed, and you need to keep the hot side cranked to keep the heat above up. You can cook more doughes on the hot side, but keep the lid closed as much as possible. If you have help, have someone else open the lid just enough to slide the new dough in/out.

Wed, 17 Jun 2009

Gizmo5 SIP client

Preferring open standards (SIP) to closed systems (Skype), I have been trying the Gizmo Project "Gizmo5" SIP client. It didn't work for along time due to some bugs in the Pulse/libao that were fixed upstream, but debian never considered a bug to release a patch for etch. It started working again in lenny.

I haven't figured out how to properly set my audio device in kphone to be my USB headset. aplay -L says:

marajade-[~] mcr 1102 %aplay -L
front:CARD=I82801DBICH4,DEV=0
    Intel 82801DB-ICH4, Intel 82801DB-ICH4
    Front speakers
surround40:CARD=I82801DBICH4,DEV=0
    Intel 82801DB-ICH4, Intel 82801DB-ICH4
    4.0 Surround output to Front and Rear speakers
surround41:CARD=I82801DBICH4,DEV=0
    Intel 82801DB-ICH4, Intel 82801DB-ICH4
    4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=I82801DBICH4,DEV=0
    Intel 82801DB-ICH4, Intel 82801DB-ICH4
    5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=I82801DBICH4,DEV=0
    Intel 82801DB-ICH4, Intel 82801DB-ICH4
    5.1 Surround output to Front, Center, Rear and Subwoofer speakers
null
    Discard all samples (playback) or generate zero samples (capture)
front:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    Front speakers
surround40:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    4.0 Surround output to Front and Rear speakers
surround41:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=default,DEV=0
    C-Media USB Headphone Set  , USB Audio
    IEC958 (S/PDIF) Digital Audio Output

but I'm unclear what to put into the kphone box, and it does not give me a list of available devices like Gizmo does.

Well, gizmo lets me register to my office's Asterisk PBX, and it does give me a nice list, but I just discovered two problems:

* I can not get DTMF ("Touch Tones") to work through the SIP interface. No setting (inband) or outband (RFC2823) seem to work when I tried to call Porter Airlines, or one of the free conference call systems.

* I started to investigate, and was surprised to see that the registration for my extension did not come from my desktop's IP address. Rather, it came from the GIZMO project! Specically I was registered from:

cirrus*CLI> sip show peer 403
..
  DTMFmode     : rfc2833
  Addr->IP     : 198.65.166.131 Port 5060
  Useragent    : LinGizmo/1.7.07 (Gizmo-s2n1)
  Reg. Contact : sip:17471318555@proxy01.sipphone.com:5060
..
marajade-[~] mcr 1103 %host 198.65.166.131
131.166.65.198.in-addr.arpa domain name pointer northamerica.sipphone.com.

This really surprised me, and may well also explain the DTMF problems. I tried to call Porter Airlines via the GIZMO project, but the call did not complete, so I couldn't tell who was at fault.

This also concerned me because it means that GizmoProject can potentially listen in on my company calls, as they are a registered proxy. They also may get to see (and record?) my SIP passwords which otherwise should not be passing in the clear. (Of course, they could do this anyway as they provided the program I am running, but this is a new tack that I didn't realize)

I shall be building kphone from source, to see if perhaps I can figure out how to properly set the audio I/O device properly.

Mon, 08 Jun 2009

LeftHand networks - not a useful answer

I generally prefer freely available (in the sense of beer and speech) open source solutions that I can tinker with, but I recognize that sometimes a complete, well packaged and well supported solution is a win. I find it especially nice if I know it is really well packaged open source. As a friend says, "I do not do my own dentistry"

I came across LeftHand Networks <http://lefthandnetworks.com/> last fall, and was excited that they were doing a sales presentation in Ottawa in March. What they offer is a virtualized SAN. You run a special virtual machine on each of you diskful physical machines, give them the bulk of your local disk space and these Virtual Storage Appliances (VSA) communicate together than present an iSCSI target. The contents of the disks are replicated (RAID'ed) between machines, so even if one machine goes down, then disk contents continue to be available.

You then point your virtualization infrastructure at this iSCSI target and spin up more virtual machines as guests. This solves an annoyance about the various "live migration" or "vMotion" facilities: you need to have a SAN to make it possible, and the SAN is now a single point of failure, and can be really expensive.

LeftHand supports ESX(i) at present, but my guess is that you can run qemu-img on the vmdk files and boot the thing under XEN. It's clearly a Linux system inside, and they might even have para-virtualization support in (2.6.26+ kernels have that available), so it might "just work" under XEN, even without HVM (VT/Pacifica).

You can download the appliance and run them, and then you tell two of them to join the same group, and they can replicate disks, and you get 30 days of demo license to do this... I'm at day 15, and it was time to find out what the solution will cost.

I got a quote: $5839CDN. Wow. You can buy physical SANs for that price. You can hire consultants to setup Openfiler for you for that price.

I think LeftHand/HP has missed the boat here. I expected to pay $500 to $900 per system and/or site. (I can see many licensing options here).

Wed, 20 May 2009

Oliphant's final comments to Mulrooney

Justice Oliphant asked Mr. Mulrooney,

Mr. Mulroney, you've been on the stand for I think the longest of any witness I have either been involved in as a lawyer or in 24 years as a judge," Justice Jeffrey Oliphant told Mulroney at the inquiry in Ottawa.

I want to assure myself before you leave, sir, that you feel, despite probing questions that may have been asked, that you leave here feeling that you've been treated fairly and with respect."

Mr. Mulrooney then replied:

The probing questions I thought were appropriate and didn't either bother me or offend me in any way. So the answer to the question is very much in the affirmative. And I thank you sir for your kindness."

Well, I could never be so nice. I guess that's why I'll never get to be Prime Minister.

see http://www2.macleans.ca/2009/05/20/oh-sure-its-all-kiss-n-hug-now/

Wed, 08 Apr 2009

building rpms out of git

My friend Michael Soulier writes at: http://www.digitaltorque.ca/2009/04/02/building-rpms-out-of-git/

I find the need to wrap up content into a tar.gz so that I can build it really dumb. It wasn't always like this... with the DEBIAN version the rpm command, I can actually just do:

rpmbuild  -vv --define="_topdir $(RPMTOPDIR)" --define="Version $(VERSION)" -bb pt-vnc-connector.spec

and produce an RPM directly from my source directory... This no longer works with RHEL4/FC8/Centos5 versions of RPM, which I find funny. I was looking at porting the debian RPM package to RPM...

So, I build my RPMs under Debian Etch/Lenny!

Michael also writes:

git clone . /var/tmp/$fullname || exit 1
rm -rf /var/tmp/$fullname/.git*

dest=$HOME/rpms/SOURCES/${fullname}.tar.gz
rm -f $dest
tar -C /var/tmp -zcvf $dest $fullname && rm -rf /var/tmp/$fullname

which I think can be replaced with:

git-archive --format=tar --prefix=$fullname/ . | gzip >$HOME/rpms/SOURCES/${fullname}.tar.gz

Mon, 30 Mar 2009

Febrile Seizures

It's not uncommon in our house for Liam to come running into our room at 2 or 3am, and climb into bed with us. I used to wait for him to go to sleep again, and put him back in his bed, since otherwise, he just kicks and head-butts us all night, and we don't sleep.

Lately he doesn't stay asleep when I return him, or doesn't sleep at all. Meaghan came up with the idea of putting his old crimb mattress under our bed, with sheets on it, and just pulling it out for him when he comes in. Recently, he has a need to hold hands when he goes asleep, so he is even close enough for that.

Yesterday (Saturday), Liam was sick, fevered, and even put himself down for a nap at 2pm. Bedtime was early, and he came into our room.

About 3:30am, after being woken by the cat barf'ing twice in the bathroom, we awoke this morning when Meaghan heard Liam seizing. He was convulsing, teeth going, etc.

The fact of the seizure was startling, but not entirely surprising, although this is his first we've seen. He did spill his juice everywhere on Friday night because what seemed like an arm spasm.

Teeth clenched, shaking, etc. wasn't a grand-mal. I've seen epileptic seizures in adults before (among people who hadn't had them in along time.

What was surprising, and caused us to phone 911 was that he was completely catatonic afterwards... his eyes would be open, with the eyeballs rolled up, or pointing wrong, and he didn't respond at all.

We dialed 911 (emergency), asked for an ambulance, and ambulance dispatch called back 1 minute later asking for details. (I'd never experienced that before, I think. Fortunately, I don't have much experience with 911)

Liam was breathing, although with difficulty as his nose was definitely all stuffed up, and his mouth was not open. I told Meaghan to get dressed, and told her that she was going with him, and I'd come by Vrtucar.

I got dressed after and waited for the ambulance. After they checked him up and hooked up the oxygen, and poked his foot to measure his blood sugar, I went to see about a vrtucar, and found that there wasn't one that was nearby (15 minute walk, and I'd have to swing back to get his car seat), and then I realized that I didn't want to drive. (When your child is ill, driving is really something you shouldn't do. Not having a car is really not that big a deal in a medical emergency. You really don't want to anyway) They ambulance hadn't left, so I went too. They had me ride in the front. We arrived at 4am.

A doctor saw us finally at 8am, and ... no big deal, home by 8:30am.

I was reading online at: http://www.ninds.nih.gov/disorders/febrile_seizures/detail_febrile_seizures.htm and http://en.wikipedia.org/wiki/Febrile_seizure

and there wasn't anything said about how long it takes a child to return to normal afterwards. I asked the doctor, and she said that up to an hour of being out of it was to be expected. Wow. (Yes, I edited the wikipedia page)

Wed, 18 Mar 2009

Monbiot -- too late to avoid climate change?

At http://www.monbiot.com/archives/2009/03/17/a-self-fulfilling-prophecy/ Monbiot writes

Yes, it is true that mitigation has so far failed. Sabotaged by Clinton(5), abandoned by Bush, attended half-heartedly by the other rich nations, the global climate talks have so far been a total failure. The targets they have set bear no relationship to the science and are negated anyway by loopholes and false accounting. Nations like the UK which are meeting their obligations under the Kyoto protocol have succeeded only by outsourcing their pollution to other countries(6,7). Nations like Canada, which are flouting their obligations, face no meaningful sanctions.

(emphasis mine)

I felt very sad and upset reading this article.

Sun, 22 Feb 2009

Charles Stross on open standards

Charles Stross <http://www.antipope.org/charlie> writes in his book GlassHouse, page 47:

"We know why the dark age happened. Our ancestors allowed their storage and processing architecture to proliferate uncontrollably, and they tended to throw away old technologies instead of virtualizing them. For reasons of commercial advantage, some of their largest entitites deliberately created incompatible information formats and locked up huge quantities of useful material in them, so that when new architectures replaced old, the data become in accessible."

"This particularly affected our records of personal and household activities during the latter half of the dark age. Early on, for example, we have a lot of film data captured by amateurs and home enthusiasts. They used a thing called a cine camera, which captured images on a photochemical medium. You could actually decode it with your eyeball. But a third of the way into the dark age, they switched to using magnetic storage tape, which degrades rapidly, then to digital storage, which was EVEN WORSE because for no OBVIOUS reason they encrypted everything. The same sort of thing happened to their audio recordings, and to text. Ironically, we know a lot more about their culture around the beginning of the dark age, around old-style year 1950, than about the end of the dark age, around 2040"

Tue, 10 Feb 2009

How to train good "IT" people

Mike Charlton <mikekchar@gmail.com> said it better than I could have:

I also agree with the trade description for programming.  I firmly
believe that apprenticeship is the best way to teach programmers.
In fact, I believe that University is a *bad* way to teach programmers.
What little pure theory a programmer needs can be taught on
the job IMHO.

But research in programming is very much required.  And there is
a huge amount of theory that is required to advance the state of
the art (which we've touched on).  If it were *actually* studied,
I suppose I wouldn't begrudge an engineering title.  But as
it stands, I also highly disapprove of the engineering moniker.

I believe that Universities should exist, not to train future employees --
that's what a community college is for, but to train future researchers.
And current curricula do a piss poor job of that.  As a poigniant
example of this, we get a semi-recurring plea for help from an
Indian PhD student on the ottawa-agile mailing list (must be
spamming *all* the agile lists, poor guy).  He wants to do research
in the area, but lacks even the basics for which to do so.  I want
to reply, but I can't think of a helpful response (other than,
"Get a new supervisor").  Unfotunately, having talked to several
other researchers in the field, his problem isn't unique.

So in the end we get badly trained programmers from Universities
and likewise badly trained researchers who don't even know the
first thing about what's important in the field.  Finally, in the past
we have also gotten completely untrained "engineers" who figure
they can do programming because they are "smart".  Sigh...
And as Don says, nobody is able to do the job of a Professional
Engineer in programming (ensuring that nobody comes to harm
do to mistakes made) because our field is simply not mature
enough....

But what can you do ;-)

                  MikeC

Wed, 28 Jan 2009

Obama's inauguration speech

My fellow citizens:

I stand here today humbled by the task before us, grateful for the trust you have bestowed, mindful of the sacrifices borne by our ancestors. I thank President Bush for his service to our nation, as well as the generosity and cooperation he has shown throughout this transition.

Forty-four Americans have now taken the presidential oath. The words have been spoken during rising tides of prosperity and the still waters of peace. Yet, every so often the oath is taken amidst gathering clouds and raging storms. At these moments, America has carried on not simply because of the skill or vision of those in high office, but because We the People have remained faithful to the ideals of our forbearers, and true to our founding documents.

So it has been. So it must be with this generation of Americans.

That we are in the midst of crisis is now well understood. Our nation is at war, against a far-reaching network of violence and hatred. Our economy is badly weakened, a consequence of greed and irresponsibility on the part of some, but also our collective failure to make hard choices and prepare the nation for a new age. Homes have been lost; jobs shed; businesses shuttered. Our health care is too costly; our schools fail too many; and each day brings further evidence that the ways we use energy strengthen our adversaries and threaten our planet.

These are the indicators of crisis, subject to data and statistics. Less measurable but no less profound is a sapping of confidence across our land - a nagging fear that America's decline is inevitable, and that the next generation must lower its sights.

Today I say to you that the challenges we face are real. They are serious and they are many. They will not be met easily or in a short span of time. But know this, America - they will be met.

On this day, we gather because we have chosen hope over fear, unity of purpose over conflict and discord.

On this day, we come to proclaim an end to the petty grievances and false promises, the recriminations and worn out dogmas, that for far too long have strangled our politics.

We remain a young nation, but in the words of Scripture, the time has come to set aside childish things. The time has come to reaffirm our enduring spirit; to choose our better history; to carry forward that precious gift, that noble idea, passed on from generation to generation: the God-given promise that all are equal, all are free, and all deserve a chance to pursue their full measure of happiness.

In reaffirming the greatness of our nation, we understand that greatness is never a given. It must be earned. Our journey has never been one of short-cuts or settling for less. It has not been the path for the faint-hearted - for those who prefer leisure over work, or seek only the pleasures of riches and fame. Rather, it has been the risk-takers, the doers, the makers of things - some celebrated but more often men and women obscure in their labor, who have carried us up the long, rugged path towards prosperity and freedom.

For us, they packed up their few worldly possessions and traveled across oceans in search of a new life.

For us, they toiled in sweatshops and settled the West; endured the lash of the whip and plowed the hard earth.

For us, they fought and died, in places like Concord and Gettysburg; Normandy and Khe Sanh.

Time and again these men and women struggled and sacrificed and worked till their hands were raw so that we might live a better life. They saw America as bigger than the sum of our individual ambitions; greater than all the differences of birth or wealth or faction.

This is the journey we continue today. We remain the most prosperous, powerful nation on Earth. Our workers are no less productive than when this crisis began. Our minds are no less inventive, our goods and services no less needed than they were last week or last month or last year. Our capacity remains undiminished. But our time of standing pat, of protecting narrow interests and putting off unpleasant decisions - that time has surely passed. Starting today, we must pick ourselves up, dust ourselves off, and begin again the work of remaking America.

For everywhere we look, there is work to be done. The state of the economy calls for action, bold and swift, and we will act - not only to create new jobs, but to lay a new foundation for growth. We will build the roads and bridges, the electric grids and digital lines that feed our commerce and bind us together. We will restore science to its rightful place, and wield technology's wonders to raise health care's quality and lower its cost. We will harness the sun and the winds and the soil to fuel our cars and run our factories. And we will transform our schools and colleges and universities to meet the demands of a new age. All this we can do. And all this we will do.

Now, there are some who question the scale of our ambitions - who suggest that our system cannot tolerate too many big plans. Their memories are short. For they have forgotten what this country has already done; what free men and women can achieve when imagination is joined to common purpose, and necessity to courage.

What the cynics fail to understand is that the ground has shifted beneath them - that the stale political arguments that have consumed us for so long no longer apply. The question we ask today is not whether our government is too big or too small, but whether it works - whether it helps families find jobs at a decent wage, care they can afford, a retirement that is dignified. Where the answer is yes, we intend to move forward. Where the answer is no, programs will end. And those of us who manage the public's dollars will be held to account - to spend wisely, reform bad habits, and do our business in the light of day - because only then can we restore the vital trust between a people and their government.

Nor is the question before us whether the market is a force for good or ill. Its power to generate wealth and expand freedom is unmatched, but this crisis has reminded us that without a watchful eye, the market can spin out of control - and that a nation cannot prosper long when it favors only the prosperous. The success of our economy has always depended not just on the size of our Gross Domestic Product, but on the reach of our prosperity; on our ability to extend opportunity to every willing heart - not out of charity, but because it is the surest route to our common good.

As for our common defense, we reject as false the choice between our safety and our ideals. Our Founding Fathers, faced with perils we can scarcely imagine, drafted a charter to assure the rule of law and the rights of man, a charter expanded by the blood of generations. Those ideals still light the world, and we will not give them up for expedience's sake. And so to all other peoples and governments who are watching today, from the grandest capitals to the small village where my father was born: know that America is a friend of each nation and every man, woman, and child who seeks a future of peace and dignity, and that we are ready to lead once more.

Recall that earlier generations faced down fascism and communism not just with missiles and tanks, but with sturdy alliances and enduring convictions. They understood that our power alone cannot protect us, nor does it entitle us to do as we please. Instead, they knew that our power grows through its prudent use; our security emanates from the justness of our cause, the force of our example, the tempering qualities of humility and restraint.

We are the keepers of this legacy. Guided by these principles once more, we can meet those new threats that demand even greater effort - even greater cooperation and understanding between nations. We will begin to responsibly leave Iraq to its people, and forge a hard-earned peace in Afghanistan. With old friends and former foes, we will work tirelessly to lessen the nuclear threat, and roll back the specter of a warming planet. We will not apologize for our way of life, nor will we waver in its defense, and for those who seek to advance their aims by inducing terror and slaughtering innocents, we say to you now that our spirit is stronger and cannot be broken; you cannot outlast us, and we will defeat you.

For we know that our patchwork heritage is a strength, not a weakness. We are a nation of Christians and Muslims, Jews and Hindus - and non-believers. We are shaped by every language and culture, drawn from every end of this Earth; and because we have tasted the bitter swill of civil war and segregation, and emerged from that dark chapter stronger and more united, we cannot help but believe that the old hatreds shall someday pass; that the lines of tribe shall soon dissolve; that as the world grows smaller, our common humanity shall reveal itself; and that America must play its role in ushering in a new era of peace.

To the Muslim world, we seek a new way forward, based on mutual interest and mutual respect. To those leaders around the globe who seek to sow conflict, or blame their society's ills on the West - know that your people will judge you on what you can build, not what you destroy. To those who cling to power through corruption and deceit and the silencing of dissent, know that you are on the wrong side of history; but that we will extend a hand if you are willing to unclench your fist.

To the people of poor nations, we pledge to work alongside you to make your farms flourish and let clean waters flow; to nourish starved bodies and feed hungry minds. And to those nations like ours that enjoy relative plenty, we say we can no longer afford indifference to suffering outside our borders; nor can we consume the world's resources without regard to effect. For the world has changed, and we must change with it.

As we consider the road that unfolds before us, we remember with humble gratitude those brave Americans who, at this very hour, patrol far-off deserts and distant mountains. They have something to tell us today, just as the fallen heroes who lie in Arlington whisper through the ages. We honor them not only because they are guardians of our liberty, but because they embody the spirit of service; a willingness to find meaning in something greater than themselves. And yet, at this moment - a moment that will define a generation - it is precisely this spirit that must inhabit us all.

For as much as government can do and must do, it is ultimately the faith and determination of the American people upon which this nation relies. It is the kindness to take in a stranger when the levees break, the selflessness of workers who would rather cut their hours than see a friend lose their job which sees us through our darkest hours. It is the firefighter's courage to storm a stairway filled with smoke, but also a parent's willingness to nurture a child, that finally decides our fate.

Our challenges may be new. The instruments with which we meet them may be new. But those values upon which our success depends - hard work and honesty, courage and fair play, tolerance and curiosity, loyalty and patriotism - these things are old. These things are true. They have been the quiet force of progress throughout our history. What is demanded then is a return to these truths. What is required of us now is a new era of responsibility - a recognition, on the part of every American, that we have duties to ourselves, our nation, and the world, duties that we do not grudgingly accept but rather seize gladly, firm in the knowledge that there is nothing so satisfying to the spirit, so defining of our character, than giving our all to a difficult task.

This is the price and the promise of citizenship.

This is the source of our confidence - the knowledge that God calls on us to shape an uncertain destiny.

This is the meaning of our liberty and our creed - why men and women and children of every race and every faith can join in celebration across this magnificent mall, and why a man whose father less than sixty years ago might not have been served at a local restaurant can now stand before you to take a most sacred oath.

So let us mark this day with remembrance, of who we are and how far we have traveled. In the year of America's birth, in the coldest of months, a small band of patriots huddled by dying campfires on the shores of an icy river. The capital was abandoned. The enemy was advancing. The snow was stained with blood. At a moment when the outcome of our revolution was most in doubt, the father of our nation ordered these words be read to the people:

"Let it be told to the future world...that in the depth of winter, when nothing but hope and virtue could survive...that the city and the country, alarmed at one common danger, came forth to meet [it]."

America. In the face of our common dangers, in this winter of our hardship, let us remember these timeless words. With hope and virtue, let us brave once more the icy currents, and endure what storms may come. Let it be said by our children's children that when we were tested we refused to let this journey end, that we did not turn back nor did we falter; and with eyes fixed on the horizon and God's grace upon us, we carried forth that great gift of freedom and delivered it safely to future generations.

Pascal's wager on Climate Change

Tim O'Reilly says it clearly at: http://feeds.feedburner.com/~r/oreilly/radar/atom/~3/517029803/pascals-wager-and-climate-change.html

In my talks I've argued that climate change provides us with a modern version of Pascal's wager: if catastrophic global warming turns out not to happen, the steps we'd take to address it are still worthwhile. Given that there's even a reasonable risk of disruptive climate change, any sensible person should decide to act. It's insurance. The risk of your house burning down is small, yet you carry homeowner's insurance; you don't expect to total your car, but you know that the risk is there, and again, most people carry insurance; you don't expect catastrophic illness to strike you down, but again, you invest in insurance.