computers

Utah Open Source Conference 2010

In just under two weeks I'll be presenting at the annual Utah Open Source Conference again. This will be my third year attending and presenting and as always I'm excited. The speakers are top notch and the presentations are not to be missed. This year I'll be covering Zenoss, which my company has recently rolled out for our internal monitoring system. If you've ever complained about your monitoring system, or the lack thereof, you will want to check this out.

tags: 

HDCP Key Compromised

As confirmed by Intel, the Blu-ray HDCP master key was leaked the other day. Anybody who is surprised has seriously deluded themselves. The whole concept of DRM is flawed, namely that you'll give people access to watch a video (or whatever) but not give them access to copy it. If you believe that, I'd like to sell you some water that's guaranteed not to get you wet.

One particular thing in the PCMag story stood out to me:

The code to unlock DVDs protected by the Content Scrambling System have been known for years, and are protected by the DVD-CCA, which has sued companies like RealNetworks and Kaleidescape that have attempted to market solutions that rip or store DVD content on a hard drive.

Take note that both RealNetworks and Kaleidescape were DVD-CCA members who paid their license fees and tried to follow the rules. Both were smacked down. This is not about preventing copyright infringement, as evidenced by a visit to any bittorrent site. It's all about preventing anybody from rocking the nice little boat they've got for themselves. It's the medieval guild system re-invented. Nuts to that.

tags: 

apt-get update Fails Due To Gzip Error

This morning I was greeted by a collection of apt-get failures. I use cron-apt on all my servers so I can quickly apply patches. A few of my servers reported the following error when they ran last night:

gzip: stdin: not in gzip format
Failed to fetch http://http.us.debian.org/debian/dists/etch/main/binary-i386/Packages.gz  Sub-process gzip returned an error code (1)
E: Some index files failed to download, they have been ignored, or old ones used instead.

A little googling revealed that it's some sort of bug in apt. The solution was pretty easy, simply remove all the files in /var/lib/apt/lists/partial.

The oddest thing about this issue is that it struck multiple servers of mine on the same day. Seems there must have been something on the Debian servers that triggered it. Maybe the web server crumbled and reset connections, leaving a partial file? That would be my guess but I'll probably never know for sure.

tags: 

Cable One Browser Hijacking

I started seeing alerts today which said the following:

CableONE is excited to present the new in-browser notification system!

CableONE wants to keep you informed about critical service changes, maintenance events and important account information on a more timely, and therefore useful, basis. In order to do so, CableONE may periodically send you bulletins, like this one, which will automatically appear within your Internet browser. This process does not involve collecting any information about your activity on the Internet and, other than this initial communication to receive your preferences, will be a one-way process. To learn more about this new communication method, as well as how to change or configure your notifications, please click the “Learn More” button located above. Thank you!

I immediately opted out of the system as it frankly creeps me out that they're hijacking my HTTP traffic for whatever purposes they want. I can see the temptation. They're planning weather alerts and amber alerts. They want to alert me to network issues which may be affecting me. I get the benefits. Call me old school, but I want an ISP that just connects me to the Internet and leaves my traffic alone.

I also worry about the precedent. Maybe they start sending me notifications of really good deals from their partners. Maybe they start changing banner ads to be from companies they select. Perhaps they start blocking sites they don't like, or that don't pay them a fee. It's a trend I wouldn't like to see started.

Bottom line, if I wanted somebody mucking with my bits, I'd sign up with Comcast.

tags: 

Shaky TV Playback in MythTV


I joined the digital TV revolution yesterday with the purchase of a Vizio 37" 1080p HDTV. So far we are quite enjoying it. One issue that is still ongoing is that the TV's remote overlaps with the DVD player's (which we are also using for the MythTV). When you push the Zoom, number or volume keys you get more than you bargained for.

But that issue is ongoing. The one I'm writing this post about has been solved, thanks to a mythtv-users post I came across. The symptoms were that some video, for me it was anything on CBS or ABC but curiously no others, would be really shaky. It was almost like an interlaced shearing effect, but not so regular or consistent. I played with the interlacing options and output drivers to no end. Finally I came across the above thread and discovered the problem: a bug in the nVidia kernel driver. I simply upgraded to the latest version and the problem went away. This is a very good thing.

Otherwise everything about the MythTV setup has worked well in high-def. I just had to add a "1920x1080" mode in xorg.conf and then do the same in MythTV. I later adjusted MythTV to use fullscreen, regardless of the resolution, which is what it should have been in the first place. I was worried that it might take some major tweaking to get widescreen or high-def or who knows what else, so overall I'm very pleased.

tags: 

HDHomeRun Power Supply

I sadly discovered today that nothing on my MythTV was recording, and even live TV was not viewable. "What gives?" I pondered as I poured through the logs.

# tail -f /var/log/mythtv/mythbackend.log
2010-02-21 22:06:29.747 TVRec(2): Changing from None to WatchingLiveTV
2010-02-21 22:06:29.757 TVRec(2): HW Tuner: 2->2
2010-02-21 22:06:30.768 HDHRChan(xx/1), Error: device not found
2010-02-21 22:06:31.780 HDHRChan(xx/1), Error: device not found
2010-02-21 22:06:31.782 HDHRChan(xx/1): SetChannelByString(6-1), Error: Channel object will not open, can not change channels.
2010-02-21 22:06:31.783 TVRec(2) Error: Failed to set channel to 6-1. Reverting to kState_None

Well, that didn't bode well. I sauntered into the data center (the nook under the stairs without adequate power, lighting or cooling) and found the power light on my HDHomeRun was blinking and worse, so was the light on the power supply. A quick google turned up a known failure with the power adapters on some versions of the HDHomeRun. Guess who was lucky enough to receive one of them?

So this post is just an FYI to anybody else who bought an HDHomeRun. The RMA process is dead simple, just enter your device ID, and they'll send you a replacement for free. But the question is, what are we going to do for 3-7 business days while we wait? Back to live TV again? Oh the humanity!

tags: 

Kamailio Hashtables

A few weeks ago I completed an upgrade from OpenSER 1.2 to Kamailio1.5. Overall it's been working quite well and actually was not nearly as hard as I feared it might be. Now that I've got this new version with a ton of new bells and whistles, I thought I'd try out a few of them. One of the most exciting is shared memory hashtables.

First a quick primer on hashtables. Currently whenever the proxy needs a value from the database it simply queries the database and gets the value. Straightforward, right? But as the system grows, the database can be greatly put under strain. In my Kamailio cluster the single biggest CPU user is in fact the MySQL database by a large margin. And since the database changes pretty infrequently it would be nice if we could cache those values.

The problem is that Kamailio is a multi-process daemon, so what's cached in one isn't going to be cached in another. Enter shared memory hashtables. The same cache is shared among all the processes. Usage is pretty simple. Here's an example:

# IP based authentication
if ($sht(ht1800=>$var(fU)::ipauth) == null){
	if (is_user_in("From", "ipauth")){
		$sht(ht1800=>$var(fU)::ipauth) = "yes";
	}
	else{
		$sht(ht1800=>$var(fU)::ipauth) = "no";
	}
	$var(ipauth) = $sht(ht1800=>$var(fU)::ipauth);
}
else{
	$var(ipauth) = $sht(ht1800=>$var(fU)::ipauth);
}

if ($var(ipauth) == "yes"){
	# do whatever...
}

Don't worry too much about the nitty-gritty. First we check to see if the value is cached (($sht(ht1800=>$var(fU)::ipauth) == null)). If it's set, we just use the cached value and continue. If not, we have to ask the database (is_user_in("From", "ipauth")) and then save the result in the cache. It actually is that easy.

But the $64,000 question, has it helped? Luckily I thought ahead and got some data before I made the change. I grabbed the query log for a day before and after the change. I made sure to select two days where the call usage was the similar (1% difference). Overall there was a 20% reduction in SQL queries.

I only put in the one change as a proof of concept. Since it sure seems to have panned out I'll continue wrapping all my database calls with hashtable caches. One thing I still need to work out is how to invalidate the cache when I make a change through my provisioning system. And once I'm able to upgrade to Kamailio 3.0 I'll switch over to memcached, which has all the benefits of a shared memory hashtable but it's also clustered. Ooh, I'm so excited!

tags: 

dpkg --configure -a

So, just a word to the wise: dpkg --configure -a is not the same as dpkg-reconfigure -a. The former will continue configuring packages where an interrupted session left off. That's a good thing. The latter will reconfigure every package on your system. That, I think I can safely say, is a bad thing.

And no, I don't know anyone who's made that mistake recently. Nope, nobody.

tags: 

OpenWRT and WPA

For whatever reason last night my OpenWRT access point decided to stop working. My laptop would connect for a second and then disconnect. I tried another wifi card and it did the same thing, which eliminated my laptop as the culprit. I turned off WEP and was able to connect. The weirdest thing was when I would try to turn WEP back on, I got this error (in bold):

[root@alberto ~]# iwconfig wl0
wl0 IEEE 802.11-DS ESSID:"zmonkey.org"
Mode:Master Frequency:2.437 GHz Access Point: 00:0F:66:4A:DF:08
Tx-Power:19 dBm
RTS thr:2347 B Fragment thr:2346 B
Encryption key:<too big>

I'm not comfortable without encryption (although honestly I would like to run a captive portal alongside my encrypted network), so after a few reboots and unsuccessful attempts to get WEP working I gave WPA a shot. It's really what I should be running anyway but I've had WEP set up for so long I just didn't feel like dealing with it.

But luckily, it worked out quite flawlessly. Following a guide I found here I got it set up quite simply. I did have to reboot to get the changes to take, but not a big deal. The only remaining problem is reliably getting my laptop to use WPA. That's the real reason I've delayed. I've gotten it to work before, but it's sometimes been a pain. All in the name of progress, I suppose.

tags: 

MindTouch Review


I heard about MindTouch on FLOSS Weekly last week and decided to give it a try. It's a fork of MediaWiki, the framework behind Wikipedia. I've been looking for a wiki for a while so this was a perfect opportunity. Based on the FLOSS Weekly interview I had high hopes, but unfortunately I was quite let down.

The tech in MindTouch is actually pretty cool. The install goes very smoothly. It requires a number of web packages, including Apache, MySQL, and PHP which I already had installed so nothing further was required. The setup was just a few more clicks and away I was going, setting up my wiki.

At that point things seemed great. I spent a few hours creating pages and linking them around. It worked rather smoothly. I really like the embedded FCKeditor which made markup a snap. Life seemed good.

I did have a few problems with the configuration, mainly because just about anything interesting you want to do with the software, beyond an RSS feed, is locked away in the "enterprise" versions. I wanted to set up LDAP authentication or Twitter integration, but no go. Looking through the version lists it seems that they're trying to only put the bare minimum into the open source version. But I figured it was worth a test drive for a few weeks at least.

And then Monday morning hit and I got a curious email in my mailbox. Sam Montes had written to see if I needed any assistance with my MindTouch install. He just wanted to know more about my company and how we planned to use it. Say what?! I went through the roof. At no point during the install was there a "phone home" option displayed. If there had been you can rest assured I wouldn't have selected it (in fact there was an option to join their mailing list and I declined). The fact that they would spy on my like that leads me to suspect their motives. How do I know they're not keeping tabs on all my data? At this point I can't trust anything they say.

I responded to Sam and voiced my concerns. He replied with some drivel about providing the highest level of service and integrity. I'm sorry but I just can't forgive this affront of my privacy. This is the sort of behavior I might expect from a proprietary software company, but I expect more from open source developers.

I've received further email from MindTouch because apparently they put me on their mailing list, despite my request otherwise. I just can't get past this and I shall be uninstalling MindTouch soon. What a shame.

tags: 

Pages

Subscribe to RSS - computers Subscribe to zmonkey.org - All comments