Planet SAGE-AU

rpm-find-changes is a little script I wrote a while ago for rpm-based systems (RedHat, CentOS, Mandriva, etc.). It finds files in a filesystem tree that are not owned by any rpm package (orphans), or are modified from the version distributed with their rpm. In other words, any file that has been introduced or changed from it's distributed version.

It's intended to help identify candidates for backup, or just for tracking interesting changes. I run it nightly on /etc on most of my machines, producing a list of files that I copy off the machine (using another tool, which I'll blog about later) and store in a git repository.

I've also used it for tracking changes to critical configuration trees across multiple machines, to make sure everything is kept in sync, and to be able to track changes over time.

Available on github: https://github.com/gavincarr/rpm-find-changes

This is wonderful – a ‘film’ from when the first automated talking clock was installed in Australia in 1954, by the Post Office because Telecom didn’t even exist then. Prior to that, a human sat at the desk and literally read the time, over and over and over. And you think you hate your job. It goes for four minutes, well worth it to see the classic video, and also shows how the system was a literal clockwork mechanism that played off three discs.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/fp4zlMZVcmM" width="420"></iframe>

I was inspired to look for this by wondering how the talking clock system managed daylight savings. Is there someone whose sole job is to manage the talking clock? What does s/he do, just come in twice a year to shift it back and forth at daylight savings?

The above system managed it because two systems were actually installed, one live and the second ran constantly as a hot spare. When it came to daylight savings, the secondary was manually advanced, and a technician would cut over to that at the crucial moment. The first machine would then be advanced and it would become the hot spare, and the process was reversed at the end of daylight savings. It was some quality engineering, designed to run constantly, which it did for 36 years.

The glass disc mechanical system with the BBC style Received Pronunciation accent was replaced in 1990 by a digital one recorded by Adelaide ABC broadcaster Richard Peach. He passed away in 2008 so possibly the talking clock should contain a warning to indigenous cultures that it contains the voice of someone who has died. This system probably just cuts over automatically. Whenever you replace something wonderfully clever with something merely computerised, a little bit of the magic goes out of the world. Telecom commemorated this fact by making a video twice as long and far less interesting.

<object height="375" width="500"><param name="movie" value="http://www.youtube.com/v/9LVzKHOodC4?version=3"/><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><embed allowfullscreen="true" allowscriptaccess="always" height="375" src="http://www.youtube.com/v/9LVzKHOodC4?version=3" type="application/x-shockwave-flash" width="500"></embed></object>

A little box of Arduino, originally uploaded by indigoid.

So I created a simple little sketch, based on the TimeGPS sample that comes with the TinyGPS library, that waits for a "p" over the Xbee interface and upon receiving it, sends back the date, time, latitude and longitude data from the GPS. The CAN-bus shield uses pins 4 and 5 for the GPS serial interface. I found that the Xbee modules I have (as supplied in the SparkFun Xbee retail kit) have rather shorter range than I'd hoped for, but at least they work and I am learning about their usage. Here's the sketch:

#include <TinyGPS.h>        //http://arduiniana.org/libraries/TinyGPS/
#include <NewSoftSerial.h>  //http://arduiniana.org/libraries/newsoftserial/
// GPS and NewSoftSerial libraries are the work of Mikal Hart

TinyGPS gps; 
NewSoftSerial serial_gps =  NewSoftSerial(4, 5);  // receive on pin 3

void setup()
{
  Serial.begin(9600);
  serial_gps.begin(4800);
  Serial.println("setup...");
}

void dump_lat_long(float flat, float flong) {
  Serial.print("lat : "); Serial.println(flat);
  Serial.print("long: "); Serial.println(flong);
}

#define pdec(x) { Serial.print(x,DEC); }
#define p(x) { Serial.print(x); }
#define s() p(" ")
#define d() p("-")
#define c() p(":")
void dump_datetime() {
  int year;
  byte month, day, hour, minutes, second, hundredths;
  unsigned long fix_age;
  gps.crack_datetime(&year, &month, &day, &hour, &minutes, &second, &hundredths, &fix_age);
  pdec(year); d(); pdec(month); d(); pdec(day);
  s();
  pdec(hour); c(); pdec(minutes); c(); pdec(second); p("."); pdec(hundredths);
  Serial.println();
}

void loop() {
  float flat, flon;
  unsigned long fix_age;
  String msg;
  byte havedata = 1;
  byte polled = 0;
  while (serial_gps.available() && !polled) {
    if(gps.encode(serial_gps.read())) {
      // returns +- latitude/longitude in degrees
      gps.f_get_position(&flat, &flon, &fix_age);
      if (fix_age == TinyGPS::GPS_INVALID_AGE) {
        msg = "No fix detected";
        havedata = 0;
      } else if (fix_age > 5000)
        msg = "Warning: possible stale data!";
      else
        msg = "Data is current.";
      polled = 1;
      if (Serial.available() && Serial.read() == 'p') {
        Serial.println(msg);
        if (havedata) {
          dump_datetime();
          dump_lat_long(flat,flon);
        }
        delay(100);
      }
    }
  }
}

I also wrote a small Perl script that (via Device::SerialPort from CPAN) interrogates the Arduino every 5 seconds or so, using a USB-attached Xbee Explorer. For Linux you will need to change the serial port device filename to /dev/ttyS0 or similar. No idea about Windows, sorry. Again, I started out with some sample code (this time from the Device::SerialPort distribution) and hacked most of it off. Code follows:

#!/usr/bin/perl

use strict;
use warnings;
use Device::SerialPort;

my $file = "/dev/tty.usbserial-A700fbpg";
my $ob = Device::SerialPort->new ($file) || die "Can't open $file: $!";

$ob->baudrate(9600)     || die "fail setting baudrate";
$ob->parity("none")     || die "fail setting parity";
$ob->databits(8)        || die "fail setting databits";
$ob->stopbits(1)        || die "fail setting stopbits";
$ob->handshake("none")  || die "fail setting handshake";
$ob->write_settings || die "no settings";
$ob->error_msg(1);              # use built-in error messages
$ob->user_msg(1);

while(1) {
  $ob->write("p");
  print $ob->input;
  sleep 5;
}

If you are combining the CAN-Bus and Xbee shields from SparkFun, it can be very tempting to plonk the EM406 GPS atop the nice flat prototyping area on the Xbee shield. It's a good fit there! But if stuff suddenly and inexplicably stops working, check that the GPS chassis isn't bridging the terminals on the Xbee shield's RESET switch. I felt like a real idiot :-(

So I wanted a small light at the bottom of the short set of stairs that lead from the door of my apartment into the main living area. I've been learning about Arduino lately, so I figured this might be a practical experiment. I decided to use a reed switch to sense when the door had been opened.

After getting frustrated at the reed switch functioning just fine when closed (Arduino digitalRead() returning HIGH) but bouncing around randomly when it should have been staying open, I did some Googling and found that I should have used a pullup resistor to coax the current in the right direction. I don't pretend to understand why this works, but I intend to find out.

Anyway, I used a circuit based very much on this one, plus of course an RGB LED to do the actual lighting. The next step is to grab a couple more RGB LEDs (I only had one on hand that had been supplied in the Sparkfun Inventors Kit) and make it brighter.

Learning about and experimenting with Arduino has been a lot of fun so far. Am working on a larger project for the bike. Along the way I've dramatically improved my soldering skills, though they are still pretty terrible!

#include <Time.h>

// pins
const int reedswitch = 2;
const int red = 9;
const int green = 10;
const int blue = 11;

// door states
const int DOOR_OPEN = 0;
const int DOOR_CLOSED = 1;

// minimum time the courtesy light will stay on for (seconds)
const int MIN_OPENTIME = 10;

///////////////////////////////////////////

int door = DOOR_CLOSED;
int last_open_at = 0;

void setup() {
  pinMode(reedswitch, INPUT);
  setTime(0);
}

void rgbled(int r, int g, int b) {
  analogWrite(red,r);
  analogWrite(green,g);
  analogWrite(blue,b);
}

void loop() {
  int reedswitch_state = digitalRead(reedswitch);
  if (reedswitch_state == HIGH && now() >= last_open_at + MIN_OPENTIME) {
    door = DOOR_CLOSED;
  } else if (reedswitch_state == LOW) {
    last_open_at = now();
    door = DOOR_OPEN;
  } else {
    // no change in state, do nothing
  }
  if (door == DOOR_OPEN) {
    rgbled(255,255,255);
  } else {
    rgbled(0,0,0);
  }
  delay(500);
}

Did you think I was dead?  No I’ve just been busy playing my guitar.  I have several songs on the boil at the moment, but this one is complete.  It has random 5/4 timings and a four part guitar harmony bit.  Also, it’s strong and grrr yeah!  Listen to I Defy

Just got this email...:

We're pleased to announce that your proposal(s) has/have been ACCEPTED for LCA2012.

<SNIP>

---
 IPv6 Dynamic Reverse Mapping - the magic, misery and mayhem
---

So - wow! I'll see you there :)

The iPhone home screen has four icons stuck at the bottom of the screen. For the last year I had there Safari, Mail, Phone and Facebook.

Yesterday I swapped Facebook for Podcaster, which I have been using more frequent in the last four months.

Facebook is for people who are bored.
Podcasts are for people who want to learn!

Kudos to Google for providing linux plugins for their Google Plus Hangouts (a multi-way video chat system), for both debian-based and rpm-based systems. The library requirements don't seem to be documented anywhere though, so here's the magic incantation required for installation on CentOS6 x86_64:

yum install libstdc++.i686 gtk2.i686 \
  libXrandr.i686 libXcomposite.i686 libXfixes.i686 \
  pulseaudio-libs.i686 alsa-lib.i686

ik wou dat ik een oma had
die ik soms zomaar op mocht bellen
en die 's avonds bij m'n bedje zat
om mij een sprookje te vertellen

maar oma's hebben allemaal al iemand
voor wie ze oma kunnen zijn
ze zitten dan wel in tehuizen
maar elke zondag is het kamertje te klein

dan komen ze allemaal op visite
en vragen of ze een zwaantje vouwt
en als ze 's avonds moe gaat slapen
weet ze dat er iemand is die van haar houdt

hoe zou het dan toch komen
dat heel veel oma's eenzaam zijn
en van hun kleine kinderen dromen
die nu veel groter en verhinderd zijn

al die oma's die truien breien
waarvan niemand zegt: wat fijn!
die hoeven me dat truitje niet te geven
maar willen ze alstjeblieft mijn oma zijn?

Morrison

het is al bijna avond
wat gaat zo'n dag toch gauw
ik klim zo in mijn bedje
en dan
denk ik weer aan jou

dan lig ik stil te luisteren
naar de geluiden om me heen
dan hoor ik
zoemen tikken fluisteren
want ik lig hier niet alleen!

soms vertel ik mijn avonturen
aan Tiberius
da's een bromvlieg
en die woont op het kozijn
dan snort ie heel tevreden
want als er iemand tegen 'm praat
dat vindt Tiberius hartstikke fijn

vandaag ook Ricky nog gesproken
die woont bij de kersenboom
het is een soort van rups
maar hij wil later vlinder worden
net als zijn vader en moeder
en zijn tante en z'n oom

zelf wil ik
als ik later groot word
proberen klein te blijven
omdat Tiberius en Ricky anders
bang voor me zijn

dan blijf ik ook dichter bij
de bloemen
en zal ik altijd
gelukkig zijn

Morrison

Like another 70 million or so people, my personal details were probably compromised in the Great Playstation Hack of 2011. This has probably left me open to IDENTITY THEFT.  ZOMG ZOMG call Today Tonight, blah blah whatever.  So far the total cost to me has been: I got two free games and an animated dragon on my Playstation login screen.  No wait that was the gain, the loss was umm…

Woot! Free Stuff!

Now this doesn’t exonerate Sony for failing to properly secure the credit card details I gave them.  I dunno if these are even at risk, various articles say various things but ultimately credit card companies cover fraud pretty well and Mon keeps a good eye on finances so she’d notice if I bought a television in Bolivia or subscribed to LichtensteinGayPorn.com or whatever so I’m less worried about that than other people may be.

What do you think? Do we get Xbox or PS3?

The real danger is allegedly what they call identity theft.  This is where you get hold of enough details about a person to start doing financial things in their name.  I don’t even remember what I have told PSN about me. Probably name and address, email address, umm maybe my mother’s maiden name or something?  That’s enough to start finding out lots about me I’m sure and maybe even to create debt in my name. This has happened to a close friend some years back, entirely unrelated to any known hack, so it’s possibly doable with reasonably public details and some social hacking skills.

But is this my identity?  Obviously it’s a serious issue on an economic level, but if it happened it wouldn’t mean the theft of my identity. Like if you steal my laptop, now I don’t have a laptop and that is pretty annoying, and it will cost me to replace it.  But if you steal my identity, what have you taken from me? I’m still me. Would I insult my friends, alienate my workplace, annoy my wife even more than usual, pawn my guitars or parent my children differently? Would I, after the loss of my identity, wake up one morning and barrack for Collingwood, or vote for the CDP?  Could anyone, with any of the details on the internet, even what I have posted on this blog, take away the essence of what makes me me?

Maybe...

I guess it depends on how you define your identity.  With these details, you could steal my money.  You could potentially wreck my career.  For many, I guess that is what they define themselves by, so maybe you could actually take away some part of their identity.  But me?  You could take those things without removing anything that is essentially Jase.

The Kayako 3 -> 4 upgrade process is a little convoluted. You have to install a fresh copy of 4, then run a script to import your Kayako 3 data. For large installs you need to run the script multiple times to fully migrate your database, which is a problem because the script interactively asks for your database credentials every time it's run. You don't really want to babysit the multi-hour migration process do you? Fear not, just patch the code:

--- __swift/modules/base/console/class.Controller_Import.php.orig    2011-06-16 12:09:40.000000000 +1000
+++ __swift/modules/base/console/class.Controller_Import.php    2011-06-16 12:11:06.000000000 +1000
@@ -75,12 +75,12 @@
        $this->Console->WriteLine('====================', false, SWIFT_Console::COLOR_GREEN);
        $this->Console->WriteLine();
 
-       $_databaseHost = $this->Console->Prompt('Database Host:');
-       $_databaseName = $this->Console->Prompt('Database Name:');
-       $_databasePort = $this->Console->Prompt('Database Port (enter for default port):');
-       $_databaseSocket = $this->Console->Prompt('Database Socket (enter for default socket):');
-       $_databaseUsername = $this->Console->Prompt('Database Username:');
-       $_databasePassword = $this->Console->Prompt('Database Password:');
+       $_databaseHost = 'localhost';
+       $_databaseName = 'kayako3database';
+       $_databasePort = '3306';
+       $_databaseSocket = '';
+       $_databaseUsername = 'kayako3user';
+       $_databasePassword = 'sekret';
 
        if (empty($_databasePort))
        {

This post brought to you by too long spent trying to automate this with an expect script, before discovery of the fact Kayako don't encode all their PHP.

Last week it was decided that my mallet finger had to be fixed via an operation during which I will get two wires inserted into my finger: One below the nail which will push the broken piece back against the bone, and one through the upper bone and halfway the middle bone so that bone doesn't move anymore.

Today was the big day. We had to be in the hospital at 08:30, which is about half an hour before Dirkie and Hanorah go to school. So they slept with their grandparents and were very excited about the fact that they got breakfast in a plastic bag in the car on their way to school. I wish everybody was so easily pleaseble.

When you made the appointment to go to the hospital, you know from the moment you enter the building you have lost control over your life until you leave you are on somebody elses schedule. It will involve a lot of waiting, and there is nothing you can do about it:

• Waiting at reception to go to the waiting area for day surgery.
• Waiting at the waiting area for day surgery to go to the beds at day surgery.
• Waiting at the beds at day surgery to go to the pre-operation room.
• Waiting at the pre-operation room to go to the operation waiting room.
• Waiting at the operation waiting room to go into the operation room.
• No waiting here, because this operation room is expensive!
• Waiting at the operation room to go into the recovery room.
• Waiting at the recovery room to go to the day surgery.
• Waiting at the day surgery to get out.

Before you get in the operation room, you will be asked the same question every time: Your name, date of birth, name of the doctor and what they are going to do on you. Just to make sure they have the right guy in front of them.

The procedure done on my finger was over in 20 minutes. The anastetic I got was a finger block, two needles in my hand which neutralized all feeling in the ring finger, and some drowsiness stuff which I think didn't really work at all. During the operation I could hear the drill, but not feel the things they did on my finger.

At 14:30, after the operation and when I was out of bed, I was given an arm sling to keep my hand up and a prescription for painkillers. Six hours real-time for a 20 minutes procedure, it's very low duty-cycle.

The finger itself now has a splint at the top of the hand and a lot of bandage around it. You can see the wire sticking out at the top of my finger, which is right now not scary yet...

I was told to take the painkillers when my fingers started to tingle, which was a couple of hours later. Since the pain didn't come back after that, I didn't take anymore and slept through the night.

So is there pain? Yes and no.

There is irritated skin (for lack of a better description) around where the wires are sticking out. But there is no pain because of the drilling, which can be either because there is no pain or because the nerves in my pink and ring finger there are numb: For the last four years I haven't had any feeling in them. I have seen a specialist for it who has done the famous frog tests which will pull your muscles when an electrical current is going through them and they didn't find anything wrong with the nerves there.

Maybe that has gotten me through the night without painkillers, maybe there was no pain to start with...

On Monday I have my first physiotherapy at 08:00.

We went to see the hand-surgeon. From the X-rays he saw that the break was at a nasty location: it was broken of in the contact area of the joint. First a proper cast instead if the splint and then new X-rays in case the piece of bone was put back in place by the cast: it wasn't.

So the next options were: leave it like this and it will be half-fine or have an operation and it will be fully fine. There are two kind of operations which he could do: a screw with which the broken piece get puts back or a two-wire approach with which the broken piece gets pushed against the bone and regrows that way. Because of the size of the piece broken off we chose for the wire.

After the operation I will have two pieces of wire sticking out of my finger for four to six weeks, but they are luckily under a dressing, and have a cask for that period too. After that everything should be back in volleyball-playing-condition again!

Next update: Coming Wednesday most likely.

Something I just ran in to. If your username or current directory has an escape code in it (say, because your username is from Active Directory like "DOMAIN\alex.jurkiewicz"), the default Bash shell on Centos 5 has problems. Depending on the escape code you might get a broken prompt or even no terminal output at all!

The problem is that PROMPT_COMMAND set in /etc/bashrc is set to interpret escape codes in the username and current directory:

PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'

PROMPT_COMMAND is run each time before the prompt is printed. Here it is used to set the xterm or GNU screen window title.

There are two ways to fix this:

1. Add 'unset PROMPT_COMMAND' to your .bashrc. This will stop your xterm / screen title from being updated but is a simple fix.
2. Set PROMPT_COMMAND properly using override files in /etc/sysconfig, so $USER and $PWD are echoed literally without escape code interpretation. Create the following two files with +x permissions:

/etc/sysconfig/bash-prompt-xterm:

# Duplicate of default PROMPT_COMMAND, but using a single command to stop race conditions and without escape code interpretation for USER, HOSTNAME and PWD
printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"

/etc/sysconfig/bash-prompt-screen:

# Duplicate of default PROMPT_COMMAND, but using a single command to stop race conditions and without escape code interpretation for USER, HOSTNAME and PWD
printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"

(The printf statement was taken from this RH bug.)

Logging out and back in again should result in a fixed terminal.

Drush make is a wonderful tool for constructing Drupal platforms. A lot of Drupal developers are used to adding a list of modules, a few libraries and theme or 2 then running drush make to build their platform. It all seems pretty easy. What if I told you module developers could make things even easier for site builders?

Some contrib modules depend on third party libraries, and due to various reasons they can't always be stored in git repositories on drupal.org and included in the module release. To solve this problem module developers can include a .make file for their module. Drush recursively processes make files, so the module make file would be processed once found by drush make.

A good example of where this could be useful is the SMTP module, which depends on the LGPL licensed PHPMailer library. The module also requires a patch to be applied to the library, which drush make can apply for us. The following .make file could be included in the SMTP module as smtp.make:

core = 6.x
api = 2

libraries[phpmailer][download][type] = "get"
libraries[phpmailer][download][url] = "http://downloads.sourceforge.net/project/phpmailer/phpmailer%20for%20php5_6/Previous%20Versions/2.2.1/phpMailer_v2.2.1_.tar.gz"
libraries[phpmailer][download][md5] = "0bf75c1bcef8bde6adbebcdc69f1a02d"
libraries[phpmailer][directory_name] = "phpmailer"
libraries[phpmailer][destination] = "modules/contrib/smtp"

libraries[phpmailer][patch][drupal-compatibility][url] = "http://drupalcode.org/project/smtp.git/blob_plain/2acaba97adcad7304c22624ceeb009d358b596e3:/class.phpmailer.php.2.2.1.patch"
libraries[phpmailer][patch][drupal-compatibility][md5] = "2d82de03b1a4b60f3b69cc20fae61b76"

Now when the SMTP module is included a normal drush make file it will be downloaded, the PHPMailer library will be downloaded and patched ready for use.

Unfortunately there are some limitations to this approach. Firstly it assumes that the SMTP module will be installed under the modules/contrib directory, which is accepted best practice, but may not suit everyone's needs. When I tested this with the current stable version of drush make (6.x-2.2) it failed, and drush make 6.x-3.x from git needed to be patched. Hopefully a fix for this can be backported to the 6.x-2.x branch and included in a future release.

Update: I have posted the make file for the SMTP module as patch in issue #1159080.

As much as I love Zimbra, I find their Debian packaging frustrating. Why do they insist on shipping half broken debs? I can excuse vmware for being too lazy to provide proper descriptions for their packages, although the generic "Best email money can buy" text seems a little lame. Failing to populate the "Provides" field is brain dead. This makes it possible to install mailx on a server running Zimbra without installing another MTA.

I've created a simple workaround deb which provides mail-transport-agent and depends on zimbra-mta. The deb also symlinks the zimbra sendmail binary to /usr/sbin/sendmail - where it belongs. Now mailx and other tools which depend on mail-transport-agent can be installed. The package should work with both Debian and Ubuntu.

The source available on github, or you can download a prebuilt platform independent deb from github's download manager. The package is released under the terms of the WTFPLv2.

I hope that Zimbra builds better debs and makes this package obsolete.

I really want to attend DrupalCon Chicago, which kicks off in just over 4 weeks. The problem is that since DrupalCon Copenhagen business has been pretty quiet and so I find that I can't really afford to fund it myself. After deciding I had to be in Chicago I got creative about how to make it happen. The buy a line project was born.

Instead of just asking people to kick in some cash to get me to Chicago, I felt it was only right to earn my keep. People can buy a line of code, or sentence of documentation for Drupal. All code and docs created will be contributed to drupal.org. Buyers are free to specify where the lines are to be contributed, or leave me to decide. I'm looking forward to writing some of the lines on the Drupal Bus.

Recently I have been working on porting the UUID module to Drupal 7. I hope to get this module into Drupal 8 core. To make this happen I have to be in Chicago! Improvements to UUID will mean that content can be packaged up and moved around like configuration can be using the Features module.

All buy a line issues will be tagged so people can watch my progress. The first lines of code have been contributed to the getID3() module, so Drupal Commons can be installed by Aegir.

Thanks to everyone who has contributed so far. I have almost covered the DrupalCon ticket I bought from the Gizra team.

Please consider buying a line (or more) to help get this Drupal geek to Chicago. This is a great way of getting a module ported to Drupal 7, better documentation or even just a bug fixed. I have a decent track record of contributing to the project.

When deciding how many lines to buy, think about this - if I don't make it to Chicago, who will lock themselves out of their hotel room at 4am - naked!

I spent the weekend at Drupal Downunder in Brisbane. The venue was excellent. I'm a fan of not using "traditional" venues for conferences, to help make them even more memorable for attendees.

I managed to catch up with a bunch of people. The relaxed feel about the event was great. Most conferences I've attended recently have either been large or I've helped organise them, this time I could relax and enjoy.

On the Saturday I presented Building Distributions with Drupal 7, which had a small turn out as I was up against Josh Koenig and his Pantheon presentation. My presentation was hampered by lack of internet connectivity, but I think it went well. I used Lego, Duplo and Quatro blocks to demonstrate the evolution of Drupal distros.

Saturday night involved a pub crawl with various DDU and LCA folks. The highlight of the crawl was the Mana Bar, which is a gamers bar, that has a good collection of retro consoles and games on display.

I spent a fair bit of Sunday in the hallway track. I discussed the D7 port of UUID with Dries, which helped confirm the direction I was heading with it. Several people wanted to discuss my $100 Drupal site blog series. I also gave my Horizontally Scaling Drupal presentation, which was very well attended. Unfortunately due to people torrenting there was no usable internet access for my presentation. I had to skip the post event BBQ so I could fly back to Melbourne.

The lack of mobile signal and wifi made it frustrating to prepare and present. I would have liked to have seen an inclusive social event organised on the Saturday night. Overall I really enjoyed DDU and the organisers are to be congratulated. The vegetarian food options were excellent.

Thanks for Four Kitchens for funding me to get to DDU. I have just started contracting with them, so I really appreciated them covering my trip.

DNS is a wonderful distributed system, with plenty of safeguards and fallbacks to ensure continuous operation.

But still, screwups happen. Here's some tips on what to do to try to ensure you aren't caught out in the cold.

Tip 1: Have multiple servers.

Without a doubt, this is the biggest tip about DNS. Designed in from the beginning was an assumption that you'd have multiple nameservers for a given zone. So... have them!

Put them as far apart as you reasonably can - different hosts, different networks, different power. The more they share, the more risk you're in.

Countertip: Hosting your DNS server only over your ADSL link.

Tip 2: Do backups.

Pretty standard sysadmin fare. RAID isn't a backup, and neither is a slaved nameserver.

Tip 3: Nameservers must all agree.

You know how kids will sometimes ask their parents the same question independently, hoping for a different answer? It's important that the parents always give the same answer, and it's downright vital that your nameservers do too. Don't let them get out of sync!

Typically, zone transfers fix all your woes here, but do make sure they're working.

Tip 4: Test your changes directly against all nameservers.

It's just a small change, right? What could go wrong? Lots! So test each server individually. If one doesn't update, maybe you have a problem that you need to fix. (Or maybe it's just a bit laggy - it happens). "dig" is your friend.

Countertip: Not realising until too late that you're breaking Tip 3

Tip 5: Make your NS records match your glue.

If you've told your domain registrar that your nameservers are ns1.example.org and ns2.example.org, then make sure you put that in your zone file too - all sorts of wacky caching issues can ensue when you don't.

Tip 6: If you use a CNAME record, don't use anything else.

CNAMEs are a really convenient way of saying "www.example.org is really webserver.example.org". You can't then say "But www has an MX of foo.example.org" or "www is also a subdomain with nameservers at ...".

That'd be contradictory, because you've already said with the CNAME that it's really webserver.example.org. It can't be both, if it's both then it's actually something different altogether and needs its own records.

Relatedly, don't point a CNAME at anything other than a plain hostname - Don't try to CNAME www.example.org to example.org, it'll just break stuff.

Tip 7: Don't firewall out DNS queries to your nameserver.

No, really. The whole internet needs to be able to look up domain names, not just some of it, not just most of it. (You're excused if it's a private nameserver, of course!).

Counterpoint: Using bogon filters on nameservers and ignoring genuine queries.

Bonus Tip: Monitor your servers.

If you're running DNS servers in production, monitor them so you know that you haven't lost one. Once it's all set up right, you really can lose one without noticing.

Note that this probably also works with other BMW models with the tyre pressure monitoring (RDC) option fitted, but I have only tried it on my K1200GT.

If you need to adjust your tyre pressures and you don't have a tyre pressure gauge with you:

1. ride the bike until the dash starts displaying the pressures
2. stop the bike and then stop the engine, without touching the key in the ignition. Use the kill-switch
3. adjust pressures, noting that as you do so, the dash display changes
4. ride the bike :-)

This may be obvious to people smarter than me.  RDC is a wonderful feature to have.

A quick blog post to wrap up 2010...

Work: Happy, challenged, excited. No serious complaints. Learning about AIX and Puppet, and of course Linux sysadmin continues to be my main role. Looking forward to the SAGE-AU conference in Melbourne, in September 2011. Didn't take as much time off as I should have, but riding my bike to and from Hobart for the 2010 SAGE-AU conference was extremely satisfying and gave me a good chance to be out of the office and clear my head.

Not-work: In May I started living and working in Sydney full-time. Have been appreciating commuting by train. I ditched my Nokia E71 for an iPhone 3GS and am loving it; it has been the single most satisfying tech purchase I have ever made. Haven't spent as much time in the gym as I should have, but this sorry state of affairs will not continue. I haven't spent nearly as much quality time with Anna as I'd like (we do live in different cities, after all), but I am hoping that this can improve in 2011.

Motorcycling, overall: I put about equal kilometres on the Dakar and K1200GT this year, and in total, rather fewer than last year. I don't have an odometer figure for the K-bike as of January 1 this year, but I do for the Dakar. A combined total of about 35000km, I think. The K1200GT odometer currently reads 51610km, and the Dakar odometer tells a very similar tale. My BMW Roadside Assistance subscription proved worthwhile as I achieved four punctured tyres in three months of riding.

K1200GT: This year saw a lot of warranty repair work on the K-bike, mostly at the time of the 40000km service, where it was at the dealer for a month or more. It now has a K1300 gearbox and clutch, and this does appear to be a bit better than the old units, but still not nearly as good as your average Japanese bike, such as a friend's Blackbird that I had the significant pleasure of borrowing.

F650GS Dakar: 2010 saw this bike back on the road after a bit of a hiatus, and I still have a deep, abiding love for it, especially the delightful little Rotax engine. 40000 and 50000km services were done, and I with the aforementioned Blackbird owner's help, I finished the Pro-Oiler install. The bike still needs more work, though, needing new chain/sprockets, new tyres and (for the second time) new steering head bearings. Michelin's perennial supply problems caused me to get Pirelli's gimmicky new Angel ST tyres instead of my usual Pilot Road2, and this was a mistake that I won't repeat.

Projects: In 2010 I acquired a Honda XL250 K0 (early 1970s model) and the other day I also acquired (Free! Thanks, Norm!) a Honda CT110 "postie" bike. The XL250 has a long road ahead, as I'd like to fully restore it. The CT110 on the other hand I would like to have registered and ridable as soon as possible. I don't think it will cost very much at all to get there. Job #1 is to transport it to my Sydney garage from its current location.

After an evaluation of SplashID (made by SplashData) as a new password manager for my workplace I've come to the conclusion it's snake oil rather than secure. And not just snake oil, but poorly designed snake oil. Here's why.

The architecture of SplashID is simple. The backend is a plain MySQL database. The user interface is SplashID's app, available on Windows and Mac. When you start your client and log in, it communicates directly in MySQL-speak to the database backend. The connection to MySQL is SSLified (yay!), although bizzarely SplashData call this encryption "IPSec". Not having an actual server process between the clients and database is an unusual design, but it's possible to build something secure this way so we press on.

In SplashID's world, each user's access credentials are made up of three parts. Since each user has a MySQL account, the first two are a username and password. The third part is a "master password". What's a master password? I'm glad you asked. You see, every cell of data in the SplashID database is encrypted with the same key. (Encrypted with AES-256 and Blowfish. Why use two ciphers? Why not!) The encryption key is, of course, the "master password". Because all data is encrypted with this key, every user has to have access to it. Most programs do this by storing the "master password" in the database, one copy per user, encrypted with that user's password. Unlike these programs, SplashID just makes every user remember piece of secret information. Why SplashID does this is another mystery, and a strike against them for poor UI design.

Let's investigate this "every user is a MySQL user" concept. I've created a limited user for myself in SplashID with no access to any passwords. The Splash client app obviously lets me see nothing, but how about a generic MySQL client?

Inappropriate syntax highlighting turn on!

$ mysql -u user1 -p -h splashtest
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 92 to server version: 5.1.47-community
 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| splashiddb         |
+--------------------+
3 rows in set (0.02 sec)
 
mysql> use splashiddb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
 
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_splashiddb  |
+-----------------------+
| apppreftable          |
| attachmenttable       |
| columninfotable       |
| customicontable       |
| customtypetable       |
| databaseinfotable     |
| eventloggertable      |
| groupsubgrouptable    |
| grouptable            |
| mostviewedtable       |
| recentlyaddedtable    |
| recentlymodifiedtable |
| recentlyviewedtable   |
| recordtable           |
| typetable             |
| usergrouptable        |
| usertable             |
+-----------------------+
17 rows in set (0.02 sec)

It looks like there's only one table that all passwords are stored in. MySQL doesn't offer per-row access controls, but surely I can't view every password in the database with my limited user???

mysql> select * from recordtable\G
*************************** 1. row ***************************
RECORDID: 1F6642A0C892BC76
TYPEUID: 0000000000000013
GROUPUID: 1F66429EC892BBDB
FIELD1: <blob>
FIELD2: <blob>
FIELD3: 
FIELD4: 
FIELD5:
FIELD6:
FIELD7:
FIELD8:
FIELD9: <blob> 
FIELD10: <blob>
NOTE:
HASATTACHMENT: 0
HASCUSTOMFIELD: 0
VIEWCOUNT: 6
*************************** 2. row ***************************
[snip]
10 rows in set (0.03 sec)

Oh dear. Oh dear oh dear.

mysql> Bye

So there you go. Every user in SplashID, no matter how limited, can view every password in the database, all encrypted with a key they know. Another strike against SplashID. They need a miracle now.

And hark! Here comes the explanation from SplashData. I emailed them specifically regarding my findings, wanting to make sure this wasn't some huge mistake. I asked:

...every cell is encrypted using the same process, right? From that it follows that if a user can decrypt one cell, they can decrypt every cell. The only protection is that your encryption routine is not published. Or am I missing something?

The reply:

That’s right Alex.

That’s why I mentioned-
> Actually, they don't use the same key. AES key is a hash function of the
> Blowfish key. I'm sorry I cannot give you more details on the algorithms we use.

So, if the user knows the Blowfish key, it is not enough. They still need to decrypt using SplashID Enterprise application.

Even though every user can download the entire encrypted database, even though the master password decryption routine is stored in the client side application, it's all fine because nobody has ever reverse engineered an application to extract a single hash function before! In the end, the previous security missteps hardly matter compared to this blunder. All it will take is one enterprising security researcher or blackhat to figure it out and put their findings on the web, and suddenly every password in every SplashID install is wide open for the taking by its users.

We won't be using SplashID at my workplace, and my advice to you, dear reader, is to avoid them too.

(Apologies for the triple-layer title, but it's a specific subject involving a badly named plugin.)

This has been explained before (the progenitor for most other examples on the net seems to be this forum post), but the solution was ugly and slightly incomplete. nginx's lack of a one-line RewriteCond equivalent means there will never be an elegant solution, but I think I've come up with something clearer.

First, background. WP Super Cache has two levels of caching:

1. "WP Cache". Whenever Wordpress's index.php renders a page, a copy of the page output is stored in /blog/wp-content/cache (and the meta subfolder). For future requests for the same page, this cached copy is served by index.php. The good: subsequent requests don't hit the database or re-run your badly coded widgets for every visitor. The bad: PHP still runs for every request.
2. "Super Cache". As well as a copy of page output being stored as per above, a copy is also stored in /blog/wp-content/supercache, in a structure that mirrors your blog's URL hierarchy. With clever use of rewrite rules at your webserver layer, you can entirely skip loading PHP & Wordpress for any request that a cached file has been created for.

The WP Cache layer always works. The rest of this post is about making use of the Super Cached files with your shiny nginx server. For reference, the Apache rules are here. This nginx code follows the same order and structure, but has some differences. Read:

location /blog {
    gzip_static on;

Aside: gzip_static requires an nginx configured with --with-http_gzip_static_module. If your build isn't, and you don't want to compile your own, just remove this directive. Instead of serving pre-compressed Super Cache files to clients that support compression, nginx will compress them on the fly (like normal).

    set $supercache "";
    if ($request_method = GET) {
        set $supercache "${supercache}G";
    }
    if ($args = "") {
        set $supercache "${supercache}A";
    }
    if ($http_cookie !~ (comment_author_|wordpress_logged_in|wp-postpass_)) {
        set $supercache "${supercache}C";
    }
    if (-f $document_root/blog/wp-content/cache/supercache/$http_host$request_uri/index.html) {
        set $supercache "${supercache}F";
    }
    # If we met all the conditions, serve the supercached file
    if ($supercache = GACF) {
        rewrite ^ /blog/wp-content/cache/supercache/$http_host$request_uri/index.html break;
    }
    # Otherwise pass to wordpress as normal
    if (!-e $request_filename) {
        rewrite ^ /blog/index.php last;
    }
}

# The cache files should not be directly accessible to clients
location /blog/wp-content/cache { internal; }

# Configure the PHP backend as per normal
location ~ (\.php$) {
    include fastcgi_params;
    if (-e $request_filename) {
        fastcgi_pass unix:/tmp/nginx-php-fastcgi.sock;
    }
}

Done! If you have problems, three pointers:

1. WP Super Cache has a very big settings page. You can set them as you like mostly, but make sure you set this and this (if you're using gzip_static).
2. Check the bottom of the source of your pages to see if a page was server from the cache, and if so, whether it was served from the Super Cache.
3. If you need to troubleshoot, make liberal use of the logging facility that WP Super Cache implements.

The total lack of documentation on compiling x264 (and dependencies) for win32 on a linux32 system is henceforth rectified. This guide assumes you are using Ubuntu 9.10 and the packaged version of mingw32. Newer versions of the below packages might require additional/less wrangling.

Required packages in the base system:

sudo apt-get install pkg-config yasm subversion cvs git-core mingw32

Create the basic tree for installing win32-compatible dependancies to:

mkdir -p ~/win32-x264/{src,lib,include,share,bin}

Place this helper script at ~/win32-x264/mingw and chmod +x it:

#!/bin/sh
export CC=i586-mingw32msvc-gcc
export CXX=i586-mingw32msvc-g++
export CPP=i586-mingw32msvc-cpp
export AR=i586-mingw32msvc-ar
export RANLIB=i586-mingw32msvc-ranlib
export ADD2LINE=i586-mingw32msvc-addr2line
export AS=i586-mingw32msvc-as
export LD=i586-mingw32msvc-ld
export NM=i586-mingw32msvc-nm
export STRIP=i586-mingw32msvc-strip
 
export PATH="/usr/i586-mingw32msvc/bin:$PATH"
export PKG_CONFIG_PATH="$HOME/win32-x264/lib/pkgconfig/"
exec "$@"

Now to install pthread & zlib:

cd ~/win32-x264/src
wget -qO - ftp://sourceware.org/pub/pthreads-win32/pthreads-w32-2-8-0-release.tar.gz | tar xzvf -
cd pthreads-w32-2-8-0-release
make GC-static CROSS=i586-mingw32msvc-
cp libpthreadGC2.a ../../lib
cp *.h ../../include

cd ~/win32-x264/src
wget -qO - http://zlib.net/zlib-1.2.4.tar.gz | tar xzvf -
cd zlib-1.2.4
../../mingw ./configure
# Remove references to "-lc" from the Makefile (tells GCC to link output with libc, which is implied anyway, and explicit declaration causes a script error)
sed -i"" -e 's/-lc//' Makefile
make
DESTDIR=../.. make install prefix=

Installing FFmpeg:

cd ~/win32-x264/src
svn checkout svn://svn.ffmpeg.org/ffmpeg/trunk ffmpeg
cd ffmpeg
# Delete references to -Wmissing-prototypes, a GCC warning that fails when cross-compiling
sed -i"" -e '/missing-prototypes/d' configure
./configure \
    --target-os=mingw32 --cross-prefix=i586-mingw32msvc- --arch=x86 --prefix=../.. \
    --enable-memalign-hack --enable-gpl --enable-avisynth --enable-postproc --enable-runtime-cpudetect \
    --disable-encoders --disable-muxers --disable-network --disable-devices
make
make install

Installing FFmpegsource:

cd ~/win32-x264/src
svn checkout http://ffmpegsource.googlecode.com/svn/trunk/ ffms
cd ffms
../../mingw ./configure --host=mingw32 --with-zlib=../.. --prefix=$HOME/win32-x264
../../mingw make
make install

Installing GPAC:
Special thanks to the GPAC dev who kindly assisted me in beating the terrible configure/Makefile scripts into shape.

cd $HOME/win32-x264/src
# Create a CVS auth file on your machine
cvs -d:pserver:anonymous@gpac.cvs.sourceforge.net:/cvsroot/gpac login
cvs -z3 -d:pserver:anonymous@gpac.cvs.sourceforge.net:/cvsroot/gpac co -P gpac
cd gpac
chmod +rwx configure src/Makefile
# Hardcode cross-prefix
sed -i'' -e 's/cross_prefix=""/cross_prefix="i586-mingw32msvc-"/' configure
../../mingw ./configure --static --use-js=no --use-ft=no --use-jpeg=no --use-png=no --use-faad=no --use-mad=no --use-xvid=no --use-ffmpeg=no --use-ogg=no --use-vorbis=no --use-theora=no --use-openjpeg=no --disable-ssl --disable-opengl --disable-wx --disable-oss-audio --disable-x11-shm --disable-x11-xv --disable-fragments--use-a52=no --disable-xmlrpc --disable-dvb --disable-alsa --static-mp4box --extra-cflags="-I$HOME/win32-x264/include -I/usr/i586-mingw32msvc/include" --extra-ldflags="-L$HOME/win32-x264/lib -L/usr/i586-mingw32msvc/lib"
# Fix pthread lib name
sed -i"" -e 's/pthread/pthreadGC2/' config.mak
# Add extra libs that are required but not included
sed -i"" -e 's/-lpthreadGC2/-lpthreadGC2 -lwinmm -lwsock32 -lopengl32 -lglu32/' config.mak
make
# Make will fail a few commands after building libgpac_static.a (i586-mingw32msvc-ar cr ../bin/gcc/libgpac_static.a ...). That's fine, we just need libgpac_static.a
cp bin/gcc/libgpac_static.a ../../lib/
cp -r include/gpac ../../include/

Building x264:

cd ~/win32-x264/src
git clone git://git.videolan.org/x264.git
cd x264
./configure --cross-prefix=i586-mingw32msvc- --host=i586-pc-mingw32 --extra-cflags="-I$HOME/win32-x264/include" --extra-ldflags="-L$HOME/win32-x264/lib"
make

Leave to cool for 15 minutes. Serves four.

Changelog:

• 20100518: Updated ffmpeg configure args. ffms build needs mingw wrapper. Add cvs to required packages.

• I seriously spend far too many hours a day on a computer (12-18 hours a day). I don't need something else to add to the hours.
• I like keeping some level of personal privacy. I really don't have a need to post what I ate for breakfast, what my favourite book/movie/music/clothing is. (You really want to know my favourite music is -- follow me on last.fm). I also have a blog where I can write down my thoughts/opinions/frustrations already.
• I have multiple methods to keep in touch with those I elect to already. (Email, IM, Telephone, SMS). I seriously couldn't give a flying razoo about people I went to primary/high school/Uni with. I haven't seen them for over 20 years, and I don't have the desire to kindle the relationship due to the mere fact we attended the same education institution (and for the majority of that time -- compulsory; I'm sure neither of us wanted to be there!)

'Ohh, I have to go harvest X .... gimme 10 mins.'

Received this in an email a couple of years ago. Seems appropriate to repost given my impending excursion to Melbourne for Round 1 of the AFL Premiership Season 2009…

Ah – 4 games of live footy in a weekend [plus the Eagles v Lions game on a big screen of course]…

It’s the AFL grand final and a man makes his way to his seat right on the wing. He sits down, noticing that the seat next to him is empty.

He leans over and asks his neighbor if someone will be sitting there.

“No,” says the neighbor. “The seat is empty.”

“This is incredible”, said the man. “Who in their right mind would have a seat like this for the AFL Grandfinal and not use it?”

The neighbour says “Well, actually, the seat belongs to me. I was supposed to come with my wife, but she passed away. This is the first AFL Grand final we haven’t been to together since we got married in 1967.”

“Oh … I’m sorry to hear that. That’s terrible. But couldn’t you find someone else, a friend or relative, or even a neighbor to take the seat?”

The man shakes his head “No, they’re all at her funeral.”

Had an interview recently. Overall the interview itself was relatively positive, and I think the challenge that was offered was something that I’d have been quite up for, but I had some reservations about the work environment – more than just “passing reservations”, so I thought I’d put some thoughts onto digital paper, so to speak.

I do have fairly strong feelings about the inadequacies of “open plan offices” for IT workers [or more generally, “knowledge-based workers”.] To give you a better idea of what I am referring to:

• Peopleware – possibly the single-most important reference on working conditions for tech workers. It shows comprehensively how people with fewer distractions get more productive work done than those who are constantly interrupted^[1][2]:

  “The people who brought us open-plan seating simply weren’t up to the task. But they talked a good game. They sidestepped the issue of whether productivity might go down by asserting very loudly that the new office arrangement would cause productivity to go up, and up a lot, by as much as three hundred percent. …The only method we have ever seen used to confirm claims that the open plan improves productivity is proof by repeated assertion.”

• Joel’s [Original] ‘Bionic Office’
• Joel’s Updated Offices – keep in mind this is Manhattan office space, so getting the best people on board requires the best environment. Contrariwise, you may not get the worst people in the worst environments — but the “best” IT people will usually move on to better, more productive environments fairly quickly.
• Open plans make establishing “Mutual Interruption Shields”^[3] almost impossible.
• Tom Limoncelli also makes the following quote here:

  The biggest time management problem for system administrators is interruptions.

  I tend to think that the same problem applies to software developers – it’s sometimes referred to as a “mental context switch”, and can cut the productivity of your IT workers in half – or worse. Open plan offices are, generally speaking, the epitome of evil when it comes to protecting your IT employees from interruptions.
• A Field Guide to Developers – some interesting observations about what things are [and aren’t] important to IT workers [the article was written with software developers in mind, but in my experience systems administrators are quite similar in their expectations and ideas about “good workplaces”.] From the Field Guide:

  “One thing that programmers don’t care about – They don’t care about money, actually, unless you’re screwing up on the other things. If you start to hear complaints about salaries where you never heard them before, that’s usually a sign that people aren’t really loving their job. If potential new hires just won’t back down on their demands for outlandish salaries, you’re probably dealing with a case of people who are thinking, ‘Well, if it’s going to have to suck to go to work, at least I should be getting paid well.’
  
  “That doesn’t mean you can underpay people, because they do care about justice, and they will get infuriated if they find out that different people are getting different salaries for the same work, or that everyone in your shop is making 20% less than an otherwise identical shop down the road, and suddenly money will be a big issue. You do have to pay competitively, but all said, of all the things that programmers look at in deciding where to work, as long as the salaries are basically fair, they will be surprisingly low on their list of considerations, and offering high salaries is a surprisingly ineffective tool in overcoming problems like the fact that programmers get 15” monitors and salespeople yell at them all the time and the job involves making nuclear weapons out of baby seals.”

• From The Practice of System and Network Administration, Chapter 35.1^[4]:

  The hiring process can be simplified into two stages. The first stage is to identify the people whom you want to hire. The second stage is to persuade them that they want to work for you.

  Making a persuasive argument with a poor workplace environment is always going to be difficult, regardless of salary or any other factors. Many people in the IT industry can be “unique” in this respect – they find roles that keep them interested and excited about each day at work – and that aspect is far more important than work that pays a top-dollar salary but is rote and monotonous.

Some things I noted about the place where I interviewed (either from observation while I was waiting, or during the interview):

• Almost all IT staff in one open plan area. Think of a 1950’s newspaper bullpen, and you get the idea. There was one area to the side where where some of the more senior staff seemed to have their own bullpen.
• Not even cubicles for some semblance of privacy. I’ve worked in a place where even the telephone operators in the call centre had more privacy and insulation from distractions.
• Apparently this “extreme open plan” was a deliberate decision — it was apparently part of an ongoing attempt to fix some ingrained cultural deficiencies. [How exactly this was expected to achieve their goals is still unclear to me…the actual problems weren’t fully disclosed.]
• Some people were trying to work while others carried on in one corner of the room in a fairly noisy discussion – from what I could see and from the information I was provided in the interview, there was no separate meeting area or room for ideas to be brainstormed. Not seeing the impact of that on overall worker productivity completely escapes me.
• The interview itself was conducted in one of the few private offices [presumably because privacy is important for an interview, and without a private meeting room, what else will you do?]
• From what I could tell, only very senior management were allocated the few private offices. Apparently parking was allocated on a similar theme…only for the very senior.^[5]
• No space for individual whiteboards or reference libraries. No, Google doesn’t answer all questions, and the two whiteboards I saw seemed to be shared by all staff.
• Two excessively noisy airconditioners — not a ducted or even split A/C system, and the compressors were completely underspecified for the office space/volume [making them run at or above capacity by the sound they were making – and it wasn’t even a hot day.]
• Very large space with large windows, but using overhead lights instead of lots of natural light — opening the blinds and letting more light in seemed like an easy fix, but one that seemed to be overlooked by a lot of intelligent people.
• The space could actually quite easily be converted into a two-storey, split or lofted area, providing significantly more workspace area and worker privacy. But I expect that would be too much money spent on IT workers [hmm, wait, apparently that’s the thinking that caused many of these problems initially! Meh.]
• Non-ergonomic chairs and desks. If you’re putting people in chairs for 8 hrs per day, those desks and chairs had better be comfortable and compliant with occupational health and safety regulations.

• Multiple monitors – if you’ve got 4 different 19” monitors attached to a single machine – maybe, just maybe, you should consider using those monitors elsewhere and buying two 24” monitors. You get 13% less pixels in a typical scenario, but only two monitors with more actual pixel real estate. Two monitors that use less power, are easier to manage and there’s only one break in your overall screen real estate. You’re also less likely to waste time juggling windows from one screen to the next – which is another productivity win. Sure it’s a small detail, but lots of small things over a long time actually add up pretty quickly.^[6]

Recruiting new staff for such poor environments is going to be difficult. Not impossible, but definitely difficult:

• If you’re planning to build a team – changing the environment to attract good candidates is critical to your prospects of building a top-notch technical team.
• In a place where salaries aren’t really competitive, and office working conditions are assessed with a low priority, people are going to want you to offer other remuneration options.
• Options you ask? Such as a subsidised mobile phone, PDA and broadband^[7], telecommuting, higher than standard superannuation, salary packaging/salary sacrifice options, free or subsidised parking, regular technical training, flexible working hours, less restrictive dress codes, and of course the aforementioned things like private offices and quiet work environments.
• Given the current economic climate, and the tight budgets most businesses presently have, flexibility on “alternative” remuneration options seems like an easy option to consider, yet seemed like “a bridge too far” for this place.
• The poor economy isn’t going to last forever – when that happens, employers are going to find themselves on the back foot due to staff attrition: “the grass is always greener”, and when you’ve put up with poor conditions for long enough, it doesn’t take much to say “hey, I can do better – I’m out of here.” All it takes for that is a slight salary bump. If you provide a great work environment, better salary isn’t always going to compensate for that. [If tell you you can work in a great IT job with a great team for $70k p.a., then offer a crap, boring job with lousy conditions for $95k p.a. — how many IT people will take that? The number is a lot lower than you might think.]

• So – bad conditions, non-competitive salaries and lack of alternative remuneration options all add up to “don’t work here unless things change”.

I’m lead to understand that the role I interviewed is a new role, paying OK^[8] with significant responsibilities and strong prospects for advancement, yet it has gone unfilled for some time. I’m not completely surprised. If something was to change and I was offered the role, I’d still feel “80% positive, 20% negative” about it – but that 20% could easily make the difference between a 9-12 month stop-gap tenure and a 3+ year team-building role. It simply would depend how committed they proved to be about making real change, and providing a top-notch workplace experience.

My $0.02 for today.

P.S. If you’re going to comment, please refrain from mentioning names, if only to protect the guilty

1. Peopleware pp. 52-3.
2. And yes, I’m aware that the authors of Peopleware aren’t against all shared workspaces – but those who share workspaces should be working on similar tasks or projects
3. From Time Management from Systems Administrators
4. The Bible for System Administrators IMHO
5. Everyone else was expected to battle for the limited public parking available in the precinct. No subsidisation. I got the impression that since there was a train station very close by that there was an expectation staff would use that option. Never mind that public transport would actually cost me the same or more than driving and parking.
6. Kudos where due – actually having multiple monitors for tech workers is almost a given these days, but I’ve still seen places where it’s not done, despite being de rigueur for programmers/sysadmins.
7. Yes, accessing systems from home is important, even if you’re not offering any sort of telecommuting.
8. Although I was offered $5-$10k less than what I would expect for a comparable role at a similar employer
9. The stock market may take 2-3 years to regain lost ground, but that doesn’t reflect the health of an economy – continued growth does.
10. Yes, I see the irony between my statement and the fact that I’m still looking for work. Am I a quality IT worker? Yes. Am I selling myself properly? Maybe not. Am I possibly overqualified for some roles? Maybe. I’ve really never been out of work for long enough to care, so maybe job hunting is one area where I need to learn a few more things. I’d much rather be improving my tech skills and working on interesting things however.
11. Sometimes multiple backup plans.
12. And yes, I’m being deliberately cryptic.
13. Some might say it doesn’t matter where you are.
14. Say, for instance, a lunch with former colleagues who happen to know a lot more than you ever expected about the environment you were considering.
15. As a historical reference, I was only earning about $63k (all up) when I was working at $JOB-2 — money wasn’t everything. I left mainly because of two things:
    • The offer of a more challenging position with better conditions
    • The prospect of the existing working conditions at $JOB-2 being sharply compromised was becoming very real. [After I left, that “prospect” did in fact become a reality.]
    There were other, less significant factors – but those were the two main ones.

I wonder how long it will take for the bank to cash this cheque…
Bill Payment Win » FAIL Blog:

From a source that I can verify as being accurate for (at least) the last two years, WWDC 2009 will be held in San Francisco at Moscone West. The dates?

Monday June 8 – Friday June 12

I wouldn’t go booking flights or hotels just yet, but that’s when I’m planning on being in SF again…i.e. nothing’s definite until Apple makes the announcement, but that’s the info I have from a previously reliable source.

Will update info if I get any more news.

Belated Update: I was in Melbourne for the footy when the announcement was made last week, so I forgot about updating this post. Dates above are confirmed. See WWDC site for more info.

OK so it’s no secret I’ve got a fair bit of pent-up animosity towards Australian network TV…so it shouldn’t be any surprise that I found this little gem on YouTube quite in line with my sense of humour.

Note: if you’re not reading from Oz, then you probably won’t have seen the Freeview ads – but you should still be able to get a laugh out of it…network TV programmers worldwide pull the same crap whatever country you’re in.

Edit: Turns out Freeview didn’t like this being on YouTube. I believe there’s another way to get the video; will update when I find out more…but for now the link below doesn’t work.

Freeview – The Real Advert

Edit 2:
Updated TV Tonight article about the video.
Reposted: YouTube – repost.
Downloadable movie version available from DownWind Media.

sys sip_alg 0

Note that you may need to upgrade your DrayTek firmware for this command to be available.

After the changes I made some calls and no longer got disconnected after 32 seconds! Woohoo! At the end of the day I'm glad I chose VoIP for the cost savings, even though it caused me grief the first few days.

(000S0<:@gw0>|<:07>[3-5]xxxxxxxS0|0[23478]xxxxxxxxS0|1[38]xx.<:@gw0>|19xx.!|xx.)

• Create ad removal cutpoints with comskip
• Feed the cutpoints into ProjectX then demux
• Combine the audio and video into an MPEG-2 file with mplex
• Encode with Dr. DivX OSS