4ª Rodada Nacional Tri-Estatal México-Pachuca

Submitted by gwolf on Mon, 11/10/2008 - 12:48
4ª Rodada Nacional Tri-Estatal México-Pachuca

Yesterday I took part of the fourth inter-state bike ride, requesting the construction of proper and safe cycling ways. Tens of Mexican bike-rider organizations were part of the organization, althought the effort is basically grouped under the Ciclopistas y Ciclovías Interestatales project - For further details on the route we took, you can look at the México-Pachuca road map, although it was not followed literally.
I am very happy I decided to take part of this - I went with Adrián, but after the first rest/grouping we lost track of each other, and decided the best would be for each to go at his own pace. He managed to do the 95Km ride, I decided to stop at about 85 (I set my target to the first houses of Pachuca, so I could say I arrived ;-) ) and took a ride from the barredoras that were trailing us. Still, 85Km in about six hours (including the two rests) are well over what I expected to endure. And although the conditions were not ideal (i.e. there was some re-pavement jobs in a large portion between Tizayuca and Pachuca, which led to poor road conditions in some areas, and the dry, horrid smell of tar in others; we cycled along the vehicles in the very busy highway, so we didn't exactly get a dose of clean air), it was great. And I thought each of my muscles would hurt like hell today, but no, they are just feeling lazy ;-)
The GPS tracking on Nokia SportsTracker, The GPS tracking on OpenStreetMap

( categories: )

How (and how not) to create cyclist awareness

Submitted by gwolf on Fri, 10/31/2008 - 17:46

Michael blogs about Critical Mass.
What is Critical Mass in case you are too lazy to go to Michael's or to the Wikipedia? A cyclist-awareness movement, showing how bikers are safer (i.e. more visible) when there are more of them. The (dis)organizational nature of this movement (at least according to Wikipedia's information) seems quite fun and interesting.
However, I have to oppose what Michael says is a strong point of CM in Austria - At least, given my country's culture.
People who don't bike often say we have the least bike-aware culture, and that this city must be like hell to cyclists. It is not - Mexicans tend to believe this is the worst place possible on many accounts, and I'm happy to prove the contrary. I do feel that bringing people out to the streets, as our local government's Muévete en bici program pushes, is completely right: It shows people how fast they can move in real streets in the city, taking away the fear of being run over by a bus, and people will gradually understand we can all excercise the right to use the streets without polluting, and gives us a better idea on how to behave with traffic (even if the traffic is made of fellow bikers) around us. I know this program works - At least, because it worked on me. Whenever possible, I go everywhere in this (not small or friendly by any measure) city by bike.
Anyway - What criticism do I have for Michael's post? That he states they:

Bicycling ludicrously slowly for a good hour, we managed to claim some fairly busy streets while many people tried to get home by car.

IMHO, what we should be doing is to demand the drivers to respect us, not to make them want to run us over. They should not be driven into hating bikers because of the chaos they generate - It is terrible to sit in a car for two hours when you usually take 30 minutes. There is simply no justification for that.
When I took part of the World Naked Bike Ride, some people wanted to take all four lanes of Reforma. Fortunately, reason prevailed, and we took only the lane we were assigned. And we should keep that in mind! Whenever possible, we should protest and make ourselves heard, but without interfering, without damaging, other people's lives!
Oh, by the way: If anybody in Mexico wants to have some nice hours of healthy fun: I am still pondering whether to join, as it is a huge effort, but I am very inclined to do so. Next week, November 9, we will go by bike from Mexico City's Zócalo to Pachuca. We face 95Km and close to four hours. The road to Pachuca is basically flat, and going in a large group is a great experience. Hope to see you there!

( categories: )

SSH visual host keys

Submitted by gwolf on Thu, 10/30/2008 - 18:14

Via Kees Cook (and sorry for the reiteration for people following along Planet Debian, thanks to Caspar Clemens: Recent (>= 5.1) versions of OpenSSH (found at least in Debian Lenny and Ubuntu Intrepid), have the VisualHostKey option. What does it do?

$ ssh -o VisualHostKey=yes
Host key fingerprint is db:7a:d8:a8:2e:41:a2:e5:51:e1:7f:d0:73:bd:85:bf
+--[ RSA 2048]----+
|    ..           |
|   ..  .   . .   |
|   .. . o . o .  |
|  + .. . o   +   |
| + +  . S   . .  |
|. . .  . o     . |
|     .  .+.   E  |
|    .   o.o      |
|     oo...       |

Linux respaldos.local.iiec 2.6.26-1-vserver-amd64 #1 SMP Wed Oct 1 13:08:10 UTC 2008 x86_64

What does this mean? This ASCII-art graph represents your host's public key, which uniquely identifies (or at least, it better damn should uniquely identify!) it. This representation was added mainly because it is way easier to be able to visually record the shape of your most frequently used hosts' IDs than their fingerprint. If you connect from a foreign or untrusted machine (i.e. one that does not yet know your host's identity), make sure to run with this switch - it will protect you from somebody supplanting your server's identity.
Besides, it adds to the general kewlness factor, doesn't it? ;-)
To enable this behaviour by default, add the following to your /etc/ssh/ssh_config (or to your personal .ssh/config):

Host * 
  VisualHostKey yes

Now... What about publishing the list of the 32767 known-bad SSH keys? That'd make for a nice ASCII-art exhibit :-}

( categories: )

Free Software and the Democratic Construction of the Society

Submitted by gwolf on Fri, 10/24/2008 - 23:52

Last Wednesday I went for the first time in many years to FES Iztacala, the UNAM faculty where I worked for four years (1999-2003) and where I have most learnt and advanced in my career so far. I have a very special spot in my heart for Iztacala :-)
But it was not just a nostalgy drive - In no small part, I had not visited Iztacala -despite several invitations- because... It is really far away, in Tlalnepantla, Northern Mexico City (while I live in the South, just by UNAM). It takes me approximately 1.5 hours to get there via public transportation, and I would not venture less than 1 hour travel time by car. So... Having nothing to lose, I decided to go by bike - you can look at my route to get there (OpenStreetMap, SportsTracker) and safely back home (OpenStreetMap, SportsTracker). Some people I have talked with think it was a crazy thing to do - No, I don't feel that, by a long shot. A 26Km ride in slightly under two hours, and back. People insist on thinking that biking in such a large and chaotic city as Mexico is unsafe, dangerous, suicidal... I deeply disagree. Cycling is fun and got me to my destination in almost the same time I would have made by bus. And no, I would not buy four liters of gasoline just to cross my city.
Anyway, I am also happy about the reason that actually got me to go to Iztacala - I submitted a talk+paper I prepared together with Alejandro Miranda to Congreso Internacional Software Libre y Democratización del Conocimiento organized by Universidad Politécnica Salesiana in Quito, Ecuador. This conference is quite different to those I am used to, as it is quite more formal and academic; it is mainly targetted at social scientists working on understanding our movement. We prepared a talk called Software Libre y la Construcción Democrática de la Sociedad - which was accepted, to my amazement.
Neither Alejandro nor I were unable to travel to Ecuador to give the talk, so we arranged to present it via a videoconference call - Which was based on Iztacala. A nice session, although quite different to what I am used to. Our presentation was on a panel setting, under the global Ethical and political dimensions in the Free Software culture, with 20 minutes to present the topic (I am used to preparing one- or two-hour talks), and it was frankly rushed... We "met" with some friends (or were able at least to greet them shortly after the talk) who attended live to the conference, and... Well, all in all, it was one of those good, interesting experiences I would surely repeat. And besides, I have several things pending to show off about my current work to my Iztacalan fellows ;-)

Acer Aspire One fan control

Submitted by gwolf on Sat, 10/04/2008 - 12:57

Almost a month ago, Mauro pointed towards acerfand, a daemon to keep the Acer Aspire One's fan quiet while not needed. Thanks, Mauro, you made my life more pleasant ;-)
Today I had some free time in my hands (of course, putting aside everything else I should be doing), so I decided to un-uglify my machine. I hate having random stuff in /usr/local! So I packaged Rachel Greenham's acerfand for Debian. It should hit unstable soon.
Of course, it will not make it to Lenny - which is a shame, giving how nicely Lenny recognizes everything in this sweet machine. So, I have set up a repository for it - Once the package is formally accepted in Debian, and once lenny-backports comes to life there, I will move it to backports.org. Anyway, you can add this to your /etc/apt/sources.list:

deb http://www.iiec.unam.mx/apt/ lenny acer
deb-src http://www.iiec.unam.mx/apt/ lenny acer

Note that in the future, this package might provide some more niceties... I decided to -at least for now- stash away acer_ec in /usr/share/acerfand, but it does open a nice window to the AAO's EC(?) registers... And could be useful for many other things.
[Update]: Following Matthew's comments, both on this blog post and on the ITP bug, I am not uploading acerfand to Debian. Still, I'm using the program and find it working fine, and quite useful. You can use it from my personal repository, as written above.

( categories: )

Doublespeak, prior judgement and Soviet tactics: IMPI (Instituto Mexicano de Propiedad Intelectual)

Submitted by gwolf on Wed, 10/01/2008 - 00:54

I just sent a letter to the very well-known national newspaper El Universal. At least I think I did, as their contact form is a sad excuse of unusability.
The reason I contacted them is the publication, over a week ago, of a note where they invite children to take part in a contest by IMPI towards fighting piracy. But not only they engage in doublespeak and prior judgement by further pushing the term piracy for an action that has nothing to do with it, they also expect children to denounce their parents and teachers if they engage in such a destructive activity. Think Josef Stalin for a while, and you will get the picture.
Anyway - This will not be the first letter sent on this topic, and I know most of my readers know and share my arguments. I am not translating it into English. But if you are a Spanish-speaker (or a Spanish-reader), you might find it interesting.
Please read my open letter to El Universal and to Jorge Amigo Castañeda, Director General del Instituto Mexicano de Propiedad Intelectual, and help me get it through to as much media as possible.
What is a pirate? Tired of being treated as a criminal for sharing music online? Digital Freedom

( categories: )

Meme picture...

Submitted by gwolf on Thu, 09/25/2008 - 10:38
Meme picture...

1. Take a picture of yourself right now.
2. Don't change your clothes, don't fix your hair...just take a picture
3. Post that picture with NO editing.
4. Post these instructions with your picture.

( categories: )

FISOL, Tapachula / OpenStreetMap

Submitted by gwolf on Wed, 09/24/2008 - 12:49

I was invited to participate at Festival Internacional de Software Libre (FISOL), in Tapchula, Chiapas. The other invited speakers were Sandino Flores (tigrux), Alexandro Colorado (jza), Eric Herrera (crac), John Hall (maddog) and Fernando Romo (pop), all well-known due to very different contributions to the Free Software movement in Mexico and abroad. Several other people also presented tutorials, but I was not involved in that part, and mentioning one while not the rest would be unfair.
The conference was quite massive - Tapachula is a medium-sized city (~200,000 people) in Mexico's Southernmost point - Sadly, due to its geographical location, it is mainly famous for being the region where illegal immigrants from Central America enter Mexico towards the USA, and it is a known spot for all kind of abuses, both from the authorities and from gangs of thieves.
This is the third time I come to this conference. The first two years (2005, 2006) it was organized by the local CUCS university and it was reasonably large, but this year it counted also with many other universities in the region. Attendance was... HUGE. We were told around 1600 students were registered to participate, and I expect at least 1000 to have actually been there. Very amazing and encouraging!
It is, by far, a base-level conference - Most attendees had had no previous contact with Free Software at all, or had at most toyed around with a distro for some hours. Some people, of course, _are_ already working and involved, on various different degrees. All in all, quite encouraging.
But not only I had fun (and got extremely tired!) at the conference, or at the beer sessions afterwards. I also got to push some more publicity (and work, of course!) towards my new favorite pet project: OpenStreetMap.
As many other Debianers, I joined the fever last August, during Debconf. So far, I have been quite busy tracing and mapping; I am quite fortunate to get the OSM addiction while living on the edge of the well-mapped area of Mexico City. So far, I have mostly worked on the Ciudad Universitaria and Coyoacán areas, where some sensible improvement can be felt. Lots yet to do, for sure, but I'm making progress.
Still, mapping Coyoacán sometimes feels a bit futile. Why? Because all of my cycling/tracing/mapping sessions look almost like a little blip on the overall state of my city, which is way better than what I expected - Most of the central city is done (although lots of work is still pending on the very large outskirts - but getting there can be a trip just by itself!)...
But this time, I had the opportunity to do something new, something better and sensible. And, yes, it feels very good. How does the map of Tapachula look for just a weekend of mapping activity? And, yes, I only went out once (morning running) expressely to get some new traces, the rest of it was while being transported by car to the conference-related activities. And I didn't even have to say once "lets go by a different route"! ;-)
Just for comparison: Last week, Tapachula's state was quite similar to what they have today on Google Maps - Just the major highways in the area. Besides, if you look at the satellite map for Tapachula, I estimate I managed to map around between a fifth and a tenth of the city's surface.
So, have you got a GPS? Do you enjoy going out on the street, be it walking, running, cycling on driving? Or even if you don't enjoy it, are you sometimes forced into it? Start contributing to OpenStreetMap now!

Almost 0.5Mbugs

Submitted by gwolf on Thu, 09/18/2008 - 10:07

I was already used to regularly receiving Bubulle's bug 500000 contest reports. Lately, he has been busy pushing translators to get d-i in shape - But expect notices from him soon! Right now, we sit at 499416 bug reports so far registered in the Debian BTS. We are really close to the half megabug mark!

( categories: )

A society coerced into fear

Submitted by gwolf on Sat, 09/13/2008 - 22:25

A common trait of virtually all of the media in Mexico -and, as far as I have been able to see, in Latin America- is the push for society to be afraid. The government and the media (which go hand-in-hand, mainly due to a series of favors owed to each other - currently stemming from the government's illegitimacy and lack of trust from the general population) wants us all to think the country is as violent and as dangerous as it has never been before.
And yes, I cannot and won't try to deny that there are many critical points that need attention - But the answer cannot be militarization, cannot be further restraining the civil liberties, cannot be criminalization.
The only way to prevent crime is to reduce poverty. And poverty is not reduced by giving foreign "investors" (bah, ask people living on cities that border the USA if the maquilas have brought any kind of investment or somehow bettered the living conditions of the population!) access to segments of the economy so far limited to the government - Poverty will only be reduced when the government starts reviewing the tax systems to remove the legal loopholes that make it possible for a large enterprise to get tax exemptions on most of their income, and make the lower income people pay zero taxes, even get social aid.
But back to the topic: Since the 1994 crisis (the "decembrine errors"), we are being constantly bombed about the raging insecurity in Mexico. Maybe we have been bombed with that same ideas for more time, but I was not very politically conscious before that. When things go a bit smoother on the political side, the media relaxes the "we are so fucked" mantram.
When our de facto president current ruler took power, on December 2006, he had so much opposition he could not for months attend a single public event. So far, he is still avoiding them; everywhere he goes, the place must be cleared and sanitized of anybody who might show he just does not agree with the imposition we had. What was his first government action? To decree that every branch of the government would get a 10% budget cut on the salaries - but the security forces (the army, the different police corporations) would have a 46% raise.
After almost two years of ineptitude, they keep chanting the old "oh, we are living such dangerous times" mantra. The security forces recently got yet another raise, and everybody in the media says this country cannot be lived in anymore.
And people buy that crap.
Up to a month or two ago, the general outcry is that the drug lords had taken over the country - And, yes, in several areas of Mexico, their presence is bigger than the official security, or the security agencies are completely coopted by them. But not even His Majesty Felipe Calderón I "El Ilegítimo" can say with a straight face that "we are winning the war against the drug lords" (a war brought by himself, of course - Think of it as Mexico's Irak. Think of Calderón as Mexico's Bush.) - A new attention sink was needed.
Of course, this country is not safer than Finland. But crimes do happen there as they happen here. Here, we have got a tremendous movement because of one brutal kidnapping in August, and everybody now thinks that everybody is at risk of dying kidnapped.
So today, after over a month of bombarding us with fear about kidnaps, I am sick of reading stupid reactions. What made me post this was a request for ideas at a local Free Software-related portal about monitoring known potential criminals. Of course, such a proposal would violate the right to anonimity and to lead a personal life even a convicted criminal has. And, of course, the cries of people that think the society should castrate rapists and kill kidnappers, basically going back 4000 years in history. People, let me hand you a stone and a stick so you can club the whole society to death.
The first step towards getting out of this security nightmare perception we have is to be critical towards what the media tells us - and to understand (and _really_ understand. I won't buy your argument that "it's easier to rob somebody for MX$4000 than to work a full day for MX$100", as it's only easier on one level, but it is a tremendous cost on many others) what makes good people act against the society.

( categories: )

Long time without biting... But the name is:

Submitted by gwolf on Fri, 09/12/2008 - 11:35

I stopped playing so-called memetic games a long time ago. But I liked this one - Thanks to Nicolás Valcarcel.
So, what are the current names?

aikoa (temporary name, /methinks)
Work desktop
Home server
cajita (yes, not very imaginative - it's a Mac Mini)
Main work server
Virtualization host
Work firewall

Other current machines have much less exciting names. Some of the older machines I have named (and with which I worked enough time to remember them) include shmate, lactop, conetontli, tepancuate, tlamantli... And many other long forgotten.
Oh, and... About a pattern? No, don't try to find it. Of course, if you do find it, I'd be delighted to know! :)

( categories: )


Submitted by gwolf on Fri, 09/05/2008 - 14:03

For about eight years, I was a very happy WindowMaker user. It was very lightweight, aesthetically pleasing, and I had interiorized its behaviour and keybindings so much, I didn't feel I'd ever switch away. I periodically tried (forced myself even!) to use any of the other, more en vogue environments... Experimented using Gnome for a week, KDE for a week, XFCE for a week (so I would have enough time to learn their ways)... And always came back to my good, well-known wmaker.
In 2006, when we held DebConf6 in Mexico, I saw how other people worked with ion3. I fell immediately in love with it. Not because it is prettier, snappier or has nicer widgets than other window managers - but because it is enormously more usable. Quoting Tuomo Valkonen, the ion3 author,

Ion is not perfect and certainly not for everyone, but neither is any user interface. Usability is subjective.

Using a keyboard-oriented, tiling window manager represented -for the first time in 20 years (I had my first contact with a Macintosh in 1986)- a radical user interface change. For my way of working, I just don't need a desktop, I don't need having a background space or overlapping windows. What I need is a way to functionally organize the windows I have open at any given time, quickly switch between them (and not depending on the mouse, please!), maximizing screen space and all that. ion3 was godsent.
Now, in 2007 there was (yet another) huge flamefest. Valkonen basically does not want distributors distributing any version of ion3 that's not the latest, and introducing changes not approved by him - He basically demands ion to be non-free. So, it was moved to the non-free section of Debian where only Womble decided to keep giving it support. And, of course, by September 2007 Julien Danjou announced he had written another window manager: Awesome.
My main motivation for switching away from ion3 is that... I don't want to use non-free software. But I was very comfortable with ion3. It was only after I saw many other people using Awesome at DebConf8 I decided to bite the bullet and switch. It looked at least as comfortable as ion3.
But... Well, I cannot come up with better phrasing than what Joey said when he switched to Awesome, almost exactly a month ago. When changing between the mainstream window managers, the differences are mostly cosmetic. But with these really different window managers... I cannot but reproduce Joey's words:

I wish I had a good analogy to explain to my nontechnical readers what changing to a new window manager is about.
One way to think about it is that it's like driving a car down the road, and suddenly swapping the steering wheel and brakes out for a tiller and gear shifter. And having to downshift for braking until you learn that the brakes moved to the turn indicator lever. By trial and error.
But that's really only part of it. Another way to look at it is adopting a new philosophy. Or, in some cases a cult. (In some cases, with crazy cult leaders.) Whether they use Windows or a Mac, or Linux, most computer users are members of a big established religion, with some implicit assumptions, like "thy windows shall be overlapping, like papers on the desktop, and thou shalt move them with thy mouse".
So, changing to a new window manager is a process of being dumped into a different environment, where nothing works like you've come to expect, and trying to construct a mental model that you can use to make sense of it. But it's also a process of modifying that environment to behave the way you like.
And when done whole-heartedly, this doesn't just mean trying to make it like the environment you were used to before. It means trying to absorb the underlying philosopy of the window manager, and think up new ways of doing things, inspired by that philosopy, and modify the environment to allow doing those things.
So ideally, "I switched to a new window manager" doesn't mean "my screen has some different widgets on it now". It means "I'm looking at the screen with new eyes."

So, what's so different?
Besides learning some new keybindings (expected, of course), Awesome has several suggested layouts to help you organize your workflow, usually (although not always) consisting of a main area and a side area, tiled side by side (or one above the other, or several stranger ways). This sounds rigid, but it is incredibly comfortable - and I've only been an Awesome user for three days!
But what sets Awesome apart from basically anything else is the concept of tags. Whey you see an Awesome session, you recognize something similar to the very well known workspaces concept we have had in any Unix-like environment for many years, right? Well, but they are not workspaces. They are tags. What is the difference?
When I work with workspace, each of my windows can be in a different workspace. So in one, I'll have my mail-related stuff. In another one, I might be browsing. In another one, I have my development things, and I might be following some logfiles in yet another one.
Awesome allows you to use tags for categorization in much a more flexible way.
For example: I am mostly a web-oriented developer. I usually need four things when developing a system: A browser, Emacs, the log for my development server, and a console where I can peek and poke at my objects and interactions. Of course, cramming them all into the same screen makes no sense - It would be better to follow the good ol' desktop metaphore, and just switch the focus and raise the window, right?
In Awesome, I can have them all set to the maximum screen size - _and_ use the most common combinations as well. Each of the windows can be tagged to more than one workspace (and yes, this is immensely more flexible than the always visible hint on traditional WMs).
To begin with, I'll give each major process a tag to itself, to work full-screen. Emacs is on tag 1, my browser on tag 2. The log and the console share a terminal (i.e. via screen or terminator).
This console by itself is not too useful, so I'll set it to tag 4, and we will go back to it later.
So if I'm building a view or following online documentation, I will add tag 3 to both Emacs and the browser.
I'm also setting tag 4 to the browser - That allows me to use it next to my terminal, following the results of my website-clicking.
And, of course, tag 5 will be set to Emacs and to the console, so I can quickly check any quick API-related question that does not need the documentation or look at a newly written method.
By the way, have you noticed CapsLock is the most stupid key invented, ever? Ok, I gave a good use to it: It's called Mod4. Imagine it is just an extra Ctrl, Alt or Meta key.
So, Mod4-1 gives me Emacs. Mod4-2 gives me the browser. Mod4-3 gives Emacs+browser, Mod4-4 gives browser+console, and Mod4-5 gives Emacs+console. And, of course, the handy Mod4-0 gives me all of my open windows tiled side by side.
Even this is a pattern of being a newbie, I know - I could keep 4 and 5 free, and just tag several simultaneous tags to be active. How? Switch to tag 1 exclusively (Mod4-1), and activate tag2 as well (Ctrl-Mod4-2). There, I have Emacs and browser side by side. Want to get the console instead of the browser? Simple. Ctrl-Mod4-2 (toggle off tag 2), Ctrl-Mod4-3 (toggle on tag 3).
Anyway - As you can see, I am excited at finding a very new and nice tool to help me work better. Today I was playing a bit with the Awesome widgets, but that's something to be talked about later.
In Debian, we are at a crossing point: Awesome is just reaching ion3's popularity. And I'm adding my two main machines' votes to Awesome.
This is Awesome. Quoting (yes, one last quote) the official Awesome site, This gonna be LEGEN... wait for it... DARY!.

( categories: )

Think little

Submitted by gwolf on Mon, 09/01/2008 - 22:36

Back from Argentina, back from DebConf. As always, the ~3 weeks I spent there were really great, in as many fronts as I can imagine or describe. But I won't go into that now - For the purposes of this posting, the single thing that I got out of DebConf was looking with envy at all the people that had something that used to be called a sub-notebook some time ago, and now morphed into the more modern(?) name netbook.
Several people were seen with their tiny Asus Eee machines, of various models. And I definitively decided I want one - I was quite close to buying one in Argentina, as they are readily for sale there (surprisingly, in Mexico Asus sells motherboards, but no netbooks)... But I've always prefered waiting or paying a little premium for having an on-country seller and warranty.

Back home, Pooka told me that several stores in Mexico do sell the Acer Aspire One. After a little research, I decided to go for it. Office Depot sells the AAO for MX$4500 (around US$450). The only model they carry comes with Windows XP installed (instead of Linpus Linux), which is a shame I thoroughly repeated to the vendor - But it does come with 1GB RAM and 120GB HDD, much better for my needs than the other model, with 512MB RAM and 8GB SSD. This is, after all, a full (although very small) machine. It has an Intel Atom 270 CPU - I haven't yet measured how it fares, but it feels quite responsive so far for typical desktop tasks.
But what made me really happy about it is the Debian support. The only tricky part was to get the installer going, as it does not have a CD drive to boot from (and I didn't want to completely overwrite my only available USB stick's data). Don't try installing Debian Etch, as its kernel will not support the built-in Realtek RTL8101E network card (maybe etch-and-a-half's kernel does?). My greatest ally in this was, of course, the wiki.debian.org article on the Acer One - I rebooted with Lenny's debian-installer, and everything was smooth from that point on. Propietary firmware is required for the wireless AR5007 card and webcam, but -exactly as documented in the wiki- they are covered respectively by madwifi and linux-uvc.
I did a very regular install, with basically the default desktop and notebook setup. I continue to be amazed... Everything just works! It is not even fun, there are no funny drivers to recompile, no bang-your-head-against-the-wall... Even suspend-to-RAM. It just works.
The only glitch I found so far is that, after suspend-to-RAM, the madwifi module must be removed and reloaded to have wireless network. This is a well-known glitch that can be easily worked around. But besides that, it is... as easy as it gets. And, at such a price, and under 1Kg weight... This computer will get used to go out with me quite often! Battery life is just 2 hours, but for most situations, it's more than enough.

( categories: )

Virtually having fun

Submitted by gwolf on Wed, 07/23/2008 - 13:50

Several weeks ago, the people in charge of maintaining the Windows machines in my institute were desperate because of a series of virus outbreaks - Specially, as expected, in the public lab - but the whole network smell virulent. After seeing their desperation, I asked Rolman to help me come up with a solution. He suggested me to try replacing the Windows workstations by substituting local installations by a server having several virtual machines, all regenerated from a clean image every day, and exporting rdesktop sessions. He suggested using Xen for this, as it is the virtualization/paravirtualization solution until now best offered and supported by most Linux distributions (including, of course, RedHat, towards which he is biased, and Debian, towards I am... more than biased, even bent). So far, no hassle, right?
Of course, I could just stay clear of this mess, as everything related to Windows is off my hands... But in October, we will be renewing ~150 antivirus licences. I want to save that money by giving a better solution, even if part of that money gets translated to a big server.
Get the hardware
But problems soon arose. The first issue was hardware. Xen can act in its paravirtualization mode on basically any x86 machine - but it requires a patched guest kernel. That means, I can paravitualize many several different free OSs on just any computer I lay my hands on here, but Windows requires full- or hardware-assisted- virtualization. And, of course, only one of the over 300 computers we have (around 100 of which are recent enough for me to expect to be usable as a proof-of-concept for this) has a CPU with VT extensions - And I'm not going to de-comission my firewall to become a test server! ;-)
When software gets confused for hardware
So, I requested a Intel® Core™2 Quad Q9300 CPU, which I could just drop in any box with a fitting motherboard. But, of course, I'm not the only person requiring computer-related stuff. So, after pestering the people in charge for buying stuff on a daily basis for three weeks, the head of acquisitions came smiling to my office with a little box in his hands.
But no, it was not my Core 2 Quad CPU.
It was a box containing... Microsoft Visio. Yes, they spent their effort looking for the wrong computer-related thingy :-/ And meanwhile, Debconf 8 is getting nearer and nearer. Why does that matter? Because I have a deadline: By October, I want the institute to decide not to buy 150 antivirus licenses! Debconf will take some time off that target from me.
Anyway... The university vacations started on July 5. The first week of vacations I went to sweat my ass off at Monterrey, by Monday 14 I came back to my office, and that same day I finally got the box, together with two 2GB DIMMs.
Experiences with a nice looking potential disaster
Anyway, by Tuesday I got the CPU running, and a regular Debian install in place. A very nice workhorse: 5GB RAM, quad core CPU at 2.5GHz, 6MB cache (which seems to be split in two 3MB banks, each for two cores - but that's pure speculation from me). I installed Lenny (Debian testing), which is very soon going to freeze and by the time this becomes a production server will be very close to being a stable release, and I wanted to take advantage of the newest Xen administration tools. Of course, the installation was for AMD64 - Because 64 bitness is a terrible thing to waste.
But I started playing with Xen - And all kind of disasters stroke. First, although there is a Xen-enabled 2.6.25 Linux kernel, it is -686 only (i.e. no 64 bit support). Ok, install a second system on a second partition. Oh, but this kernel is only domU-able (this is, it will correctly run in a Xen paravirtualized host), but not dom0-able (it cannot act as a root domain). Grmbl.
So, get Etch's 2.6.18 AMD64 Xen-enabled kernel, and hope for the best. After all, up to this point, I was basically aware of many of the facts I mentioned (i.e. up to this point I did reinstall once, but not three times)... And I hoped the kernel team would have good news regarding a forward-port of the Xen dom0 patches to 2.6.25 - because losing dom0 support was IMO a big regression.
But quite on time, this revealing thread came up on the debian-devel mailing list. In short: Xen is a disaster. The Xen developers have done their work quite far away from the kernel developers, and the last decent synchronization that was made was in 2.6.18, over two years ago. Not surprisingly, enterprise-editions of other Linux distributions also ship that kernel version. There are some forward-patches, but current support in Xen is... Lacking, to say the least. From my POV, Xen's future in the Linux kernel looks bleakish.
Now, on the lightweight side...
Xen is also a bit too complicated - Of course, its role is also complicated as well, and it has a great deal of tunability. But I decided to keep a clean Lenny AMD64 install, and give KVM, the Kernel Virtual Machine a go. My first gripe? What a bad choice of name. Not only Google searches for KVM gives completely unrelated answers (to a name that's already well known, even in the same context, even in the same community).
KVM takes a much, much simpler approach to virtualization (both para- and full-): We don't need no stinkin' hypervisors. The kernel can just do that task. And then, kvm becomes just another almost-regular process. How nice!
In fact, KVM borrows so very much from qemu that it even refers to qemu's manpage for everything but two command-line switches.
Qemu is a completely different project, which gets to a very similar place but from the other extreme - Qemu started off as Bochs, a very slow but very useful multi-architecture emulator. Qemu started adding all kinds of optimizations, and it is nearly useful (i.e. I use it in my desktop whenever I need a W2K machine).
Instead of a heavyweight framework... KVM is just a modprobe away - Just ask Linux to modprobe kvm, and kvm -hda /path/to/your/hd/image gets you a working machine.
Anyway - I was immediatly happy with KVM. It took me a week to get a whole "lab" of 15 virtual computers (256MB RAM works surprisingly well for a regular XP install!) configured to start at boot time off a single master image over qcow images.
KVM's shortcomings
Xen has already been a long time in the enterprise, and has a nice suite of administrative tools. While Xen depends on having a configuration file for each host, KVM expects them to be passed at the command line. To get a bird-eye view of the system, xen has a load of utilities - KVM does not. And although RedHat's virt-manager is said to support KVM and qemu virtualization (besides its native Xen, of course), it falls short of what I need (i.e. it relies on a configuration file... which lacks expresivity to specify a snapshot-based HD image).
To my surprise, KVM has attained much of Xen's most amazing capabilities, such as the live migration. And although it's easier to just use fully virtualized devices (i.e. to use an emulation of the RTL8139 network card), as they require no drivers extraneous to the operating system, performance can be greatly enhanced by using the VirtIO devices. KVM is quickly evolving, and I predict it will largely overtake Xen's (and of course, vmware and others) places.
Where I am now
So... Well, those of us that adopt KVM and want to get it into production now will have some work of building the tools to gracefully manage and report it, it seems. I won't be touching much my setup until after Debconf, but so far I've done some work over Freddie Cash's kvmctl script. I'm submitting him some patches to make his script (IMHO) more reliable and automatizable (if you are interested, you can get my current version of the script as well). And... Starting September, I expect to start working on a control interface able to cover my other needs (such as distributing configuration to the terminals-to-be, or centrally managing the configurations).

Kept silent for a week...

Submitted by gwolf on Thu, 07/17/2008 - 15:42

Last week (July 7-13) was basically hell on Earth, for me and for the group that somehow got the name Cabras locas, of which I am part since I joined the National Pedagogical University, where I worked full-time 2003-2005.
It was, yes, the first of my officially three weeks of Summer holiday at IIEc-UNAM, so no problems here. So, why hell on Earth? Because we were in charge basically of anything related with information flow, retrieval and manipulation at the 11th International Congress on Mathematical Education, in Monterrey.
What we thought would basically be one or two days of hard work followed by six days of relaxed vacations (we had even planned to have an internal seminar, showing off the shiny stuff each of us is working on) became... A mind-boggling eight day experience where we worked over 12 hours a day on being human replacements for Google, SQL engines, full-text parsers, report generators, printer watchdogs, and in general lines, just a bunch of unhappy firemen, ready to be called off for whatever task was necessary.
We did have, of course, several calm periods every now and then. We even had to learn how to look busy while doing something compeltely unrelated (that would explain, for example, a couple of low-hanging bugs I fixed for Debian, or some dozens of lines of code I could get off my head).
But my advice for whoever reads this: Don't trust people with long database-handling experience. Specially when they insist that hand-capturing a thousand registers is preferrable (i.e. less error-prone) than parsing three separate databases and discarding duplicates. And, of course, specially when this person is your boss, which is enough of an argument to have it his way.

Syndicate content