intel

Ho-hum.

Dave Farquhar General , , , , , , , , ,

Another day, another Outlook worm. Tell me again why I continue to use Outlook? Not that I ever open unexpected attachments. For that matter, I rarely open expected ones–I think it’s rude. Ever heard of cut and paste? It’s bad enough that I have to keep one resource hog open to read e-mail, so why are you going to make me load another resource hog, like Word or Excel, to read a message where the formatting doesn’t matter?
The last couple of times I received Word attachments that were important, I converted them to PDFs for grins. Would you believe the PDFs were considerably smaller? I was shocked too. Chances are there was a whole lot of revisioning data left in those documents–and it probably included speculative stuff that underlings like me shouldn’t see. Hmm. I guess that’s another selling point for that PDF-printer we whipped up as a proof of concept a couple of weeks ago, isn’t it? I’d better see if I can get that working again. I never did get it printing from the Mac, but seeing as all the decision-makers who’d be using it for security purposes use PCs, that’s no problem.

I spent the day learning a commercial firewall program. (Nope, sorry, won’t tell you which one.) My testbed for this thing will be an old Gateway 2000 box whose factory motherboard was replaced by an Asus SP97 at some point in the past. It’s got 72 megs of RAM. I put in an Intel Etherexpress Pro NIC today. I have another Etherexpress Pro card here that I’m bringing in, so I’ll have dual EEPros in the machine. The firewall has to run under Red Hat, so I started downloading Red Hat 7.2. I learned a neat trick.

First, an old trick. Never download with a web browser. Use the command-line app wget instead. It’s faster. The syntax is really simple: wget url. Example: wget http://www.linuxiso.org/download/rh7.2-i386-disc1.iso

Second trick: Download your ISOs off linuxiso.org. It uses some kind of round-robin approach to try to give you the least busy of several mirrors. It doesn’t always work so well on the first try. The mirror it sent me to first was giving me throughput rates that topped out at 200KB/sec., but frequently dropped as low as 3KB/sec.Usually they stayed in the 15MB/sec range. I cancelled the transfer (ctrl-c) and tried again. I got a mirror that didn’t fluctuate as wildly, but it rarely went above the 20MB/sec. range. I cancelled the transfer again and got a mirror that rarely dropped below 50MB/sec and occasionally spiked as high as 120MB/sec. Much better.

Third trick (the one I learned today): Use wget’s -c option. That allows wget to resume transfers. Yep, you can get the most important functionality of a download manager in a 147K binary. It doesn’t spy on you either. That allowed me to switch mirrors several times without wasting the little bit I’d managed to pull off the slow sites.

Fourth trick: Verify your ISOs after you download them. LinuxISO provides MD5 sums for its wares. Just run md5sum enigma-i386-disc1.iso to get a long 32-character checksum for what you just downloaded. If it doesn’t match the checksum on the site, don’t bother burning it. It might work, but you don’t want some key archive file (like, say, the kernel) to come up corrupt. Even though CD-Rs are dirt cheap these days and high-speed burners make quick work of them, there’s still no point in unnecessarily wasting 99 cents and five minutes on the disc and half an hour on a questionable install.

As for downloading the file in separate pieces like Go!Zilla does, there’s a command-line Linux program called mget that does it, but it doesn’t follow redirection and it doesn’t do FTP except through a proxy server, so I have a hard time recommending it as a general-purpose tool. When it works, it seems to work just fine. You might try mget, but chances are decent you’ll end up falling back on wget.

Much ado about nothing and other stuff

Dave Farquhar General , , , , , , , , , ,

Much ado about nothing. The most recent report I read indicates that AOL/Time Warner and Red Hat are talking, but not about an acquisition. Sanity has entered the building…
Good thing User Friendly got a chance to get its two cents’ worth in. I got a couple bucks’ worth of laughter from it.
Much ado about something. On Sunday, Gentoo Linux developer Daniel Robbins announced that an obscure AMD Athlon bug slipped past Linux kernel developers, resulting in serious problems with Athlon- and Duron-based systems with AGP cards. This confirms some suspicions I’ve heard–one of the Linux mailing lists I subscribe to occasionally has rumblings about obscure and difficult-to-track-down Athlon problems.

The result was that Gentoo’s site was slashdotted into oblivion for a while, but hopefully it also resulted in some extra exposure for the distribution. Gentoo is another source-based distro. Lately I’ve been resigned to just using Debian to build my Linux boxes, but I’m still awfully fond of the idea of compiling your own stuff. As CPUs get faster and faster, I expect that to become more commonplace.

But I digress. The bug involves the CPU’s paging function. Older x86 CPUs used 4K pages. Starting with the Pentium, CPUs started allowing 4MB pages. But a bug in the Athlon’s implementation of this extended paging causes memory corruption when used in conjunction with an AGP cards.
Alan Cox is working on a workaround. I’m a bit surprised a patch isn’t already out there.

CPU bugs are discovered all the time, but it’s fairly rare for them to be serious. If you ever run across a Pentium-60 or Pentium-66 system, boot up Linux on it sometime and run the command dmesg. You’ll find workarounds for at least two serious bugs. A TI engineer named Robert Collins gained a fair bit of notoriety in the last decade by researching, collecting, and investigating CPU bugs. Part of it was probably due to his irreverant attitude towards Intel. (As you can see from this Wayback machine entry.) Sadly, I can’t find the story on the site anymore, since he was bought out by Dr. Dobb’s.
Catching up. I haven’t been making my rounds lately. The reason why is fairly obvious. I used my day off yesterday to have lunch with someone from my small group, then when I got home I read the e-mail I absolutely had to read, responded to those that absolutely had to get responses, answered a couple of voice messages, wrote and sent out a couple of other messages, looked up, and it was 5 p.m.

“Alright God,” I muttered. “I just gave the day to Your people. Time to go spend some time with You.” So I whipped out my handy-dandy Today’s Light Bible and read about Moses. Seemed appropriate. The inadequacy and jumping the gun and making excuses, that is. The Biblical “superheroes” were human just like us, and the book doesn’t gloss over that. Today’s Light is designed to divide the Bible into pieces so you can read the whole thing in two years. I can’t decide if I want to get through it in a year or in six months. A few years ago I read it in its entirety in four months, but that pace is a bit much. If you’re willing to spend as much time reading the Bible every day as the average person does watching TV, you can make it through in a few months. But it’s not exactly light reading, and I’m not sure I recommend that pace. If you’re willing to dedicate that kind of time to Bible study you’re probably better served by learning Greek so you can read the New Testament in the original. Then if you’ve still got your sanity you can think about tackling Hebrew.

I finally got around to reading Charlie Sebold’s entries for the last few days. One especially poignant observation: “I continue to be surprised at how much I remember about computers, and how much I forget about everything else (including far more important things).”

I sure can relate. I wish I could trade everything I remember about IBM PS/2s and Microchannel for something more useful. But I remember goofy baseball statistics too–I can recite the starting lineup and pitching rotation of the 1980 Kansas City Royals (I’ll spare you). But I can’t tell you the names of all seven people I met Sunday night.

What on earth is going on?

Dave Farquhar General , , , , , , , ,

AOL-Time Warner in talks to buy Red Hat? I found this this morning. It’s intriguing, but I can’t decide if a buyout would be a good thing or a bad thing. After all, Netscape was in decline when AOL bought it. It nosedived afterward. Obviously, the problem was twofold. When AOL acquired Netscape, they didn’t acquire all of its mindshare. Some of the most talented people got fed up and left. You can take Jim Barksdale or you can leave him. The loss of Marc Andreesen and Jamie Zawinski, though, was substantial.
The second problem was that AOL wasn’t serious about competing. They bought a browser technology and basically sat on it. Netscape 4.x was fundamentally flawed, as even Zawinski acknowledges, although I would argue it was no more fundamentally flawed than IE 4.x. The Gecko engine, on which Netscape 6.x is based, is solid technology, even though it took longer to get to market than anyone had hoped. Although Netscape 6.x won’t bowl anyone over, other browsers based on the technology, such as Galeon, are absolutely fantastic. But AOL chose to release a half-hearted browser with the Netscape name on it and continued to use the IE engine in its flagship product even after the favorable agreement with Microsoft that prompted AOL to do so in the first place expired.

That begs the question of what AOL would do with Red Hat if it owned it. Red Hat is still the big-name player in the Linux field, but Red Hat is concentrating on the server market. You can still buy Red Hat at retail, but on the desktop, Red Hat is arguably #3 in popularity now behind France’s Mandrake and Germany’s SuSE. Red Hat is the only Linux company that’s making money, but that’s largely by selling consulting. That’s not AOL’s core business. At this point, AOL is more of a media company than a technology company. Software just gives AOL more outlets to sell its media content. Consulting doesn’t do that.

The best possible scenario for a Red Hat buyout would be for AOL to, as Microsoft puts it, “eat its own dog food,” that is, rip out the infrastructure it bought from other companies and replace it with the technology it just developed or acquired. Since AOL is largely powered by Sun servers, it wouldn’t be terribly difficult to migrate the infrastructure to Red Hat running on Intel. Then AOL could give a big boost to its newly-acquired services division by saying, “We did it and we can help you do it too.” They can also cite Amazon’s recent successes in moving its infrastructure to Red Hat Linux. There is precedence for that; after AOL bought Time Warner, the entire company started using AOL for e-mail, a move widely questioned by anyone who’s used anything other than AOL for mail.

Of course, it would be expected that AOL would port its online service to Linux, which would create the truly odd couple of the computing field. AOL, meet sed and awk. Red Hat would certainly lose its purity and much of its credibility among the Linux die-hards. AOL would bank on making up the loss by gaining users closer to the mainstream. AOL could potentially put some Linux on its corporate desktops, but being a media company, an all-out migration to Linux everywhere within is very far-fetched.

To really make this work, AOL would either have to enter the hardware business and sell PCs at retail using its newly acquired Red Hat distribution and newly ported AOL for Linux and possibly an AOL-branded office suite based on OpenOffice, or it would have to partner with a hardware company. Partnering with a big name seems unlikely–a Compaq or an HP or an IBM wouldn’t do it for fear of retaliation from Microsoft. Sun has never expressed any interest in entering the retail computer business, and even though Sun loves to take opportunities to harm Microsoft, Sun probably wouldn’t cooperate with AOL if AOL replaced its Sun infrastructure with Red Hat Linux. Struggling eMachines might be the best bet, since it’s strictly a consumer brand, has a large presence, but hasn’t consistently turned a profit. But AOL could just as easily follow eMachines’ example, buying and re-branding low-end Far East clones and selling them at retail as loss-leaders, taking advantage of its lack of need for Windows (which accounts for roughly $75 of the cost of a retail PC) and making its profit off new subscribers to its dialup and broadband customers. A $349 PC sold at retail with a flashy GUI, decent productivity software and AOL is all the computer many consumers need.

The advantage to this scenario for everyone else is that AOL would probably dump more development into either the KDE or GNOME projects in order to give itself more and higher-quality software to offer. The official trees can either take these changes or leave them. Undoubtedly, some of the changes would be awful, and the official trees would opt to leave them. But with its 18 years’ worth of experience developing GUIs, some of the changes would likely be a good thing as well.

The more likely scenario: AOL will buy out Red Hat, not have a clue what to do with it, and Red Hat Linux will languish just like Netscape.

The even more likely scenario: AOL will come to its senses, realize that Red Hat Linux has nothing to do with its core business, and the two companies will go their separate ways.

I’m fried.

Dave Farquhar General , ,

I spent the day trying to make an old PC get on the network, and I failed valiently. The machine connects to the network just fine in DOS. Load NT4 or 2000 though, and it shuts up fast. I didn’t try Linux, though I was threatening. I tried another 3Com 3c905. Nothing. I tried it in every possible PCI slot. Nothing. I swapped in an Intel EEPro/100. Nothing. I found an old ISA 3Com 3c509 card in a rehabbed Gateway2K box. Nope. All it did was sing to me. “I have no need for friendship, friendship causes pain. It’s laughter and loving I disdain. I am a rock. I am an island.”
Actually it didn’t even do that. It just stared back at me defiantly. Even when I told it I’d throw it in the pond. That just made me madder.

Stupid Intel motherboards. Too bad when you order a brand-name PC you can’t tell them you want an Asus or a Gigabyte. I swear by Asus. Lately I’ve been swearing at Intel. Wait, who am I kidding? I’ve always trusted Intel as much as I trust Microsoft. Which is about the same as I’d trust Slick Willie Clinton with my 17-year-old daughter, if I had a 17-year-old daughter.

And the system’s not even a month out of warranty either.

I’m frustrated because I’m the third guy to take a stab at this, and I’m the guy they turn to to take the impossible situation and manage to work it out. This one beat me, and I can’t stand losing.

Good thing I get a long weekend. I’m gonna go hang out with some of my Bible-thumpin’ buddies.

Katelyn update. Katelyn didn’t have surgery today. She’s in good enough shape to not need immediate surgery, but not in good enough shape to go home. They’re going to give her as much time as they can to build up strength, then it looks like they’ll go back in, unless something really changes quickly and she’s able to go home for a month.

Why I run Debian, and some Debian tricks

Dave Farquhar Linux , , , , , , , , , , , ,

After Dan Bowman pointed out another blogger’s recent difficulties installing Evolution on Mandrake 8.1, I had little comment other than, “That wouldn’t be an issue if you’re running Debian.” Well, I think I said a few other things because I tend to be wordy, but that was the only important thing I had to say.Debian is one of the more difficult Linux distributions to install (you have to know what hardware is in your machine–it doesn’t nicely autodetect everything like Mandrake), but it’s far and away the easiest distribution to maintain. We’ll get back to that in a minute.

Released versions of Debian tend to be ultra-conservative. The current version, Debian 2.2r5, still uses the 2.2.19 kernel, for one thing (and that’s a fairly recent change). The current 2.2 kernel is either 2.2.39 or 2.2.40. All packages (at least all the ones anyone uses anymore) are constantly checked and maintained and patched. In theory, the current stable Debian release ought to be the most bullet-proof Linux available.

Besides Debian Stable, there’s also Debian Testing and Debian Unstable. Debian Unstable is pretty cutting-edge, but I’ve had no problems running it. I just keep up with the current patches and the system runs fine. I know people who run production servers on Testing and Unstable and get away with it.

If you want the latest and greatest stuff, after you install Debian, edit the file /etc/apt/sources.list and uncomment the ftp and http lines. Next, copy and paste those lines, then edit the “stable” to read “unstable.” (Or if you’re more conservative, edit it to read “testing.”) Be aware that occasionally you’ll run into problems running packages from unstable under stable. I ran Evolution, Galeon, Dillo, Sylpheed, and a multitude of other packages from unstable just fine, but when I installed AbiWord (a really nice, lean, mean, superfast word processor, by the way) it failed to run right. I upgraded to unstable, and then it worked perfectly.

OK, let’s talk some tricks.

Want to upgrade your distribution after a new version comes out, or upgrade from stable to testing or unstable? Easy. Type this:

apt-get update ; apt-get dist-upgrade

Then Debian will go download the pieces it needs to upgrade itself.

Want to keep your system up to date with any little changes (security patches, whatever) that may have happened recently? Type this:

apt-get update ; apt-get upgrade

So Debian lets you keep a current and presumably secure installation very easily. If you run that line regularly, you can rest assured that if your system is insecure, it’s not Debian’s fault but rather a misconfiguration on your part.

Want to try out some new piece of software? Forget having to hunt down RPMs or keep track of your distribution CD. Check availability with this command sequence:

apt-get update ; apt-cache pkgnames [name of program]

Found it? Excellent. Install it with this command:

apt-get install [name of program]

And if it wasn’t as great as you heard, you can uninstall it with this command:

apt-get remove [name of program]

System acting goofy? This’ll cure much that ails you:

apt-get clean ; apt-get update ; apt-get check

So from a system administration standpoint, Debian is great. Debian developers often try to justify the difficulty of installation by saying you only have to run it once, and to a degree, they’re right.

Compiling a kernel under Debian

I found a nice document detailing customizing your kernel under Debian. The standard method works under Debian, of course, but it’s cleaner to do it within the confines of your package manager–then it doesn’t go stomping on files you modified. Plus it’s actually a little easier to let Debian handle some of the details.

Here are the notes I took while using the document.

With additions:
Use kernel-source-2.4.17

export CFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″
export CXXFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″

Using -march=i686 is known to cause instability and not improve performance by any noticeable amount. The kernel mostly ignores these settings but I set them anyway. You can alternatively set them in the file /etc/profile. If you ever find yourself compiling apps from source, you want these options set so they’ll perform optimally.

A correction:
Debian tar doesn’t seem to support the -I switch for bzip2. So I extracted the archive with the following:
bunzip2 -k -c kernel-source-2.4.17.tar.bz2 | tar -xf –

the -k switch tells bzip2 to keep the original file intact, while -c tells it to extract to stdout. The | redirects stdout to the specified program, in this case, tar. -xf tells it to extract the file.

I got an error on make xconfig:

make: wish: command not found.

So I headed off to www.debian.org/distrib/packages. At the bottom of the page, there’s a form where you can type a filename and it’ll tell you what package it comes from. Type in “wish,” hit enter, and I get a long list, including /usr/bin/wish8.3 in a package named libs/tk8.3. Sounds promising. So I do an apt-get install tk8.3 and I’m in business. Type make xconfig again, and we’re set. This page is also a really good way to hunt down packages if you don’t know exactly how Debian named it.

Options I chose for kernel compilation:

Code maturity level options: prompt for development and/or incomplete code/drivers. I answered Yes, so I’d get modern filesystem support.
Loadable module support: I answered yes to all. I’ve read that disabling modules and compiling everything directly into the kernel can improve performance but I’m wary of that. If the kernel’s too big, the system won’t boot. And the idea of modules is to keep only what you need in memory. So I suppose there are instances where a no-modules kernel could increase performance, but there are certainly instances where it would hurt. I chose to be conservative.
Processor type and features: I changed a couple of the defaults. Double-check the processor family option; in my experience it’s usually but not always correct. Enable MTRR support unless you’re using a 486, Pentium, or AMD K5 CPU. All other reasonably modern CPUs, including AMD, Cyrix, Intel, and WinChip, support MTRRs for increased GUI performance. Since the PC I’m using only has one CPU, I disable SMP support. Then I enable local APIC and IO-APIC support on uniprocessors.
General setup: I accepted the defaults, because aggressive use of APM makes me really nervous. Under Windows, APM always does me more harm than good.
MTD: Since I don’t use any flash memory devices, I accepted the defaults of No.
Parallel port support: Curiously, this was disabled by default. This PC has a parallel port but I only use network printers, so I left it disabled to save a little memory.
Plug and play configuration: I said no to ISA plug and play support, since this machine is a laptop and won’t have any ISA PnP cards. On modern PCs that have no ISA slots, say N.
Block devices: The defaults are usually sufficient, but some configurations need RAM disk support and initrd support turned on. If you’re going to mess around with ISO images, you’ll probably want to turn on loopback device support.
Multi-device support: I’ve never seen a laptop with RAID, so the default of disabling it all works great for me.
Networking options: The defaults are fine for most uses. If you’re going to make a router or firewall out of your PC, enable Netfilter.
Telephony support: I disabled it.
ATA/IDE/MFM/RLL support: Disable it if you have an all-SCSI system. I don’t. Turn on SCSI emulation support if you use a CD-R or CD-RW. Under IDE chipset support/bugfixes, disable the chipsets your PC doesn’t have. This laptop has an Intel chipset, so all I had enabled were Generic PCI IDE chipset support, Sharing PCI IDE Interrupts support, Generic PCI bus-master support, Use PCI DMA by default when available, Intel PIIXn chipset support, PIIXn tuning support.
SCSI support: I have an all-IDE system (unfortunately), so I disabled it. Note that SCSI emulation for a CD-R counts as a SCSI device, as does a parallel port Zip drive. Since I have neither, I’m safe disabling it to save some memory and speed up boot time slightly.
IEEE 1394 (Firewire support): I disabled it since I have no Firewire ports.
I2O device support: I disabled it.
Network device support: This can be tricky. I turned off SLIP and PPP since I don’t use them. You may need PPP. I turned off ARCnet support, which you’ll probably do as well since ARCnet is very rare. I have a 100-megabit 3Com 3c556 NIC in this laptop, so I went into Ethernet 10 or 100 Mbit, drilled down to 3COM cards, and said yes to 3c590/3c900 series, since that’s the driver the 3c556 uses. I turned off the others. I like to compile support for the machine’s NIC straight into the kernel when I can, since it speeds up network configuration at boot time. On servers, I’ve been known to compile support for every type of NIC I own into the kernel, so that if I ever have to change NICs, it’ll come back up automatically without any configuration from me. I turned off wireless, token-ring, PCMCIA, ATM, amateur radio, infrared, and ISDN support.
Old CD-ROM drivers: You can probably turn this off, unless you know you have an old proprietary 1X or 2X CD-ROM drive. These were the drives that generally plugged straight into an ISA sound card, and they were very common on 486s. I sold tons of these things in 1994; I’m pretty sure that by the time I was selling PCs again in the summer of 1995, everything I was selling had an IDE drive in it.
Input core support: I don’t use USB input devices, so I turned it off.
Character devices: Near the bottom, after Ftape support, there are options for specific chipsets. You can find out what chipset you have by typing the command lspci in a shell. (You have to be root to do this–use the su command if you’re logged in as yourself, as you should be.) This laptop has an Intel 440BX chipset, so I turned off the VIA, AMD, SiS and ALI support.
Multimedia devices: Disable video for Linux unless you have a capture card. Most will disable Radio adapters as well.
File systems: I enable Ext3 and ReiserFS, along with DOS FAT and VFAT (as modules), ISO 9660 and Joliet, NTFS read-only (as module). Under network file systems, I enable SMB since I (unfortunately) work in Windows environments. I disable NFS since we have no NFS servers.
Console drivers: The defaults work for me.
Sound: Since I have onboard sound, I enable sound support and pick my chipset, in this case, ESS Maestro3. I disable all others.
USB support: I have USB ports but don’t use them. I left it enabled just in case, but I’m not sure why.
Bluetooth: I don’t use it, so I disabled it.
Kernel Hacking: I disabled Kernel debugging, the default.
Whew! Hit Save and Exit. Exit X to save some system resources while compiling and installing.

The end result was an up-to-date kernel (2.4.17) that was about 200K smaller than the stock 2.2.19 kernel and boots to a login prompt in 18 seconds flat, as opposed to 45 seconds before. Much of the improvement is due to the 3c590 driver loading faster as part of the kernel rather than as a module, and the kernel no longer searching for phantom SCSI devices. But Charlie Sebold told me it’s his experience that recent 2.4.x kernels boot a lot faster than earlier kernels.

It’s not perfect–I don’t have sound completely working yet–but I found some clues. I’m not overly concerned about sound support though. The system beeps at me when I have mail, and for work purposes, that’s all the sound I need. I don’t see any point in turning my PC into a multimedia tribute to Billy Joel or Star Wars or Quake III.

A nice Sunday surprise

Dave Farquhar General , , , , , , , ,

I had a big surprise Sunday night. A couple of months ago, I was up at Bethlehem Lutheran Church in north St. Louis, and they asked me if I’d come to their Christmas banquet this year. I said I’d love to come to their Christmas banquet. They said they’d send me tickets. “Some” ended up meaning five. They’re generous people. I ended up using one–I didn’t feel like looking too hard for a date, and I felt weird asking a bunch of my friends who’ve never been up there to go with me on a rainy Sunday night.
My relationship with Bethlehem goes back several years. I moved to St. Louis in Nov. 1998, and immediately started going to a church in Oakville, a semi-ritzy, very white-middle class suburb in south St. Louis County. I was driving 30 minutes to go to church every Sunday because I had connections there, and I’d never seen a church that was so on fire. I liked it there. It was a church that made me better, and, as I would quickly learn, it was more than willing to let me make it better too. Mark my words: When you find a church like that, keep it. They’re harder to find than you might think.

In Faith Lutheran in Oakville and Bethlehem Lutheran in St. Louis, I’ve found two. And I’m much the better for it.

The north St. Louis neighborhood around Bethlehem is about as opposite of Oakville as you can get. It’s not ghetto, but the buildings are well past their prime. A number of them are condemned. Many others are boarded up. It’s lower-middle class at best. But there are people there who are trying to make a difference.

I’d been going to Faith Lutheran in Oakville for a couple of weeks when I started receiving its newsletter. And in that first newsletter was a blurb from The Rev. John Schmidtke, the pastor at Bethlehem. Faith is one of five suburban churches that has partnered with Bethlehem to reach out to its community. Pastor Schmidtke’s letter was a wish list of sorts, but he wasn’t wanting money or objects. He wanted people. “Who can help us build a computer lab so we can teach elementary computer skills to the people of our community?” he asked. “Who can help us give our children a safe, welcome place where they can sit down at a computer and do their homework?” At the end of the letter, he gave his phone number.

The next day, I called him.

He said he already had some beat-up PCs that had been donated to him. I asked when I could come look at them. I don’t really remember many specifics anymore, other than driving into north St. Louis in a snowstorm one night to come look at a pair of beat-up Compaq Proliant servers. They were DX2-66s, decked out with external SCSI CD-ROM towers. One of them had three SCSI drives. The other had five. They were pretty snazzy servers… in 1993.

It was a humble beginning. Pastor solicited some obsolete computers from other businesses, and since this was the midst of the Y2K crunch, he was able to find plenty of people willing to give up some 386s and 486s they’d just retired. The best catch was a pair of non-compliant Pentium-75s. One of them even had a hard drive–a 40-megger. No, not a 40-gig drive. A 40-meg drive, like most of us had in our first AT clone.

Basically, we had a whole lot of nothing, and I did a whole lot of nothing with it. Sure, I was able to impress a few people by taking hard drives out of 486s and putting them in those Pentiums and booting up DOS, but as far as doing anything useful, we didn’t have much. So the project pretty much sat there, a pile of beat-up PCs in the corner of a storage room.

Then one day in the summer of 2000, I got a voice mail message. It was Pastor Schmidtke. He sounded excited, but there was a certain plea in his voice. He had a grant for several thousand dollars, and it was pretty much there for the asking, assuming he knew what to ask for. He didn’t know what to ask for. So he asked me if he could have five minutes of my time to tell him the wisest way to spend a few thousand dollars to build a computer lab.

I hopped on the ‘Net and checked it out, then faxed him a shopping list. For the budget he gave me, I figured I’d be able to get several name-brand PCs and a laser printer. The grant needed three competitive bids, so I priced systems from IBM, Compaq, and Dell to give him ballpark figures, plus phone numbers to call to get hard quotes if that was what he needed.

A few months later he had the money. A couple more months after that, we’d turned that money into eight new Compaq Deskpro PCs. I wasn’t going to leave him high and dry at that point–what good is a room full of computers when no one there knew how to make them go? A couple more months after that, some volunteers had turned that storage room into a nicely laid-out computer room. So then I set about taking those PCs, installing network cards, cabling and hubs, configuring them identically, and connecting a printer. We had a usable network. An Internet connection was the tough part. I took one of those Pentium-75s, installed a 56K modem and an Intel 10/100 NIC, and configured Freesco. We were live. While 56K dialup split among 9 PCs isn’t fabulous, it’s better than it sounds–while people are reading pages, after all, their computers aren’t loading stuff. I tried setting up a Squid server to help ease congestion a little, but Squid seemed to hurt as much as it helped, so I scrapped that idea.

So now, three years after we initially met, they have a working, useful computer lab. Neighborhood kids come in and research and type. Pastor’s family comes in, and with that many computers at their disposal, the kids can play around all they want for hours and his wife can get work done. It’s not the best, but it’s worlds beyond a pair of Pentium-75s. And in a neighborhood where a Pentium-200 is considered a luxury item, it’s doing a lot of good.

So I got to the banquet Sunday night and sat down at a table. There was a program sitting there at every place. I looked at it. “That’s nice,” I was thinking. “Star of Bethlehem Awards.” There were two people listed. Then I saw people were picking up the program and flipping pages. So I picked up mine, turned to the inside, and saw there were more than two people listed. Two more on page two, and then I turned to page 3 and saw my name. With a really kind write-up to go with it.

They read the write-up, along with everyone else’s writeup, after dinner. They gave each of us plaques and asked us to say a few words. I don’t remember exactly what I said–I’m not very comfortable giving impromptu speeches. It was Pastor Schmidtke who had the vision and who got the money. And it was Cathy, a member of the congregation, who made all the phone calls and made all the runs to Office Depot to get things like power strips and network cables when I ran out of power outlets or didn’t have quite enough reach. Maybe I could have done it all without them. But chances are I wouldn’t have. No one would have. One person can’t take on a project of that magnitude alone. It’ll kill you.

The speaker who read the write-up on me was interrupted by applause a couple of times. I got a round of applause as I walked up and another one as I sat down. Helping people like them is easy, because they appreciate it so much.

I hung the plaque up right after I got home. I guess that says something about priorities–I have an expensive Jesse Barnes print I bought more than a week ago that isn’t hung yet. But the sentiment behind that plaque is worth more than a room full of Jesse Barnes prints. It’s a nice plaque. It reads:

New Birth at Bethlehem

We Thank God For You

David Farquhar

For your ongoing support, encouragement, and Christian love to the ministry of Jesus Christ through Bethlehem Lutheran Church. You are God’s Star for the ministry of Bethlehem.
…Daniel 12:3

December 16, 2001
Bethlehem Lutheran Church, St. Louis, MO

Daniel 12:3 reads as follows:

“Those who have insight will shine brightly like the brightness of the expanse of heaven, and those who lead the many to righteousness, like the stars forever and ever.”

There’s just one more thing I wish I’d said Sunday night. They’re a group of people trying to make a difference in north St. Louis. A lot of them are there by choice. They didn’t have to give me an opportunity, but they did. I’m glad they did.

It was a high-stakes game, and I won.

Dave Farquhar General , , , , , , , ,

Who’s to say where the wind will take you
Who’s to know what it is will break you
I don’t know where the wind will blow
Who’s to know when the time has come around
I don’t wanna see you cry
I know that this is not goodbye
–U2, Kite

When I last left you, I was denying it was time to say goodbye to the data on a friend’s hard drive. I’d found some information on the Internet that promised to get her data back, but I hadn’t done it yet. As often is the case with the Internet, the instructions I found online for doing the job were close. They were not quite right, but they brought me close enough that I was able to make it work.

Removing Form.A from a FAT32 drive is difficult. I was able to verify its presence using the free-for-private-use F-Prot, but F-Prot wouldn’t remove it, Usenet reports to the contrary.

One word of warning: Do as I say, not as I do. The first thing I should have done was make a bit-for-bit backup copy of the drive. I didn’t do that right away. Norton Ghost will work, though it’s not exactly a bit-for-bit copy. A better approach is to get a mini-distribution of Linux and use the standard Unix dd command to make a backup copy. (For example: dd /dev/hda1 /dev/hda2 bs=1024k) Once you have a copy of the drive, work from the copy! If you don’t know how to do all this, do not attempt recovery yourself. It’s much too easy to mess up your drive beyond any hope of recovering your data. This information is presented for informational and entertainment purposes only. I make no representation whatsoever that this will work for you. For all I know it’ll install Gator on your computer and leave the dome light on in your car and erase all your VHS tapes.

I downloaded a utility called ivinit.exe from www.invircible.com (don’t e-mail me if their Web site is down; I could only get to their site about one time out of four myself). It’s a very limited utility; I’d chained the drive off another drive for recovery purposes but ivinit will only work on the primary partition on your C drive. So I disabled the primary drive. Ivinit found it and warned me that the MBR and its mirror didn’t match. I restored the MBR from its mirror, then rebooted. I re-enabled my primary drive, let it boot, and tried to access the drive. I got the invalid media type error again. I ran FDISK, which told me I had a single FAT32 partition. That was a good sign.

So I ran MBRWORK.exe, deleted the MBR and EMBR and told it to recover my partitions. It found a single FAT32 partition. Excellent. I rebooted, tried to read drive C, and… Yeah. Invalid media type paid me another unwelcome visit.

I ran the real-mode version of Norton Disk Doctor from a recent copy of Norton Utilities. You have to be very careful with Norton Disk Doctor; never run it unless you’re positive the version you have knows about FAT32. Otherwise, you’re setting your hard drive up for a train wreck. NDD wasn’t too happy. It wanted to scavenge and rebuild the partition table, and it didn’t offer me a chance to make a backup copy. I never let a low-level utility do anything that it won’t let me undo. I aborted.

At this point I wised up. I put an Intel 10/100 network card in the PC I was using to recover the data, plugged into my network, grabbed my magic network boot disk, and connected up to the big Windows 2000 computer I use for editing video. I ran Norton Ghost and told it to make an image of the disk. To my amazement, it found a single 3.8-gig FAT32 partition and started running through filenames!

Like I said, Ghost doesn’t normally do a bit-for-bit copy; it stores enough information to recreate a valid copy of your partition. If your partition isn’t quite valid, that means you don’t get an exact copy. The upside of that is that Ghost can be a useful data recovery tool, assuming it can make sense of your partition. And fortunately, it looks like it’ll make sense of partitions that Windows itself doesn’t want to touch.

Theoretically, I could have restored the data by just making an image with Ghost, then restoring the image immediately afterward.

Norton Disk Doctor revived the partition, and it revived it more quickly than a Ghost restore would have. Then I ran into another pitfall–everything in the root directory appeared OK, and most subdirectories one level deep were fine, but anything nested gave sector not found errors. Norton Disk Doctor offered to fix that stuff, but I had a gut feeling that I shouldn’t go that route. Any time there’s the possibility of bad sectors, I want SpinRite.

As soon as I ran SpinRite, it reminded me of why I should bring it into the game as quickly as possible. It reported that the drive’s CMOS parameters appeared incorrect and it was hesitant to continue. That’s good–incorrect CMOS parameters can cause the problems I was seeing. And trying to repair the drive with messed up CMOS parameters will lead to nothing good–something that Steve Gibson is certainly aware of, and something that Symantec may not necessarily care about. In this case, the parameters were wrong because I put the drive in another system and it defaulted to a different addressing method. Whenever you’re doing data recovery and you want to move the drive, you need to be sure you get addressing straight or you’ll do a whole lot more harm than good.

After I corrected the CMOS, a simple DIR /W /S ran through the entire drive with no complaints. Norton Disk Doctor found no filesystem errors or low-level errors. SpinRite doesn’t do anything about filesystem errors, which is why I went back to NDD–use NDD when you suspect filesystem problems, but always always turn surface-scan-type stuff over to SpinRite. And there’s no harm in running SpinRite first–it’ll alert you to problems that NDD might not notice.

Along the way I learned a whole lot more than I ever wanted to know about boot-sector viruses. AntiCMOS and Form were able to coexist together nicely, and on just about any computer purchased new between 1992 and 1996, they’d just happily infect any disk you used and you’d probably never be the wiser. With the release of Windows 95B and FAT32, Form became destructive. (Why should Microsoft test new filesystems for compatibility with old viruses?) Wendy told me the problem appeared after she left an old disk in the computer before she booted it up. I suspect their old computer picked up the virus at some point, and since it wasn’t destructive under DOS and Windows 3.1, they never noticed. The computer just happily infected disks. Boot sector viruses flourished in the early 90s, as everyone needed a boot disk to play Doom or other tricky DOS games, so people traded boot disks like recipes. As often as not, those boot disks carried viruses.

When I went to put the drive back in, the dreaded “Operating system not found” paid me a visit. I hadn’t wanted to try to boot off the drive while it was in another PC for obvious reasons. So I did the standard drill. First up: fdisk /mbr. Strikeout. Second: sys c:. Strikeout. Finally, God reached down with His two-by-four and smacked me upside the head to knock some sense into me. I ran plain old fdisk and found the problem–no active partition. So I set the partition to active, and boom. The system booted up and was its old self again. It seems like I always make that mistake.

Data recovery is definitely a trade or a skill, not a science or process.

Wrapping up a week…

Dave Farquhar General , , , ,

Someone at Google has a sense of humor. See (or should I say 533?) for yourself.
Dan Bowman sent me the link. My response?

+#4+ !$ $0 k3wl! +#4nk$!

Desktop video. I still can’t get my Pinnacle DV500’s composite inputs to work right. The rest of the card seems to function just fine. As a workaround, I tried connecting a DVD-ROM drive and ripping the source video digitally, straight off the DVD. I was able to get decoded .VOB files to the drive, but the utilities to convert them into usable AVI files (Premiere won’t work with VOBs) all had an annoying tendency to crash. At one point I suspected I had a binary compiled for Intel systems, and obviously my AMD CPU won’t like those SSE instructions. So I copied a single 1-gig VOB file over to a P3-based laptop. The utility got a little further, but it still crashed.

And yes, incidentally, I did secure permission from the copyright holders to use their video. As for the legality of what I did in the DMCA era, one of the utilities looked at the DVD and said it was unprotected. It’d be hard to prosecute me for circumventing copy protection when none existed in the first place.

I was going to say we’ve come a long way since Amigas and Video Toasters, but I’m not going to say that. Amigas and Video Toasters actually worked.

Tribute. How’d I forget this? The Silent Beatle died Thursday. Unless you’ve been living in a cave, you already knew that.

The radio station I listen to most often, which can’t decide whether it wants to be a retro station, a New Wave station, a hair band station, or an Adult Alternative station, stepped way outside its format and did a nice Beatles tribute Friday at lunch, playing an hour’s worth of tunes, ending with “The Long and Winding Road,” which seemed eerily appropriate.

I remember when the Beatles boxed set came out a few years ago. I was still in college, and my next-door neighbor, Chip, got it the first day. He and I watched the corresponding TV special, and I remember someone walking in and saying he didn’t know any Beatles songs. I told him he was crazy. The Beatles are so pervasive, I said, that they’re not even just part of our culture anymore. They’re part of our DNA.

So Chip reached over and turned on his CD player and flipped through a few selections. A look of recognition came over his face to most of them. Yeah, he knew some Beatles songs. He’d just never recognized them as Beatles songs. Even young whippersnappers like us knew them and loved them.

The Beatles were history years before I was born, and for that matter, by the time I was born in 1974, even their record label, Apple Records, was in shambles. I have no recollection of the day John Lennon was murdered. The earliest Beatles memory I had growing up was hearing George Harrison’s “I’ve Got My Mind Set on You” on the radio and seeing the video on TV, in 1986. It was a good tune. Not as good as the best stuff he wrote, and it’s largely forgotten today, but what other songs from 1986 do people remember today? Bon Jovi? Puh-lease. It was such a bad year for music that The Police were able to remake their 1981 hit, “Don’t Stand So Close to Me,” and score a minor hit with it. Compared to the other choices we had that year, George Harrison scratching his nails down a blackboard for three minutes would have been cooler, just because it was George Harrison.

And he and the rest of his bandmates knew that. That was cool, because it freed them to experiment. So they had that stack of bubblegum pop hits in the early 60s that everyone remembers today, but in addition to that, they had their psychedelic period and by 1968 they had dabbled in everything else imaginable. Heavy metal? They did some of that. Industrial rock? They even did some of that. When it came to rock’n’roll, The Beatles tried everything. Everything that’s happened since has just been further exploration of territory they already covered.

George Harrison’s last few years weren’t pleasant ones, due to his battles with cancer and with deranged fans. I hope he’s happier now. I can’t imagine him doing anything else but sitting somewhere, making music with John Lennon, waiting for Paul and Ringo to show up.

Software stuff I forgot about

Dave Farquhar General , , , , ,

I’m hoping someone can help me here. I read a couple of stories this week and can’t find them anymore. They’re fairly significant.
Evil Adobe software. The first involved an Adobe lawsuit. Some outfit was buying Adobe suites, breaking them up, and reselling the components. Adobe sued, saying this violated the click-through license. The court ruled that the reseller never agreed to the click-through license, this constituted a sale even though Adobe defined it as a license, and the vendor wasn’t violating any copyright laws by selling the software CDs and books just like stores that sell used books and music don’t violate the copyrights. The court also questioned whether a click-through license was legally binding anyway.

This story should be very significant. The way around it, of course, is to rent software, which is more profitable anyway. Expect Adobe to make tracks down that path very quickly. Adobe’s software licenses are generally slightly more generous than Microsoft’s (they allow you to install their products on your home PC if your business buys them, something Microsoft no longer allows) but then again Adobe’s the company responsible for jailing Dmitry Sklyarov, so they’re still evil. Maybe not quite as evil as Microsoft, but still evil.

So if you must buy Adobe software, do it smart. Buy the suites–which generally combine three or more Adobe products and generally sell for what two products would sell for seperately–and split them up. Find a friend or coworker to go halvesies with you.

Evil viruses. I’ve been fearing for a couple of months the virus that takes the methods used by Nimda and combines them with oldschool exploits like infecting file shares and e-mailing people in your address book. Such a beast appeared last week, but the stories faded very quickly. Presumably the virus was discovered but never really made it into the wild. The stories I read suggested the virus code was very buggy.

Still, if you’re still reeling from Nimda like I am, take steps to secure your network. Put an antivirus package on your mailserver. Consider blocking access at the DNS level to your local ISPs’ mailservers and free mail providers such as Hotmail to keep users from bringing unchecked mail into your network. Deploy IE 5.5SP2 with all of the current patches. Put Outlook in the Restricted Sites zone and very seriously consider replacing Outlook with something that works right and is secure, such as the Lotus Notes and Domino tag-team. (Exchange always was a Domino wannabe anyway, and not a very good one.) And since keeping your Microsoft software up to date is a royal pain, tell your boss to start thinking about remote deployment software such as Tivoli. Yes, it’s expensive, but it’s cheaper and easier than hiring another one of you and it frees you up to do real work. (My company’s been looking for another one of me for about three years, first so they could afford to get rid of me because I’m not a Microsoft lackey, and now so they can promote me. They’ve never succeeded. Presumably your company would have an equally difficult time finding another one of you.)

Linux in the enterprise. The ultimate solution to this virus crap (and other Windows-related crap) is to get rid of Windows and replace it with Linux, since Linux viruses are extremely rare and almost never damaging. While Linux has security vulnerabilities too, they’re generally more rare than Windows vulnerabilities and a desktop PC often won’t be running the programs that can be exploited. Besides, you are firewalled, aren’t you? If you are, you’re pretty reasonably secure, since in the Unix world, operating systems are operating systems–they don’t try to be operating systems and web browsers and mail clients and everything else.

But what about usability and maintainability? Linux plus KDE is no harder for an end-user to use than a PC or a Mac. Corel WordPerfect Office gives you everything you need to run your business, and secretaries like WordPerfect better than Microsloth Word anyway. Oh, you need Outlook, you say? Fine. Wait a month then. Ximian Evolution is approaching version 1.0, which will bring Outlook functionality to the Linux desktop. And if you don’t want to pay for WordPerfect Office, there’s always StarOffice. (But you can easily afford WP Office with the money you save by not buying Windows licenses anymore.)

So you don’t know anything about fixing Linux if it goes bad? So what? No sane person fixes a Windows installation either. Fixing a troublesome Windows box can easily take half a day, so the best practice is to keep an image of a working configuration, then when the user breaks it, back up user data (usually scattered all over the drive), re-image, then restore the data and be back up and running in an hour. Linux restricts user data to the /home hierarchy, so maintaining an army of Linux boxes is actually considerably easier than maintaining an army of NT boxes. Back up /home and re-image. Or if you’re really smart, you already redirected /home to a server somewhere, in which case all your desktops are now interchangeable. And Linux imaging is much easier than in NT. Linux generally doesn’t care about the motherboard, so if your video, sound, and network cards are identical, your disk images are interchangeable. Often you can get away with changing sound cards too. And if you’re limited to two or three types of NICs (probably Intel EtherExpress Pro and 3Com 90x; most cheapie 10/100 cards are covered by the Realtek 8139, DEC Tulip or NatSemi drivers), you can just statically compile those into the kernel and you’re set–then the video card is all you have to worry about. Running XConfigurator can take care of that in a matter of minutes. So a dead Linux box can be wiped and restored in 30 minutes, easy, during which your user can still be working, either on a vacationing neighbor’s PC or on your PC.

Remember too that a good percentage of NT problems are caused by toy programs users download off the ‘Net, or games or other programs people bring in from home and install. Those toys generally aren’t available for Linux, and since Linux has a low penetration in the home, people aren’t going to be bringing in their Barbie CDs and installing them. So you’re a fool not to think about Linux on the desktop in the enterprise.

Outta here. I’ve got more but I’m pretty much out of time. We’re doing a prayer vigil this weekend, and no fool signed up to lead from 1:00-2:00. When I stay up that late, my mind tends to be at its best, though my emotions tend to be at their worst (I get depressed easily). But since I can be plenty lucid at that hour, this fool signed up to lead. I’ll be back with more tomorrow.

Linux and PC cubes

Dave Farquhar Hardware , , , , , ,

PC cubes! Yes, I want a cube-shaped computer, because it’s small. No, I don’t want one made by Apple, or an obsolete NeXT (I used those in college when I couldn’t get time on an SGI). I want something small and cheap, and if it’s reasonably good looking, that’s a bonus.
Enter the Shuttle SV24.

Unlike Apple’s cube, it has a brushed-alumninum case, so it won’t crack. Just like Apple’s cube, it generates extreme reactions, and not everyone who likes Apple’s cube likes Shuttle’s.

I admit, it doesn’t have Apple’s styling. But I like Lian-Li’s styling a lot better. I wouldn’t put this in Lian-Li’s league either. But it’s certainly no uglier than any of the PCs I own now, and it’s small and light. So yeah, it has me thinking.

Where can you get one? Two of my favorite vendors have it, at a price of $250: Newegg.com and Mwave.com.

I also saw on Ars’ forums that MSI makes a slimline PC called the 6215. Newegg has it (search for “6215”) for $210. It’s tiny, but has two PCI slots and is more conventional-looking. I’m thinking the 6215 would be great for a server appliance, seeing as it has two PCI slots so you could put a SCSI card in it. You could also disable the onboard Realtek NIC and replace it with a card like an Intel EtherExpress Pro that uses less CPU time.

More Linux. The biggest thing holding me back from migrating to SupaSite is its requirement of the Apache, MySQL and PHP trio. I’ve tried to get those three to work together before, and the setup wasn’t exactly trivial, especially when trying to do it from RPMs. It looks like it’d be a whole lot easier to just compile it yourself. But this past week I found Apache Toolbox, which downloads the source for those three, plus bunches of Apache modules and compiles them for you. It sounds like it even helps out with configuration. I’ve gotta give this one a shot.