All in no particular order…

U2. I couldn’t help but notice during U2’s halftime performance yesterday how much Bono has aged. Now, granted, he’s 42 or 43 now, so he’s not going to look 22 anymore, but last night he didn’t look 42 to me. His voice didn’t seem terribly strong either, but that’s something he’s battled for more than 20 years. During their famous Sarajevo gig in 1997, Edge had to sing a few numbers (including Sunday Bloody Sunday) because Bono had lost his voice.
Above all else, it was a show. The band showed up on stage, sans Bono. He was walking through the crowd. They played one obvious song (Beautiful Day), then in a flash of showmanship, projected the names of 9/11 victims as they played an obscure song off The Unforgettable Fire, the haunting MLK (one of two tributes to Martin Luther King Jr. on that album) before segueing into Where the Streets Have No Name, with a few improvised lyrics (including a chorus from All You Need is Love, a nod to Paul McCartney).

Very typical U2. U2 fans undoubtedly loved it or at least enjoyed it; not-so-big fans probably weren’t so impressed (they sounded worse than, for instance, Mariah Carey, but a musician I work with is convinced she was lip-syncing) and U2 haters probably found something else to hate. I was impressed that they didn’t sell out by playing three songs off their current album. They played a hit from a year ago, then they played an obscure song, then they played a minor hit from 15 years ago, but it wasn’t one of the two huge hits off that album.

Heartbreak. That was what the game itself was. The Rams didn’t show up to play for the first three quarters. I have to wonder how badly Warner was hurting, because he definitely didn’t look 100% (and if I can notice a difference, there definitely is one). I have to wonder what if he hadn’t taken those hits late in the game three weeks ago against Green Bay…?

Security. I see from this story that Linux is less secure than Windows, based on counting reports at SecurityFocus.

SecurityFocus reported a total of 96 Linux vulnerabilities, versus 42 Windows NT/2000 vulnerabilityes (24 for Windows 2000 and 18 for NT4.0). Buried deeper in the article, you see that Mandrake Linux 7.2 notched up 33 vulnerabilities, Red Hat 7.0 suffered 28, Mandrake 7.1 had 27 and Debian 2.2 had 26.

So, first things first, James Middleton seems to think 2=4.

Now, math aside, those 26 Debian vulnerabilities were in all likelihood present in all the other distributions. So there’s a lot of triple- or even quadruple-counting here.

I remember a good number of those Linux vulnerabilities. Some of them were buffer overflows in utilities that would be difficult or impossible to exploit without shell access to the machine. Some of them were in daemons (services) that may or may not be running at any given time. Very few were in the kernel itself. Bottom line is, a typical Linux-based Web server sitting behind a firewall with only port 80 exposed probably didn’t have anything to worry about. The same goes for a typical Linux-based Samba server.

This isn’t like Windows, where you get the components Microsoft deems necessary, whether you want them or not, and you fear removing or disabling them because you don’t know what else will break and have no way of knowing. With Mandrake, you’ll get some services you don’t want, but you can disable them without breaking stuff. Red Hat has reformed and installs surprisingly little in its minimum installation these days. Debian installs even less.

So, the dirty little secret this article didn’t tell you: Not all the security problems affected any given Linux server. Chances are most of the security flaws affected any given Windows server.

I hate it when technology journalists blindly spit out numbers without having a clue what they mean.

I may publish again. I was mad enough to fire off a proposal to one of my former editors to see if he’d be interested in a few magazine articles. It’s time there was some stuff out there written by someone who has a clue what he’s talking about.

Useful link. For once I saw a banner ad that halfway interested me today. At LowerMyBills.com you can compare different utilities services available to you. Long-distance rates include both the interstate and intrastate rate (important if you’re like me and rarely call out-of-state). Alas, they don’t list local phone service providers, and their high-speed Internet listings aren’t complete, but it’s better than nothing. They also do listings for loans and debt relief, neither of which I need right now.

If the site’s useful to you, you’ll know.

Ho-hum.

Another day, another Outlook worm. Tell me again why I continue to use Outlook? Not that I ever open unexpected attachments. For that matter, I rarely open expected ones–I think it’s rude. Ever heard of cut and paste? It’s bad enough that I have to keep one resource hog open to read e-mail, so why are you going to make me load another resource hog, like Word or Excel, to read a message where the formatting doesn’t matter?
The last couple of times I received Word attachments that were important, I converted them to PDFs for grins. Would you believe the PDFs were considerably smaller? I was shocked too. Chances are there was a whole lot of revisioning data left in those documents–and it probably included speculative stuff that underlings like me shouldn’t see. Hmm. I guess that’s another selling point for that PDF-printer we whipped up as a proof of concept a couple of weeks ago, isn’t it? I’d better see if I can get that working again. I never did get it printing from the Mac, but seeing as all the decision-makers who’d be using it for security purposes use PCs, that’s no problem.

I spent the day learning a commercial firewall program. (Nope, sorry, won’t tell you which one.) My testbed for this thing will be an old Gateway 2000 box whose factory motherboard was replaced by an Asus SP97 at some point in the past. It’s got 72 megs of RAM. I put in an Intel Etherexpress Pro NIC today. I have another Etherexpress Pro card here that I’m bringing in, so I’ll have dual EEPros in the machine. The firewall has to run under Red Hat, so I started downloading Red Hat 7.2. I learned a neat trick.

First, an old trick. Never download with a web browser. Use the command-line app wget instead. It’s faster. The syntax is really simple: wget url. Example: wget http://www.linuxiso.org/download/rh7.2-i386-disc1.iso

Second trick: Download your ISOs off linuxiso.org. It uses some kind of round-robin approach to try to give you the least busy of several mirrors. It doesn’t always work so well on the first try. The mirror it sent me to first was giving me throughput rates that topped out at 200KB/sec., but frequently dropped as low as 3KB/sec.Usually they stayed in the 15MB/sec range. I cancelled the transfer (ctrl-c) and tried again. I got a mirror that didn’t fluctuate as wildly, but it rarely went above the 20MB/sec. range. I cancelled the transfer again and got a mirror that rarely dropped below 50MB/sec and occasionally spiked as high as 120MB/sec. Much better.

Third trick (the one I learned today): Use wget’s -c option. That allows wget to resume transfers. Yep, you can get the most important functionality of a download manager in a 147K binary. It doesn’t spy on you either. That allowed me to switch mirrors several times without wasting the little bit I’d managed to pull off the slow sites.

Fourth trick: Verify your ISOs after you download them. LinuxISO provides MD5 sums for its wares. Just run md5sum enigma-i386-disc1.iso to get a long 32-character checksum for what you just downloaded. If it doesn’t match the checksum on the site, don’t bother burning it. It might work, but you don’t want some key archive file (like, say, the kernel) to come up corrupt. Even though CD-Rs are dirt cheap these days and high-speed burners make quick work of them, there’s still no point in unnecessarily wasting 99 cents and five minutes on the disc and half an hour on a questionable install.

As for downloading the file in separate pieces like Go!Zilla does, there’s a command-line Linux program called mget that does it, but it doesn’t follow redirection and it doesn’t do FTP except through a proxy server, so I have a hard time recommending it as a general-purpose tool. When it works, it seems to work just fine. You might try mget, but chances are decent you’ll end up falling back on wget.

It’s the best of times, it’s the worst of times…

I hate arguing with women. When guys fight, they fight hard, and they don’t always fight fair, but when the fight’s over, it’s pretty much over. You settle it. Maybe you seethe for a little bit. But eventually, assuming you both still can walk, you can go to hockey games together almost like it never happened.
I’ve found myself in an argument. It’s not like an argument with a guy. Every time I think it’s over, it flares back up. It’s like fighting the hydra. (I don’t know if this is characteristic of arguments with women in general; I generally don’t seek out that experience.)

I found one solution though: Don’t open my inbox.

That worked for me once. After 8 months, she finally quit e-mailing me.

Found on a mailing list. I’m assuming this guy mistyped this:

“I need hell with my installation.”

Some smart aleck responded before I did. “Usually you get that with installation whether you want it or not. Now someone’s demanding it. Newbies, these days.”

I was going to say that if you ran Windows, you’d get that free of charge. (That’s the only thing Microsoft gives you for free!)

A cool phone call. My phone rings at work. Outside call. Don’t tell me she somehow got my number at work… I pick up. “This is Dave.”

“Dave, it’s Todd.”

Ah, my boss. Good thing I picked up, eh?

“You busy?”

When it’s your boss, there is absolutely no right answer to that question. One of my classmates in college told me something worth remembering, though: The truth’s always a lot easier to remember than a lie.

“We can’t come to the phone right now. Please leave a message at the beep.”

Nope. Too late for that.

“Not really,” I say, hoping I won’t regret it. Either he’s gathering data for my personal review, or he’s about to ask me to install Mac OS X on a Blue Dalmation iMac with 32 megs of RAM (speaking of wanting hell with installation…)

Actually he asks me for something pretty cool. He asks if I was up to learning some firewalling software. (No, I won’t tell you which one. And no, I won’t tell you who I work for. That’s like saying, “Hey, l337 h4xx0r5! You can’t get me!)

But I will tell you the IP address. It’s 127.0.0.1. If you can crack that address, you deserve whatever you can get. (No comments from the Peanut Gallery.)

So I hit the books. Thanks to this duty, I get another Linux box. I’ve got a Power Mac running Debian already, which runs scripts that are impossible on NT. It monitors the LAN and reformats some reports and e-mails them to my boss and co-workers at 6 every morning. But the management software runs under NT 4, Red Hat Linux, or Solaris. None of that’ll run on a PowerPC-based machine. So I lay claim to an old system that I happen to know has an Asus motherboard in it, along with 72 megs of RAM. I’ll have fun tweaking that system out. An Asus mobo, a Pentium-class CPU, and a Tulip network card. That’s not the makings of a rockin’ good weekend, but it’ll make for a reliable light-use workstation.

While the management software runs under Red Hat, some of the infrastructure is BSD-based. So I get to learn some BSD while I’m at it. As long as BSD is sane about /proc and /var/log, I’ll be in good shape. But I heard LSD was invented at Berkeley, so I may have a little learning to do… Maybe listening to some Beatles records while administering those systems would help.

Much ado about nothing and other stuff

Much ado about nothing. The most recent report I read indicates that AOL/Time Warner and Red Hat are talking, but not about an acquisition. Sanity has entered the building…
Good thing User Friendly got a chance to get its two cents’ worth in. I got a couple bucks’ worth of laughter from it.
Much ado about something. On Sunday, Gentoo Linux developer Daniel Robbins announced that an obscure AMD Athlon bug slipped past Linux kernel developers, resulting in serious problems with Athlon- and Duron-based systems with AGP cards. This confirms some suspicions I’ve heard–one of the Linux mailing lists I subscribe to occasionally has rumblings about obscure and difficult-to-track-down Athlon problems.

The result was that Gentoo’s site was slashdotted into oblivion for a while, but hopefully it also resulted in some extra exposure for the distribution. Gentoo is another source-based distro. Lately I’ve been resigned to just using Debian to build my Linux boxes, but I’m still awfully fond of the idea of compiling your own stuff. As CPUs get faster and faster, I expect that to become more commonplace.

But I digress. The bug involves the CPU’s paging function. Older x86 CPUs used 4K pages. Starting with the Pentium, CPUs started allowing 4MB pages. But a bug in the Athlon’s implementation of this extended paging causes memory corruption when used in conjunction with an AGP cards.
Alan Cox is working on a workaround. I’m a bit surprised a patch isn’t already out there.

CPU bugs are discovered all the time, but it’s fairly rare for them to be serious. If you ever run across a Pentium-60 or Pentium-66 system, boot up Linux on it sometime and run the command dmesg. You’ll find workarounds for at least two serious bugs. A TI engineer named Robert Collins gained a fair bit of notoriety in the last decade by researching, collecting, and investigating CPU bugs. Part of it was probably due to his irreverant attitude towards Intel. (As you can see from this Wayback machine entry.) Sadly, I can’t find the story on the site anymore, since he was bought out by Dr. Dobb’s.
Catching up. I haven’t been making my rounds lately. The reason why is fairly obvious. I used my day off yesterday to have lunch with someone from my small group, then when I got home I read the e-mail I absolutely had to read, responded to those that absolutely had to get responses, answered a couple of voice messages, wrote and sent out a couple of other messages, looked up, and it was 5 p.m.

“Alright God,” I muttered. “I just gave the day to Your people. Time to go spend some time with You.” So I whipped out my handy-dandy Today’s Light Bible and read about Moses. Seemed appropriate. The inadequacy and jumping the gun and making excuses, that is. The Biblical “superheroes” were human just like us, and the book doesn’t gloss over that. Today’s Light is designed to divide the Bible into pieces so you can read the whole thing in two years. I can’t decide if I want to get through it in a year or in six months. A few years ago I read it in its entirety in four months, but that pace is a bit much. If you’re willing to spend as much time reading the Bible every day as the average person does watching TV, you can make it through in a few months. But it’s not exactly light reading, and I’m not sure I recommend that pace. If you’re willing to dedicate that kind of time to Bible study you’re probably better served by learning Greek so you can read the New Testament in the original. Then if you’ve still got your sanity you can think about tackling Hebrew.

I finally got around to reading Charlie Sebold’s entries for the last few days. One especially poignant observation: “I continue to be surprised at how much I remember about computers, and how much I forget about everything else (including far more important things).”

I sure can relate. I wish I could trade everything I remember about IBM PS/2s and Microchannel for something more useful. But I remember goofy baseball statistics too–I can recite the starting lineup and pitching rotation of the 1980 Kansas City Royals (I’ll spare you). But I can’t tell you the names of all seven people I met Sunday night.

What on earth is going on?

AOL-Time Warner in talks to buy Red Hat? I found this this morning. It’s intriguing, but I can’t decide if a buyout would be a good thing or a bad thing. After all, Netscape was in decline when AOL bought it. It nosedived afterward. Obviously, the problem was twofold. When AOL acquired Netscape, they didn’t acquire all of its mindshare. Some of the most talented people got fed up and left. You can take Jim Barksdale or you can leave him. The loss of Marc Andreesen and Jamie Zawinski, though, was substantial.
The second problem was that AOL wasn’t serious about competing. They bought a browser technology and basically sat on it. Netscape 4.x was fundamentally flawed, as even Zawinski acknowledges, although I would argue it was no more fundamentally flawed than IE 4.x. The Gecko engine, on which Netscape 6.x is based, is solid technology, even though it took longer to get to market than anyone had hoped. Although Netscape 6.x won’t bowl anyone over, other browsers based on the technology, such as Galeon, are absolutely fantastic. But AOL chose to release a half-hearted browser with the Netscape name on it and continued to use the IE engine in its flagship product even after the favorable agreement with Microsoft that prompted AOL to do so in the first place expired.

That begs the question of what AOL would do with Red Hat if it owned it. Red Hat is still the big-name player in the Linux field, but Red Hat is concentrating on the server market. You can still buy Red Hat at retail, but on the desktop, Red Hat is arguably #3 in popularity now behind France’s Mandrake and Germany’s SuSE. Red Hat is the only Linux company that’s making money, but that’s largely by selling consulting. That’s not AOL’s core business. At this point, AOL is more of a media company than a technology company. Software just gives AOL more outlets to sell its media content. Consulting doesn’t do that.

The best possible scenario for a Red Hat buyout would be for AOL to, as Microsoft puts it, “eat its own dog food,” that is, rip out the infrastructure it bought from other companies and replace it with the technology it just developed or acquired. Since AOL is largely powered by Sun servers, it wouldn’t be terribly difficult to migrate the infrastructure to Red Hat running on Intel. Then AOL could give a big boost to its newly-acquired services division by saying, “We did it and we can help you do it too.” They can also cite Amazon’s recent successes in moving its infrastructure to Red Hat Linux. There is precedence for that; after AOL bought Time Warner, the entire company started using AOL for e-mail, a move widely questioned by anyone who’s used anything other than AOL for mail.

Of course, it would be expected that AOL would port its online service to Linux, which would create the truly odd couple of the computing field. AOL, meet sed and awk. Red Hat would certainly lose its purity and much of its credibility among the Linux die-hards. AOL would bank on making up the loss by gaining users closer to the mainstream. AOL could potentially put some Linux on its corporate desktops, but being a media company, an all-out migration to Linux everywhere within is very far-fetched.

To really make this work, AOL would either have to enter the hardware business and sell PCs at retail using its newly acquired Red Hat distribution and newly ported AOL for Linux and possibly an AOL-branded office suite based on OpenOffice, or it would have to partner with a hardware company. Partnering with a big name seems unlikely–a Compaq or an HP or an IBM wouldn’t do it for fear of retaliation from Microsoft. Sun has never expressed any interest in entering the retail computer business, and even though Sun loves to take opportunities to harm Microsoft, Sun probably wouldn’t cooperate with AOL if AOL replaced its Sun infrastructure with Red Hat Linux. Struggling eMachines might be the best bet, since it’s strictly a consumer brand, has a large presence, but hasn’t consistently turned a profit. But AOL could just as easily follow eMachines’ example, buying and re-branding low-end Far East clones and selling them at retail as loss-leaders, taking advantage of its lack of need for Windows (which accounts for roughly $75 of the cost of a retail PC) and making its profit off new subscribers to its dialup and broadband customers. A $349 PC sold at retail with a flashy GUI, decent productivity software and AOL is all the computer many consumers need.

The advantage to this scenario for everyone else is that AOL would probably dump more development into either the KDE or GNOME projects in order to give itself more and higher-quality software to offer. The official trees can either take these changes or leave them. Undoubtedly, some of the changes would be awful, and the official trees would opt to leave them. But with its 18 years’ worth of experience developing GUIs, some of the changes would likely be a good thing as well.

The more likely scenario: AOL will buy out Red Hat, not have a clue what to do with it, and Red Hat Linux will languish just like Netscape.

The even more likely scenario: AOL will come to its senses, realize that Red Hat Linux has nothing to do with its core business, and the two companies will go their separate ways.

Desktop Linux and the truth about forking

Desktop Linux! I wanna talk a little more about how Linux runs on a Micron Transport LT. I chose Debian 2.2r3, the “Potato” release, because Debian installs almost no extras. I like that. What you need to know to run Linux on a Micron LT: the 3Com miniPCI NIC uses the 3C59x kernel module. The video chipset uses the ATI Mach64 X server (in XFree86 3.36; if you upgrade to 4.1 you’ll use plain old ATI). Older Debian releases gave this laptop trouble, but 2.2r3 runs fine.
I immediately updated parts of it to Debian Unstable, because I wanted to run Galeon and Nautilus and Evolution. I haven’t played with any GNOME apps in a long time. A couple of years ago when I did it, I wasn’t impressed. KDE was much more polished. I didn’t see any point in GNOME; I wished they’d just pour their efforts into making KDE better. I still wish that, and today KDE is still more polished as a whole, but GNOME has lots of cool apps. Nautilus has the most polish of any non-Mac app I’ve ever seen, and if other Linux apps rip off some of its code, Microsoft’s going to have problems. It’s not gaudy and overboard like Mac OS X is; it’s just plain elegant.

Galeon is the best Web browser I’ve ever seen. Use its tabs feature (go to File, New Tab) and see for yourself. It’s small and fast like Opera, compatible like Netscape, and has features I haven’t seen anywhere else. It also puts features like freezing GIF animation and disabling Java/JavaScript out where they belong: In a menu, easily accessible. And you can turn them off permanently, not just at that moment.

Evolution is a lot like Outlook. Its icons look a little nicer–not as nice as Nautilus, but nice–and its equivalent of Outlook Today displays news headlines and weather. Nice touch. And you can tell it what cities interest you and what publications’ headlines you want. As a mail reader, it’s very much like Outlook. I can’t tell you much about its PIM features, because I don’t use those heavily in Outlook either.

The first time I showed it to an Outlook user at work, her reaction was, “And when are we switching to that?”

If you need a newsreader, Pan does virtually everything Forte Agent or Microplanet Gravity will do, plus a few tricks they won’t. It’s slick, small, and free too.

In short, if I wanted to build–as those hip young whippersnappers say–a pimp-ass Internet computer, this would be it. Those apps, plus the Pan newsreader, give you better functionality than you’ll get for free on Windows or a Mac. For that matter, you could buy $400 worth of software on another platform and not get as much functionality.

Linux development explained. There seems to be some confusion over Linux, and the kernel forking, and all this other stuff. Here’s the real dope.

First off, the kernel has always had forks. Linus Torvalds has his branch, which at certain points in history is the official one. When Torvalds has a branch, Alan Cox almost always has his own branch. Even when Cox’s branch isn’t the official one, many Linux distributions derive their kernels from Cox’s branch. (They generally don’t use the official one either.) Now, Cox and Torvalds had a widely publicized spat over the virtual memory subsystem recently. For a while, the official branch and the -ac branch had different VMs. Words were exchanged, and misinterpreted. Both agreed the original 2.4 VM was broken. Cox tried to fix it. Torvalds replaced it with something else. Cox called Torvalds’ approach the unofficial kernel 2.5. But Torvalds won out in the end–the new VM worked well.

Now you can expect to see some other sub-branches. Noted kernel hackers like Andrea Archangeli occasionally do a release. Now that Marcelo Tosatti is maintaining the official 2.4 tree, you might even see a -ac release again occasionally. More likely, Cox and Torvalds will pour their efforts into 2.5, which should be considered alpha-quality code. Some people believe there will be no Linux 2.6; that 2.5 will eventually become Linux 3.0. It’s hard to know. But 2.5 is where the new and wonderful and experimental bits will go.

There’s more forking than just that going on though. The 2.0 and 2.2 kernels are still being maintained, largely for security reasons. But not long ago, someone even released a bugfix for an ancient 0.-something kernel. That way you can still keep your copy of Red Hat 5.2 secure and not risk breaking any low-level kernel module device drivers you might be loading (to support proprietary, closed hardware, for example). Kernels are generally upward compatible, but you don’t want to risk anything on a production server, and the kernel maintainers recognize and respect that.

As far as the end user is concerned, the kernel doesn’t do much. What 2.4 gave end users was better firewalling code and more filesystems and hopefully slightly better performance. As far as compatibility goes, the difference between an official kernel and an -ac kernel and an -aa kernel is minor. There’s more difference between Windows NT 4.0 SP2 and SP3 than there is between anyone’s Linux 2.4 kernel, and, for that matter, between 2.4 and any (as of Nov. 2001) 2.5 kernel. No one worries about Windows fragmenting, and when something Microsoft does breaks a some application, no one notices.

So recent events are much ado about nothing. The kernel will fragment, refragment, and reunite, just as it has always done, and eventually the best code will win. Maybe at some point a permanent fracture will happen, as happened in the BSD world. That won’t be an armageddon, even though Jesse Berst wants you to think it will be (he doesn’t have anything else to write about, after all, and he can’t be bothered with researching something non-Microsoft). OpenBSD and NetBSD are specialized distributions, and they know it. OpenBSD tries to be the most secure OS on the planet, period. Everything else is secondary. NetBSD tries to be the most portable OS on the planet, and everything else is secondary. If for some reason you need a Unix to run on an old router that’s no longer useful as a router and you’d like to turn it into a more general-purpose computer, NetBSD will probably run on it.

Linux will fragment if and when there is a need for a specialized fragment. And we’ll all be the better for it. Until someone comes up with a compelling reason to do so, history will just continue to repeat itself.

An easy DIY mailserver

Mail the easy way. It figures that I would find this now, after blowing most of a Saturday trying to get a mailserver set up. This won’t give you any nifty spam filtering, but if you want a fast, reliable, secure, mail server with every other nifty feature you could want, run to Qmail the Easy Way. There, you can download a script that goes and gets all the sources you need and compiles them for you. You get Qmail for SMTP (the fastest and most secure mail server available for Linux), Courier IMAP and POP for receiving, DJBDNS for name resolution, and a nifty Webmail interface. Combine that with your favorite Linux-from-sources distro, and you’ll have a rock-solid, fast-as-possible mail server for a whole lot less money than an Exchange server. And the hardware requirements are far lower. Dan Bernstein, the author of Qmail and DJBDNS, claims Red Hat used a 486 to test Qmail and it performed so well they just threw it into production.
If I had a lot of IMAP clients connecting I know I’d want a Pentium-class machine, but I remember back in the day running Domino under OS/2 on Pentium-90s. When we moved to Domino on NT running on a 533 MHz Alpha, it made our heads spin because we thought 90 MHz was good enough. This was with about 200 people connecting to it. This qmail setup would be a whole lot more efficient than Domino running under NT.

And if you want it all? All you’re missing (possibly) is fetchmail for grabbing mail from foreign mailservers, procmail for a filtering language, and a spamfilter package.
Incidentally, Bernstein writes highly secure, highly efficient software, and he’s really dictatorial about what changes go in it. That’s partly because he guarantees its security–he’ll pay you $5,000 if you can compromise it and he can replicate what you did. Yes, it’s open source, and he gives it away, but since you can’t modify it unconditionally, the BSD people hate him. And since you can’t do anything you want with it except close it, Stallman and his FSF hate him. Since I try to offend the BSD and FSF zealots any time I can, I think that would be reason enough to use Bernstein’s software, assuming it was capable. But it’s not just capable. It’s smaller, faster, and more secure than any alternative and he’s even willing to warrant it–something the likes of Microsoft and Oracle will never do–and you can compile it on any architecture with whatever optimizations you want, and it’s free, so I say you and I are fools not to be using it.

Time to be offensive. It’s been a really long time since I’ve offended people by talking about religion. I was talking with one of my good friends from church (and another part of the conversation reminded me that if I ever decide I want to try to make a living by writing, I need to offer him a job as beg him to be my agent) and we were talking about God’s will. His son had been having some problems, and he was questioning his attitude a little. I understand. My attitude would be similar, and I’d be questioning it afterward too.

I don’t remember what he said, but I paraphrased it back to him to see if I understood what he meant: “I ask for God’s will, but I admit that a lot of times I’m afraid of what God’s will is, and that it might be different from mine.”

“Perfectly said,” he said. (He always says I state things perfectly. I’d better not ever read him that e-mail I wrote at around 9:30 on Wednesday that I’ve been regretting ever since…)

“I know where you’re coming from,” I said. “I’m afraid of it too, most of the time.”

He stopped for a minute and asked if that was OK. I thought about it for a minute. It’s definitely natural to want something different from what God wants. And if you think you might be wrong but want to be right, sure, you’ll be afraid of God’s will. And that’s certainly preferable to being hostile to God’s will, insisting on your way or the highway. You have to reach a certain level of maturity to be willing to ask God’s will, even when you’re afraid of it.

But that’s not all there is. God will take that if it’s all He can get, but what God really wants is unconditional surrender. The Lord’s Prayer says, “Thy will be done.” No strings attached. Jesus prayed, “If it’s possible, take this away from me. But not my will, but Yours be done.” No strings attached there either.
One of us cited Abraham as the human who got as close to that ideal as is humanly possible. But I pointed out how Abraham got there. For 99 years of his life, Abraham didn’t trust God completely, and he did things on his own. At least twice he felt his life was in danger, and he lied to protect his skin and nearly forced his wife into adultery in so doing. We can look back and say, “Abraham! God said he’d make you a great nation! You’re sitting there childless, and Sarah’s not pregnant yet either. Are you a great nation yet? No way! And God’s at least 9 months away from being able to deliver on that promise. You know what, Abraham? You’re invincible! Those guys could try to kill you and they absolutely would fail.” But we’ve got the advantage of hindsight.

At some point, Abraham must have looked back over his life and come to that conclusion himself. Because by the time he was about 110, he unconditionally did anything and everything God told him to do.

I’m convinced that Abraham became the superhero of faith by looking back over his life objectively and being observant enough to see God’s hand in everything, and being far enough along in years to be able to see a whole lot of God’s work, and see that God’s way was good, better than anything he could have possibly put together on his own.

So yeah, I feel bad about being 26 and attaching strings to my surrender. I’ve got a whole book of God’s made-and-kept promises, and I have read the whole thing, cover to cover. But nothing’s more convincing than your own experience, and at 26 I’ve still got some of that to gain. He’s further along than I am in the experience department and in the miracles department–he’s got two kids that no doctor can explain. The second is less than a year old, but if he’s like a cat and has nine lives, he’s already used up two or three.

Hopefully neither of us needs a whole lot more convincing. I think we’ll both get there before we turn 110, but I’m not surprised that neither of us is there yet.

Disappointment… Plus Linux vs. The World

It was looking like I’d get to call a l337 h4x0r to the carpet and lay some smackdown at work, but unfortunately I had a prior commitment. Too many things to do, not enough Daves to go around. It’s the story of my life.
And I see Infoworld’s Bob Lewis is recommending companies do more than give Linux a long, hard look–he’s saying they should consider it on the desktop.

He’s got a point. Let’s face it. None of the contenders get it right. So-called “classic” Mac OS isn’t a modern OS–it has no protected memory architecture, pre-emptive multitasking, and limited threading support. It’s got all the disadvantages of Windows 3.1 save being built atop the crumbling foundation of MS-DOS. I could run Windows 3.1 for an afternoon without a crash. I can run Windows 95 for a week or two. I can usually coax about 3-4 days out of Mac OS. Mac users sometimes seem to define “crash” differently, so I’ll define what I mean here. By a crash, I mean an application dying with an error Type 1, Type 2, or Type 10. Or the system freezing and not letting you do anything. Or a program quitting unexpectedly.

But I digress. Mac OS X has usability problems, it’s slow, and it has compatibility problems. It has promise, but it’s been thrust into duty that it’s not necessarily ready for. Like System 7 of the early ’90s, it’s a radical change from the past, and it’s going to take time to get it ready for general use. Since compilers and debuggers are much faster now, I don’t think it’ll take as long necessarily, but I don’t expect Mac OS X’s day to arrive this year. Developers also have to jump on the bandwagon, which hasn’t happened.

Windows XP… It’s slow, it’s way too cutesy, and only time will tell if it will actually succeed at displacing both 9x and NT/2000. With Product Activation being an upgrader’s nightmare, Microsoft may shoot themselves in the foot with it. Even if XP is twice as good as people say it’s going to be, a lot of people are going to stay away from it. Users don’t like Microsoft policing what they do with their computers, and that’s the perception that Product Activation gives. So what if it’s quick and easy? We don’t like picking up the phone and explaining ourselves.

Linux… It hasn’t lived up to its hype. But when I’ve got business users who insist on using Microsoft Works because they find Office too complicated, I have a hard time buying the argument that Linux can’t make it in the business environment without Office. Besides, you can run Office on Linux with Win4Lin or VMWare. But alternatives exist. WordPerfect Office gets the job done on both platforms–and I know law offices are starting to consider the move. All a lawyer or a lawyer’s secretary needs to be happy, typically, is a familiar word processor, a Web browser, and a mail client. The accountant needs a spreadsheet, and maybe another financial package. Linux has at least as many Web browsers as Windows does, and plenty of capable mail clients; WP Office includes Quattro Pro, which is good enough that I’ve got a group of users who absolutely refuse to migrate away from it. I don’t know if I could run a business on GnuCash. But I’m not an accountant. The increased stability and decreased cost makes Linux make a lot of sense in a law firm though. And in the businesses I count as clients, anywhere from 75-90% of the users could get their job done in Linux just as productively. Yes, the initial setup would be more work than Windows’ initial setup, but the same system cloning tricks will work, mitigating that. So even if it takes 12 hours to build a Linux image as opposed to 6 hours to build a Windows image, the decreased cost and decreased maintenance will pay for it.

I think Linux is going to get there. As far as Linux looking and acting like Windows, I’ve moved enough users between platforms that I don’t buy the common argument that that’s necessary. Most users save their documents wherever the program defaults to. Linux defaults to your home directory, which can be local or on a server somewhere. The user doesn’t know or care. Most users I support call someone for help when it comes time to save something on a floppy (or do anything remotely complicated, for that matter), then they write down the steps required and robotically repeat them. When they change platforms, they complain about having to learn something new, then they open up their notebook, write down new steps, and rip out the old page they’ve been blindly following for months or years and they follow that new process.

It amuses me that most of the problems I have with Linux are with recent distributions that try to layer Microsoft-like Plug and Play onto it. Linux, unlike Windows, is pretty tolerant of major changes. I can install TurboLinux 6.0 on a 386SX, then take out the hard drive and put it in a Pentium IV and it’ll boot. I’ll have to reconfigure XFree86 to take full advantage of the new architecture, but that’s no more difficult than changing a video driver in Windows–and that’s been true since about 1997, with the advent of Xconfigurator. Linux needs to look out for changes of sound cards and video cards, and, sometimes, network cards. The Linux kernel can handle changes to just about anything else without a hiccup. Once Red Hat and Mandrake realize that, they’ll be able to develop a Plug and Play that puts Windows to shame.

The biggest thing that Linux lacks is applications, and they’re coming. I’m not worried about Linux’s future.

Optimizing Linux. Part 1 of who-knows-what

Optimizing Linux. I found this link yesterday. Its main thrust is troubleshooting nVidia 3D acceleration, but it also provides some generally useful tweakage. For example:
cat /proc/interrupts

Tells you what cards are using what interrupts.

lspci -v

Tells you what PCI cards you have and what latencies they’re using.

setpci -v -s [id from lspci] latency_timer=##

Changes the latency of a card. Higher latency means higher bandwidth, and vice-versa. In this case, latency means the device is a bus hog–once it gets the bus, it’s less likely to let go of it. I issued this command on my Web server to give my network card free reign (this is more important on local fileservers, obviously–my DSL connection is more than slow enough to keep my Ethernet card from being overwhelmed):

setpci -v -s 00:0f.0 latency_timer=ff

Add that command to /etc/rc.d/rc.local if you want it to stick.

Linux will let you tweak the living daylights out of it.

And yes, there’s a ton more. Check out this: Optimizing and Securing Red Hat Linux 6.1 and 6.2. I just turned off last-access attribute updating on my Web server to improve performance with the command chattr -R +A /var/www. That’s a trick I’ve been using on NT boxes for a long time.

Baseball. I’m frustrated. The Royals let the Twins trade promising lefty Mark Redmon to the Tigers for Todd Jones. Why didn’t the Royals dangle Roberto Hernandez in the Twins’ face? Hernandez would have fetched Redmon and a borderline prospect, saved some salary, and, let’s face it, we’re in last place with Hernandez, so what happens if we deal him? It’s not like we can sink any further.

Meanwhile, the hot rumor is that Rey Sanchez will be traded to the Dodgers for Alex Cora, a young, slick-fielding shortstop who can’t hit. Waitaminute. We just traded half the franchise away for Neifi Perez, an enthusiastic, youngish shortstop who can’t hit outside of Coors Field and is overrated defensively and makes 3 and a half mil a year. What’s up with that?

Moral dilemma: Since the Royals don’t seem to care about their present or their future at the moment, is rooting for Oakland (featuring ex-Royals Jermaine Dye and Johnny Damon and Jeremy Giambi) and Boston (featuring ex-Royals Jose Offerman and Chris Stynes and Hippolito Pichardo and the last link to that glorious 1985 season, Bret Saberhagen) to make the playoffs like cheating on your wife?

Back in the swing of things

Here are some odds and ends, since I’ve gone nearly a week without talking computers.
Intro to Linux. I found this last week. It’s a 50-page PDF file that serves as a nice Linux primer, from the experts at IBM. It’s a must-read for a Windows guru who wants to learn some Linux.

Linux from Scratch. Dustin mentioned Linux From Scratch last week. The idea is you download the source to an already-installed Linux box, then compile everything yourself. Why? Stability, security, and speed.

Security. You’ve got fresh, updated code, compiled yourself, with no extras. If you didn’t compile it, it’s not there. Less software means fewer holes for l337 h4x0r5 (“leet hackers,” or, more properly, script kiddies, or, even more properly, wankers who really need to get a life because they have nothing better to do than try to mess around with my 486s–Steve DeLassus asked me “what the #$%@ is an el-three-three-seven-aitch-four…” last week) to exploit.

Stability. Well, you get that anyway when you liberate your system from Microsoft’s grubby imperialistic mitts, but it makes sense that if you run software built by your system, for your system, it ought to run better. Besides, if you’ve got a borderline CPU or memory module or disk controller and try to compile all that code with aggressive compiler settings, you’ll expose the problems right away instead of later.

Speed. You’re running software built for your system, by your system. Not Mandrake’s PCs. Not Red Hat’s PCs. Yours. You want software optimized for your 486SX? You want software optimized for a P4? You won’t get either anywhere else. And recent GCC compilers with aggressive settings can sometimes (not always) outperform hand-built assembly. It’s hard to know what settings Mandrake or Red Hat or those Debian weirdos used.

I really want to replace my junky Linksys router with a PC running LFS and firewalling software. The Linksys router seems to be fine for Web surfing, but if you want to get beyond serfdom and serve up some content from your home LAN, my Linksys router’s even more finicky and problematic than Linksys’ NICs, which is saying something. It’ll just decide one day it doesn’t want to forward port 80 anymore.

Firewalling. And speaking of that, Dan Seto detailed ways to make a Linux box not even respond to a ping last week. It’s awfully hard for a l337 w4nk3r to find you if he can’t even ping you.

A story. My sister told me this one. She’s a behavioral/autism consultant, and one of her kids likes to belch for attention. He’ll let out an urp, and if you don’t respond, he’ll get closer and closer to you, letting out bigger and bigger belts until you acknowledge it. Di hasn’t managed to break that behavioral habit yet. She was telling her boss, a New Zealander, about this kid (he’s 3).

“Hmm,” he said. “Must be Australian.”

An update. I heard some howls of protest about a cryptic post I made last week. Yes, that was a girl I was talking to in the church parking lot until well past 11 the other night. Yes, we met at church. I’ve known her maybe six months. Yes, she’s nice. Yes, she’s cute. No, I haven’t asked her where she went to high school. Remember, I’m not a native St. Louisan… (And if you clicked on that link, be sure to also check out the driving tips.)

No, I’m not really interested in saying much more about her. Not now.