Archive for January, 2003

OpenSSH and GNUStep

Friday, January 31st, 2003

One of the things that's been bothering me for a while is the inability for me to run scp and sftp to sparky from my iBook, sherman. I could ssh to sparky OK, but when I tried to get one of the others to work I had a lot of problems. Well... last night I decided to give it a real go and upgrade OpenSSH on sparky with the hopes that this would solve the problem. Of course, nothing's that easy.

Since sparky is a SPARC 20, I went to SunFreeware to get the latest packages for Solaris 7, SPARC edition. I really have to tip my hat to these guys... this is a lot of work to put these packages together for all the different combinations of Solaris and CPU, but they do a wonderful job of it.

Anyway, I get the latest packages for OpenSSH, and realize that I'm going to need to get the latest OpenSSL as well. No biggie, I get both and install them with pkgadd. Then I try to run it. Begin the detour to get it really working. You see, the latest OpenSSH/OpenSSL needs to have an entropy server running so after reading the OpenSSH install page on SunFreeware (which is, thankfully, exceptional) I get the three other packages I needed and installed them. Then it was a matter of about a dozen commands to get the entropy generator going and then OpenSSH ran. I was able to ssh into the box, but alas, still no scp or sftp.

So I go to Google and I get a few ideas - like making sure the path to scp is correctly set. It was, of course, but in doing that I noticed that something wasn't quite right. I was getting an environment variable error, so I went into my .login file and fixed that up. Still no luck, but closer, as ssh sparky 'which scp' worked as it should.

The final step came putting my girls to bed for the night: I've had GNUstep running on this box for a while as I've really liked the OPENSTEP object library, and in my .login the GNUstep app to 'make services' is run. This came to be because there was a process id showing up at each call to ssh, scp, and sftp. When I finally put it together it seemed obvious - GNUstep was sending something or blocking something that was OK for ssh but wasn't OK for scp or sftp.

When I commented out the call in my .login everything worked great! Now I can move files to sparky with scp which is not only faster but a lot more secure than ftp.

Browsers are Interesting

Wednesday, January 29th, 2003

I'm very impressed by Safari on Mac OS X, and when decided that the KHTML engine that they used was in Konqueror for Linux I decided to give it a try and see if it would replace Phoenix as my browser on Linux. First off, it's always been clear to me that browsers on Linux are going to suffer from a lack of plug-ins and support for the latest Flash, etc. But that's OK... all I really expect out of my Linux browser is to be able to render standard pages and not hassle with Flash or QuickTime, etc. For that, Netscape was a good first attempt but locked up far too often. Mozilla was better, and Phoenix was even better because of it's stripped-down design on the same Mozilla core.

Then Safari gave me really impressive rendering speeds and I decided to try Konqueror - not bad. But I'm running RedHat 7.1 which is not the latest and so I decided to try and upgrade KDE (and therefore Konqueror) to something a bit more current. So I went and got the 7.2 RPMs and updates for KDE and the necessary support packages. Got it all installed and it's not bad at all. The speed is nice - on par with Safari.

I've been a GNOME supporter because of the CORBA infrastructure and I still believe that using CORBA in this way is the way to make the computer more tightly integrated with the network it sits on. If I had to make a new trading system I'd focus on making the system a group of small, inter-working components that all had universal interconnections that flowed through so that systems could be built by simply plugging components together and when necessary stringing together a few different kinds of components to get the desired function. This is nothing new - CORBA has been all about this from the beginning. But making an OS where this level of interconnection is supported at the lowest levels makes it that much easier to build these types of systems.

Anyway... GNOME is nice, and it's OK, but I have to say that KDE is nice as well and while it's not rooted in CORBA, most current systems aren't. While this isn't a real benefit, currently it isn't a serious handicap either. I haven't been asked to write this mythical system, and were I to do it, I'm guessing that one of the restrictions would be that it had to run on Windows and that would leave Linux out of the running right from the jump. But it's important to support The Team, and so I've been running and supporting GNOME since I started using Linux a few years ago.

The latest RedHat (8.0) solves a little of this problem for me as it has a modified version of both that is it's new desktop of choice. Sure, you can get straight GNOME or KDE on 8.0, but the default is strong motivation to leave it just as it is. I haven't used 8.0 yet, and probably won't until we upgrade all the servers at work which isn't planned anytime soon. After all, they work, and upgrading eight servers along with four workstations isn't going to be fast and there should be a compelling reason to do it.

So I'm running Konqueror on top of Ximian GNOME and have to admit that it's pretty nice, and support for the mixture is really nice.

Not Going Crazy

Friday, January 24th, 2003

I got into ARPAnet while in college at Purdue. There was no such thing as the web and http: protocol - it was telnet, ftp, and a few new things like gopher, archie, etc. And there was newsgroups. I loved the newsgroups. They have since really been replaced by web logs and news sites, but in my day they were the place to find all your questions answered, you could buy and sell anything and know that it was a decent, honest, person on the other end because they had figured out newsreaders, after all. Yes, back in the day, it was an entirely different place.

Still, I'm not ready to let go of newsgroups - so I have always tried to keep a newsreader up and going on at least one platform I was near. For the time I was working out of my home office it was
RadicalNews on NeXTSTEP which is an incredible newsreader given when it was written and the hardware it runs on. Really impressive. Then I changed jobs and started carrying my Linux notebook and started using
Pan. Not bad at all. Multi-threading meant that this guy could do things that RadicalNews just could not. It could load all the articles on the subscribed newsgroups so that I could read them on the train. This was nice since I didn't have the time to read it in my office anymore.

Then I got my iBook and started carrying it. So I needed a new newsreader on Mac OS X - none of this Classic for me. I looked at
newsreaders.com for all the OS X readers and went through them one by one. I had to be able to run in OS X natively, and needed to be able to do online as well as offline reading. While I don't mind paying for some software, a newsreader is not one of the things I was willing to pay for. It's just a little quirk about all the news reading on terminals with rn and the other Unix readers. I don't mind working on freeware/open source, so if I had to help build I was ready to do that.

After my search and playing with what passed for demos, I settled on Halime as it did all I wanted to do and had a nice icon to boot. I have been using it ever since. But when I downloaded the 1.0b1 version I noticed that it no longer seemed to be reading the articles from my newsserver. I pulled out one of the other readers I'd tried and sure enough, it looks like the server has the articles, so am I crazy or what?

I spent a day and a half recreating the subscriptions from the massive group listing, trying to fiddle with resetting the article numbers, but in the end nothing I did seemed to matter and I was beginning to think that I was crazy.

So I wrote the author and mentioned my problems. He suggested I crank up the debug level and see what it was saying. I did it and BINGO! I saw a ton of error messages - looked like one for each article header it was trying to read. Ah... I could relax. I wasn't going crazy.

Now I'm waiting for a message from the author who's been a really nice guy about other questions/issues I've had in the past. I'm guessing it's something with the newsserver that I'm using. Probably changed the length of some field or something and that's causing the problems. So I hope that soon I'll get an email about an update to fix the problem and I'll be back to reading news.

The Grind

Tuesday, January 21st, 2003

OK... it was a nice three-day weekend, but thanks to the kids, there was a lot of things to do and a lot of crabby kids. Life is, after all,
messy.

One of the things I've still been looking for is a nice project to keep my mind active. Things here are getting more stagnant as I have more links to others and they don't work at the same speed as I do. This is not a surprise, but it's something that has to be delt with. Right now, I'd love to see a few improvements in Safari so that it'd work with Hotmail a little bit better. I'd also like to see Halime get things all straightened out and group my news again... but I'm working on the latter and Apple is working on the former.

I'm just not a patient person.

Networking Problems

Friday, January 17th, 2003

For the past few days at work there seems to be an insidious problem that is causing the server processes to have to be restarted in order to clean themselves up. This happened three times yesterday - an all-time high. The problem is that I didn't design the networks, and certainly don't maintain them, so if there's a router problem, I'll never know it. I'm concerned that since this is a typical network problem - here one second and gone the next, that it's likely not to get fixed until it gets horribly worse.

Then there's the home networking that's having problems this morning as well. This morning before I left for the train I ran into the problem that I didn't seem to be getting out to the internet. So I restarted the NAT service and things seemed to be a little better, but I think there was a bad DNS issue that makes simple tasks like browsing hard eventhough the real connectivity is there. We'll have to see when I get home, but I think it's probably cleared up by now.

So today is one of those times when things are going poorly at work and the level of support is rising a lot due to these problems. The code hasn't changed in months, the user base hasn't changed, the markets are changing but not like this... so what's causing the problem? Maybe it's not the network, but it's the only thing that I can think of that's capable of causing these types of problems, and is out of our control to check and repair, if necessary.

Having been in the network support scene for years - including leased lines that are without doubt the worst things to support if you don't have an excellent carrier, I know that the infrastructure gets blamed for a lot of things that aren't really its fault. So I've tried to be easy on the complaints, but when a user is asking what you think the problem is, you have to give them the best knowledge you have. It's not a great situation to be in.

Then again, the guys that put this network together at work aren't the totally sharpest in the land, either. When we moved in we had a terrible time getting the NICs on 100Mbps/half-duplex when the switches were supposed to be auto-sensing. For all the Linux workstations we had to have the switch set to 100/full and then force the driver as well. It was a real pain to figure this out... lots of lost time on that one. So it really could be the network... I just wish it'd get cleared up.

Getting Kicked Around

Monday, January 13th, 2003

OK... I had hoped that the problems at work stopped with the layoff of half the IT staff. I was wrong.

Last week, the COO came and talked to me and had a problem that he needed to talk to me about. Basically, my consulting rate (because they didn't want to hire me) was the highest in the organization, and one of the Managing Directors kept bringing up my rate in particular and wanted it lowered. I pointed out the the COO that I'm worth more than the rest, and he agreed 100%. But my rate still had to come down.

One option was hiring me as an employee, but when I mentioned to him that after checking my finances, I couldn't take a 2003 hit of $54,000.00 to become an employee, and maybe we could work out a signing bonus to make things fit. He felt that was being greedy of me. I explained that had I known that the offer would be made this year, I'd have spent last year getting a few things in order so that I could take the $54,000/yr one-time hit.

He seemed to understand, but I still think he believes I'm being greedy.

His latest list of options comes down to this:

  • him paying a rate of no more than $90/hr to the consulting company I'm billed out of
  • me being hired
  • us making an exit strategy

I have to admit, the man has big ones. Really big ones. He doesn't have any way to replace me, nor is it possible given this environment to find someone to replace me on short-notice. Also, he knows that he's not going to hire me... he's never really made anything but vague promises in that regard, and while I've stopped trying to push it, it is something I wished would have happened a while ago.

So my rate is getting cut.

Not my total cost to the business - he doesn't care that I work more than 40 hrs./week - he's more than happy to have me work as many hours as I can. So he's not really interested in the cost I represent to the business as a whole - he's interested in not having that Managing Director hassle him that he has one very good worker that has a rate that's more than the others. Amazing.

I've decided that this place is just too messed up to stay - so in a way I'm glad the employment didn't work out.

Gotta Love Apple

Tuesday, January 7th, 2003

OK, there's no doubt that their systems are more expensive than the Wintel ones, but after today's MacWorld Expo keynote, you still just have to love Apple for what it's doing for their platform. Sure, I wish .Mac was still iTools - and free, but it's not, and I can appreciate Steve's point that it was costing too much to keep it free, and they still wanted to invest in it. They certainly could have handled it better, but they could have charged less for Jaguar too... matters of degree certainly, but their steps are in the right direction.

So today we see that they have a new browser, and sure, it's not perfect, but it's a lot nicer than IE and the other browsers I've tried for Mac OS X. I need a browser that just plain works, and was forced to use IE simply because many of the sites I need to get to are really best viewed in IE. Now that Apple has a browser of their own I see this as a terribly good thing for me. I acknowledge a good job in IE for OS X, but I don't like the idea of supporting Microsoft, the company. Now I don't have to. That's a big win for me.

Also, adding X11R6 to their list of supported apps is excellent. I have used XDarwin (XFree86 on OS X) and while it's OK and works, it wasn't ever what I wanted to do as it seemed like too much of a hack - I mean there's already the display system, and X11 is just a protocol... anyway, with Apple giving us X11 I'm about as happy as I've been in a while. It's fast, nice, and completly integrated into the OS X environment. Clearly, both Safari and X11 are only going to get better.

Of course, I'd love to have one of the new 17-inch PowerBooks, but I can wait on that for a while. I'm not ready to be the early adopter for that but if I had to get a machine right now, I'd work awfully hard to make a case for getting that laptop. It's got to be exceptionally nice.

One thing that I'm a little disappointed in with OS X is the JVM. Specifically, loading a Swing-based app is terribly long. I'm sure there's a cost to the JIT, and another to the loading of the JVM, but on a 600MHz G3 with 640MB of RAM it shouldn't take 15 sec. to load a simple app. Once it's loaded, it runs fine, and that's the trade-off I'm sure they made - speed durnig runtime to speed of loading. But still, it makes quick debugging and running something that you just really can't do.

Hopefully in the future, there will be an update that will make this less of an issue. Certainly every problem I've had with OS X to date has been addressed by an update in the not-too-distant future. Like I said - you gotta love Apple. It almost makes me want to pay $99/yr for .Mac

Almost.

Fix for OS X sshAgent

Friday, January 3rd, 2003

OK, I didn't check enough things and now I have it much better in hand. When you start a new terminal session on OS X, the code I had for starting ssh-agent would restart a new copy each time a new terminal session was started. This is not what I wanted, so I needed to be a little bit more careful on what was being done.

I needed to clean up the initial test on the existence of the running ssh-agent and I also needed to clean up the .tcshrc and .login files to make them work better when starting new terminal sessions.

My ${HOME}/bin/sshAgent script now looks like this:

#!/bin/tcsh
##
# Start SSH Key Agent
##
if (`where ssh-agent` != "") then
	#
	# See if there's already a running copy of ssh-agent
	#
	set proc=`ps -aux | grep 'ssh-agent' | grep -v grep`
	if ($%proc >= 10) then
		set pid=`echo "${proc}" | awk '{ print $2 }'`
		kill ${pid}
	endif
	#
	# ...and make sure to unset the variable for the PID of the agent
	#
	if ($?SSH_AGENT_PID) then
		unsetenv SSH_AGENT_PID
	endif
	#
	# Now see if we have the socket connection already defined as well
	#
	if ($?SSH_AUTH_SOCK) then
		if (! -S "${SSH_AUTH_SOCK}") then
			unsetenv SSH_AUTH_SOCK
		endif
	endif
	#
	# This is the file location that will hold the environment-setting
	# commands for all subsequent shells based on the results of running
	# ssh-agent for the first time.
	#
	setenv SSH_AGENT_STATE "/tmp/.ssh-agent-state.${user}"
	#
	# If it's still there, it's got old data and needs to be wiped out
	#
	if (-f "${SSH_AGENT_STATE}") then
		rm -f "${SSH_AGENT_STATE}"
	endif
	#
	# If we're all clean, then we need to start up a new instance, and
	# save the environment settings in the proper file for later
	# invocation by other shells.
	#
	if (! $?SSH_AGENT_PID && ! $?SSH_AUTH_SOCK && ! -f "${SSH_AGENT_STATE}") then
		ssh-agent | grep -v '^echo ' >"${SSH_AGENT_STATE}"
		source "${SSH_AGENT_STATE}"
	endif
endif

And my .tcshrc starts off with:

#!/bin/tcsh
if (-f /tmp/.ssh-agent-state.${user}) then
        source /tmp/.ssh-agent-state.${user}
endif

And finally, my .login has the following at the end:

#
# Now get the SSH-Agent up and working on this box so I can get into
# the machines at home where the keys are set up to match.
#
if ( $?SSH_AUTH_SOCK == "0" ) then
        ${HOME}/bin/sshAgent
        source /tmp/.ssh-agent-state.${user}
endif

The important points are these:

  • the sshAgent script gets the process info once so that it's not as much of a drain on the system. Also, it now does it correctly so that we don't get errors on the if statement.
  • the .login doesn't start the sshAgentunless it hasn't already been started. This is important as it keeps the number of instances to 1 for all terminal windows under OS X.
  • the .tcshrc now doesn't fail if there is no ssh-agent running. Previously, if there was none, you'd get an error trying to source a non-existent file.

These changes make it a lot nicer and though I thought I had tested it before, I've beaten the crud out of it now, and I'm happy with the results. There are probably some improvements to be made, but for now, this is a lot better than it was - because it works right.

Handcuffs are Interesting

Friday, January 3rd, 2003

OK, this morning I was really looking forward to a meeting between a co-worker and management. The focus was to be the wish list they had asked him/us to prepare to make the environment more pleasurable. Naturally, the list included things that they were likely not to say "Yes" to, but also many 'small' things that they could easily say "Yes" to.

We expected them to give in to the request(s) for offices - seeing as how we now have a lot of empty space on the floor due to the cuts, and I even bet the co-worker that his request for a raise would be agreed to. We both wondered if they'd agree to the suggestion to really stop the work on the project we are both working on now due to lack of resources. Honestly, we both didn't think they'd really do it, but it was meant to show them that we think their project planning has left out a few critical things - like the people to really make this large a project successful.

What came out of the meeting was very surprising to both of us.

They aren't going to give out offices - because they are planning on leasing them out to other divisions in the Bank! This means that in all likelyhood we'll be "relocated" to a "reservation" on the floor and then the space we had on the floor will be given to another group in the Bank and they will move in.

This bothers me on so many different levels - but all of them personally. In the end, a cube is a cube, and it really doesn't matter, but the idea that cutting half the IT staff isn't enough of a cut to keep the space and be a little generous to those few that are staying is a bit disturbing. Also, there are several people that have desks on the trading floor and offices - and I'm not talking about traders here... no, these are some of the IT folks.

What bothers me about this is the idea that we haven't reached the "bottom" in our slide - contrary to their statements.

They aren't interested in anything that costs them a dime - which is understandable if you realize that they are going to be giving up the space in order to save some bucks. I had expected that when you cut half the people you sort-of give yourself some breathing room, but I guess I was wrong.

Additionally, I learned today that one of the desks has 20+ people - a few traders, but mostly developers and researchers (basically, prototype developers). This is in stark comparison to the five - that's right - five developers under the organization's CTO. It just makes no sense that a trader should manage a larger IT budget and staff than the CTO. If he's that much better at being the CTO, then that should be his job. But, maybe that will change. Who knows.

So... it's been a bit of a disappointment as they seem to believe that on the reduced staff it's Business as Usual and no de-emphasis of the workload is in the offing. This made me very nervous as it meant that I was going to be stuck with these jobs forever. Just like handcuffs.

Then I realized something - I've got them as bad as they have me. It's just as easy for me to 'yank' on the handcuffs and have their wrists hurt as it is the other way around. This thought cheered me up as I realized that I still had some power, and therefore control over my own professional life here. Not a lot of control - just as much as you get with a pair of handcuffs.

Back to Work

Friday, January 3rd, 2003

OK, it's back to work like millions of other folks, and I have to say that I'm very happy with my life today. Yesterday we went shopping and picked up The Rolling Stones' Forty Licks and I loaded it on my MP3 player last night. I've been listening to it all morning and it's a lot of good music that I listened to all my life. I can't say that I really like the band, but the music they make has been great milestones of my life. Very nice trip down memory lane. Excellent music.

It's also nice to get back in the saddle and start writing code again. It's an important part of who I am - just like a serious runner needs to run to feel good, I need to create, and use my brain. Thankfully, this place has no shortage if ideas - both good and really not so good, but that's the ups and downs, I guess. In any case, I'm able to stretch today and get some code fixed, add a few things, and make it a little nicer. That's a win no matter how you look at it.

I also like being about to talk to me friends at work again. Not that we're a big 'water cooler' bunch, but with the cuts, and the lack of direction in many areas, it's a source of a lot of talk. Then again, there's the Holidays and it's nice to hear about what other people got.

It's just a really good day to be back.