Who these days has not witnessed the embarrassing failure modes of Microsoft Windows ? Blue screens of all hues and an assortment of badged dialog boxes make each crash into a very public display of incompetence.

I will not argue that Windows is more prone to failure than other operating systems - that potential war of religion is best left alone. What I am arguing is that failure modes should be graceful, or at least more discreet.

A black screen is neutral : the service is not delivered, but at least the most trafficked billboard in town is not hammering everyone with a random pseudo-technical message that actually means “my owners are clueless morons”.

Even better than a black screen : a low level routine that in case of system failure may display something harmless. Anything but an error message.

With so many information screens in the transportation industry, automated teller machines of all sorts and a growing number of advertising screens on roadsides, a properly and specifically configured system is necessary. What about “Microsoft Windows - Public Display Edition” ? Of course, users of Free Software don’t have to wait for a stubborn editor to understand the problems its customers are facing.

When the stakes are high enough, the costs of not managing risk through graceful degradation cannot be ignored. But let’s not underestimate the power of user inertia…

The openMosix Project has officially closed as of March 1st 2008. This brings nostalgia of the toy OpenMosix cluster I once had running for a few years, assembled using the ailing collection of dusty hardware heating my apartment and infrequently put to productive use for large batch jobs. Soon I found that a single less ancient machine could perform about as fast if not faster for less electricity, and batch jobs being what they are I could just as well let them run during my sleep. But in an age when I had more time than money (I now have neither…) and when compression jobs were measured in hours, OpenMosix was a fun and useful patch for which I foresaw a bright future.

A few years later the efficient scheduler in recent Linux releases lets me load my workstation to high values with barely any consequence for interactive tasks, so I don’t really feel like I’m starved for processing power. But I still spend too much time staring at progress bars when editing photos, so more available CPU could definitely speed up my workflow. This is why I look longingly at the servers in the corridor who spend most of their lives at fractional loads while the workstation is struggling. Manual load balancing by executing heavy tasks on remote hosts is a bit of a chore, so I go browsing for single-system image clustering news, wondering why easily pooling local system resources is not yet a standard feature of modern operating systems.

One of the major obstacles to the generalization of SSI clustering outside of dedicated systems is that software such as OpenMosix or Kerrighed require an homogeneous environment : you can’t just mix whatever hosts happen to live on your LAN. For most users, homogenizing their systems using one Linux kernel version, let alone one type of operating system is not an option.

But nowadays, virtualization systems such as Xen are common enough that they may represent a viable path to homogenization. So I envision using it to extend my workstation to the neighboring hosts. I would run the workstation as a normal “on the metal” host, but on each of the hosts I want to assist the workstation I would run a Xen guest domain running a bare bones operating system compatible with taking part in a single system image with the workstation. Adding capacity to the cluster would be as simple as copying the Xen guest domain image to an additional host and running it as nice as desired, with no impact on the host apart from the CPU load and allocated memory.

This approach looks sane to me on paper, but strangely I can’t find much about it on the web. Is there an hidden caveat ? Did I make an obviously wrong assumption ? Tell me if you have heard of other users extending their workstation with SSI using Xen guest domains on random local hosts. Meanwhile, since OpenMosix is now unsupported, I guess I’ll have to dive into Kerrighed…

Fan failure is a common life-ending event for electronic hardware, and so did I send my three years old HIS Radeon 9800 Pro IceQ to the retirement drawer when overheat crashes helped me discover it was not pushing much air anymore since the fan motor seized.

This was an excellent pretext to acquire a faster graphical adapter. I chose a Sapphire HD 2600 XT AGP 512 DDR3 (reference 100229L) because it is currently an excellent performance for money at €85, and also because that is one of the few remaining choices for upgrading my aging AGP system significantly. It is such a rarity that I can’t even find a decent review to link to and the picture shows the 256 MB version which nevertheless looks exactly the same.

With Linux, all is mostly well : the RadeonHD driver provided me with the basic functionality I need, and I was hopeful it would make me forget the lacking Xorg 3D support with my former card. But alas for now RadeonHD does not support 3D for graphic adapters with a PCIE to AGP bridge - and that includes the Sapphire HD 2600 XT AGP. Users are ranting about the lack support for ATI HD 2600 AGP support so at least I am not the only one. In that conversation, someone with apparent insider information noted that “Linux support for AGP HD2xxx cards has not yet been released, but is being worked on”. So maybe I’ll have Linux 3D some day…

I then executed ATI Catalyst installer to upgrade my dusty Windows XP drivers in case we manage to throw a LAN party for the first time in months since we all let family and professional duties creep on our schedule, I was faced with this message : “setup did not recognize compatible drivers”. And the installation process would abort.

The Wikipedia entry for the Radeon R600 series mentions this issue :

Note that Catalyst drivers 7.10, 7.11 and 7.12 do not yet support the AGP versions of Radeon HD 2000 series cards with RIALTO bridge. Installing Catalyst drivers 7.10, 7.11 or 7.12 on those cards will yield the following error message: “setup did not find a driver compatible with your current hardware or operating system.” The cards, which are yet to be supported, with their PCI vendor ID are listed below:^[46]

GPU core	Product	PCI device ID
RV610	Radeon HD 2400 Pro	94C4
RV630	Radeon HD 2600 Pro	9587
RV630	Radeon HD 2600 XT	9586

Niiice ! ATI lets manufacturers produce hardware it does not provide drivers for… At least this teaches me that they can even do worse than their proprietary binary drivers.

The solution is to head to Sapphire’s archive of old drivers which contains the 10th March 2008 release of the “Hotfix Driver for AGP version of ATI RADEON HD 2400Pro/2600Pro/2600XT/HD3850 Windows XP(32-bit)” which contains the old AGP support I needed.

On installation, the system complains about that driver not being “Windows certified”. The lack of that fairy dust does not hinder normal operation the slightest bit, but it does hint that this driver was rushed as a stop-gap.

I was competent enough to sort it out, but this is the sort of problem I would expect from cutting edge hardware, not from a mass market product designed to appeal to the value-for-money segment which is less technically aware than the free spending enthusiast segment. I can imagine many better ways for ATI to show respect toward its users.

PHP :

• Sparkline is a PHP library that produces Edward Tufte inspired “intense, simple, wordlike graphics”. I like the way sparklines spruce up text without interrupting its flow.
• Libchart is a simple PHP charting library that reminds me of the core functionality of the Jpgraph. Simple to deploy and does the basics well.
• Jpgraph can be used to create numerous types of graphs either on-line or written to a file. The range of functionality is very impressive and new features get added all the time. But basic use remains simple. Jpgraph is used by many Free software projects such as Mantis.
• PEAR::Image_Graph was formerly known as GraPHPite. It supports a good choice of graph types, five types of data sources and many output formats.
• Artichow is yet another small PHP charting library. Functionality is limited but it does look clean. The downside is that everything about it is in French… But that may be an upside if you are a French speaker !

Command-line and CGI :

• Ploticus provides a C and Python API, and a Perl command line that can be called from CGI. It is a mature solution that is no longer on the cutting edge but still satisfy many users.

DHTML and Javascript :

• Timeplot is a DHTML-based AJAXy widget for plotting time series and overlay time-based events over them (with the same data formats that Timeline supports). It has limited functionnality, but what it does looks very good and easy to integrate.
• Plotkit is aimed at web applications that require plotting series of data in modern web browsers. It requires MochiKit and supports HTML Canvas and SVG, which makes it a cutting edge way to render graphics. It supports graphing from a dynamic table.
• Plotr is a fork of Plotkit with no need for MochiKit. The result is an incredibly lightweight charting framework : only 12 KB !

Multiplatform :

• Chronoscope aims to bring something like the experience of Google Maps or Google Earth to time series data. It is quite flexible as it supports three authoring models : GWT Widget using Java, Javascript widget, pure HTML+CSS using microformats. In addition it is capable of smart handling of large datasets, even on the client side.

A new job generally mean a new computer. In most old big companies, a computer is still synonymous with having to suffer using Microsoft Windows. But despair not : a good selection of additional software will make Windows more functional and your workstation experience more bearable.

Here is a list of the ones I setup most of the time. It covers most of the indispensable everyday utilities :

- Jxplorer LDAP client
- Filezilla FTP client
- Xchat IRC client
- Notepad++ text editor
- Psi Jabber client
- Putty SSH client
- WinSCP SCP client
- Irfanview image viewer
- PalmOne Palm Desktop
- Virtual Dimension virtual desktop
- Winmerge diff and merge utility
- 7zip archive manager
- Mozilla Firefox Web browser
- VMware player
- Foxit PDF reader
- Tortoise SVN client
- Thunderbird mail client
- Kompozer HTML editor
- Unison file synchronization tool
- AdAware system cleanser
- Gimp image editor
- Openoffice suite
- GPG4Win
- Tora Oracle SQL client

Of course that will not get you anywhere near as far as a half decent setup of Ubuntu or Debian, and once you will have hunted down, downloaded and installed each of those independant packages with no centralized package management you will have a much better understanding of what super cow powers are all about. But at least it is a start and you can quite comfortably survive with that kit.

As a bonus, here are the few useful Thunderbird that I use all the time :

- Attachment Extractor
- Headers Toggle
- Rewrap Button
- Remove Duplicate Messages
- Enigmail

This took me a ridiculous chunk of afternoon to solve, and the solution was surprising to me. So I guess a full report will be useful to spare other users the same process…

Symptoms :

• You mount a share with music files over SMB or CIFS. With a file browser you can navigate the tree, and you can play the files perfectly.
• You add local music files to your Amarok collection, they appear and Amarok is fully functional.
• You add the mount point of the network share to your collection. You then update or rescan your collection.
• At some point during the scan, a notification pops up with the message : “The Collection Scanner was unable to process these files“. Once you acknowledge the notification, the scan halts and no files appear to have been added to the collection. As a bonus, KNotify may crash with signal 11 (SIGSEGV).
• On the Samba file server, a ridiculously high number of files is opened. So many that on the client if you try even a ‘ls’ anywhere on the mounted share you will get a complain about “too many files opened”. In normal operation, Amarok only opens one file at a time during a scan.
• Desperate, you try exiting Amarok. It crashes hard on termination and brings down the whole X session along with him.
• You are pretty pissed off.

In summary, both sides work perfectly fine individually, but trying to get them to work together fails and there are no useful pointers.

Failing to root out the bug and not finding anything obvious on the Web I headed to the Amarok forums. There I quickly found that about each and every thread mentioning Samba ended with a link to the Samba page of the Amarok wiki. I found the content to be basic and apparently completely unrelated with my problem, but reading between the lines I understood the key to the solution…

If you have read and write rights on a share, there are probably no problems any way you put it. But if you only have read rights on the share and mount it read and write, then Amarok is all confused ! That is what was happening to me.

A few days ago, before letting a novice user play music on my workstation , in order to protect the files from harm, I had quickly removed my username from the write list of the music share on the file server. And I had forgotten about that…

So I went back to faulty /etc/smb.conf and I added my username to the “write list” parameters. I reloaded the Samba configuration, launched Amarok, the collection was automatically rescanned and my world was back to harmony.

Let the music play !

We host applications on a couple dozen domain names with more subdomains than I count offhand. We have a policy that anything over which passwords transit should be encrypted, so we have plenty of Apache mod_ssl virtual hosts along with TLS or SSL versions of POP, IMAP, SMTP and XMPP. To provide all that as cheaply as possible, we run our own certificate authority and issued our own root certificate. Certificate authority is a pretty big word for a bunch of Openssl commands, but they do the job fine until we deploy something else to help us. So far, so good.

Since our root certificate is of course not bundled with any browser or operating system, our users are constantly nagged by their browser and mail client until they store it locally. In addition, with no root authority for other servers to refer to, server to server communication is wide open to man in the middle attacks. So at the moment, our cryptography is about as good as snake oil.

The limitations of the current implementation of HTTPS make it difficult to deploy correctly on the cheap. When a client requests a HTTPS connection, it does not tell the server the name of the host it wants to connect to. So the server has no way to choose a certificate, and this is why there can be only one certificate per IP address. IP address being an expensive resource, having one for each virtual host can quickly be prohibitively expensive, at least until IPv6 becomes sufficiently widespread.

With multiple sub-domains, we could use wildcard certificates. They have more risks than benefits and they are not universally supported, but at least they provide a cheap solution. But we host multiple domains, so even that is not the way out for us, nor for the countless wretched sysadmins that share our predicament.

But despair not, wretched sysadmin : you savior has arrived, and its name is Server Name Indication ! SNI is a TLS extension that allows multiple certificates per IP address. Paul Querna has an excellent and easy explanation of what SNI is about - which I reproduce here :

When a client connects to a server using SSL, the server will send the Public Certificate to them. This enables them to actually decrypt the data sent from the server later. Here is a short simplified example:

1. C: (TLS Handshake) Hello, I support XYZ Encryption.
2. S: (TLS Handshake) Hi There, Here is my Public Certificate,
                      and lets use this encryption algorithm.
3. C: (TLS Handshake) Sounds good to me.
4. C: (Encrypted) HTTP Request
5. S: (Encrypted) HTTP Reply

The problem in HTTP is we don’t know which Public Certificate to send, until step 4. This is long after the public certificate has been sent. Protocols such as IMAP and SMTP, which use STARTTLS, have a different pattern:

1. C: (Cleartext) I am using server 'mail.example.com'
2. S: (Cleartext) By The Way, I also support TLS Encryptionn.
3. C: (Cleartext) Lets use Encryption, aka 'STARTTLS'.
4. C: (TLS Handshake) Hello, I support XYZ Encryption.
5. S: (TLS Handshake) Hi There, Here is my Public Certificate,
                      and lets use this encryption algorithm.
6. C: (TLS Handshake) Sounds good to me.
7. C & S: (Encrypted) Exchange Data

Since the client tells the server which host it is connecting to in step 1, the server can pick the correct certificate in step 5. It is possible to do this in HTTP, using TLS Upgrade. This is slightly more complicated, and presents other security issues. The Server Name Indication approach has a much simplier setup:

1. C: (TLS Handshake) Hello, I support XYZ Encryption, and
                      I am trying to connect to 'site.example.com'.
2. S: (TLS Handshake) Hi There, Here is my Public Certificate,
                      and lets use this encryption algorithm.
3. C: (TLS Handshake) Sounds good to me.
4. C: (Encrypted) HTTP Request
5. S: (Encrypted) HTTP Reply

The only difference is a few extra bytes sent in Step 1. The client passes along which hostname it wants, and the server now has a clue which public certificate to send.

The good people at CAcert are following closely how SNI is supported in major pieces of web infrastructure. To summarize, SNI has been supported in mod_gnutls since 2005, but the ominous warning on the mod_gnutls home page does not make mass deployment likely in the short term : “mod_gnutls is a very new module. If you truely care about making your server secure, do not use this module yet. With time and love, this module can be a viable alternative to mod_ssl, but it is not ready“. But fear not : Apache bug 34607 tracks the development of SNI support for mod_ssl, and it only has to wait for the 0.9.9 release of OpenSSL which is said to include support for SNI. So the future is bright ! Support on the client side is more patchy at the moment, but it will likely improve fast as soon as the servers are available.

So when I say the the savior has arrived, I should rather say that it is still underway and it is taking its time. SNI is described in section 3.1 of RFC3546 which dates from June 2003 ! And Paul’s post is from April 2005 - although at that time SNI was already supported in mod_gnutls. I am surprised that the development of such a liberating feature so critical to the providers of collective hosting has been so slow in a an essential pillar of infrastructure such as OpenSSL. I am even more surprised that I have not heard of it before - but now I am quite excited about it !

Since CAcert is tracking SNI support, I guess they will eventually offer name based certificates. Count me in !

Since I began playing with Net_SmartIRC, I found a new way to put that library to work : a Munin plugin script to monitor the number of users in an IRC channel.

Here is an example of the graphical output provided by Munin :

As you can see, the Debian IRC channel is a very crowded place ! You may also notice small gaps in the data : the script sometimes fails on a refused connection, and I have not elucidated the cause. But as the graph shows, I have coded the script so that those failure cases only result in a null output, which Munin handles well by showing a blank record.

Because my lacking skills and crass lazyness prevented me from writing it all in a single language, I hacked that plugin by simply patching together the parts I could produce rapidly :

• irc_channel_users is a Munin plugin script that calls irc_channel_users.php

• irc_channel_users.php performs the actual login and count on the IRC server.

The PHP script is uses Net_SmartIRC which is available in Debian as php-net-smartirc. It must be configured by modifying the hardcoded server and channel - that may not be what is best in production use, but for the moment it works for me. Here is the full extent of the PHP code :

< ?php
include_once('/usr/share/php/Net/SmartIRC.php');
$irc = &new Net_SmartIRC();
//$irc->setDebug(SMARTIRC_DEBUG_ALL);
$irc->setUseSockets(TRUE);
$irc->setBenchmark(TRUE);
$irc->connect('irc.eu.freenode.net', 6667);
$irc->login('usercount', 'Users counting service for Munin monitoring',
'0', 'usercount');
$irc->getList('#test_channel');
$resultar = $irc->objListenFor(SMARTIRC_TYPE_LIST);
$irc->disconnect();
if (is_array($resultar)) {
    echo $resultar[0]->rawmessageex[4];
} else {
}
?>

The irc_channel_users Bash script is also quite simple. Apart from the barely modified boilerplate adapted from other simple Munin bash scripts, the specific meat of the script is as follow :

work_directory=/home/jim/applications/munin/irc_channel_users
php_interpreter=`which php`
user_population=`$php_interpreter $work_directory/irc_channel_users.php
 | awk -F"#" '{print($1)}' | grep -e '^[0-9]+$'`
echo -n "population.value "
echo $user_population

As you can see, the munin bash script is mostly about setting a few Munin variables, calling the php script and formatting the output.

Here are sample outputs :

15:32 munin@kivu /etc/munin/plugins% ./irc_channel_users autoconf
yes

15:32 munin@kivu /etc/munin/plugins% ./irc_channel_users config
graph_title #b^2 IRC channel users
graph_args --base 1000 -l 0
graph_vlabel population
graph_scale no
population.label users

15:32 munin@kivu /etc/munin/plugins% ./irc_channel_users
population.value 6

No demonstration is available on a public site, but the above graph is about all there is to know about the output of this plugin.

The code resides on its own page and updates if they ever appear shall be stored there.

This experience taught me that coding basic Munin plugins is fun and easy. I will certainly come back to it for future automated graphing needs.

And for those who wonder about the new syntax highlighting, it is produced using GeSHi by Ryan McGeary’s very nice WP-Syntax Wordpress plugin.

Looking at server logs in search of clues about a recent filesystem corruption incident, I stumbled upon the following messages :

Aug  5 01:06:01 kivu mdadm: RebuildStarted event detected on md device/dev/md0
Aug  5 01:43:01 kivu mdadm: Rebuild20 event detected on md device /dev/md0
Aug  5 02:15:01 kivu mdadm: Rebuild40 event detected on md device /dev/md0
Aug  5 02:59:02 kivu mdadm: Rebuild60 event detected on md device /dev/md0
Aug  5 04:33:02 kivu mdadm: Rebuild80 event detected on md device /dev/md0
Aug  5 05:24:33 kivu mdadm: RebuildFinished event detected on md device/dev/md0

We never asked for a manual rebuild of that RAID array so I started thinking I was on to something interesting. But ever suspicious of easy leads I went checking for some automated actions. Indeed that was a false alarm : I found that a Debian Cron script packaged with mdadm at /etc/cron.d/mdadm contained the following :

# cron.d/mdadm -- schedules periodic redundancy checks of MD devices
# By default, run at 01:06 on every Sunday, but do nothing unless
# the day of the month is less than or equal to 7. Thus, only run on
# the first Sunday of each month. crontab(5) sucks, unfortunately,
# in this regard; therefore this hack (see #380425).

6 1 * * 0 root [ -x /usr/share/mdadm/checkarray ] && [ $(date +%d) -le
7 ] && /usr/share/mdadm/checkarray –cron –all –quiet

So there, Google fodder for the poor souls who like me will at some point wonder why their RAID array spontaneously rebuilds…

Now why does the periodic redundancy check appear like a rebuild ? Maybe a more explicit log would be nice there.

After migrating an host to PHP5 I found that Lilina 0.7 no longer works and instead produces the following error :

PHP Fatal error: Cannot redeclare class soapclient in /your-lilina-directory/inc/nusoap.php on line 4096

Happily, Robert Mao at “Inmates are Running the Asylum” had already stumbled on this and found a solution.

Robert found a report of the Nusoap library conflicting with PHP5’s built in SOAP functions. The only use of Nusoap in Lilina is the Google API. So Robert found that by disabling the peripheral functionality dependant on the Google API Lilina no longer produced the error.

It works but it is a quick and dirty fix. Enters Ryan Mc Cue who took over Lilina’s development last year. Ryan soon mentioned that the aforementioned functionality is completely disabled in the current development version of Lilina which therefore works fine with PHP5.

There has not been a release of Lilina in quite a while but indeed Ryan and his friends have not been idle and on top of a Brand new web site there have been many commits to the Lilina Subversion repository on Google Code.

So Lilina 1.0 is in development and I’m going to take look at it. I am quite hopeful because I would like to keep using Lilina for small aggregations and avoid deploying the more complex Gregarius where its better scalability is not needed.

Under Microsoft Windows XP, a PDF file displayed well, but when I ordered the viewer to print it crashed abruptly. I reproduced the problem with Adobe Acrobat Reader, both standalone and embedded into Mozilla Firefox. I also reproduced it reliably using Foxit Reader. I was puzzled that both programs would crash in the same way, and even more puzzled that they would do it with a variety of PDF files.

As I found out, PDF renderers are apparently very picky about printer drivers. I tried printing to a different printer and the document came out fine.

The interested reader may also want to investigate the influence of font embedding on this problem. I have not performed any tests about it but I suspect it might be interesting to check if any link can be established.

I upgraded the Sympa mailing list manager to 5.2.3-2 using the Debian package from the “Testing” repository. The database part of the upgrade procedure was a bit fussy so instead of solving its problems I simply backed up the tables, dropped them, ran the upgrade procedure and restored them. That workaround worked fine for making the Debian packaging system happy.

But Sympa itself was definitely not happy. On starting Sympa I got the following logs in /var/log/sympa.log :

Apr 25 17:02:39 kivu sympa[657]: Could not create table admin_table in
database sympa : Table ‘admin_table’ already exists
Apr 25 17:02:39 kivu sympa[657]: Could not create table user_table in
database sympa : Table ‘user_table’ already exists
Apr 25 17:02:39 kivu sympa[657]: Could not create table subscriber_table
in database sympa : Table ’subscriber_table’ already exists
Apr 25 17:02:39 kivu sympa[657]: Could not create table netidmap_table
in database sympa : Table ‘netidmap_table’ already exists
Apr 25 17:02:39 kivu sympa[657]: Unable to execute SQL query : You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ‘.`admin_table’ at
line 1
Apr 25 17:02:39 kivu sympa[657]: Database sympa defined in sympa.conf
has not the right structure or is unreachable. If you don’t use any
database, comment db_xxx parameters in sympa.conf
Apr 25 17:02:39 kivu sympa[657]: Exiting.
Apr 25 17:02:39 kivu sympa[657]: Sympa not setup to use DBI

With no database access, Sympa was not operational. Double plus ungood !

The very strange thing is that the database is fine : the right tables with the right fields and the right records are all present. It even worked with the preceding version of Sympa. It looked like Sympa itself was unable to recognize that my database setup was correct, subsequently reported those errors and thereafter refused to run with it at all.

With a little rummaging inside the Sympa-users mailing list I quickly found a report of something looking suspiciously like my problem. It is probably a bug and Olivier Berger proposed a patch that looked to me like a workable solution : according to Olivier, a faulty regex was the cause of Sympa’s failure to recognize it’s own.

After making a backup copy of /usr/lib/sympa/bin/List.pm I promptly applied his patch :

17:04 root@kivu /usr/lib/sympa/bin# diff List.pm.dist List.pm
10750a10751
> $t =~ s/^([^.]+\.)?(.+)$/\2/;

I restarted Sympa and it worked fine ever after. Thank you Olivier !

The only problem is that while Sympa was down, people wondered why the messages did not go through and resent some of their messages. None of those messages were lost - they were just piling up in a queue. So when Sympa restarted many duplicates were sent.

But at least now it’s working. So for now I’m going to use dselect to freeze the Sympa Debian package at its current version so that it is kept back next time I upgrade my system.

My last rant about Openoffice’s lack of a proper outline mode apparently struck a chord if I judge from the number of pageviews and the reactions I gathered. If, like me, you eagerly await this functionality you will be happy to learn that some recent activity around Openoffice Writer’s longstanding issue 3959 aka “Outline View (aka MS Word)” has provided us with some hope.

Mathias Bauer, project lead of the OpenOffice.org Application Framework and manager of the teams for the application framework, Math and Writer posted this morning a summary of the state of the visions about Writer Views with an encouraging comment :

“I hope it gives you some understanding why such a feature is quite some work to do and what must be done in Writer before we could even start. I agree with everybody here that this is an important feature and so does the whole team. This is one of the bigger features that we will try to implement as soon as some resources will be available”.

As he says : What users call a “View” in Writer is what the developers call a “Layout” - the orientation and positioning of the textual and non-textual content on an output device. The outline mode would be one of those views.

What Mathias summarized about why there should be an Openoffice Writer outline mode :

• “Brainstorming” the structure of a document to create initial hierarchy
• Easy tool for developing and changing document structure
• Prioritize, arrange and rearrange ideas hierarchical; add details later
• Focus on content, no layout should distract from content
• Chose level of details visible in any part of the document

The current state of the proposal about what an Openoffice Writer outline mode should do :

• Present structure of a document (paragraphs, chapters, sections)
• Text indentations created from level of structural element
• Normal text should be displayed below its heading
• No margins
• No page breaks visible
• No preferred way of text wrapping; open for discussions
• No display of page bound elements (header/footer, objects anchored at a page)
• No preferred way of treating any non-textual content; why not display it?
• No preferred way of treating formatting; why not display it?
• Additional control elements that allow to promote/demote paragraphs, fold/unfold structural elements
• Creating, moving and deleting structural elements by keyboard commands or D&D

But implementing this feature will not be a trivial endeavour. Some important preliminary infrastructural work is required :

“There is a particular problem in Writer that needs to be solved before it makes sense to implement more views. A Writer documents always has one layout. If the user switches from “Print Layout” to “Online Layout” the old layout is thrown away and the new layout for the complete document is calculated. On switching back the same happens again. This can become quite annoying when new layouts are used that let switching between layouts happen more often. Perhaps it might also be attractive to have two different layouts visible at a time in two different windows, e.g. Outline Layout and Print Layout. [..] So we should investigate first if we can change the code in a way that it can handle more than one Layout at a time. This will make the implementation of new layouts better and their usage more attractive”.

Multiple simultaneous views ! Not only did the OO team listen, but their ambitions go beyond the requests. Of course, acknowledging the requirements is only a first step, but it is an essential one and I am glad that it has been taken.

Mathias prudently added :

“I want to make clear that my comment wasn’t a promise that we start to work on this immediately - we are just busy with other also important things (bug fixing, ODF support, OOXML filter etc.). But I wanted to let you know that the whole Writer team agrees with you that the Outline View is one of the most important missing features in Writer. Unfortunately it is quite some work to do, especially if you don’t want to just hack the feature but develop an improved Writer view concept. So my plan is to implement the necessary preconditions mentioned in the wiki as soon as time will permit and then start writing the specs. ATM I can’t tell when this will happen, so please be patient with us”.

If you want to be informed as soon as this issue moves you can subscribe to Openoffice Writer’s issue 3959. If you can help in any way, please be sure to leave a note about it !

This is certainly a classic bit of regex wizardry but since it took me a few minutes of searching and can be valuable in a variety of contexts, it might be valuable to you too…

grep -o ‘[[:alnum:]+\.\_\-]*@[[:alnum:]+\.\_\-]*’

I needed it for extracting the adresses returning a 550 from my Postfix logs. But then I found that Sympa, my mailing list management system, handles bounces automatically very well using a scoring algorithm that the list administrator can optionally override.

We shall call this process “serendipitous ignorance“…

While we are trying to make sense of regular expressions, those curious about them and wishing for an introduction geared toward audiences other than the beard and sandals systems administration crew may appreciate the examples provided in “Egrep for Linguists“.

And yes, I do indulge in sandals and facial pilosity in the hope of mastering regexes one day…

Blue Frog automated the complaint process for each user as they receive spam. It worked so well that spammers considered it a very serious threat to their livelyhood. Blue Security CEO Eran Reshef quoted a spammer as writing “Blue found the right solution to stop spam, and I can’t let this continue“. Under heavy attacks from the spammers, Blue Security called quits in May 2006.

Following the demise of Blue Frog, the Okopipi project aimed to become a distributed replacement of Blue Security’s anti-spam software, based on a P2P network. For now there is only an Okopipi FAQ and a seminal functional overview of the Okopipi system. The official Okopipi forums are quite dead and it is not the only bad sign for the Okopipi project. But Journeyman recently loudly stated that the Okopipi project is still moving forward. So maybe you can still either keep hoping or offer your help…

Whereas Okopipi has a slight rank of Second System Effect, Knujon looks like a bold attempt to take spam control from the technical to the social dimension. Filtering works well but it is only treating the symptom of the spam problem. Knujon vows to bring businesses, governments, law enforcement, security professionals and other users together in collaboration. Filtering is a selfish associal device whereas systemic salvation lies in a multidimensional cooperative approach. As Knujon puts it :

“Organizations and Personal Email users are blocking/filtering millions of junk emails every day. This is to the advantage of spammers as it allows them to target the most vulnerable users who do not have filtering software or technical savvy. Besides helping the junk mailers and identity thieves find their target audience, we are restricting our own use of email.
[..]
Blocking and filtering are not proper solutions for law enforcement or computer security professionals since it they only serve to hide the problem and force the activity to an underground network. Ordinary users must sift through hundreds of quarantined junk emails everyday to search for legitimate messages”.

So help save those clueless “ordinary users” who do not enjoy all the spam filtering goodness ! You can do your bit by simply forwarding your spam mail to yourjunk@knujon.com. There is also a Knujon Thunderbird plugin, or you can automate that process using my script that feeds the content of any maildir to various spam reporting services. Recycle spam, save the planet !

I am using mod_proxy to hide my host-wide Geneweb setup behind a bunch of Apache vhosts. I was surprised to find that after migrating to Apache 2.2 my mod_proxy setup had ceased working. The vhost’s access.log was showing a 403 and the error.log was churning messages containing “proxy: No protocol handler was valid for the URL”. I fed that message to Google and after looking at a few random threads I began to understand that the mod_proxy configuration had most probably changed between Apache 2.0 and Apache 2.2.

In addition to mod_proxy.so additional modules now have to be loaded in order to support a few configuration directives. The mod_proxy configuration for my Geneweb setup is as follow :

RewriteEngine On
ProxyPass /robots.txt http://www.bensaude.org/robots.txt
ProxyPass / http://kivu.grabeuh.com:2317/
ProxyPassReverse / http://kivu.grabeuh.com:2317/

A quick look at the available modules in /etc/apache2/mods-available showed me that in addition to mod_proxy.so I also had mod_proxy_ajp.so, mod_proxy_balancer.so, mod_proxy_connect.so, mod_proxy_ftp.so, mod_proxy_html.so and mod_proxy_http.so. On a hunch I decided that mod_proxy_http.so was the best candidate so I tried that first.

ln -s /etc/apache2/mods-available/proxy_http.load \
/etc/apache2/mods-enabled/proxy_http.load
apache2ctl configtest
apache2ctl graceful

Lo and behold - it now works…
Merry whatever to all of you !