Sun, 21 Apr 2013

PostgreSQL Awesomeness


My company provides a hosted anti-spam service which has been growing quite nicely. A big component of our service is a PostgreSQL database that tracks user preferences, quarantined messages, etc. The PostgreSQL database has grown to about 110GB---not particularly large as databases go, but still an inconvenient amount of data to sling about casually.

Our system had been running PostgreSQL 9.0 on a machine with 32GB of RAM and six SATA drives. I wanted to move it to a machine with 48GB of RAM and eight drives. At the same time, I wanted to upgrade to PostgreSQL 9.1.

In the past, upgrading from version x.y to x.(y+1) of PostgreSQL meant a dump/restore cycle. Unfortunately, our data takes about three hours to dump and restore and that would have meant a complete outage for three hours... no mail, not web access to the quarantine, nothing.

Fortunately, two relatively new PostgreSQL features saved the day: Streaming Replication and pg_upgrade.

Streaming Replication is a mechanism whereby a standby server can be kept very closely in sync with a master server. Streaming replication is asynchronous, so the standby server may be a few transactions behind the master, but it is usually pretty close. Additionally, if you are planning to shut down the master, you can make sure that the hot-standby is completely synchronized with the master as it was at shutdown by simply waiting until all transactions have been streamed.

So to get the data over to the standby machine, I installed PostgreSQL 9.0 on the standby, made a base backup and set up streaming replication. I therefore had a replica that was staying very closely in sync with the master.

To upgrade from PostgreSQL 9.0 to 9.1, I used the pg_upgrade tool. This lets you do an in-place upgrade of a PostgreSQL 9.0 database to 9.1. It even handles tablespaces, which we use.

So to convert our system over, I followed these steps:

  1. Install PostgreSQL 9.1 on the standby server. It can coexist with the 9.0 installation because Debian nicely separates the two into their own directories.
  2. Block SMTP connections. I also blocked web access by redirecting to a "system undergoing maintenance" page.
  3. When the database was completely quiet, I ran an UPDATE query on it and made sure that query had been replayed on the standby database. This let me know that the standby was completely up-to-date.
  4. Shut down the primary database.
  5. Force the standby out of hot-standby mode into active mode.
  6. Shut down PostgreSQL 9.0 on the hot-standby.
  7. Run pg_upgrade. This step took about 3 minutes.
  8. Run vacuumdb --analyze-only --all to update statistics. This step took about 12 minutes.
  9. Start PostgreSQL 9.1 and do basic queries to make sure the data looks OK.
  10. Re-enable the Web interface and SMTP.

I could have gotten away with about 15 minutes of downtime, but I actually took 30 minutes just to check everything over, make sure the PostgreSQL configuration settings were the same as before, and so on. Still, 30 minutes of downtime is far better than three hours, and the whole process went extremely smoothly. As an added bonus, if something had gone horribly wrong, I could have simply backed away from the whole process and restarted the original master server, which had the original untouched database.

[permalink]

Fri, 22 Jun 2012

Government-Funded Censorship


Canada has a state-funded broadcaster, the Canadian Broadcasting Corporation that has an online news section.

My eye was caught by an article on self-censorship. A long-time CBC reporter, Neil MacDonald, was criticizing Alice Walker for refusing to allow her novel to be translated into Hebrew.

CBC's news side has a "comments" section run by Disqus. The quality of discourse in the comments section is rather low, to be extremely charitable. CBC moderates comments before posting them, supposedly according to these guidelines. I posted a comment on Neil MacDonald's story and it was approved by the moderators.

About 30 minutes later, my comments was taken down. I have no idea why; I don't believe my comment violated any of the guidelines. In the past, I've sometimes posted half a dozen basically similar comments on a story only to see some approved and some not, with no reason given in either case.

I can only conclude that CBC's comment-moderation guidelines are arbitrary and opaque. Despite the fact that the CBC moderates comments, the quality of discourse is worse than the most childish Slashdot flamewar.

I'm done with the CBC. I will return to the CBC web site if it either (1) shuts off comments on news stories (a news organization doesn't need to allow people to comment on the stories) or (2) allows complete freedom of expression on its comment board. As it stands now, the CBC is in the ironic position of censoring comments on a story that decries suppression of the exchange of ideas. And to add insult to injury, it does it with our tax dollars too.

[permalink]

Wed, 04 Apr 2012

Video Production on Linux, part 3.


This time, I did an April Fool's joke for my company. Here's the video:

All production was done on a Linux workstation running Debian Squeeze. The video was shot on a consumer-grade Samsung HMX-W200RN video camera. The first part of the audio was recorded in Audacity with input taken from a Blue Microphones Yeti USB microphone.

The opening and closing music was composed in Rosegarden. Final audio output was produced by FluidSynth with help from Qsynth, QjackCtl and the JACK sound server. The sound was recorded by JACK Time Machine.

Video post-production was done with some command-line FFMPEG trickery followed by extensive editing in Cinelerra.

All of the software came prepackaged in my Linux distro. All in all, this is a very impressive set of tools, and they're all open-source to boot!

[permalink]

Thu, 19 Jan 2012

Rude Clueless Politicians


Yesterday, I received a call from my Member of Parliament, John Baird. Well, more precisely, I received a call from an auto-dialer that played a recording informing me that Baird would be holding a telephone "town hall" the next day. A telephone town hall consists of a Rude Clueless Politician interrupting your supper to spout the party line at you while you listen mutely.

The initial robo-call annoyed the hell out of me, but it's not illegal in Canada. For some reason, the politicans made sure to exempt themselves from rules against nuisance calls.

Nevertheless, thanks to the open-source world, I can fight back. I programmed my Asterisk home telephone system to redirect John Baird to "the monkeys". That is, any call originating from his constituency office does not ring through to our phones. Instead, the caller is treated to several seconds of shrieking monkeys before Asterisk hangs up. (If you'd like to experience it for yourself, call +1 613 231-6599 extension 126.)

The nuisance number I blocked, by the way, is 613 990-7720. If you'd like to reduce unwanted communication from Rude Clueless Policitians... block that number.

And finally, the sweetest entry of all in my Asterisk call logs:

"6139907720","s","monkeys","6139907720","DAHDI/4-1","","Hangup"

[permalink]

Wed, 05 Oct 2011

My New Rogers Policy


My wife and I used to have mobile phone service through Rogers Wireless. We had been customers for over 10 years.

Rogers has an interesting approach to mathematics: In the Rogers world, 20 + 15 > 50. Huh? Well, we have a special deal: We have two phones and pay $20/month for one and $15/month for the second. That means we pay $35/month, right?

Wrong. Rogers adds a $6.95/month "System Access Fee" per phone and a $0.75/month "9-1-1 Emergency Access Fee" per phone. That brings the pre-tax total to $50.40. Why does Rogers do that? Simple: It's Rogers' "policy".

Anyway, I lost my phone. So I wanted to cancel one of the lines to give me time to shop around. The Rogers customer care [sic] person informed me that I could cancel, but it would take 30 days to take effect. Why so long? It's Rogers' "policy". Also, if I only canceled one phone, I could no longer continue on the existing plan with the other phone, but would have to sign up for another multi-year contract. "Policy", don't you know.

OK. How about unlocking our phones? Easily done, but it costs $50 per phone. Why? "Policy".

So I ran out to the nearest WIND Mobile store and bought two cheapie Huawei phones for $48 each (yes, that's $2 per phone less than Rogers would charge to unlock our existing phones) and ported our numbers to those phones. That means our Rogers account was cancelled immediately; no 30-day waiting period.

Our WIND plan costs $15/month per phone, except we get a $5/month discount because we have two phones, so it costs $25/month plus tax. No "System Access" fees. No "9-1-1 Emergency Access" fees. And we get Caller-ID thrown in for free (costs extra according to Rogers "policy")

Oh, and if we do want to cancel our WIND plan, it's done within 48 hours rather than 30 days. And after we've been with WIND for 90 days, they'll give us the phone unlock codes for free.

Unfortunately, we're now stuck with one (possibly two) useless locked Rogers phones which will likely end up in a landfill somewhere. Isn't Rogers' unlocking policy ever so environmentally friendly?

All of this brings me to my new policy towards Rogers:

                    ---
                   !   !
                   !   !
                   !   !
                   !   !
               ----!   !----
          ----!    !   !    !
         !    !    !   !    !    --
         !    !    !   !    !   /  !
          !                 !  /   !
          !                  !/   /
           !                     /
           !                    /
            !                 /
             !              /

[permalink]

Thu, 08 Sep 2011

Video Production on Linux, part 2.


I couldn't resist. Yet another silly commercial for my company.

[permalink]

Wed, 24 Aug 2011

2011 Trip to Israel


We spent 11 days in Israel this August. My wife and I hadn't been to Israel for 21 years and our kids had never been.

The trip was a lot of fun. We had a guided tour for part of it, so got to see a lot, including:

Israel is an amazing country. It's very small, but the geography varies dramatically from one part to another, from the Dead Sea over 400m below sea level to Jerusalem perched dramatically in the Judean hills; from the coastal plains of Tel Aviv to the cool mountain heights of Tzfat.

We saw sights like:

A 2000-year-old Roman theatre in Caesaria:

A mine field in the Golan Heights:

The austere grandeur of Metzada:

And the top of Metzada:

Ein Gedi oasis in the middle of the forbidding desert:

Jerusalem from the Mount of Olives:

A cool poster:

And sunset over the Mediterranean at Tel Aviv:

[permalink]

Fri, 22 Jul 2011

Video Production on Linux


A colleague introduced me to the joys of video production in Linux, specifically the amazing tools Audacity and Cinelerra.

After wasting spending many hours with these tools, I decided it was time to try my hand at video production. The result is a silly ad done by two of my kids and me for my company.

I hope you enjoy the video... we had tons of fun making it.

[permalink]

Fri, 20 May 2011

Telus Paperless Billing WTF??


My company has a Blackberry for tech support and we use Telus as our wireless carrier. Telus has recently switched to paperless billing, which is fine. However, I need a PDF of our bill to print out to keep our accountant happy.

Here's how a sensible workflow would look:

  1. Telus would send us an email with a link in it.
  2. We'd click the link once and be presented with a login page.
  3. After logging in, our PDF bill would be available either immediately or by clicking one more link.

Here's the actual work flow:

  1. Telus sends us an email with a link in it.
  2. I click the link once and am presented with a login page.
  3. I log in.
  4. The web site asks me which province I'm in. WTF??? I just logged in! Telus has my address information already!
  5. I'm sent to a generic account page. I have to click "View your e-bill."
  6. Then I have to click "View all monthly bills".
  7. Then I have to click the most recent bill by date. Huzzah! PDF!

I asked Telus why the couldn't just attach the PDF bill to the original email or simplify the process. They claimed attaching the bill would be a security/privacy risk and never did explain why their process is so complex. Gah!

Update: But wait! There's more! In my haste to click the most recent monthly bill, I failed to notice that it was for last month. The current bill isn't available yet in PDF form.

There is an option to get a text-formatted bill. I went through the several clicks to enable that and got a notification saying that the formatting of the bill was "in progress" and that it would eventually be available as a .zip file. Wha???? All the billing data is clearly displayed in (printer-unfriendly) HTML. Why a background process to generate a plain-text version??

[permalink]

Tue, 25 Jan 2011

Annoying VPN Clients


Sometimes, our customers can't or won't give us direct SSH access to their CanIt machines. Instead, we have to use the dreaded commercial VPN client.

One of our customers asked us to use the Juniper Networks Network Connect client. This is a monstrosity that uses Java to give you a GUI (what? You didn't know that VPNs require a GUI?) and a shared library to do the actual encryption.

I use the XFCE desktop. Here's a screen shot of a typical terminal window:

And here's a screenshot of the Juniper VPN client:

Note the different window decorations? Yes, the Juniper VPN client sets the OverrideRedirect window property so it is not managed by a window manager. And then it reimplements the typical "Minimize / Maximize / Close" Window manager buttons! WTF??

Except it doesn't do it properly. I have 6 virtual desktops. The Juniper VPN client doesn't know about virtual desktops. So I can't move it off virtual desktop 1 by dragging it "off the edge" of the desktop. (I can move it in the little virtual-desktop overview grid. So it looks like there is some kind of communication with the window manager going on...)

Also, the Juniper VPN client wants my default route to be via the VPN. Excuse me... I don't want that! I only want a specific subnet to be routed via the VPN. So I had to make an LD_PRELOAD shared library that prevents the Juniper client from touching the routing table. Every few seconds, the client notices that its route is missing and attempts to add it back, so we get cute log messages like this:

ncsvc[p7274.t7274] rmon.warn adding back the missing route to [redacted]...
ncsvc[p7274.t7274] rmon.warn adding back the missing route to [redacted]...

but of course, the ioctl system calls are intercepted by my shared library. The Juniper VPN client seems to hum along happily in spite of its routes not being present, just so long as the ioctl call pretends to succeed. :)

So what's the moral of the story? Simply that closed-source VPN products are usually inferior, filled with WTFs and require stupid workarounds to break out of their limitations. Why can't everyone just use OpenVPN?

[permalink]

Wed, 29 Dec 2010

Two Dumb Things Microsoft should Answer For


We offer both anti-spam software and a hosted anti-spam service. One of the features of our software and service is the ability to do a little SMTP callout to verify recipients. That is, before our server accepts a RCPT command, we run a mini-session against the real mail server to see if it would accept the RCPT command. This helps reduce backscatter and avoid useless scanning of messages to nonexistent recipients.

It works really well, except that Microsoft Exchange, by default, does not reject invalid RCPT commands. Futhermore, most Exchange admins only hazily grasp SMTP and the control to enable RCPT-time checking is complex and annoying.

The second dumb thing Microsoft should answer for is the recommendation to use fake names for hosts. Yes, you heard me right. (The previously-referenced page has one of the finest examples of gobbledegook I've seen in ages: This method requires additional configuration to enable optimized performance.)

So we have customers who own perfectly good domain names, yet name their machines host.local. Or host.lan. Or host.wookie.quux.zub.snoo.corp. WTF??

Naturally, these host names are hardly ever resolvable in the DNS, which causes all kinds of troubles. And again, Microsoft administrators tend to have at best a hazy notion of Internet standards, so we have to patiently explain the folly of this naming convention over and over again...

Thanks a bunch, Microsoft.

[permalink]

Wed, 06 Oct 2010

Canadian Banking System WTF?? (Number 3)


I need to provide my accountant with bank statements. Since I'm not the most organized person on Earth (paper and I just don't get along), I tried downloading a year's worth of banking details from my bank's online site.

I can go very far back in the normal Web interface view. But if I want to download the very same data in CSV format, the bank only lets me go back 3 months.

WTF?? It's the same data!

[permalink]

Tue, 28 Sep 2010

Canadian Banking System WTF?? (Number 2)


We occasionally receive wire payments from our customers. The US dollar wire payments go into our USD account, and our statement shows the name of the company making the payment.

However, Euro wire payments are first converted into Canadian dollars and then deposited. Our statement just shows a foreign exchange with absolutely no indication where the money came from. We just have to guess.

I asked my bank about this. They said they could trace the origin of the payment "for a fee."

I'm so happy with the Canadian banking system. It can track all kinds of transactions to nail terrorists and drug dealers, but it can't even tell its own customers who is paying them.

[permalink]

Thu, 09 Sep 2010

Canadian Banking System WTF??


I have two business accounts at a Canadian bank known as BMO. One is a Canadian dollar account and the other is a US dollar account.

I've been accustomed to dropping off cheques in the night deposit box and having them show up one (or maybe two) business days later in my account. It all worked very smoothly.

Until recently. I deposited two USD cheques on August 31st. They didn't show up in our account until September 8th. Why? Well, the nice person at BMO told me that BMO now outsources processing of the night deposit contents. Here's the procedure:

  1. A truck drives up to the bank in Ottawa. The contents of the deposit box are driven to a processing centre in Montreal.
  2. The Montreal centre processes all the deposits. Er... well. All the cash deposits.
  3. Cheques are loaded onto a truck and driven back to the branch in Ottawa where they are processed.

So now all my night deposits get a scenic round trip from Ottawa to Montreal and back.

Well. I do have an ATM card. I can even use it to deposit Canadian dollar cheques in the CAD account so as to avoid the jaunt to Montreal. But I cannot deposit USD cheques via an ATM. Why not? Well, according to the nice person at BMO, it Simply Cannot Be Done.

Sigh.

Update, 2010-12-29

BMO seem to have fixed their process. Cheques deposited in the after-hours box now show up quickly. Yay!

[permalink]

Thu, 29 Jul 2010

Fearing the Future of Perl 6


About a decade ago, the design process for Perl 6 got under way. Ten years later, there's still no production Perl 6 implementation, but there is a "useful, usable, 'early adopter' distribution of Perl 6.

The developers note that it still has some bugs, it is far slower than it ought to be, and there are some advanced pieces of the Perl 6 language specification that aren't implemented yet. But that's OK; I thought I'd kick the tires.

Just to digress a bit: At work, we use Perl 5 extensively, both in in-house tools and plumbing and in our commercial products. So I've grown to like Perl a lot, though current directions in Perl development make me fear for the future of Perl.

Anyway, I downloaded the Rakudo Star release and built a perl6 binary. Let's look at some comparisons between the perl5 binary (the 5.10.0 release that ships with Debian Lenny) and the perl6 binary:

 Program SizeMemory after startupStartup Time (ms)
Perl 51.19MB3.4MB4
Perl 615MB93MB2212

So there you have it. The 2010-07 release of Rakudo Star is a program that's 12.6 times as big as perl 5, uses 27.4 times as much memory after initialization, and takes 553 times as long to start up.

To be precise, "program size" is the text component reported by the size command. "Memory after startup" is the VSIZE reported by ps and "startup time" is the sum of user and system CPU of a command similar to this:

time perl < /dev/null

Note that this release of Rakudo Star is not even feature-complete; it's missing a lot of stuff.

I asked on a forum what the goals are for relative size and speed of Perl 6 vs. Perl 5, and a Perl 6 developer responded that a reasonable goal would be to have Perl 6 be twice as big as Perl 5 and take twice as long to start up.

To achieve this goal, the Perl 6 developers will have to shrink the program size by a factor of 6.1 (that is, get rid of about 84% of the code.) They'll need to reduce startup memory consumption by a factor of 13.7 (that is, cut out 93.7% of their memory use) and reduce startup time by a factor of over 275.

Oh, and this is after they add in all the missing features required to bring Perl 6 up to production-level.

If they pull this off, the Perl 6 developers will have achieved a feat unprecedented in the history of Computer Science.

Unfortunately, I think reality is far grimmer, and that Perl 6 will simply be a prominent example of Second System Syndrome.


Update: A Perl 6 developer has a rebuttal to this article here. I think he's gaming the comparison (just as he accuses me of gaming it), but for the sake of fairness, I've linked to his rebuttal.

[permalink]

Fri, 25 Jun 2010

Nuking a Rented Server


We recently upgraded one of the servers running our hosted filtering service. The old server was rented from our colocation provider; we own the new server.

The problem we faced was that after the move, we had to remove all data from the rented server remotely. We wanted to completely wipe the disks so no confidential information was left behind. And this had to be done without physical access to the machine.

Luckily, the filtering server was a Linux VServer on its own partition. So zeroing out the filtering server was easy; we just unmounted the partition and overwrote it with zeros. Clearing out the root partition was trickier; we had to nuke it while the system was running.

The solution was as follows:

Amazingly, nuke-block-device ran to completion. Naturally, the system hung up completely after it finished. While erasing the disks with nuke-block-device is not completely secure (you need something like Darik's Boot And Nuke for that), completely zeroing out all the disks makes it impossible for an attacker to recover the data without specialized equipment. And that was good enough for us!

The Code for nuke-block-device

Here's the source code for nuke-block-device. It's a quick hack, and is Linux-specific.

The following code is DESIGNED to destroy all data on a block device. DO NOT run it unless that is your intention!

#include <unistd.h>
#include <stdio.h>
#include <sys/ioctl.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <linux/fs.h>
#include <sys/mman.h>

#define MEGABYTE 1048576
#define SPIT_PERIOD 10

char buffer[MEGABYTE];

int
main(int argc, char **argv)
{
    unsigned long long size_in_bytes;
    unsigned long size_in_megabytes;
    unsigned long megabytes_done;
    int i;

    char *blockdev;
    int fd;

    if (argc != 2) {
	fprintf(stderr, "Usage: %s block_device\n", argv[0]);
	exit(1);
    }

    if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0) {
	fprintf(stderr, "mlockall failed; continuing anyway: %s\n",
		strerror(errno));
    } else {
	fprintf(stderr, "mlockall succeeded.\n");
    }

    blockdev = argv[1];

    fd = open(blockdev, O_RDONLY);
    if (fd < 0) {
	fprintf(stderr, "Could not open %s: %s\n", blockdev, strerror(errno));
	exit(1);
    }
    if (ioctl(3, BLKGETSIZE64, &size_in_bytes) < 0) {
	fprintf(stderr, "ioctl failed: %s: Is %s a block device?\n",
		strerror(errno), blockdev);
	exit(1);
    }
    close(fd);

    printf("The capacity of %s is %llu bytes.\n", blockdev, size_in_bytes);
    size_in_megabytes = size_in_bytes / MEGABYTE;

    fd = open(blockdev, O_WRONLY);
    if (fd < 0) {
	fprintf(stderr, "Could not open %s for writing: %s\n", blockdev, strerror(errno));
	exit(1);
    }
    fprintf(stderr, "You have 10 seconds before all data on %s is IRRETRIEVABLY NUKED!\n", blockdev);
    for (i=10; i >0; i--) {
	fprintf(stderr, "... %d\n", i);
	sleep(1);
    }
    fprintf(stderr, "... 0!\n");
    fprintf(stderr, "Nuking %s!\n", blockdev);
    memset(buffer, 0, MEGABYTE);
    megabytes_done = 0;
    while(1) {
	ssize_t n = write(fd, buffer, MEGABYTE);
	if (n <= 0) break;
	megabytes_done++;
	if (!(megabytes_done % SPIT_PERIOD)) {
	    fprintf(stderr, "Done %lu megabytes of %lu.\n", megabytes_done, size_in_megabytes);
	}
    }
    close(fd);
    printf("%s is officially nuked.\n", blockdev);
    exit(0);
}

[permalink]

Fri, 28 May 2010

Server Crash


On Tuesday, 25 May 2010, this server crashed hard. It has an ext3 file system on a RAID-1 mirrored pair using Linux Software RAID. The disks were OK, but we must have hit a file system bug because dmesg started spewing ext3 errors and remounted the root filesystem read-only.

The system failed to reboot. A manual fsck threw hundreds of errors and resulted in a non-bootable system.

Our hosting provider put in new disks and reinstalled Debian Lenny. They attached the original disk via USB.

This server hosts Roaring Penguin's corporate web site, my sister's framing store site, the MIMEDefang site and the OMJS site. It also hosts our mail filter.

What Went Right

We had offsite backups of most important things, including an almost-live backup of our web site on another colocated server. For a few hours, we redirected our Web traffic there.

We moved our mail filtering quite seamlessly to our hosted filtering service. The dead server was a secondary MX for that service, but the primary MX machine just kept chugging along.

What Went Wrong

We didn't have a quick way to restore from "bare metal". Recovering the server took me several hours late at night. Not fun.

The hosting provider was way too slow to react. Our server was down for over 12 hours.

We didn't have offsite backups of everything. There were a few crusty little scripts in /usr/local/bin that weren't backed up or version-controlled; they made their absence known in annoying cron messages.

We'll back up and version-control everything from now on!

[permalink]

Fri, 21 May 2010

PGCon 2010


PGCon 2010 wrapped up and as usual, there are exciting things ahead for PostgreSQL.

Our anti-spam products make extensive use of PostgreSQL; I've been using the database since 1999 when it was at version 6.5. As I write this, version 9.0 is just around the corner and the improvements in the software have been nothing short of amazing. PostgreSQL has always had a professional, disciplined development team. Their documentation is a pleasure to read and navigate and the software has never let us down. I'd rank it as one of the top ten highest-quality software systems (not just databases or open-source projects: It's in the plain top ten.)

What I'm looking forward to most is hot standby with streaming replication. This allows backup databases to stay almost-current with the master (instead of having to wait for an entire WAL file to be shipped) and allows for read-only queries to be made against backup databases even while they are replaying the WAL. This solves one of the biggest annoyances with our CanIt product: It effectively eliminates the database as a single point of failure.

A really cool talk at PGCon was one on Postgres-XC which allows for synchronous replication of tables, and for sharding of other tables. We spent enormous effort to build a horizontal sharding system into CanIt to achieve horizontal scalability. It still isn't in production use in a major way. If Postgres-XC proves successful, we can pretty much throw away all our sharding work and just use Postgres-XC directly. That's both gratifying and highly annoying.

Anyway, PGCon is over and it's back to work on Tuesday where I have the joy of wrestling an evil PHP web interface into submission...

[permalink]

Wed, 19 May 2010

Improvise After the Fact


I'm taking a course called "Improvise the Act" at the Ottawa School of Speech and Drama and it's a lot of fun.

Except... I always come up with the perfect idea 30 minutes too late.

Example: Tonight, we were given two nouns and had to come up with a funny reason why they are alike. I was given "pet rock" and "toddler" and came up with "because they're both really quiet."

That limping sound you hear is my lame response slinking offstage.

Thirty minutes later, I came up with "because they both sound like a good idea until you actually get one." That won't get me a job writing for Leno, but at least it has two good legs.

Example: We were given a line and had to build a scene. We got "You don't bring me flowers any more." Yeah, a couple of so-so scenes.

But then thirty minutes later...

"Igor! Igor, I must speak to you. When I ask for amulets of evil for the lair, I want bat wings. I want lizard's tongues. I want bones freshly dug up. But Igor, Igor, you DON'T bring me flowers ANY MORE!"

sigh...

[permalink]

Tue, 18 May 2010

Why I Don't Like Apple


This is a copy of a post I made to the Remind-Fans mailing list. A bit of background to explain the last paragraph: My Remind product includes code in configure.in that makes it somewhat annoying to compile on Mac OS X.


I'd like to explain my anti-Apple stance. This will be long(-winded), so feel free to skip it. :)

As a kid, I was always a tinkerer. By about 12, I was fooling around with electronic kits, home-made gunpowder, etc. (Believe it or not, in those days, the local drugstore delivered potassium nitrate AKA saltpeter directly to our apartment, no questions asked!)

When I was about 14 years old, I bought a book on BASIC. I didn't have a computer, but I read the book and started writing programs anyway. I wrote them with pencil and paper, and "ran" them in my head.

The next year was my first year of high school. I finally got access to a computer (a Commodore PET). Its dialect of BASIC was a bit different from what I'd learned, but I adapted my programs and typed them in. Of course, they failed miserably. :)

But I was hooked. I could see that this computer thing was amazing, that it could take my abstract thoughts and make them concrete.

Over the years, I did an undergraduate and Masters degree in electrical engineering, but software was always my first love. After graduation, I worked at a couple of places as a software developer before striking out on my own by founding Roaring Penguin Software Inc. in 1999.

A few years before that, in 1994, I had discovered Linux. I was completely amazed when I saw the famous "X" cursor running on my (ex-)DOS PC. Discovering Linux brought forth the same rush of feeling I had when I was 15 and first got my BASIC program to run on that PET. It was once again the sense of limitless possibilities.

I don't have anything in particular against non-free software. My company makes its money, in fact, by selling non-free software. (We supply source and you're allowed to modify it; you just can't redistribute it or a derived product.) But I do have strong feelings against proprietary companies that try to limit what you can do with your hardware, or that try to hide the innards of their systems from tinkerers. To do so is a tragedy; it deprives us of future hackers.

Some say that Apple fills a niche by providing products that "just work" or are "simple to use." Well, my parents and kids find that their Linux machines "just work" and are "simple to use". (They'd never been exposed to Windows or the Mac, so I guess the first computer system you learn becomes the yardstick by which you measure simplicity.)

But should they choose to, they can delve into the innards of the system. I'll never forget the day I found my middle daughter using the "View Source" feature of Firefox to get past an online game's quiz. That's thinking like a hacker. And when she got her electronics kit, I could see the spark in her eyes. Sure, the circuits are far beyond her understanding. (I barely even remember how they work and I studied the stuff.) When I explained that capacitors were like water tanks and resistors were like thin pipes, she sort-of got it. But when she tinkered with the circuit by changing capacitor or resistor values, she really got it. It was obvious that a bigger capacitor held more water (well, charge) and took longer to charge up, so the circuit worked slower. And higher resistors were like thinner pipes, so the water (charge) took longer to drain.

This kind of learning involving deep, gut understanding is simply impossible without tinkering.

In my various jobs, I've interviewed about 24 software developers. Without exception, the ones who were "tinkerers" as kids, who enjoyed writing software just for fun and who thought like hackers were far superior to those who just studied computer science because they thought they'd get well-paying jobs.

Apple directly opposes and threatens the hacker culture. (Well... Apple is a big company, and big companies are always multi-faceted, so I'm sure there are many open-source and hacker-friendly people in Apple. I'm referring here to the direction in which Steve Jobs is taking the company.)

Apple seeks to create a walled garden of locked-down gadgets, Apple-approved applications and even Apple-approved development methodologies. It seeks to exclude contentious or "obscene" content, and it can terminate your right to sell applications on its platforms at its pleasure.

If I came to computers as a 14-year-old given an iPhone or iPad instead of a PET, I probably would have played with the thing for a few months and moved on. I'd never have experienced the beauty and creativity of crafting a piece of software. And that would have been tragic for me.

For the sake of the next generation, we have to tell the world that Steve Jobs' vision of computing is a sterile, stifling, ultimately poisonous vision. And if that means putting "puerile" code in ./configure scripts, then I proudly wear the label "puerile".

Regards,

David.

[permalink]


Blog    RSS    Home