Sunnyvale is sunny

July 24th, 2008 — 1:46pm

I kept hoping that at some point in the first week in California we’d feel settled enough that I’d be able to report intelligibly. Alas, no such luck. But:

  • As of today, we’re finally out of a hotel, and into our rented house in Sunnyvale; our stuff arrived in too many boxes yesterday.
  • It’s really nice out here.
  • Sometimes I say things on

More in a bit. I keep saying that.

Comment » | meta

Video iChat behind a wireless router: what’s the least you have to do?

June 24th, 2008 — 8:34pm

Say you’ve got two people with Macs running Leopard, both behind wireless routers. Let’s say for the sake of argument that these routers are the absurdly ubiquitous Linksys WRT54G routers. What’s the least you have to do to make video chat work between them?

Near as I can tell, the answer is not, alas, “Nothing.” Audio chat seems to work with no fiddling, but for video to work, you have to do this:

  • log into the administrative interface of one of the routers. Not on both ends of the chat; just one.
  • Under the “Applications & Gaming” tab, go to “Port Triggering”.
  • Based on the guidance from this article, add a row that looks like this, opening a range of the ten UDP ports 16393-16402 (only one of which will apparently be used for a single video conference at a time):

    Oddly, in the Linksys interface, you don’t specify which protocol you’re configuring this triggering for, but it’s UDP.
  • Save your settings and you’re set.

Port triggering involves some sort of cleverness that saves you from having to specify the IP address of the particular machine you’re chatting on; I interpret it to mean that when a machine uses a port going outbound, it opens the same port inbound to that machine.

Apparently iChat under Mac OS X 10.4 wanted to use quite a few more ports, and was consequently a lot more hassle. So: if you’re still on Tiger, stop being on Tiger. If you’re on Windows, well, enjoy your first-person-shooter video games or whatever it is people do on Windows.

It’s not clear to me whether this would “just work” if I were using Apple-branded routers. Something tells me the answer would make me feel bad, and then good, and then kind of sheepishly guilty.

And anyhow, the above enabled my first experience using a laptop with a built-in camera for a video chat (with travelling family), and it was great. I think I might, more and more, be liking technology again, rather than loathing it; possibly influenced by my new environment.

Comment » | technology

On virtualization, my basement, and Garageband

March 5th, 2008 — 12:27am

In my house there are four people, and four computers, some fixed in place and some laptops, and I think it’s the case that all the necessary technology exists to make this situation a great deal less awkward and fiddly than it is today. One should expect to be able to migrate an active session, including running applications and data, from the iMac upstairs to the laptop over there; the family’s data should be centrally and commonly accessible, with a home directory available everywhere. So where do we stand?

The good news is that the computing industry has, in many ways, caught up with where IBM was 30 years ago, and so we have cheap and ubiquitous virtualization. But we haven’t generally reached the understanding they had, that it’s much more useful a metaphor to consider an “operating system” a hosting environment for applications, rather than as the literal and original definition as the interface layer between hardware and applications. In theory, virtualization renders that distinction obvious and transparent, but it’s obscured by the fact that we’re still running home computers that are conceptually the same as they were 25 years ago, and, whether Windows or Mac, we’re still bound to the notion of the hardware as significant; it takes about a minute spent with Windows to recognize that it’s obsessively about the hardware and your interactions with it — little USB icons, and hard drive icons, and a constant need to care about the components in the ugly box on the desk.

Until fairly recently it still felt obscenely profligate to indulge the idea of “virtual appliances” — applications bundled in a virtual machine, pre-configured and ready to run in a private copy of the operating system — at least, obscene to those of us who’d spent formative years struggling to shoe-horn applications into shared servers that, even if not overtaxed in physical resources, were inevitably rendered a mess by the necessary intricate configuration management needed to keep the myriad applications and configurations from stepping on one another. Ten years ago, it was perfectly reasonable for a half-dozen web developers to work concurrently on a single desktop-grade machine with a half-gig of RAM, given some mildly fancy footwork with “virtual host” configurations in DNS, and in Apache, and in Tomcat… it was never pretty, but in the best cases it managed to work. So it’s been hard to adjust to the notion that the overhead of even a lightweight OS distribution, replicated for each application, could ever be less than gross inefficiency. But the distributions get lighter (see Ubuntu Jeos, “Just Enough OS”) and more to the point the machines have grown so massive, so quickly, that it’s a false economy to quibble about the cost of partitioning a server’s applications into virtualized appliances. Solaris’s Zones, which provide the maximally lightweight implementation of this notion by virtualizing the OS around a common kernel, rather than virtualizing the hardware stack, make this economics plain — a typical machine can host hundreds if not thousands of zones at trivial incremental cost. So it’s a lazy or shortsighted administrator indeed, at this point, that resorts to spending time figuring out how to make applications coexist, given ample solutions for isolating them in clean OS instances, from hardware virtualization (Sun’s LDOMs, IBM’s LPARs) to software hypervisors (VMWare/Xen/KVM/etc/etc/etc/) to OS virtualization (Solaris zones, Linux virtual servers). (Thus it’s all the more ironic that the worst cases I’ve seen, in the last few years, of Unix servers with configuration management nightmares, with over a decade’s accumulated cruft of configured applications interdependent on ancient versions of tools nobody remembers installing, are inevitably AIX machines on IBM p-series machines, which support hardware virtualization and thus could have avoided the problem years before a Linux/x86 machine had a comparable solution.)

At any rate, there’s no mystery as to what we can expect to see in the next few years — desktop-grade computers with more cores than we know what to do with, enough RAM to cache an HD movie, and virtualization tools that approximate VMWare ESX’s all-out stance. So how’s this all help my kid and his iMac? Well, first: why wouldn’t any interactive session be likely to occur in a VM, given technology that can hot-migrate a running VM from one host to another? On a gigabit network, transferring an entire running VM image from upstairs to downstairs still shouldn’t take more than a few minutes; and after 10G Ethernet becomes commonplace (and how long could that take — a few years at most) the wait would cease to matter. So freeze your Garageband VM session upstairs, and retrieve it downstairs, on the laptop; close the laptop and take it to the coffee shop. From that view, the traditional approach of switching usersm as in Windows and OS X, is symptom of the familiar historical configuration management problem — why should I and my son share the same Applications folder, just because we both sit at the same terminal? Why should my tools, and my entire OS configuration, not float from box to box?

Of course, given a dozen cores and a dozen GB of RAM, a single machine could, in raw horsepower, serve even a very large family using thin clients of some kind or other. But this is complementary to the notion of portable VMs floating around the house, not contradictory — in normal use, everything could run on the basement 16-core monster, and only migrate to the laptop when heading over to the library.

Anyhow, bafflingly, the biggest barrier I can think of to reaching this point in the next half-decade is, bizarrely, the simple fact of Apple’s restrictions on virtualizing Mac OS X, a problem purely of license rather than technological. If one were willing to inflict Linux or Solaris on one’s family, such scenarios are probably reachable soon, but as long as OS X only runs on native hardware, the floating-VM notion will have to wait for Apple to catch up.

Comment » | media, sysadmin

Tim Berne’s Bloodcount @ An Die Musik, Baltimore MD, 2008-02-09

February 11th, 2008 — 12:28am

So I went out last night to An Die Musik in Baltimore to see Tim Berne’s Bloodcount (w/Chris Speed, Jim Black, and Michael Formanek), which purportedly is the second of three shows they’re playing for the first time in a decade. The first show they played on this micro-tour was in NYC on February 3rd, and I never found any written reactions to that show, so I feel obliged to at least mark in this medium that I actually went out at night, for roughly the second time in several years (not counting Fort Reno shows), because I am a lazy chump.

It turned out to be a great venue — the second floor of a commercial row house in Mount Vernon, filled with about 80 floral easy chairs. I only saw the second set, which ran about an hour, made up of two pieces (I think around 15 min and then 45 min, or so). It was everything I hoped it would be, and, never having seen them play before, it cleared up some of my bafflement as to how they operate — their music has always seemed to guided by a inexplicable alien logic, but they turn out to be regular mortals after all, though bizarrely talented. They fed my short attention span with their ability to switch idioms on a dime (Jim Black: holy crap), but in the scope of long-form compositions, that read like a series of cinematic episodes stitched by that inscrutable logic. I do wish I’d seen the first set too, on the premise that it would have better helped me figure out what was composed and what was improvised; certainly, given how long they’ve been playing together, how skilled they are, and how clever I ain’t, it’d take me some time to figure out.

As a child of the Virginia suburbs, I’m still not accustomed to thinking of Baltimore as being as close as it is now that I’m in Silver Spring. An Die Musik book a nice calendar, and though I’ve always lazily put it off as being too far to bother, there’ll be no more of that.

Next month: Akron/Family, again. Are they actually the greatest live band around, right now, or is it that I just haven’t been going out for a couple of years?

Comment » | media

In which I refuse to say things to you

February 7th, 2008 — 11:17pm

A colleague has been pestering me to post here, and I will in order to explain to him why I generally resist.

The personal blog is a flawed metaphor, irreparably so. The statement made by publishing a blog bearing one’s own name is the wrong one, and I regret it entirely, for it implies that this venue is the definitive outlet for any web-hosted writing I should do, of any kind. I figure there to be at least four separate, competing, and mostly incompatible uses (and audiences) for a personal-name blog:

  • diaristic personal musing on one’s life and lunch. I have no cats, and more to the point can’t conceive of an audience that would give a crap. Admittedly, this means I instead inflict those musings on randomly chosen IM-available friends, but that spares the Google user of the future my opinions on today’s veggie combo at Pete’s Diner. There’s no evidence that a ‘blog’ is a better venue for this sort of self-absorbed jibber-jabber than, say ‘twitter’, or just talking to oneself as one walks down the street; at the least these should be segregated on “blogger” where they can be more easily disregarded.
  • Google fodder, wherein unrelated but hopefully useful facts are recorded only so that they can be found later through appropriate keyword searches. I have the most affinity for this category, because I find I so often helpful when other people document their solutions to problems (usually, technical ones), and the audience is not yet known to me, which means I have no reason to dislike them; alternatively, I would write these reference for my future self, whom I like quite a lot (though what’s with the gut, tubby?) Google being Google, these tid-bits could be stashed any-old-where without much loss of findability.
  • Persuasive or analytical essays on professional or personal topics of interest. I freely admit to being the sort of pompous ass who actually thinks “gee, I should be writing more of those” but, audience-wise: huh? Who’d willingly sit through my practice sessions, enduring a thousand words on my opinions on OpenSolaris, or lawlessness and torture, or what-have-you? Luckily I don’t travel by airplane very often, or there would be even more of these hidden away in the queue than there actually are now. At any rate, either such essays would cohere to a specific theme, in which case they probably deserve a venue devoted to the theme, or else they’re just scattershot musings on whatever, in which case: who needs it? Book reviews, too, demand particular mention: given a choice between writing for an hour about a book I read, or just reading another book, it’s really no contest; after all, what do I care if you better yourself? (I am, though, looking for a site somewhat like LibraryThing but more directly suited to keeping track of books one is either reading or planning to read.)
  • The exchange and discussion of ideas with one’s colleagues or peers, through posting and commenting. There’s some minor evidence that blogs can be succesful in this regard, but it’s not at all clear that blogging is a more successful medium in which for people to hash stuff out than, say, “bulletin boards”, which in the modern web-based variant combine the worst aesthetic aspects of the Web itself with the usability of a Fido BBS. As for audience: either it’s work colleagues, in which case I prefer shouting at them over the aforementioned veggie combo, or else it’s personal friends, in which case I generally like them too much to argue about some nonsense.

So. Combining this analysis of my mistake in installing WordPress with the admission that my boy and I are really pretty fixated on Super Mario Galaxy these evenings, I guess I’ve made my position pretty clear, then, huh? Except of course that here I am, writing the third “meta” posting in a row, and using twice as many words as I needed.

Tangentially related: I wonder whether there are formal methods for characterizing modes of communication, by which you could construct a framework in which to usefully compare the zillion awful tools we have available to us in the Y2K8 (email, IM, blogs, wikis, twitter, Post-Its stuck to a rock and thrown through a window) and assess their relative applicability to different uses. ‘Cause that’d help.

Also, seriously, why would Google Docs be unable to push the document’s title to WordPress through the MovableType API?

1 comment » | meta

Google Docs publishes to blogs, but… why?

January 10th, 2008 — 3:52pm

It’s not abundantly clear to me why Google Docs added a blog API to their “Publish” feature. Granting that it’s a tolerable (but not stellar) mode in which to enter text on the Web, OK, I’m nonetheless unclear on why to prefer Google Docs as the input channel to the blog’s (e.g. WordPress’s) native input mechanism — either way, you type the words into the little box. Nevertheless, the feature is there, and so I must test it. Right now.

Also: hi!

Also: ought it not propagate the title from Google Docs to the blog in question? Evidence suggests that it does not.

Comment » | meta

So, yeah, I’m back.

December 10th, 2007 — 12:58am

Things have been busy, y’see? We made another kid last January, so that slowed things down a lot (main thing that slowed: my brain). Also it is the case that things have been lively at my workplace and well so the fact of the matter, dear reader, is that I just didn’t really feel up to throwing any text at you for a while.

But I’ll see what I can do.

Upcoming will probably just be brain-dumps on various technology topics so I can stop thinking about them. Also, complaining.


Comment » | meta

An OpenID, via WordPress/phpMyId, on Dreamhost

December 10th, 2007 — 12:35am

Returning to this venue, after long hiatus: hi!

Today’s topic: So You Want To Get You One Of Them OpenIDs. And, you’re the sort of rugged DIY nerdo who hosts his own sites; and, you’re the sort of cheapskate who uses Dreamhost to do it. And, in a further creepy emulation of me, you run your own WordPress, *and* you have stumbled through just enough text on OpenID to understand that you were stymied enough to google for a page very much like this one. In which case: hi!

The specific case I’m addressing is that you host your own WordPress, perhaps named similarly to, and you’d prefer, for whatever misguided reason, to use that same fine URI as your OpenID, and that furthermore you’re not afraid of 15 minutes of fiddling for its own sake. This will *not* help, in any way that I can discern, if you want to allow people visiting your WordPress installation to log in with their own OpenIDs in order to comment. I gather there are WordPress plugins to help you achieve that; I surely haven’t tried them yet (because, really, my focus at this moment is on making life easier for me, not any of you) but I imagine those plugins would work in tandem with what you do in the following steps.

If you’re not using Dreamhost, maybe you just want a general explanation on what to do, such as those provided by Sam Ruby or Simon Willison. This explanation is mostly lifted from their work, modulo the Dreamhost-isms.

But so we’ll assume this:

  • you’re a Dreamhost user, running your own WordPress instance under its own domain or subdomain (e.g. ‘’, ‘’)
  • you understand Dreamhost’s Panel sufficiently to add a new domain
  • you have shell access
  • you only care about a one-person solution
  • you’re not afraid

Do these things:

  • In the Dreamhost panel, create a new subdomain on your blog’s domain, which will host the phpMyID tool, which is the secret sauce here, providing you with an “OpenID provider”, if I get the jargon right. Note that you won’t use the name of this subdomain that you choose here directly, though it will appear buried in HTML tags in your site. Given a WordPress instance at, I chose to create the subdomain ‘’ for this purpose, though its name needn’t relate to your WordPress’s URL. I’ll refer to this new OpenID provider subdomain as openid.yourblog.domain.
  • Get a copy of phpMyID (version 0.7 at this writing; newer versions may invalidate some of this instruction) and unpack the .tar.gz file into your home directory, resulting in ~/phpMyID-0.7/
  • You need three files from the unpacked phpMyID package in the newly created directory for the OpenID subdomain, ~/openid.yourblog.domain/:

    cp ~/phpMyID-0.7/MyID.php ~/openid.yourblog.domain/
    cp ~/phpMyID-0.7/MyID.config.php ~/openid.yourblog.domain/index.php
    cp ~/phpMyID-0.7/htaccess ~/openid.yourblog.domain/.htaccess
  • Edit the .htaccess file, and uncomment the first of the three provided solutions — since PHP runs as a CGI on Dreamhost, you need mod_rewrite trickery to overcome some problem or over. Just accept it.
  • Follow the phpMyID README configuration, so that you create a new MD5 hash for your password, and update the index.php file accordingly with your new name and the resulting password hash. (Create the hash as instructed in the README, through ‘openssl md5‘.)
  • To preclude a baffling HTTP redirection loop later, trust the impossibly wise Sam Ruby, and add this line:

    'idp_url' => 'http://openid.yourblog.domain/',

    to the $GLOBALS['profile'] hash, along with the username, password, and realm.
  • Follow the README’s advices and test the installation of phpMyID, which at this point should be substantially complete, by visiting http://openid.yourblog.domain/ and logging in. Apparently, it is not unreasonable to be confident that this is OK despite not being SSL-encrypted, because of the use of digested authentication. Go with that. Prove that you’re able to log yourself in with the password you provided. You’re now done fiddling with the installation of phpMyID, and you can leave this new subdomain alone.
  • Well, before you leave it alone, take one more peek at the index.php configuration, and because you’re a savvy self-starting soul, and you realize the implications of the $GLOBALS['sreg'] array, you might as well populate it with as much boilerplate personal info (e.g. full name, nickname, location) as you’re comfortable automatically transmitting to various Web-two-dot-zero entrepreneur types; minimal testing suggests those sites will helpfully pull that data in for you when you establish a new account after having logged in via OpenID.
  • Now, head over to your WordPress, and bolt this new OpenID provider into it, by editing your chosen template (via ‘Presentation’/’Theme Editor’). Specifically, crack open the ‘header’ and, right before the closing </head> tag, insert this voodoo boilerplate:

    <link rel="openid.server" href="http://openid.yourblog.domain/">
    <link rel="openid.delegate" href="http://openid.yourblog.domain/">

    The wise Mr. Ruby suggests that, by adding the idp_url config above, the second (visibly redundant) line becomes unnecessary, but I’m too lazy to even bother eliding it. Note that there’s apparently a WordPress plugin that achieves the same one-or-two-line patch without you having to hand-tweak the HTML head, which might be preferable, but I haven’t investigated.

Anyhow, upon saving that change to your header, you should find that by simply providing the URI for your WordPress installation to the various ‘Web-two-dot-zero’ sites that offer an OpenID login option, those sites will do the right thing, reading the “link rel=” tag and as a result contacting your new minimal phpMyID-based OpenID provider. And, apparently, this is all OK.

Good luck.

2 comments » | sysadmin

Who are you?

May 15th, 2007 — 1:47pm

What do you want?

Comment » | Uncategorized

Back to top