Khad's Blog

To Make Changes Everyday With Joy

Sun, 06 Dec 2009 15:07:00 +0000 OpenDNS atau Google public DNS

Sun, 15 Nov 2009 11:28:00 +0000 Menggunakan headset bluetooth pada Karmic Koala

Thu, 20 Aug 2009 04:14:00 +0000 Bug kernel linux (2009)

Wed, 11 Mar 2009 04:11:00 +0000 Cara buat SSL certificate

Sun, 01 Feb 2009 13:52:00 +0000 Cara konversi movie untuk PSP

Gizmodo

Gizmodo, the gadget guide. So much in love with shiny new toys, it's unnatural.

Mon, 08 Feb 2010 15:43:25 EST Droid's Android 2.1 Update: Full of Multitouch (and Some Disappointment) [Droid]

Android 2.1 for the Droid is making its way through the Verizon test gauntlet, and apparently inside is multitouch for the browser (like Maps 3.4), Google Goggles, and fancy news and weather widgets. Not coming over from the Nexus One?

Live backgrounds—those swishy animated wallpapers—and that new 3D grid of app icons aren't part of the package. Instead, the same static backgrounds and the classic Android pop-up app shelf stick around.

Hate to say it, but this feels like even more Android fragmentation. Is anything—even the damn OS—ever gonna be the same between two phones again? Jeez. [Engadget]

Mon, 08 Feb 2010 15:40:00 EST Genie Effect Should be Renamed Ghost Trap Effect [Image Cache]

Who you gonna call? Steve Jobs, that's who. [Nerdist]

Mon, 08 Feb 2010 15:29:30 EST How Nerdy Is Your City, In Dollars? [Data]

How much do single mothers in Akron spend on electronics? What about married Chicagoans, without kids, on their phone service? Bachelors, on cable, in New York? If only there was an interactive web app to tell you this stuff!

Bundle, a strange joint venture between Microsoft, Citi and Morningstar, scrapes data from government sources, Citi customers' purchase history, and god knows where else. The important thing is, it's a ton of data, about a ton of subjects: namely, how much different demographics spend on a variety of stuff, from household wares and gadgets to travel and eating out, as well as where they do their spending.

Some of the conclusions—single dudes spend a shit-ton on cable!—are entirely predictable. Others—people who make between $50k and $75k seem to spend more on electronics than people who make from $75k to $100k—don't make much sense at all. I wish the data was a little more granular, because then the cheap jokes about indolent losers spending too much on premium cable TV and too little on, I don't know, "health", would come so much easier, and cut so much deeper.

Oh well! Lazy jokes about cities are among the top 20 best kinds of jokes, so we'll be fine. Fat people who talk on the phone a lot live in place x, and not place y! Now you go. [Bundle via Consumerist]

freshmeat.net announcements (Global)

The last 24 hours worth of freshmeat.net releases

Sat, 14 Mar 2009 20:08:54 GMT Relational 0.9 (Default branch) Relational is an interface to load relations from a file, to write relational algebra queries, and to see their result. This software has educational purposes, since it makes it possible to immediately evaluate if a query is correct or not. For developers, it provides a relational algebra Python module which can be used within other projects.

Sat, 14 Mar 2009 20:06:09 GMT Relational 0.8 (Default branch) Relational is an interface to load relations from a file, to write relational algebra queries, and to see their result. This software has educational purposes, since it makes it possible to immediately evaluate if a query is correct or not. For developers, it provides a relational algebra Python module which can be used within other projects.

Sat, 14 Mar 2009 20:00:06 GMT TaDaPro 0.8.4 (Default branch) TaDaPro (Tabular Data Processor) is a command-line utility to operate with numerical column tabulated data. It is intended for operations that are cumbersome to do by hand in a spreadsheet and for transformations that have to be applied as a batch process on many files.

Sat, 14 Mar 2009 19:56:23 GMT massXpert mass spectrometry package 1.9.5 (Default branch) The massXpert software package is a mass spectrometry environment for linear (bio-)polymers. It inherits all the innovations of GNU polyxmass. It allows the detailed definition of new polymer chemistries in the XpertDef module. These chemistry definitions are then used in the desktop calculator-like mass calculator (XpertCalc) and in the sophisticated polymer sequence editor and (bio-)chemical/mass spectrometric simulations module (XpertEdit). Available simulations include polymer and monomer chemical modifications, polymer sequence cleavage, gas-phase fragmentation, m/z ratio calculations, and more.

Sat, 14 Mar 2009 19:55:58 GMT gdigi 0.1.5 (Default branch) gdigi is a tool aimed to provide X-Edit functionality to Linux users. It allows users to control Digitech effect pedal features.

Slashdot

News for nerds, stuff that matters

2010-02-08T20:49:00+00:00 Verizon Blocking 4chan An anonymous reader writes "According to 4chan's owner and administrator 'moot,' Verizon has explicitly blocked all traffic on their network from boards.4chan.org, where all of 4chan's boards are located. Moot explains that only traffic to and from port 80 is being dropped and they were able to confirm that it was intentional. 4chan's downtime for Verizon users has been in effect for at least 72 hours since Saturday, February 7."

Read more of this story at Slashdot.

2010-02-08T20:05:00+00:00 A Reflection on Sun Executive Payouts for Failure With the Oracle/Sun merger finally completing at the end of January, one former Sun worker has taken the time to reflect a bit on the extravagant compensation and golden parachutes that the former executives at Sun are receiving for failing at their jobs. "I think it's fair to say that, for all the miscues that eventually led to its demise, the company created many products and technologies of value along the way, enough so that Oracle thought it was worth it to acquire them and try to keep them going. However, I think that it's equally fair to conclude that, after years of running losses, including about $2 billion in fiscal 2009, so that a buyout was necessary to avoid looming bankruptcy, Sun's executives did nothing to deserve lavish rewards, by any conceivable meaning of the word "deserve". But what actually happened is by now a familiar story. [...] And here's a prediction that I feel quite certain of: if, against expectations and my hopes, Ellison drops the ball and things start going south for Oracle, it's the employees who will suffer for it, and he'll be doing just fine."

Read more of this story at Slashdot.

2010-02-08T19:22:00+00:00 Turns Out You Actually Can Be Bored To Death A study conducted by researchers at University College London shows that boredom can kill you. The researchers found that people who reported feeling a great deal of boredom were 37 per cent more likely to have died by the end of the study. Martin Shipley, who co-wrote the report said, "The findings on heart disease show there was sufficient evidence to say there is a link with boredom."

Read more of this story at Slashdot.

2010-02-08T18:40:00+00:00 Cacti 0.8 Network Monitoring GJdeBoer writes "The book is aimed at people who are managing a network and would like to get insight into the performance of that network. It covers the installation and configuration of the Cacti application. In the preface the book states that it's not necessary to be a Linux Guru to use the book and that exactly is the case. The book builds up your knowledge about Cacti and the necessary steps to configure it for your network, and it teaches you about Net-SNMP and RRDTool, the building blocks of Cacti." Read on for the rest of GJdeBoer's review.

Read more of this story at Slashdot.

2010-02-08T17:55:00+00:00 What Are the Best Valentine's Day Stunts? With the oh-so-dreaded Hallmark holiday on the horizon we are flooded with tips and tricks (mostly designed to sell us things our mates cannot live without) of how to please/capture/sedate the ones we care for. One writer even suggests ways to capture the interest of a geeky girl. That said, what are some of the crazier romantically inspired, geeky V-day stunts or activities that you or someone you know has executed to terrible success or failure?

Read more of this story at Slashdot.

SecurityFocus Vulnerabilities

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

2010-02-08 Vuln: Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability

2010-02-08 Vuln: Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability

PHP: Hypertext Preprocessor

The PHP scripting language web site

2009-12-17 PHP 5.2.12 Released! The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12:Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

2009-11-19 PHP 5.3.1 Released! The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.Security Enhancements and Fixes in PHP 5.3.1:Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.Added missing sanity checks around exif processing.Fixed a safe_mode bypass in tempnam().Fixed a open_basedir bypass in posix_mkfifo().Fixed failing safe_mode_include_dir.Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

Yahoo! News: Top Stories

Top Stories

Mon, 08 Feb 2010 20:34:25 GMT Rep. John Murtha, Iraq war critic, dies at 77 (AP)

AP - Rep. John Murtha, a retired Marine Corps officer who became the first Vietnam War combat veteran elected to Congress and later an outspoken and influential critic of the Iraq War, died Monday. He was 77.

Mon, 08 Feb 2010 19:05:38 GMT Reports: Toyota plans to recall 300,000 Priuses (AP)

AP - Toyota plans to recall about 300,000 Prius hybrids worldwide over a brake problem and is likely to notify both the U.S. and Japanese governments Tuesday, news reports said, as a top executive will testify before U.S. lawmakers about defects that have tarnished its reputation for quality and safety.

Mon, 08 Feb 2010 20:02:15 GMT Government shut down as DC, region dig out of snow (AP)

AP - Federal workers and school children got a day off Monday as the Mid-Atlantic region dug out from as much as 3 feet of snow that made travel nearly impossible and knocked out power to tens of thousands of people.

Mon, 08 Feb 2010 20:56:16 GMT GOP cool to Obama call for two-party health talks (AP)

AP - Republicans gave a chilly reception Monday to President Barack Obama's invitation to discuss health care in a bipartisan, televised setting later this month, part of the White House effort to revive the stalled legislation.

Mon, 08 Feb 2010 20:47:53 GMT Michael Jackson doctor charged in singer's death (AP)

AP - Michael Jackson's doctor was charged Monday with involuntary manslaughter, capping an exhaustive investigation into the pop star's stunning death last summer and setting up the prospect of another sensational celebrity courtroom drama.

SourceForge.net New Releases

SourceForge.net New Releases

Mon, 08 Feb 2010 19:19:48 +0000 Jmol /Jmol Prerelease Tests/Prerelease 11.9/Prerelease 11.9.26/jmol-11.9.26-full.tar.gz

Mon, 08 Feb 2010 19:19:40 +0000 mod_qos /9.8/mod_qos-9.8.tar.gz

Packet Storm Security Last 50

50 Most Recent Packet Storm File Additions

dradis-v2.5.0.tar.gz dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

netsniff-ng-0.5.4.1.tar.gz netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls.

CORE-2010-0121.txt Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided.

flexmysql-sql.txt Flex MySQL Connector suffers from a remote SQL injection vulnerability.

CORE-2010-0104.txt Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.

PHP Everywhere - By John Lim

Fri, 06 Nov 2009 02:52:50 -0500 Updated Optimizing PHP Article

I have just updated my popular Optimizing PHP article with additional information on caching. I discuss memcache and squid. I also updated the PHP Accelerators and changed the tone of some parts of the article. I quote:

Perhaps the most significant change to PHP performance I have experienced since I first wrote this article is my use of Squid, a web accelerator that is able to take over the management of all static http files from Apache. You may be surprised to find that the overhead of using Apache to serve both dynamic PHP and static images, javascript, css, html is extremely high. From my experience, 40-50% of our Apache CPU utilisation is in handling these static files (the remaining CPU usage is taken up by PHP running in Apache).

It is better to offload downloading of these static files by using Squid in httpd-accelerator mode. In this scenario, you use Squid as the front web server on port 80, and set all .php requests to be dispatched to Apache on port 81 which i have running on the same server. The static files are served by Squid.

Sun, 25 Oct 2009 09:12:02 -0400 Malaysian FOSS Conference 2009 Opening Keynote

Last Saturday, I gave the opening keynote of the Malaysian Free & Open Source Software 2009 conference. The speech was prepared the day before, but as usual, I will improvise some stuff, so some parts have been amended based on memory:

Ladies and gentlemen, honored guests, good morning!

Today the landscape of information technology has been transformed by the vision of free software and open source. The search engines of Google roar with the sounds of open source Linux. Our Malaysian government encourages the use of open source whenever possible. Sounds of PHP, MySQL, Apache, GPL have become familiar names in the tapestry of IT.

But that was not what it was like when I first started out as a young student in the mid-80s at the University of Melbourne, Australia. Things were different then. Concepts such as open source, GPL were still unknown. I still remember a fellow student was expelled from university for making copies of the source code of proprietary Unix software for his personal use.

I admit I was disturbed by this, because I too had an insatiable curiosity about how software worked, and it was impossible to learn more without access to the source code. I wanted to find and understand the wiring inside the software.

I remember fondly, and today with a bit of guilt, that I used to crack copy protected games, not for the pursuit of profit, but as an intellectual challenge – well ok, I have to admit I did it to play the games. The trick doing this (cracking) metaphorically is finding the wiring behind the copy protection and reversing the wires so that instead of refusing to run, it does the opposite and continues working.

Of course to quickly find the right wires to switch and crack a large program is not easy. Which brings me to the first piece of advice if you want to be successful in software design… You need to have good taste, which is kind of weird because nerdy programmers are notoriously bad dressers, fond of bad hair days and certainly not fussy about the finer points of fine dining.

What I’m taking about is of course is a taste for good logic. The feel of a beautiful idea, the taste of a mighty logic, or the fun in a great hack.

Games designers and coders are a talented bunch of people, and if you understand their logical rhythms and designs, it becomes obvious where the wires you need to reverse to crack the software reside.

The other important element of success is being happy. You have to have passion and enjoy what you are doing. To me cracking games was like cracking walnuts, a fun thing to do, but after a while it got boring. You need to do something with others and share with others to become really passionate about something.

Social responsibility is another important element of life. You need to channel your life productively - only then will you find true happiness. Cracking games became boring and I found other better diversions.

It was around this time my fellow student was expelled that I learned about the international USENET community. To young people, you have to imagine a time before the World Wide Web, when people used the Internet primarily for email. USENET was a fantastic group of mailing lists with forums and archives. USENET was also used to disseminate programming ideas and knowledge in the form of source code.

So even before the concepts of Open Source and licenses such as GPL became well known, there was this thriving community of programmers who shared their source code and learnt from others. Which brings me to the next lesson: the typical image of the best programmers being lonely introverted hackers is misleading. People are only successful in a community. Open source software needs to be grown organically and for that you need social skills. The classic example here is of course Linus Torvalds, author of Linux, who has skillfully led the Linux community from its inception.

It was through the USENET that I released software that I had written, including the one that won runner-up for best Australian Macintosh software in 1988 while still a foreign student in Melbourne.

You know, while preparing this speech, at the back of my mind I have always wondered why Malaysia has not had a bigger role in contributing software to the open source community? Was what I achieved due to my overseas education? I was thinking about it last night while writing this speech, and I don't think so: I will tell you why...

Malaysians do not lack ability. I see many smart and interesting people around me here at the conference. And I have seen many sophisticated pieces of software in the commercial world developed by talented teams of Malaysians. English, the language of Science and the Internet, is widely spoken here. However in the open source world, we have many more consumers than contributors.

Is it our education system? Perhaps an over-emphasis on exams it is a contributing factor, but I don’t think that is the main reason. I studied for 12 years in Malaysian state schools, and I survived sane and reasonably intelligent! And exposure to the Internet has made young people more worldly than any previous generation of Malaysians.

After reflecting, I suspect the reason is primarily economic. After college, it is difficult to sustain a living and have the time to contribute meaningfully to an open source project here in Malaysia. There are companies with strong support for open source here, but most companies here see little value in allowing their staff to contribute to open source.

So let’s flash forward from studying Melbourne in the 80’s to working in Malaysia in the year 2000. At that point in time, my company was planning on developing their next generation web application server, called PHPLens. An application server is a professional software framework which makes it easier for programmers to build high quality software modules.

We also wanted PHPLens to support as many databases as possible. That was the reason why we decided to open source our database abstraction library. Contributions from the programming community were encouraged so that we could support more databases.

And as this was the 3rd database abstraction library I had developed in my career, I had some meaningful experience in this area. Other developers liked it and today the library has become very popular world-wide and is in use by thousands of developers.

I have been working with and supporting the ADOdb abstraction library for over 9 years. I can tell you working on open source is sometimes not fun. You work for hours to implement some feature and then the feedback you get is that it’s not very useful. People will disagree with you. You also get cranky people emailing you in broken English to fix their problems urgently. And if you misunderstand them, it just gets worst. To survive, you need to be passionate about your work, really listen to people (which isn’t easy in an email exchange) and be committed to excellence.

I would like to show you now a presentation I did on ADOdb a few years ago. [presentation here]

In closing, I would like to ask how do I think the Malaysian Free & Open Source Software movement can advance further? Actually I think we are doing a good job. I see a lot of local companies have already switched to using Open Office or running Linux, Apache, MySQL, PHP for their web-sites.

As I mentioned before, the real factors we need to look into are still economic, your take-home pay. What we need is more demand for people with the right skills to support this open source infrastructure, and an ecosystem where the pay is attractive.

We need to transition from the idea that “free software is cheap” to “free software is cost-effective”. There is dignity in work, and people deserve to be rewarded. Thank you.

Wed, 07 Oct 2009 06:45:54 -0400 Monitoring and logging CPU Utilization of Virtual Machines in Xen

Oct 6 update: Added logging of disk [d] and network [n] info.
Oct 4 update: added availability option. Now uses xentop internally.
Oct 2 update: added graphing to xenstat.pl. Now xenstat.pl detects Guest VM start/shutdown and resets itself. Number of vcpus also shown. Misc bug fixes.

You can download xenstat.pl here.

Syntax

perl xenstat.pl [$mode] [$intervalsecs=5] [$nsamples=0] [$urlToPostStats]

Quick Guide

perl xenstat.pl          -- generate cpu stats every 5 secs
perl xenstat.pl 10       -- generate cpu stats every 10 secs
perl xenstat.pl 5 2      -- generate cpu stats every 5 secs, 2 samples

perl xenstat.pl d 3      -- generate disk stats every 3 secs
perl xenstat.pl n 3      -- generate network stats every 3 secs
perl xenstat.pl a 5      -- generate cpu avail (e.g. cpu idle) stats every 5 secs

perl xenstat.pl 3 1 http://server/log.php    -- gather 3 secs cpu stats and send to URL
perl xenstat.pl d 4 1 http://server/log.php    -- gather 4 secs disk stats and send to URL
perl xenstat.pl n 5 1 http://server/log.php    -- gather 5 secs network stats and send to URL

Requires xentop from Xen 3.2 or newer xentop backported to Xen 3.1.

Usage

To use run "perl xenstat.pl" in domain 0. The following output will be generated, with a new statistic generated every 5 seconds:

[root@server ~]# perl xenstat.pl 
cpus=2
       40_falcon   2.67%    2.51 cpu hrs  in 1.96 days ( 2 vcpu,  2048 M)
       52_python   0.24%  747.57 cpu secs in 1.79 days ( 2 vcpu,  1500 M)
     54_garuda_0   0.44% 2252.32 cpu secs in 2.96 days ( 2 vcpu,   750 M)
           Dom-0   2.24%    9.24 cpu hrs  in 8.59 days ( 2 vcpu,   564 M)

                    40_falc 52_pyth 54_garu   Dom-0    Idle
2009-10-02 19:31:20     0.1     0.1    82.5    17.3     0.0 *****
2009-10-02 19:31:25     0.1     0.1    64.0     9.3    26.5 ****
2009-10-02 19:31:30     0.1     0.0    50.0    49.9     0.0 *****

In the above output, the first few lines summarise the CPUs and running domains. Then we have the statistics generated every 5 seconds. At the end of each line is a simple graph. 5 stars means 90% or over CPU utilisation, 4 stars is 70% or over, etc.

You can also define the interval to poll (in seconds), and the number of samples just like vmstat:

[root@server ~]# perl xenstat.pl 3 2
cpus=2
       40_falcon   2.67%    2.51 cpu hrs  in 1.96 days ( 2 vcpu,  2048 M)
       52_python   0.24%  748.07 cpu secs in 1.79 days ( 2 vcpu,  1500 M)
     54_garuda_0   0.44% 2258.38 cpu secs in 2.96 days ( 2 vcpu,   750 M)
           Dom-0   2.24%    9.24 cpu hrs  in 8.59 days ( 2 vcpu,   564 M)

                    40_falc 52_pyth 54_garu   Dom-0    Idle
2009-10-01 12:14:59     0.0     0.0     1.7     5.7    92.5
2009-10-01 12:15:02     0.0     0.0     0.3    10.4    89.3 *

[root@server ~]#

Logging Using REST web service

To log the CPU utilisation using the Perl script, I didn't want to install a database client in Dom-0. So I added another parameter, a URL to a web server to call with the CPU info as GET parameters. I assume wget is installed in your Dom-0.

[root@server ~]# perl xenstat.pl 10 1  http://192.168.0.1/
cpus=2
     54_garuda_0  0.49%  165.81 cpu sec over 3.62 days (2 vcpu,   750 M)
    59_gyrfalcon  0.62%   69.03 cpu sec over 0.80 days (2 vcpu,  2000 M)
           Dom-0  1.57%    2.15 cpu hrs over 3.62 days (2 vcpu,   564 M)


--10:46:42--  http://192.168.0.1/?54_garuda_0=0.1&59_gyrfalcon=2.1&Dom%2D0=2.2&
Connecting to 192.168.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 498 [text/html]
Saving to: `STDOUT'

100%[============================================>] 498         --.-K/s   in 0s

10:46:42 (67.8 MB/s) - `-' saved [498/498]

2009-09-29 10:46:42  0.1  2.1  2.2 95.6

This will accumulate statistics for 10 seconds then send it to the above url in this format:

 http://192.168.0.1/?54_garuda_0=0.1&59_gyrfalcon=2.1&Dom%2D0=2.2&.

This allows you to log the data using a REST-ful web service.

Network mode [n]

Shows total network reads and writes in KBytes or MBytes for that time period.

perl xenstat.pl n

    Network I/O (K)  52_pyth 54_garu 59_gyrf   Dom-0
 2009-10-05 19:55:08       7     979       1       3
 2009-10-05 19:55:13       6    1.2M       1       1
 2009-10-05 19:55:18       5     600       2       3

Disk IO mode [d]

Shows total reads and write requests for each domain for that time period.

 perl xenstat.pl d

  Disk I/O (Reqs)    52_pyth 54_garu 59_gyrf   Dom-0
 2009-10-05 19:51:02       4       0    1317       0
 2009-10-05 19:51:07      27       0    1140       0

Availability Option [a]

Shows CPU Availability % (which is the same as CPU Idle %) instead of CPU Utilisation %.

The problem with showing CPU Utilisation occurs when you have multiple Guest VMs with different number of vcpus. If the CPU Utilisation of a guest VM is 50% can you tell whether it is already capped (vcpus = 50% of physical cpus), or can it go higher?

The solution is to reverse the CPU figures and view information in terms of Available CPU % left (100 - CPU Utilisation %). The advantage is that you know when the CPU of a guest VM are exhausted as the figures approach zero. In the example below, note that garuda has only 1 vcpu which means that cpu available is capped at 50% for garuda.

[server~ ]# xenstat a

Output:
-------
cpus=2
     40_falcon   2.33%    2.53 cpu hrs  in 2.26 days (2 vcpu,  2048 M)
     52_python   0.26%  940.55 cpu secs in 2.08 days (2 vcpu,  1500 M)
   54_garuda_0   1.48%   18.47 cpu secs in 0.01 days (1 vcpu,   750 M)
         Dom-0   2.28%    9.73 cpu hrs  in 8.89 days (2 vcpu,   564 M)

    Available CPU %  40_falc 52_pyth 54_garu   Dom-0 CPU-free
2009-10-07 18:25:20   100.0    49.9    99.8    99.5    99.1
2009-10-07 18:25:22   100.0    48.2    42.1    91.7    32.0 ***
2009-10-07 18:25:24   100.0    45.2    25.5    79.3     0.0 *****
2009-10-07 18:25:26    99.9    50.0     0.3    99.8     0.0 *****
2009-10-07 18:25:28   100.0    50.0    16.7    87.7     4.3 *****
2009-10-07 18:25:30   100.0    50.0    73.7    99.8    73.3 *

Initially in the first line of statistics below everything is quiet. With CPU Availability as the statistic, we can immediately notice that garuda has 1 vcpu (50% of 2 physical cpus) and all the others have 2 vcpus:

    Available CPU %  40_falc 52_pyth 54_garu   Dom-0 CPU-free
 2009-10-07 18:25:20   100.0    49.9    99.8    99.5    99.1

In the 2nd line, we can see:

    Available CPU %  40_falc 52_pyth 54_garu   Dom-0 CPU-free
 2009-10-07 18:25:22   100.0    48.2    42.1    91.7    32.0 ***

In the 3rd line, python is heavily loaded and there is no more spare CPU capacity.

    Available CPU %  40_falc 52_pyth 54_garu   Dom-0 CPU-free
 2009-10-07 18:25:26    99.9    0.03    50.0    99.8     0.0 *****

If we were looking at it in terms of CPU idle, it would not be obvious that python is overloaded, as you can see if we look only at CPU usage for the same statistics as the 3rd line:

[server~]# xenstat 
                     40_falc 52_pyth 54_garu   Dom-0    Idle
 2009-10-07 18:25:26     0.1   49.97    50.0     0.2     0.0 *****

I hope this is useful for anyone using Xen. This has been a good experience down memory lane too as I haven't coded in Perl for nearly 10 years!

Download xenstat.pl.

History

In Sept 2009, we started experimenting with the Xen hypervisor. In my testing, I have found that Linux performance is better on Xen than VMWare and we are considering it for Linux rollouts.

Normally when we roll out a new server for a customer, we have a simple PHP script installed as a cron job that runs vmstat and logs the CPU utilization of the server into our database every 5 minutes. It's very useful for benchmarking, monitoring and troubleshooting mysterious performance problems. I needed a similar script for Xen.

A search in Google revealed a Perl script by Tom Brown to record the Xen domain CPU utilisation.

However the following limitations led me to modify it:

• I want total CPU utilisation to be capped at 100%, which is the way "top" works, but not the way "xm top" works.
• Does not work properly with multi-core CPUs. CPU utilisation can go over 100%.
• Unfortunately sleep() does not sleep for precisely the number of seconds you define causing the CPU utilization to go over 100% again. There is some perturbation, either because Dom-0 is still virtualised or some other reason.
• No easy way of logging to a database.

So i rewrote parts of the script and renamed in xenstat.pl (after vmstat).

Other tools: see xentop, which can run in batch mode, but cannot post to web server.

The original script written by Tom Brown.

Sat, 04 Jul 2009 21:14:52 -0400 PHP with Oracle RAC

My article on High Performance and Availability with Oracle RAC and PHP is out on the Oracle web site.

It discusses my experiences creating an Oracle Real Application Cluster and running it with PHP 5.2 and oci8 1.3 for a customer. Since that article was written I currently recommend that oci8.events be turned off in php.ini since I've had some reliability issues with this setting.

Thu, 18 Jun 2009 23:30:41 -0400 Boiling down your Computer Science degree into 4000 words

Four thousand words that distill what you really need to understand to build scalable multiuser servers: Server Design by Jeff Darcy.

PyPI recent updates

Updates to the Python Package Index

08 Feb 2010 20:55:54 GMT clipy 0.2 Library for creating command line interfaces

08 Feb 2010 20:00:53 GMT proteon.ExporterImporter 0.1-alpha

PostgreSQL News

PostgreSQL News

Tue, 02 Feb 2010 00:00:00 GMT Continuent Finds Success Within SaaS Data Management Market Continuent, a leading provider of solutions for continuous data availability, advanced database replication, backup and database performance scalability, today announced increased emphasis in the SaaS data management market in the wake of a number of new SaaS customer installations last year.

Thu, 21 Jan 2010 00:00:00 GMT Database Master 1.7 for PostgreSQL has been released! Database Master is a Oracle, MS SQL-Server, MySQL, PostgreSQL, FireBird and SQLite client application with a consistent, elegant, modern and easy-to-use interface that simplifies querying, editing, visualizing, managing, designing, reporting and constructing relational databases.

Wed, 06 Jan 2010 00:00:00 GMT PHPRunner 5.2 released with PostgreSQL support PHPRunner 5.2 is PHP code generator with full PostgreSQL support. PHPRunner builds visually appealing web frontend for any PostgreSQL database.

Tue, 05 Jan 2010 00:00:00 GMT Bucardo rpms for fedora, centos and rhel linux Bucardo is now in Fedora and Fedora EPEL(centos and rhel) repositories.

Mon, 28 Dec 2009 00:00:00 GMT Database .NET 3.0 released A major update to Database .NET Version 3.0 has a lot new features and minor bug fixes...

Happypenguin

A database of games and game-related stuff for Linux.

Cubosphere Alpha 0.03 (new) 3d Puzzle similar to Kula World / Roll Away

More about Cubosphere

TuxMathScrabble 0.7.3 (updated) Math Scrabble for kids of all ages

More about TuxMathScrabble

violetland 0.2.8 (updated) Opensource crossplatform game similar to crimsonland

More about violetland

NASA Breaking News

A RSS news feed containing the latest NASA news articles and press releases.

Mon, 08 Feb 2010 00:00:00 EST Launch of NASA's Shuttle Endeavour Sparks Early Monday Sunrise Space shuttle Endeavour lit up the predawn sky above Florida's Space Coast on Monday with a 4:14 a.m. launch from NASA's Kennedy Space Center.

Fri, 05 Feb 2010 00:00:00 EST NASA Administrator to Hold News Briefing at Kennedy Space Center NASA Administrator Charles Bolden will meet with reporters covering the launch of space shuttle Endeavour at the Kennedy Space Center in Florida.

KETAWA.COM

Jokes Online

Mon, 08 Feb 2010 11:38:13 -0600 Gadis dan Ibu Muda Ada seorang gadis cantik, dia sedang dalam perjalanan menuju ke kantor, di angkutan umum dia bertemu seorang ibu muda yang tidak kalah cantik dengannya. Iseng si gadis pun bertanya:

Gadis : "Bu, apakah ibu sudah berkeluarga?"
Ibu : "Sudah."
Gadis : "Sudah punya anak?"
Ibu : "Oh ya, Anak laki-laki."
Gadis : "Wow cowok. Apakah ia merokok?"
Ibu : "Tidak dong..."
Gadis : "Apakah ia minum minuman keras?"
Ibu : "Setetes pun tidak."
Gadis : "Suka main cewe ga?"
Ibu : "Jangan sampe..."

Si gadis pun tertarik, tipe dia banget tuh cowok.

Gadis : "Ah, jarang sekali ada cowo seperti itu di jaman sekarang, ngomong-ngomng usia anak ibu berapa?"

Ibu : "Oooo, kemaren dia baru merayakan ulang tahunnya yang pertama..."

Gadis : "???!!!"

Mon, 01 Feb 2010 23:47:47 -0600 Tentang Facebook Senior engineer: "Kalau facebook itu apa sih?"
Junior engineer: "Oohhh... itu kayak jaringan sosial gitu, pak..."
Senior engineer: "Bentuknya gimana? Lebih kecil dari netbook?"

Mon, 01 Feb 2010 23:09:29 -0600 Salah Cetak Label Kain Seorang Direktur perusahaan tekstil terkenal sedang mendapat pujian dari rekan-rekan bisnisnya.

Rekan Bisnis : "Apa kiat Bapak dalam menjalankan bisnis tekstil ini, sampai negeri Arab memborong seluruh kain yang Bapak produksi?"

Direktur : "Sebenarnya ini rahasia perusahaan, tetapi tidak apalah. Cuma kesalahan cetak tulisan di label kain."

Rekan Bisnis : "Tulisan apa?"

Direktur : "Luntur Tidak Ditanggung."

Fri, 29 Jan 2010 08:42:02 -0600 Persiapan Operasi Usus Buntu Suatu hari di sebuah rumah sakit, seorang cewek cantik berbaring di kereta dorong. Sebentar lagi ia akan dioperasi usus buntu. Cewek cantik itu sudah tidak berpakaian apa-apa, namun sehelai kain putih menutupi bagian atasnya.

Tidak lama berselang, seorang suster mendorong kereta tersebut untuk menuju ruang operasi. Kereta itu melalui lorong-lorong rumah sakit yang kebetulan saat itu lagi sepi. Jadi beruntunglah si cewek, karena kalau banyak orang, kan bisa malu...

Sesampai di depan kamar operasi, si suster menepikan kereta dorong, kemudian masuk ke dalam untuk mencek apakah peralatan operasi di dalam sudah siap. Selama suster ini mencek, si cewek ditinggal sendirian dengan hanya ditutupi sehelai kain putih.

Datang seorang pria berpakaian putih melintasi si cewek. Ia membuka kain putih tersebut, melihat-lihat sebentar lalu pergi lagi. Di kejauhan tampak pria tersebut berbicara kepada yang lainnya.

Pria yang tadi berbicara dengan pria pertama kemudian menghapiri si cewek, membuka kain putih yang menutupi si cewek, melihat-lihat sebentar, lalu pergi lagi.

Pria ketiga datang mendekati si cewek.

Si cewek yang mulai tidak sabar berkata : "Dok... saya rasa sudah cukup pemeriksaaannya... Kapan saya mulai dioperasi?"

Pria ketiga tampak bingung lalu menjawab : "Wah Non, saya tidak tahu... di sini kami hanya ditugaskan mencat lorong rumah sakit ini."

Fri, 29 Jan 2010 03:53:59 -0600 Batu Baterai dan Banci Sepulang dari supermarket seorang anak bertanya pada ibunya:

Anak : "Bu, Ibu tau nggak, apa bedanya batu baterai dan Banci?"

Ibu : "Hus, sudah jelas beda dong."

Anak : "Iya... di mana bedanya?"

Ibu (Setelah mencoba berfikir namun gagal) akhirnya berkata : "Nggak tau ah!"

Anak (sambil tersenyum-senyum) : "Kalau batu baterai tahan lama sedangkan kalau banci 'mana tahan la
yauow'..."

SecuriTeam

Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.

Tue, 26 Jan 2010 01:24 GMT LedgerSMB Multiple Vulnerabilities It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.

-

Make your website safer. Use external penetration testing service. First report ready in one hour!

Mon, 04 Jan 2010 19:26 GMT Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.

-

Make your website safer. Use external penetration testing service. First report ready in one hour!

Fri, 11 Dec 2009 19:42 GMT Piwik Cookie Unserialize Vulnerability Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.

-

Make your website safer. Use external penetration testing service. First report ready in one hour!

Monologue

The voices of Mono

Mon, 08 Feb 2010 19:32:54 GMT Aaron Bockover: Banshee + GNOME 3.0

I spent a little time this weekend doing one of the things I've wanted to do for years - eradicate one of the oldest files in Banshee: banshee-dialogs.glade.

The vast majority of Banshee's UI is custom widgetry that is laid out dynamically at runtime. The main window and the preferences dialog hasn't been restricted by Glade for a couple of years, but all the other dialogs were defined in part in Glade:

• Open Location
• Seek To
• Import Media
• Smart Playlist Editor
• Error list dialog (very unlikely anyone has ever seen this)
• Last.FM Station Editor

These were all fairly simple dialogs in Glade -- mostly consisting of a table, some static labels, and placeholders to pack in custom widgets at runtime (e.g. the import source combo box in the Import Media dialog, or the actual query builder UI packed in the Smart Playlist Editor dialog).

Old Banshee Glade Dialogs

These are now fully defined in code, allowing the dialogs to derive directly from BansheeDialog, which provides extra common functionality for dialogs on top of Gtk.Dialog.

The big take-away here is no longer depending on the deprecated libglade/glade-sharp libraries (well, almost -- later this week Gabriel will port Muinshee -- an alternative Banshee client in the image of Muine, but not a core component). Additionally, I removed our dependency on libgnome/gnome-sharp, which is also deprecated.

This means that Banshee 1.5.4 will be GNOME 3.0 ready. The last thing to do is implement a udev hardware backend. We already have partial DeviceKit support, and GIO support. However, we don't take a hard dependency on HAL. The removal of the last Glade file represents the eradication of any hard obsolete GNOME 2.0 dependencies. Exciting!

As a quick aside: what was really nice about the porting from Glade to C# was the use of C# 3.0 features - specifically type inference and object initializers. This permits interface construction using a more terse syntax than available in C# 2.0, yielding improved readability and organization. For instance:

    var table = new Table (2, 2, false) {
        RowSpacing = 12,
        ColumnSpacing = 6
    };

    table.Attach (new Label () {
            Text = Catalog.GetString ("Station _Type:"),
            UseUnderline = true,
            Xalign = 0.0f
        }, 0, 1, 0, 1, AttachOptions.Fill, AttachOptions.Shrink, 0, 0);

Bring it on, GNOME 3.0. We are ready!

Mon, 08 Feb 2010 19:01:43 GMT Unity Technologies: Unity Tech signs a three-year deal with LEGO! As y’all know the user base for Unity is exploding and that growth includes developers across the spectrum, from games to non-games, from small development shops to large studios, from social media outlets to major media providers. Today we have news about not just a major media provider but a major toy manufacturer as well, [...]

Sun, 07 Feb 2010 17:07:00 GMT Jonathan Pobst: Introducing Pinta Over the holiday break, I stumbled upon this article from OSNews stating that there was a need for something like Paint.NET for Gtk. Having some experience with porting Paint.NET to Mono Winforms before, I knew that that was a massive task. But it still got me curious about Cairo and creating a layered canvas, since I had never played with Cairo or Gtk.

After playing around for a few hours, I actually had a working paintbrush and canvas. Intrigued by my success, I played around with it for a few more days. By the end of the week I had a nifty little paint program with a few features. Now, a month later, it's time to open my little project up to the world: Pinta.


Pinta is a clone of Paint.NET. It already has a small, but hopefully useful, set of features like multiple layers and infinite levels of Undo/Redo.


I hope to implement the same feature set as Paint.NET. Currently there are several tools missing, as well as adjustments like brightness/contrast and levels and Paint.NET's effects.


Being written in Mono/Gtk, Pinta is naturally cross-platform.


To download Pinta or the source code, check out the website!

Note: I didn't misspell "Hello" in my screenshot, my dog's name is Helo. ;)

Planet Eclipse

Planet Eclipse - http://planeteclipse.org/planet/

2010-02-08T20:45:33+00:00 Chris Aniszczyk: Eclipse, Symbian and the Rise of the Weak Copyleft

In case you weren’t aware, the Symbian Foundation recently open-sourced their Symbian^3 platform under EPL. I’ve had a few people come to me and ask first, what is the Eclipse Public License and why would Symbian choose that license say over the GPL or APL.

So let me try to answer some of those questions (note: IANAL).

What is the Eclipse Public License?

The Eclipse Public License is an OSI approved license. It’s a weak copyleft license similar in spirit to the LGPL. Any changes and certain additions to EPL-licensed code need to be licensed on under the EPL.

This is unlike the GPL where it dictates that any work that is based on GPL-licensed code must itself be GPL-licensed. Some people like to call this licensing behavior viral.

If you want to learn more about the EPL, check out the EPL FAQ.

Why did Symbian favor the Eclipse Public License?

Well, according the Symbian FAQ, here is the reason…

“The Symbian Foundation has instead chosen the EPL because it wants to be absolutely clear about this: device manufacturers will be able to add new features and support new hardware without having to make all of that code open source, except where they are changing or making certain additions to EPL code supplied by the Symbian platform. We expect that device manufacturers will see the value of enriching the Symbian platform by contributing their innovations, but we don’t insist that everyone must contribute everything.”

On top of that, I postulate that Symbian recognized the importance of giving people a choice and protecting the investment in the Symbian platform code. This is where I argue a weak copyleft license like the EPL actually gives you more freedom than a strong copyleft license like the GPL. The GPL wants to devour your code and all of its friends. The EPL gives you a choice.

Why not LGPL? Well, there are some patent retaliation and reverse engineering clauses in the LGPL that make certain companies legal departments nervous. Other than that, I actually like the LGPL’s weak copyleft spirit.

The Rise of Weak Copyleft Licenses

One of my predictions is that in the near future, we will see a significant rise in the usage of weak copyleft licenses. If you’re looking to build an ecosystem full of commercial and individuals members, a weak copyleft license is the best choice in my humble opinion. Eclipse first blazed the weak copyleft builds ecosystems path with the CPL/EPL followed by Symbian. Even Microsoft is getting into the game with the MS-PL license (which is weak copyleft).

Do other people have strong feelings on weak copy left licenses? Do you see a pattern too?

On a side note, if you have the time to burn on legal issues, I highly recommend taking a gander at Janet Campbell’s “Managing Open Source Legal Issues” video on EclipseLive.

2010-02-08T19:21:03+00:00 Ankur Sharma: Did you register for Eclipse Day India 2010?

2010-02-08T18:37:44+00:00 Bjorn Freeman-Benson: Ad re: Contribute to Eclipse? Stackoverflow is offering free advertising to open source projects looking for contributors [1], but I don't see any submission from the Eclipse Foundation. Maybe it's still being designed?
Anyway, this is the kind of thing that, if I'm elected as a committer Board rep, I'll be pushing the Foundation to do: outreach to recruit additional contributions of all kinds (code, tests, doc, translations, etc).