Tobi Waves

Once upon a time, there was this firm, the little Toy Factory, they were building these neat and simple woodblock toys. Kids could use them in various setups. Clever kids could even create their own additional woodblocks and hoock them on. Woodblocks seemed quite simple, but the trick with these toys was their clever overall design which made it easy integrate them with other Woodblock toys and even create your own additions. The factory was really successful with the kids who knew about their toys. Partly also because each Woodblock toy also came with a complete manual explaining not only how to use it but also giving detailed account about how this particular WBT had been constructed. Woodblock toys guaranteed for hours of satisfying and creative playtime together with your friends.

Not far to the north west there was this other company, the Lolly Makers, they produced shapely and tasty lollies in many colorful designs. Kids who tried them were really taken by the great taste of the sweet lollies. The lollies sold very well and soon most kids who lived in the vicinity of the lolly factory could be seen wandering the streets with a lolly in their mouth. Interestingly enough these kids seemed to loose all interest in playing with the woodblock toys or other kids apart from talking about the latest 'inventions' of the Lolly Makers. The lollies seemed be all they needed. Rumors had it that the lolly makers were using addictive and psychoactive substances in their creations. But whoever uttered any suspicions in this direction soon got letters from a big firm in the city, who advised them to refrain from telling any further lies about the Lolly Makers.

Over the last few days I have redesigned the Website of my Department, and implemented it purely with CSS2. I had to discover the hard way that even 4 years after the standard has been published, we are not there yet. While Mozilla is shining bright with its good implementation, many other entries like Opera, Konqueror and IE are working hard to do a good job but fail in odd places. What is amazing is where they do not work. Opera, for example, can not grok, that a box which is defined by its distance from all edges of the browser window is fully defined an can be displayed propperly. It just ignores part of the settings to be able to draw in the wong place and size.

Why does this not get fixed? First I thought there must be many bugs, and they just don't get round to fix this particular one. But then I got another theory: Everybody who does serious CSS2 Webdesign is working hard to make sure that his pages work with all the players in the CSS arena (Opera, Mozilla, Konqueror and Internet Explorer). Therefore these stupid bugs don't disappear as nobody will notice them but Webdesigners who then successfully hide the bugs from the end users by going the extra mile to make their pages work with all browsers.

How about a website which collects pages that pass all CSS/HTML conformance tests at (validator.w3.org ...) with flying colors, but got axed because display problems in some browser prevented them from working fully 'cross platform'

With todays low disk prices, it becomes intriguing to use several large harddisks as backup media. On the simples level they can be used like tapse to store dump files. But having all this quickly accessible storage space, it would be way cool to have some snapshot like quality where the backups are readily accessible by the users. Today I read about a cool idea for backup which is exactly what I have been wishing for the program implementing this is called FauBackup (faubackup.sourceforge.net ...). I could smack me for not thinking off this myself. Anyhow, here is how it works.

First Day Make a full copy (file by file) of the work partition to the backup partition.

Second and every following Day Walk the work disk and compare the file i-node change time of the files with the time the last backup was taken. Anything that staid the same gets hard linked from the previous backup to the current backup. Everything that has changed gets copied over.

Additionally compressing the files in the backup could lead to significantly lower disk usage. The advantages of this approach are: a) Users can restore their own files by just going into the backup partition. What I am not clear yet, is how to prevent them from modifying the backup. b) Backup space requirements are minimal as only changed files go into the new backup and old ones are hard linked. c) if we run out of space old backups can simply be removed as all backups are complete and independent of each other.

Now I just have to decide which computer is going to be my first victim. And I have to figure out if I am going to be stubborn and write my own implemntation implemntation of this idea or if I can convince myself to use faubackup.

In 14 days we will be moving out of our good old flat, to a new house. Or rather we will move out, and after Easter we will move into the new house.

Yesterday we finally chose the new table and chairs we were going to buy for the house. We spent a great deal of time figuring out what table we were going to get and where we would get it without spending all the money we have left after buying that house.

What we sort of ignored all the time, was the chairs. We did not ignore them completely, no, but we did never discuss their color. So when we finally were ready to order everything, yesterday at the furniture place, the guy wanted to know which color the chairs should be (the part which is not wood).

We have a pitch black floor, a fair beech wood table, white walls, transparent light gray white curtains. The chairs should contrast to their surroundings without taking all the attention. Aargh ... what a decision 20 minutes before they are going to close the shop for the night.

We went back and forth amongst all the colors on offer and finally settled on a fair grayish color with a hint of blue. With the order sent and the price agreed, we are left to worry if this was really the color which is right for us. Will not be to delicate? Will it fit with the rest of our furniture? I see six to eight weeks of worrying to worry ahead of us. Because of all our special wishes, it will take them that long to produce and ship the things.

Don't say it ... just don't! I'm going to bed now.

I read in the paper today that the George W is going to ask Congress for 75 billion to finance his crusade against Saddam. Lets assume this will amount to about to maybe 100 billion in the end. This is about 500$ for each American citizen or 5,000$ for each person living in Iraq. I don't know how much the average income in Iraq is, but I guess with 5,000$ per person you should do well. Think even how many people in some other 3rd world country, one which has not even oil, could be sustained with this kind of money.

I saw Bowling for Columbine (www.amazon.com ...) last autumn, today heard Michael Moore's (www.michaelmoore.com ...) acceptance speech for the Oscar. He seems to be one of the few outspoken, witty Americans around these days, who are actively working for a better future for America in this world and not apart from it. A country currently governed by fear and through fear of an artificially enhanced enemy whom to fight will serve as a method to ensure W's reelection by people who might otherwise just realize what disservice they are doing themselves by choosing leaders who don't seem to have the understanding nor the intention to play by the rules for the greater good of the world.

In the radio news today, the presenter remarked, that the US was detaining POWs in Guantanamo under the label of 'Unlawful Combatants', refusing them any of the rights POWs should have, according to international law. He continued, that Iraq might call the US Soldiers exactly the same and would not even be all the out of line as the US is fighting this war with out UN mandate and is thus in blatant violation of the very fabric the chances for stability and prosperity of the world are based upon.

All Friday Regula have been packing our stuff into cardboard boxes. On Saturday morning at 8:30 10 of our friends arrived in Aarburg, ready to help us move all our belongings from the flat at the Feldstrasse to our new house at the Aarweg in Olten.

We had packed 90 boxes which had to be carried down 3 floors at the old place and up 4 floors in the new place. And this was only the beginning. The boxes alone filled the Van we had rented. A further three rides were necessary to transport all our furniture. I had hoped we would manage with two rides. I was so wrong. I promise, I will never buy anything new unless I give something old away ...

At 4pm all was done and everybody had had a gracious share of lifting and stair climbing. Thanks to the delicious lunch my mother had prepared for the whole crew we were tired, but at least well fed. (Thanks Mom!)

A big thanks to Alexa, Claudia, Doris, Gabi, Regula, Christoph, David, Fritz, Manfred, Manuel for their help. If you are ever going to move house, count me in.

I was searching google groups today when I lumbered onto this post from February 1998: (groups.google.com ...)

Amazing, these days many people blame W but six years ago, the Clinton administration has proposed a war on Iraq as well, only that they did listen: (www.cnn.com ...) It seems CNN has not edited their archives, even thought these days, US media don't report anti war rallies unless many hundred thousends attend. They rather bring an extendes feature on the few people marching for the war. It seems that independent and critical journalism is "out". Remember Watergate?

Today Akamai kicked Al Jazeera off their network. The Register has some thoughts on this (www.theregister.co.uk ...)

I got up at 4:15 am today. In order to get to Eindhoven on time, I had to take the 7 am flight from Zurich and thus the 5:20 train from Olten. Guess I am lucky to have no problem with getting up early.

In Schiphol I met Rudi and Alexios. Together we rode to Eindhoven and arrived at the TU/e just in time for the meeting. The other members of the program committee were there as well: Walter, Edwin, Brenda, Peter, Bastiaan, Xander, Jos and Fred. And there was also Marielle and Sabina from Iconic who will be doing all the actual organization work for the conference.

This is my first time on a PC. What I found the most difficult part, is to figure out which talks would be relevant 1.5 years from now, as the conference will be held at the end of September 2004.

At the meeting we did not really decide anything fixed, apart from the meaning of SANE: System Administation and Network Engineering Conference.

We tossed around a ton of names of potential invited speakers, had a short discussion about the deadlines, debated whether we should demand 400 word abstracts or extended abstracts like LISA. We also collected places where we wanted to distribute the Call for Papers.

I guess most things will get sorted on our PC mailing list, as we move on.

A week ago, a journalist of the swiss NZZ Newspaper had been directed to me by the universities press office. The guy was looking at writing a story on Open Source software and the press office people knew I had some projects in this area. It was the week of the Blaster worm. So after talking for about 40 minutes to the journalist on Wednesday he calls on Thursday to let me know that the story on Open Source had been shelfed, and he had to write a piece on Blaster. Oh, and by the way, would I know anything about the worm. I had been battling it for the last two days, so I said yes. With the effect that I was quoted in the article on Blaster.

The following week a guy from Swiss national television (SF DRS) called, they were doing a piece on Blaster too, with a 'confront MS angle'. They had read my name in the newspaper, I agreed to the interview. I organized coaching from our press office, as the TV people were from that hard hitting investigative show, and I didn't want to be caught in the middle. I was really careful not to make any too harsh comments. They have not yet broadcast it, so I don't know if I am going to look good or bad.

In the meantime Sobig has come back to haunt us, now in its F incarnation. The press office sent the local TV people straight to me when they inquired about a person to talk to regarding Sobig.

As you can see in the screenshot, I am the IT expert now. I picked that profession after the TV people told me that "Systemmanager" was way too complex and the press office people insisted, that "Security Specialist" was going to cause trouble with the folks from CS or central IT Security. Just in case you ever wondered how you become an expert.

I guess I just had my 15 minutes of fame :-).

I have known it for a about a year. SciFi has not renewed its commitment to Farscape which essentially meant the end of the show. I am sure none of the folks at SciFi who made these decisions had watched the show. How else could it be that they killed the single most captivating, intelligent, humorous, sexy, thrilling, emotional and realistic sci-fi show ever conceived. Almost every episode I watched left me tingling all over, ideally wondering how they were able to come up with these great episodes over and over again.

It's almost a year since the cancellation, the Farscape fan-base still seems to be going strong at (www.savefarscape.co ...) plotting away on a strategy to get the show back on the air. Never loose hope.

Today I also went to the website of SciFi wondering what they were doing regarding Farscape. And indeed, they have this page "Farscape Memories" with articles from different actors remembering their time shooting the series. What hypocrisy first they pull the plug on the show and then they act all bleary eyed.

If I was rich, I mean real rich, I would just order a few more years of Farscape from the Creature Shop ... I guess I should not have gone into OpenSource, but rather have turned commercial at an early age, sucking in big bucks during the Internet Bubble then I could do more than keeping my fingers crossed for another network picking up the show again.

The other night I went to see "Wilbur wants to kill himself" (xrl.us ...) a movie about a guy, his brother, a women kid living in some Scottish town. The guy has a book shop, falls in love with the women and the brother tried to kill himself. The movie is by Lone Scherfig a Danish writer/director who was quite successful with the movie Italian for Beginners. I loved the story and the acting and above all the Scottish accent.

The strangest thing happened to me a few minutes into the film. When Alice (the women) entered the scene for the first time. She looks exactly like a friend of mine. I am quite sure it was not here, because she does not speak with a Scottish accent, and she is not an actress. Never the less I kept comparing her and Alice all through out the film. How would she act in a similar situation? And just to make it more complex, Alice is just a role, played by Shirley Henderson (xrl.us ...) but written by Sherfig, so how can it have any bearing on my friends behavior, or do looks influence how people behave, did Sherfig write the part of Alice for Shirley? Are Alice and my friend twins separated a birth?

Well it was a wired experience, but definitely a great movie. Go watch it!

I admit, I am a soap opera junkie. I just love watching them. My current favorite is The West Wing written by Aaron Sorkin (en2.wikipedia.org ...). Tonight I made it through the final episode of the first season. This time the outlook is great, as the show is till running in the US, now in its fifth season.

The West Wing is about people working in the White House for the President. It's also about the President himself. President Bartlet, played by Martin Sheen is a liberal Democrats dream. What a contrast to the current reality. An American friend told me recently that she finds it rather disturbing to watch the show, seeing what the reality could also be. Michael Moor even nominates Bartlet for President, along with Oprah in his latest book.

I am watching the West Wing on DVD, there was also the 15 minutes Making Of feature on one of the disk. There the actors talk about their parts and some bits of the sets are shown. Hearing the actors talk was odd. They were so different from the roles they play in the show. Not only did they talk differently, but also their body language was altered. I have never noticed something like this before in such a show. The characters in the West Wing make a very authentic impression on me, much more than the actors themselves actually. At least as far as the story line and the dialogs are concerned this has to be credited to Aaron Sorkin. Maybe Michael Moor should be nominating Aron Sorkin along with Oprah and Bartlet, someone has to write their lines after all.

A Talk by Urs Hölzel, Vice President for Technology,

About Google

Mission: TO organize the worlds information and make it universally accessible and useful,

An international company: 250% traffic from outside US

Engine has 4 Billion pages in index

Profitable since q1/2001

23 Office Location Worldwide.

15k boxes, several TB disk storage

There are over 1000 queries a seconds on dec 25th, 2am.

Engineering Offices in the US, Zurich and Bangalore

About the Web

Static web 167 TB in 11 Giga Pages, but dynamic websize 92 PB. (Estimates)

1 in 4 hosts on the net run a webserver.

Problem: All data, users, hosts grow exponentially. This means the problem of finding useful information grows exponentially too which makes for interesting problems.

Google Infrastructure

A high reliable system based on low cost comodity hardware. Redundancy has to be built into the software and hardware. Monitoring, repair and maintain these boxes is a prime problem.

The Google Filesystem GFS

Stripe files across many boxes and replicate them on multiple servers.

Components: Master - keeps directory and plans file layout, ChunkServer - hold the data. Clients - use the data. (Chunksize is 64 MB. Data is cached on client once retrieved. SOSP'03 (www.cs.rochester.edu ...) )

10+ Clusters of 1000+ boxes.

350 TB Filesystem

How to be a Search Engine

Crawling: Recursive Process. Problem: dynamic pages, slow servers, management of the link list, session ids in the URL, how to prioritize the URLs, being nice to the web servers, detection of duplicates, avoiding traps, actively fill forms to pull "hidden" contents, figure out when the page needs to be re-crawled.

Indexing: Words by document and position in the document. One Terra Words in the index.

Ranking: Hard problem. All traditional assumptions on searching like long, coherent, high quality documents are not valid for web documents. Googles idea is to define a PageRank for figuring the importance of the page. The PageRank of a page is the sum of PageRanks of other pages pointing to this page. A page contributes its PageRank divided by number of out-links to each of its target pages. In reality it is more complex. Google has about 100 factors in its real PageRank function like font size, color, proximity to other words.

Serving: Partition the data to different servers and have each solve a sub problem of each query. Query goes to Google Webserver, it queries Index Farm, accesses the Doc Farm for the real data. Additional services from Add Server and Spelling Server. IEEE Micro, 2003 has more on the structure (www.computer.org ...) .

Advertising: Find the best add, relevant to the query. This is a very important problem as this is the main source of revenue. Only show an add which has a chance to be clicked on, if the click-through is low, the add will be dropped. Advertisers only pay for adds actually clicked.

Google Playground

There is lots of data and computing infrastructure at Google. Google pays people who spend their time on figuring new ways to analyze and present this data: (labs.google.co ...)

In the good old times, when men were still men and computer virus writers were still technically brilliant hackers. Viruses used the uncountable holes in Microsofts ubiquitous Outlook eMail software to spread.

But even then, generally the rule was simple. If you don't want to be infected, don't run any code you don't know where it's coming from. If you have Outlook, make sure it's patched and properly configured. In Unix circles, people made fun of the whole situation by sending out mails which claimed to be a solidarity Virus, calling upon the Unix User to copy this mail to all addresses in his address book, to emulate a virus, as a gesture of solidarity with the Windows crowd.

Now, a few years later, Outlook has matured to the point that there have been no major holes for months. Never the less, eMail viruses still crop up and spread. Virus writer started to attack the users mind directly, by writing messages into the body of the virus email with the purpose of confusing the user into clicking the virus attachment, forgetting all the good advice they got. Fortunately the anti-virus software gets updated so quickly, that viruses are normally contained quickly.

Today though, mark the date, the whole matter entered an all new stage. I got the first virus which was contained in a password protected zip file. The password was contained in the accompanying email, so it is easy for a human to unpack, but anti virus software has no chance as it can not decrypt the zip file containing the virus. As a concept this sounds fine, but what totally kills me is that it seems to work. Since this morning, I get an increasing number of encrypted zip file viruses. There must actually be people who get this virus, unzip it using the supplied password and then run the thing in order to get infected.

I wonder how many people would hang themselves if they got a rope in the mail. Warden make sure all the cells are locked.

by Ralf Hildebrandt

How to use Postfix as a crude but cheap filter against spam in front of the more complex filters like spamassassin.

Sources of Spam

An important source of spam these days are miss-configured web proxies which proxy to smtp ports as well and let outsiders connect.

Protection

Use RBL lists for open-proxies, open-relays,

Reject mail from faked sender address (see below).

Insist on RFC conformance (this can make you loose lots of real mail to as there are many missconfigured normal mailservers.

Content Filters: Altermime, SpamAssassin

On Postfix

Use the snapshot version of Postfix as it is realy stable and has all the latest features.

Use a cashing nameserver to speed-up dns lookups.

By default postfix is configured to only accept mail from your local network for external destinations. This has no influence on spam though.

Be careful choosing RBLs because there are many badly maintained blacklists out there. Blacklist must have clear criteria and a delisting procedure.

postmaster@yourdomain and abuse@yourdomain must accept all mail this must be explicitly listed in smtpd_recipient_restrictions.

A good RBL list cbl.abusenet.org recomended by Ralf.

When you are using RBLs make sure that you can quickly add exceptions to your system.

Rejecting mail to unknown users at the smtpd stage is very efficient as it first saves traffic and it also saves you from sending bounces.

Postfix can use various directory services to figure out which users exist. Postfix 2.1 will even cache answers

Use right hand sender black lists may also help. But be care full. Look at =dsn.rfc-ignorant.org, postmaster.rfc-ignorant.org, abuse.rfc-ignorant.org, whois.rfc-ignorant.org=.

RBL/RHSBL are expensive because of all the DNS lookups. Perform them as late in the restrictions list after the cheep mails.

Sender address verification

Check if the sender is either a known valid or can be verified to be valid. Postfix has special support for this as it can send test messages to the sending host. The sender will not notice this as postfix only starts sending mail but aborts before giving any message body.

Make sure you are really careful as this can cause you to loose mail from people who are not able to correctly spell their sender. One option is to apply these sender check restrictions only to suspected domains.

by Patrick Koetter

How to support mobile users to use your server as a mail relay. IP based restrictions do not work as the mobile users will have random IP addresses.

SMTP AUTH

Using Cyrus SASL2 and OpenSSL together with Postfix. You can configure postfix such that it allows relaying access for users who are properly authenticated. Most mail clients support snmtp authentication.

The problematic thing is to properly configure SASL. Get the CVS version as it is less buggy then the official 2.1.17, it even has some minimal documentation.

SASL configuration is governed by a config file called the same as the program using the sasl library. In our case this is smtpd.conf.

If you use SASL with plaintext passwords, make sure it only allows AUTH when TLS is in operation.

Check out Patricks howto on this (postfix.state-of-mind.de ...)

Certificate based Relaying

For people running mobile Unix it is possible to setup a local mailserver which just forwards all mail to the official mailserver of your site. By configuring the postfix smtp daemon to use TLS on the client, and you store the clients cert on the server. Now configure the server to ask clients for a certificate when they connect. If a client submits a vlid (known) certificate it will be allowed to relay even if it has an ip number outside the local network.

The cool thing about this is, that now any program on the mobile unix client can send mail via the local mail server to the company mailserver without further problem.