I've been fiddling with OpenSolaris lately, and one obviously require package is dearly missed: Emacs. I tried to compile it myself, but couldn't get "configure" to pass, so I decided to look around for alternatives. It turns out SunFreeware has a prebuilt Emacs package, somewhat suitable for OpenSolaris. So, not knowing anything about the IPS system, I fumbled around a bit, until I figured out that the following commands added this repository (or authority I think it's called):

% pfexec pkg image-create -F -a sunfreeware.com=http://pkg.sunfreeware.com:9000 /var/sunfreeware
% pfexec pkg set-authority -O http://pkg.sunfreeware.com:9000 sunfreeware.com
% pfexec pkg refresh --full
# Now I can run
% pfexec pkg search -r emacs
% pfexec pkg install pkg://IPSFWemacs   # Copied from above search results

This version of emacs is a bit old (21.x), and it doesn't seem to work when started with an X11 window. But at least I don't have to suffer with vi any more.

Update: I made an OpenSolaris package with Emacs v22.2 for x86, which has both X11 support (emacs) and a non-X11 version (emacs-nox). The tar ball with the package is available on my FTP site. This might be a usable alternative of Emacs until the official OpenSolaris IPS adds an emacs package.

To my major disappointment, Yahoo just told me (less than a month before my domain is up for renewal) that they are increasing their prices for domain registration from $9.95/yr (I think) to a whopping $34.95/yr. Fortunately my ISP / hosted server provider (Cari.net) handles domain transfers very nicely, and at a reasonable price ($12/yr). Maybe not the cheapest alternative, but certainly better than $34.95.

I've been fiddling around with various virtualization systems, including VMWare, Fusion, Xen, Qemu, KVM and now lately, VirtualBox. To my surprise, there's virtually no (pun intended) difference running it natively on FC9, or under either VM (Ubuntu). It's possible Ubuntu is just "faster" than FC9 since some VM tests were actually faster, so maybe I really ought to run this test with an FC9 VM instead. Also, there's very little, if any, difference between VirtualBox and KVM performance (which is good, because I like VirtualBox a heck of a lot more). I ran the VirtualBox benchmarks both with, and without, VT-x support, VT-x seemed marginally faster, although it's probably not statistically "safe".

Here are the numbers:

The Bonnie++ I/O benchmarks are equally impressive for VirtualBox, most tests are as fast as the host OS (or faster ...).

On top of being very fast, VirtualBox is also the easiest to use free virtualization software I've tried, so far. It even supports PulseAudio as an audio driver! This feature alone makes it very attractive, since my FC9 host system is completely migrated to PulseAudio, and now my virtual machines now seamlessly supports sound as well.

I'll blog more about PulseAudio as I learn more, but it's a really neat little package. I really hope it'll clear up the Audio mess that is currently in Linux/Gnome/KDE. This could be the sound server to control it all.

I like to read various web articles on my laptop while I'm traveling, and often there's no network available (like, in the air..). I found this little service that someone in the UK setup, which lets you convert any HTML page to PDF. The URL is http://www.htm2pdf.co.uk/, and I can highly recommend it, it's an easy to use tool to make sure you have enough reading material available even when you are offline.

And I know, there are other ways of doing this conversion, but the service above is so far the easiest to use that I've found. There are also web service APIs available, which are not free, so I haven't had a chance to try them.

I was recently talking to a friend of mine, that had to go through all sorts of hoops setting up a socket policy file server for his Adobe Flash content. This is a weird beast, which does not use HTTP for some unknown reason. Adobe provides some very simple server examples, which they say are not "production quality", and I'd have to say I agree. So, I whipped up a simple Perl server using the POE framework, and with a little help from Rocco, I think it's a pretty decent implementation. It doesn't do any logging or anything fancy like that, but if anyone is interested, I could certainly add that (or anything else that might be useful). The little perl script can be found here ftp://ftp.ogre.com/pub/leif/perl/policy_server.pl .

For more information on this new "protocol", see http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html . There are several example implementations there, as well as full explanation on how and why the policy files are important.

Feedback and comments is welcome.

I upgraded my dev box to Fedora Core 9 yesterday, which mostly worked well (except, it botched the grub boot loader, and failed to upgrade ~4GB's worth of FC6 packages). Most things went well, except the migration to PulseAudio. It ended up starting in a "broken" state, and then Gnome gets really unhappy (including any Gnome apps). Looking in syslog, I'd see

May 18 22:57:05 loki pulseaudio[2733]: main.c: Called SUID root and real-time/high-priority scheduling was
requested in the configuration. However, we lack the necessary priviliges:
May 18 22:57:05 loki pulseaudio[2733]: main.c: We are not in group 'pulse-rt' and PolicyKit refuse to grant us
priviliges. Dropping SUID again.

Adding my user to the pulse-rt group seems to have fixed this particular problem, so things are happy again. Getting Firefox and Flash to work was a whole different story, doing a number of web searches, a few suggestions to use libflashsupport. However, digging deeper, setting the environment variable FIREFOX_DSP also does the trick. E.g. something like this in your firefox startup script:

export FIREFOX_DSP="aoss"

Our friend Andy Ihnatko was in town last week, and we met up at the Pancacke House in Boulder. Geeks as they are, Michelle and Andy started taking photos of each other, turned out to be a pretty cool picture:

I've been painfully aware of the threat to our oceans for a while now, but I know how badly we're killing off our diminishing shark population. 100 million sharks are killed each year, primarily for shark finning only. This has a devastating effect on the entire ecosystem in the ocean, on the scale of global warming, or worse! Not to mention the insane cruelty and wasteful hunting of these mostly harmless animals. I'd swim with a school of sharks any day (in fact, I have), but I would never consider walking with a pack of lions, or go near a grizzly.

I just finished watching the documentary Sharkwater, and if you haven't seen it yet, please watch it. It's sad, scary, and quite eye opening. We're destroying the oceans, and it's happening fast. More information about the film, and the danger to the shark populations and the oceans at [http://www.sharkwater.com/ sharkwater.com]. Please help, write about it in your blogs, tell your friends, get active! I've started a new "section" on my site, to start collecting information and links about this issue. See http://www.ogre.com/sharks/ .

For some reason, my boxes seem to get a lot of login / hacking attempts to them. For a long time now, I've deployed an iptables filter that blocks a lot of these attempts. They still keep trying, even though they only get a few attempts per IP. Maybe I'm sticking out my head too much here, showing what my filters are, but I figured that someone else might find this useful. And besides, if knowing my filters makes me more vulnerable, then I rather find out about it.

So, here it is (well, the parts of it that blocks login attempts):

-A INPUT -p tcp -m tcp --dport 22 -m state --state new -m limit --limit 10/hour --limit-burst 4 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 22 -j LOG --log-prefix "IPTABLES SSH-LIMIT: "
-A INPUT -m tcp -p tcp --dport 22 -j DROP

-A INPUT -p tcp -m tcp --dport 21 -m state --state new -m limit --limit 10/hour --limit-burst 4 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 21 -j LOG --log-prefix "IPTABLES FTP-LIMIT: "
-A INPUT -m tcp -p tcp --dport 21 -j DROP

Be careful to not lock yourself out. If you need to go over these limits from a particular IP, whitelist it first with a rule to always grant access.

During my upgrades to the new system, I installed a new (latest) version of Cyrus IMAP. This version has support for "global" Sieve scripts, which can be :include'ed by user scripts. My old configuration for imapd.conf has user "leif" marked as an admin, which has never been a problem. But, in this new version of Cyrus and Sieve, if an "admin" user uploads/modifies a Sieve script using sieveshell, they get stored in the "global" area. This certainly makes sense, but took me quite a while to figure out. The solution, of course, was to not have user "leif" be marked as an admin.