I’m not going to say much on this topic, except that I think software patents should die. However, Charlie Nutter—a fellow that I met at one of Python conferences—has quite a bit to say, and it’s an interesting viewpoint considering that he worked at Sun for a while helping to move along the JRuby implementation. He’s incredibly smart, and did a good job of summarizing the patents that Oracle is claiming Google violated with Android. So I’m just going to point you there for the details: http://blog.headius.com/2010/08/my-thoughts-on-oracle-v-google.html

I joined the ACM about a year and a half ago, and they started sending me their equivalent of the IEEE Spectrum—called Communications of the ACM. For anyone that knows me, I’ve been quite vocal about the clear problem regarding multithreaded programming, and many of the issues that come with it. One area in particular is that the threading model is really the assembly language of concurrency and parallelism. It’s far too low low-level to constantly be thinking about. We need higher level constructions, but anything we do with the current languages is really insufficient. I’ve long felt the best way to approach this problem is from a language perspective, where the model can be completely different (Erlang, Scala, and Clojure are all examples of what can be done).

This month in the Communications of the ACM, there is a great article that goes into much more depth it all: Memory Models: A Case for Rethinking Parallel Languages and Hardware. It was a great read, and went into the nitty-gritty about where the problems are, the choices we can make, and even provided general direction for the future. If you’ve felt that multi-threaded programming was hard, but couldn’t lay your finger on why, read the article. If you want to understand how some of your current languages really work, and the trade-offs they made—or didn’t make… I’m looking at you C and C++—to deal with parallelism and concurrency, read the article. This stuff is really near and dear to my heart because I see the results of having no memory model. I’ve painfully debugged numerous threading-related issues, and know how the hardware and compiler can work against you in this context.

Over the past several years, I’ve slowly been learning the tools of the language trade. Partly because I’ve always been fascinated by languages and compilers, and partly because I’d like to help contribute to a solution to this problem one day. I think parallelism and concurrency are both to hard to think about with our current tools, and we need better support for doing the things programmers need to do every day. Computing has come a long way, and to a youngish person like myself, often feels as old as math. But when you get down to it, computer science is still extremely young. It really shows when you start talking about dealing with parallelism. We’ve only begun to explore the possibilities. It’ll be amazing to see how this field changes in the next 20 years.

While your on CACM’s website, check out An Interview With Edsger W. Dijkstra, one of the greatest influences on computer science. And take a look at The Singularity System, an article on Microsoft’s Singularity project. Singularity is one of the more interesting projects I’ve seen when it comes to advancing operating systems.

In a previous post, I spoke at length how to get started using bzr-svn as a client against a Subversion repository. After another 8 months of using it, I have a few more thoughts I’d like to share.

A word of warning: much of this is about the negatives of using Bazaar against a Subversion repository. I’d like to be clear on a couple of points.

The issues raised are born out of the differences between Bazaar and Subversion. Bazaar is not Subversion. Bazaar made different choices about it’s model for version control, and bzr-svn does it’s best to bridge the gap.

I’d also like to take a moment, and say that these issues in no way reflects on bzr-svn’s author, Jelmer Vernooij. Jelmer has been extremely responsive to my inquires, quick to react to any branches I’ve proposed, and generous with his time and knowledge. I personally believe Jelmer is a fantastic programmer, and his prolific contributions to many open source projects is nothing less than astounding—I really don’t know how he finds the time.

Continue reading bzr-svn, round 2

Let me start off by saying that I started using a Mac several years ago because I finally reached a tipping point. I knew I wanted to get more into photography and have access to things like Lightroom and Photoshop. I was also getting tired of administering my box (although I’m happy that Ubuntu is largely making that practice disappear for the average user). I want to write code, do photography, and still participate in the business world without worrying about whether my OpenOffice document is going to render correctly.

So I made the switch (please don’t flame me, I still use Linux quite a bit, and that will never change). Since the change, I’ve not had to spend much time trying to configure my system. Everything largely Just Works.

That is, until you want to setup a VPN connection.

On the other end of the connection is a Safe@Office product. It claims to support a generic L2TP client, and until recently, I didn’t really believe that. I’ve tried to use Apple’s built-in client several times in the past, and no dice. It would connect, but I couldn’t do shit. I finally sat down to figure it out the other day because I’ve grown tired of IPSecuritas.

Turns out my problem boiled down to routing. I left the “Route all my data through the VPN” box unchecked (because that’s just ridiculous), and what I ended up with was an extra default route to the VPN gateway via the VPN tunnel and another route to the VPN gateway via my normal internet connection. The problem is that the assigned IP address (from the VPN) is not on the company’s subnet. What I needed was an extra route to say route those IP addresses over the VPN link. But I only need this when the VPN is active.

Easier said than done.

So, I confess, I’m not terribly knowledgeable about all the services that underly Mac OS X. I don’t really want to be that knowledgeable about them—that’s the appeal. To someone else out there, this may be common knowledge, but it took me a while to find the answer.

As I mentioned before, what I really needed was to set this route up when my VPN connection comes online. It turns out that this is entirely possible. When you establish your connection, there’s a service called pppd that is used to help tunnel traffic over your new IPSEC connection. If you check out the man page for it (man pppd from the command line), and scroll through 40 pages of options, you’ll find that it will invoke a script called /etc/ppp/ip-up when the connection comes up, and one called /etc/ppp/ip-down when the connection comes down. Further more, it will look in /etc/ppp/peers/ConnectionName for additional options.

Sweet!

So, reading a little more, /etc/ppp/ip-up is executed with several parameters:

interface-name tty-device speed local-IP-address remote-IP-address ipparam

interface-name is the name of the ppp interface that has been established. In my case, it’s ppp0. tty-device is the name of the device used to help establish the connection (think modem or serial port). That doesn’t apply here, so it’s just an empty string. speed is the speed the tty-device is running at, but we don’t have one. So, the speed is 0. The local-IP-address is the IP address it used for the local side of the connection. Unless you tell it otherwise, it’s the first primary ip address of your machine. The remote-IP-address is where it gets interesting. That’s the address of you on the other side of the tunnel. It’s also the one that doesn’t map into my company’s subnet, necessitating the additional route. Finally, there is ipparam. Turns out, there is an option called ipparam that can be used to control the value of this field. Awesome.

On the routing side, I need to add a route that goes to the company’s subnet, but forces it to do so over the tunnel. Mac’s route command is pretty similar to Linux’s, so after taking a look at the man page for route, I came up with the following command to add the route:

route -n add -net $NET -interface $IFNAME

$IFNAME is actually set by pppd when it calls /etc/ppp/ip-up and /etc/ppp/ip-down. It’s also the first parameter to the script, but I like using names. To delete it is just the opposite:

route -n delete -net $NET -interface $IFNAME

Were almost there.

Before I show you all the steps, let me say that the below steps only work for Snow Leopard. Turns out Apple broke this facility in Leopard, and it doesn’t appear to have ever been fixed (grrr).

Step 1: Create the VPN connection

I won’t walk through the details here. I created a new VPN connection called “Work” that uses L2TP. I also clicked the authentication button to and added my preshared key, and my password for the connection. On the Safe@Office side, you need to make sure you have enabled L2TP clients and set the preshared key. You also need to make sure you set up a user who is capable of using the VPN. This is fairly well documented online and in the manual, so I won’t repeat that here.

Step 2: Create an option file for the connection

My company, like most, uses the 10.0.0.0 class A subnet. I want to pass this as the ipparam to /etc/ppp/ip-up. Also, I called my connection “Work”. You might want to call yours something else, so translate accordingly. Here’s how to do it:

> sudo mkdir /etc/ppp/peers
> echo ipparam 10 | sudo tee /etc/ppp/peers/Work

This creates a file called /etc/ppp/peers/Work that contains a single line:

ipparam 10

Step 3: Create the ip-up and ip-down scripts

Next, I created the /etc/ppp/ip-up script with the following content:

#!/bin/bash

# This is the ipparam that we set in /etc/ppp/peers/Work
MYNET=$6

/sbin/route -n add -net $MYNET -interface $IFNAME >> /var/log/ppp.log 2>&1

And, the /etc/ppp/ip-down script:

#!/bin/bash

# This is the ipparam that we set in /etc/ppp/peers/Work
MYNET=$6

/sbin/route -n delete -net $MYNET -interface $IFNAME >> /var/log/ppp.log 2>&1

Remember to:

> sudo chmod a+x /etc/ppp/ip-up /etc/ppp/ip-down

That will make the files executable.

Step 4: Try it out!

Now when you connect to your VPN, it should add the necessary route and delete it when the connection goes down. If you’re having trouble, it’s likely because your network layout is different. Talk to the appropriate admin and get advice on what it should be from them.

Good luck!

C’mon on Apple! Really? Knswledgable?

I’ve been meaning to look at this, but haven’t had the time until recently. bzr-keychain provides the ability to save your credentials into Mac OS X’s keychain. The trick is getting it in there in the first place.

Step 1: Get bzr-keychain

It’s simple:

cd ~/.bazaar/plugins
bzr branch lp:bzr-keychain keychain

Since this plugin requires a C extension module to access the keychain, you also need to run the following from ~/.bazaar/plugins/keychain:

python setup.by build_ext --inplace

Step 2: Mark up authentication.conf

We need to communicate to bzr that we want to look up a password for a server from the keychain. That means adding a section like this to ~/.bazaar/authentication.conf.

[Example]
scheme = http
host = bzr.example.com
password_encoding = keychain

The section header can be anything you want. The import bits are picking the scheme, specifying the host, and setting the password encoding to keychain. The last bit is what tells bzr to lookup the password from Mac’s keychain. Note that my scheme is “http” even though I’m using bzr+http, because the underlying transport is “http”. If you want to know more about the various, look at bzr help authentication.

Step 3: Add your password to your keychain

I won’t go into detail about how you should set up your various keychains. Dave Dribin has a great article on setting up your keychain. If you don’t follow that guide, simply add the password to your login keychain.

Launch the Keychain Access application in Applications/Utilities. Pick the keychain you want to add the item too. For me, I’ve setup a special one called “secure” as in the article above.

Next, you need to create the keychain item. There’s + at the bottom of the right hand pane. Click it to create a new keychain item.

Name it as follows:

<scheme://host:port> realm

In my case, I named my keychain item:

<http://bzr.example.com:80> private area

Here’s what the dialog looks like all filled out:

And here’s my main screen after I’ve added the new item:

Step 4: Try it out

Go ahead and try to pull from the server. Keychain will ask if Bazaar is allowed to access that particular entry. Grant it access and you’re done!

Hope you found this helpful!

I guess I should just start a photography section on this site. :-) At any rate, I was looking over some pictures of the last year, and figured I’d share some. I feel like I’ve come a long way, but still have some big strides I need to make. This last year has been great for my photography. I’m still using my 50mm f/1.8… I just can’t decide what lens to get, or if I should invest my dollars in lighting, a better tripod, or something else. So, I’ll keep on trudging along until I figure it out. :-) What I have figured out is:

• I love taking photos of kids. When you catch them engrossed in something, they have such an intense look of wonder. And when they’re cranky, it shows too. :-)

• I really want to do more with lighting. In particular, I really like cinematic lighting… but I have no idea where to start.

• I need to find a better way to organize my photos. My current way is haphazard at best (at least they’re all in Lightroom though!).

• I need to either get on the DNG bandwagon or get off. I’m currently bringing in photos as DNG, and up until recently, was also embedding the RAW file in there too. It’s way too much room. I’m currently running around 140GB for about 11,000 pictures.

With that, here are some of my favorite photos over the last several months: