26/03/2006

mind hacking

this is a review of two o'reilly books from their hacks series which are both basically about the same thing, although the subject is approached in two different ways. they are 'mind hacks' and 'mind performance hacks', the former published back in early 2005 and the other just last month, in february 2006.

the books have very similar titles and are difficult to judge by their covers alone. in fact, MH ('mind hacks') is not a typical hacks book at all. instead of being filled with useful tricks and ideas to improve and enhance the way you work with your mind, it is more of a description of the hacks that are employed by your brain and your mind to make you work. it gives an introduction to the neural machinery behind your mind, with lots of facts and details about cognitive- and neuroscience. it uses these to explain perception, thinking, cognition, optical illusions and other aspects and artifacts of consciousness. this is in essence a hardware manual, showing why and how your mind does what it does, without explaining how to do any of it better.

MPH ('mind performance hacks' - i will refer to the books by their abbreviated titles in the rest of this review) on the other hand is a software users guide. it gives many tricks, or what you would recognize as hacks that you can use to accomplish mental tasks quicker, better and more efficiently. it covers memorization, computation or calculation, organization, creativity, communication and general efficiency. these are all presented in a very practical way, with examples illustrating situations where the hacks can be used with complete instructions for you to follow. they are not rote copying tasks, though, but mostly conceptual tools that should become part of an overall mental toolbox to be used whenever you need to think quickly and efficiently.

both books score well on references and citations for further reading, giving you pointers to all the material you will need to study each concept in much more detail - scientific papers, journal and newspaper or magazine articles, books and websites. there are also excellent websites associated with the books, written by their authors, a mind hacks blog and the mentat wiki for MPH. as o'reilly books, they both have excellent indexes, and there are also some good sample hacks available as pdf downloads from the publisher.

i suspect that many people will have bought the first book hoping that the contents are similar to those of the second, and at the time the second book did not exist, making MH the best book available. however, now that MPH is available it occupies the space that most readers would associate with a hacks series book dealing with the mind in a practical sense, and the title is certainly relevant since all the hacks are about increasing your mental performance, or overclocking your brain.

MH covers a lot of ground, and is a useful jumping-off point for people who want to learn how their mind and brain work. it starts off with a description of the brain, and the methods used by neuroscientists to explore and map the physical structure and activity, such as MRI and PET scanning and EEG readers. there are sections on each of the senses, showing how we perceive things and how we can be tricked by simple illusions. many of the hacks are actually tricks or demonstrations that show off these mechanisms, and can usually be performed while reading the book. they are, however, solely intended to illustrate these points, and most cannot be used for anything else, except to prove that your brain works in the same way as everyone else's!

i did find that i could just dip into the book at random and find something interesting to read, and because it is very well researched, i could always lose myself for hours following up the references and end-notes given for each hack. i definitely enjoyed reading this, and it will appeal to anyone who is interested in or thinking about studying cognitive science, psychology or neuroscience, although it will not turn you into a brain surgeon overnight. i don't think MH really fits into the hacks series, but does make a good and easy to read reference book for the casual reader.

title / mind hacks

author / tom stafford and matt webb

price / gbp 17.50 / eur 22.00 / usd 24.95

pages / 394

isbn / 0-596-00779-5

published / november 2004

an excellent introductory reference to cognitive science and the mind, masquerading as a book of practical tips and tools.



three out of five cats preferred mind hacks


MPH, on the other hand, definitely fits the mould. it is an entirely practical text, and is still easy to dip into. if you want to try and get the most out of your brain, and become a better thinker, this will help you. you won't be able to absorb many of the hacks at first reading, since a lot of them require memorisation or rote learning of techniques, or repeated practice until you can get them just right. i found that it helped to skim through the book, reading the hacks that looked interesting, and noting down those that seemed useful. the book recommends creating a 'mental toolkit' and you should bear this in mind, thinking about where you need to strengthen yourself mentally, and focus on the topics that relate to those areas. once you have noted down the hacks that you want to try and implement, you can then go back over them and read them carefully, one at a time, looking up the end-notes and references.

to get the full benefit of the book will, i think, require a long time, possibly several months, since the hacks often require you to commit to a certain way of doing something that you will need to dedicate time to practice each day. i think of it as a mental exercise program, with the long-term goal of getting mentally fit. this means drawing up a schedule of exercises and routines to go through on a daily or weekly basis, much the same as physical exercise. certainly, there are some hacks that can be understood instantly, with immediate effect, but most are long-term habit and routine changing, and will require (and repay) dedication and perseverance.

MPH is split into several sections: memory, information processing, creativity, maths, decision making, communication, clarity and mental fitness. each of these focusses on a single area, but often gives several different methods for each type of task. different people work best in different ways, and this allows you to choose the hack that best suits your type of personality and use it to its full effectiveness, and there is usually guidance on deciding between these multiple choices if you are unsure.

the topics i am most interested in and will be trying to implement are the memory and mnemonics, shorthand writing, techniques for recording ideas and information, creativity tools and mental fitness and clarity techniques. i will go over these briefly, but the first section of the book is illustrative of the style and content as a whole, and is a good example to go over in detail.

this section contains twelve hacks related to memory. the first is one that i was aware of already - the rhyming method for remembering ten things to take with you when leaving your house. this involves a rhyming list of words relating to the numbers one to ten. each word is then associated with a vivid picture to remind you of an object. you can then go through the ten rhymes easily, bringing the pictures into your head and thus remembering the items. for example one rhymes with gun and i picture firing a gun-toting cowboy with an enormous, oversized stetson hat, thus reminding me to pick up my own hat. this system is only really extensible to ten, and maybe a few more, items. the system i am currently trying to learn for larger lists is the hotel dominic system. this allows ten thousand pieces of information to be stored and recalled instantly. the details are complex, but the operation of the system is simple, and i hope it will be able to supplement my usually pretty flaky memory.

another technique that i am trying to work into my everyday routine is hack number fourteen - write faster with speedwords which is an alternative to shorthand systems like pitman. traditional shorthand has the drawback of using special symbols and cannot be entered into a computer or pda. this system uses only lowercase letters, and is standardized so cannot be misinterpreted like txt abbrv style writing. there is a list of single, two and three letter combinations, along with the words they represent which must be learned, and then they can be used in place of the full spelling. the abbreviations have mnemonic-style notes to aid memorization, often based on another language or a homophone. a useful extension of this hack would be to use the features of some text editors and word processors that allow expansion of arbitrary strings into full words and phrases, greatly speeding up typing.

the sections on creativity and clarity contain many hacks that seem rather 'fluffy' at first glance, however changing the way you think about something and deliberately doing things according to some plan that seems unnatural to you is often a good way to stimulate your mind, and get you thinking along paths that would not otherwise be available. there are a lot of well respected ideas presented, including brian eno's oblique strategies and edward de bono's po which have helped many people generate brilliant ideas. i would encourage trying these hacks out, even if they seem silly, since you will never know if they are helpful until you put in the effort and try. something that i have problems with is stage fright, and hack fifty four gives some interesting ideas on how to use this to your own advantage, which i will try to remember for the next time i have to speak in public.

the last section on mental fitness is a good example of the routine-changing advice given in the book. it suggests many ways of keeping your mind active and heathy, from the obvious, such as playing board games, to the less obvious (eating and sleeping properly) and also explains the mental toolbox concept, which is one of the central themes. the previous chapter, on clarity also contains some intriguing ideas. hack sixty suggests meditation as a way to clear and focus the mind, which i have never really tried before, but would like to learn more about. also, hack sixty one talks about self hypnosis which i am skeptical of, but will also investigate.

one thing about MPH that will particularly appeal to hackers is the code snippets provided. the book contains several short perl programs to illustrate or implement the hacks. these are usually for generating randomness, but there are some innovative programs and the source is freely downloadable from the publisher. there are also pointers to applications (commercial, free and shareware) that can augment some of the hacks, although they are never necessary to use the book. the software is biased towards macintosh os x, however the scripts should work on any operating system that has a perl interpreter.

overall, MPH is an excellent resource, particularly if you feel you might be stagnating mentally, or are suffering from lack of mental stimulation after finishing university or leaving an interesting job. if you put in the time and effort to develop your mental toolkit, MPH will help you keep it up to date and working. i don't recommend all of the hacks to everyone (for instance, not all readers will have the time or patience to learn esperanto!) but picking and choosing what hacks seem right for you, and starting off with something achievable should produce obvious results. treat the book as a do it yourself guidebook combined with an exercise program and you will get the most out of it.

title / mind performance hacks

author / ron hale-evans

price / gbp 17.50 / eur 22.00 / usd 24.99

pages / 330

isbn / 0-596-10153-8

published / february 2006

a great selection of mind expanding tips and tricks that should be an essential part of your mental toolkit.



five out of five cats preferred mind performance hacks


note - i will be writing more about my experiences implementing the techniques from MPH above, and explaining which hacks i found useful, in a few months, by which time the techniques i described above should be completely natural to me.

22/03/2006

shell idiom

this is a little bit of unix shell technique that i haven't seen mentioned much. there are some really good lists of perl one-liners floating around, but there's also a lot you can do in the shell alone. this particular command is used to solve the common problem of finding all files containing a particular regular expression, and displaying them, along with the matching lines.

it uses find to get a list of files that match some criteria and then looks for the regular expression using grep. the intuitive solution, piping the file contents, or passing the file as an argument, to grep regexp won't work, because grep just outputs the matching lines, and we won't know which file they came from.

one solution would be to use xargs which accepts paramaters on stdin and executes a command with each line of input as an argument. this will run into shell command length limitations, although xargs is a handy tool for many tasks. my preferred one-line command is this one, however:

find path -type f -exec grep "regexp" {} /dev/null \;

which uses the fact that although /dev/null will never contain your pattern, since grep is looking at multiple files it will print the names of files that contain a match, at the start of each line, for example, as shown below:

$ find ~/public_html/ -type f -exec grep "^<title" {} /dev/null \;
~/public_html/index.htm: <title>index page</title>
~/public_html/test.htm: <head><title>testing</title></head>
Binary file ~/public_html/scripts/statcgi matches

16/03/2006

sun fire link roundup

here area few links that will be of interest to sun fire t2000 owners and users. first off, the sun fire fan site, which is a community of people who are participating in the try'n'buy performance evaluation program. i found this from the feh v2 blog run by the same person. several people have already looked at the crypto accelerator performance, as an https accelerator and here are raw numbers on openssl performance. several sun blogs deal with the t2000 including this one on database scalability. finally, here is some good information on throughput benchmarking with some useful graphs..

network security appliance

one of the ideas i have for testing the capabilities of the sun fire t2000 server is to build a network security appliance. this would involve utilisation of the zones feature in solaris 10. this allows full virtualisation of sevrers on one machine, along with allocation of resources, such as network ports or physical cpus, to that instance. each instance is a separate, full version of the solaris operating environment, and is indistinguishable from a complete physical machine to any processes running in it. this makes it ideal for separating security critical functions like firewalls and intrusion detection systems from each other, while still allowing them to run on one server.


network security appliance diagram

in the above diagram you can see that i intend to virtualise six instances, four firewalls, one ids sensor and a management system. the t2000 has four gigabit ethernet ports, which would be assigned to each of the four networks, while inter-machine communication and intrusion detection would all be done using the virtual internal network. it will be simple to allocate at least one cpu to each machine, and the resource pooling commands available will allow some of the virtual machines to have extra cpus allocated, perhaps the internet-facing firewall and the ids sensor. the sun bigadmin site has some useful resources on zones, including the original usenix paper describing the implementation.

the software to be installed will all be open-source packages, most of which are de-facto industry standards. i will use squid as the outgoing web proxy, snort as the network ids and use native solaris networking for the firewall rules. i will need to determine a suitable console to administer the firewalls, but sguil will be used for ids command and control.

a useful test would be to determine the line-speed that the firewalls and the ids are capable of handling without dropping any packets, and the number of simultaneous outgoing connections that the proxy will allow, while the dmz also has web traffic being sent to it from the internet. i believe that the t2000 should be a good platform for this kind of appliance, due to the one-box approach that can be taken, while not having to compromise on cpu power available. i intend to set this environment up over the next week and produce some performace figures to try and validate this claim.

15/03/2006

hardening solaris ten

my first job on booting solaris 10 on hexagon, my sun fire t2000 system, was to harden the operating system. i want to make sure that the system is not going to be offering extraneous services to passers-by on the internet (even though everything but ssh will be firewalled off.) this will have the added bonus of stopping cpu being used unnecessarily. an initial portscan using the ubiquitous nmap utility revealed the following open ports:

robot$ nmap -p1-65535 -A hexagon

Interesting ports on hexagon (10.10.10.6):
(The 65514 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet
25/tcp open smtp Sendmail 8.13.4+Sun/8.13.3
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open login Berkeley remote login service
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.4+Sun/8.13.3
898/tcp open http Solaris management console server
4045/tcp open nlockmgr 1-4 (rpc #100021)
5987/tcp open unknown
5988/tcp open unknown
7100/tcp open font-service Sun Solaris fs.auto
9010/tcp open tcpwrapped
22273/tcp open wnn6?
32771/tcp open status 1 (rpc #100024)
32772/tcp open fmproduct 1 (rpc #1073741824)
32773/tcp open rusersd 2-3 (rpc #100002)
32774/tcp open ttdbserverd 1 (rpc #100083)
32777/tcp open sometimes-rpc17?
32778/tcp open dmispd 1 (rpc #300598)
32779/tcp open snmpXdmid 1 (rpc #100249)
32795/tcp open unknown
Service Info: OSs: Solaris, Unix, SunOS

Nmap finished: 1 IP address (1 host up) scanned in 1778.040 seconds

as you can see, there's a lot of unwanted access provided there. at least ssh is there by default, but we also have telnet and rlogin, the X11 font server, as well as all those RPC services... solaris 10 manages services with the svcxsxxx utilities, and i will use them to turn off telnetd and rlogin, as follows:

root@hexagon# svcadm disable svc:/network/telnet
root@hexagon# svcadm disable svc:/network/login:rlogin
root@hexagon# svcadm disable svc:/application/x11/xfs
root@hexagon# svcadm disable svc:/network/ftp:default
root@hexagon# svcadm disable svc:/network/rpc/rusers
root@hexagon# svcadm disable svc:/network/rpc/rstat
root@hexagon# svcadm disable svc:/network/shell:default

and we can also get rid of the packages that provide telnetd itself, since it is inherently insecure, and there is always potential access via telnet to the console over the ALOM network port. first, check what packages need removed, then remove them with the pkgrm utility:

root@hexagon# pkginfo | grep -i telnet
SUNWtnetr Telnet Server Daemon (Root)
SUNWtnetc Telnet Command (client)
SUNWtnetd Telnet Server Daemon (Usr)
root@hexagon# pkgrm SUNWtnetr SUNWtnetd

hopefully, this has given you an idea of how to do all this manually. i also downloaded the sun solaris security toolkit which has a lot of useful scripts to automate the hardening process. the file you require is SUNWjass-4.2.0.pkg.tar.Z and is only 600KB. you need to be registered with sun to download anything, but this is useful anyway, since you need an id to get the latest security patches, and also to access the sun update connection site.

root@hexagon# uncompress SUNWjass-4.2.0.pkg.tar.Z
root@hexagon# tar xf SUNWjass-4.2.0.pkg.tar
root@hexagon# pkgadd -d . SUNWjass

Processing package instance <SUNWjass> from </root/install>

Solaris Security Toolkit 4.2.0(Solaris) 4.2.0
Copyright 2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Using </opt> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

Installing Solaris Security Toolkit 4.2.0 as <SUNWjass>

## Installing part 1 of 1.
/opt/SUNWjass/Audit/disable-IIim.aud
/opt/SUNWjass/Audit/disable-ab2.aud
...etc...
/opt/SUNWjass/rules.SAMPLE
/opt/SUNWjass/sysidcfg <symbolic link>
[ verifying class <none> ]

Installation of <SUNWjass> was successful.

you'll notice that the package was loaded from /root/install. this is because i modify the root user to have a different home directory. often / is a shared home directory for other system accounts and daemon user ids, and it's never a good ide to have the root .profile and other dot-files there. moving home is relatively easy though:

root@hexagon# usermod -d /root root
root@hexagon# mkdir /root
root@hexagon# chmod 700 /root
root@hexagon# mv /.[a-zA-Z0-9]* /root/

and even all the existing dot-files get copied across. the jaas security toolkit has a large number of configurable options, which are documented in the reference manual. the security blueprints collection is also a good place to look for information. to secure your solaris system with the jaas tool, execute the hardening driver using the following command:

root@hexagon# /opt/SUNWjass/bin/jass-execute -d hardening.driver |
tee jaas-hardening.log


which will lock down your system, and place a log of all output into jaas-hardening.txt. once this has completed, reboot to implement the changes. when you next login you will see that a security warning has been added:

|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|

which should be modified to comply with local legal requirements. also, the passwords for any existing users will have been expired, and a much more stringent policy is now in place. if an nmap scan is run against the system now, you will see that most ports are closed, except ssh and one other that will be investigated later:

$ nmap -p 1-65535 -A hexagon | tee entries/hexagon.ports.03.txt

Interesting ports on hexagon (10.10.10.6):
(The 65533 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
22273/tcp open wnn6?

Nmap finished: 1 IP address (1 host up) scanned in 1814.355 seconds

next, i installed some useful extra utilities, from the sun freeware site. this has lots of GNU software compiled for SPARC on solaris 10, although you may want to check out sun's offerings from the solaris 10 companion dvd. sudo is a good replavement for the standard su program, curl makes retrieval of files from the internet simple and lsof lists all files that a process has . once you have downloaded them, installstallation follows the same basic pattern. this is how i installed the SMClsof and SFWsudo packages:

root@hexagon# gunzip lsof-4.76-sol10-sparc-local.gz
root@hexagon# ln -s /usr/sfw /usr/local
root@hexagon# pkgadd -d ./lsof-4.76-sol10-sparc-local

The following packages are available:
1 SMClsof lsof
(sparc) 4.76

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

Processing package instance <SMClsof>
from </root/install/lsof-4.76-sol10-sparc-local>

lsof(sparc) 4.76
Vic Abell
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
2 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/doc
* /usr/local/man

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] n

Do you want to continue with the installation of <SMClsof> [y,n,?] y
## Checking for setuid/setgid programs.

The following files are being installed with setuid and/or setgid
permissions:
/usr/local/bin/lsof <setgid bin>

Do you want to install these as setuid/setgid files [y,n,?,q] y
## Processing package information.
## Processing system information.

Installing lsof as <SMClsof>

## Installing part 1 of 1.
/usr/local/bin/lsof
/usr/local/doc &glt;conflicting pathname not installed>
/usr/local/doc/lsof/00.README.FIRST
/usr/local/doc/lsof/00CREDITS
/usr/local/doc/lsof/00DCACHE
/usr/local/doc/lsof/00DIALECTS
/usr/local/doc/lsof/00DIST
/usr/local/doc/lsof/00FAQ
/usr/local/doc/lsof/00LSOF-L
/usr/local/doc/lsof/00MANIFEST
/usr/local/doc/lsof/00PORTING
/usr/local/doc/lsof/00QUICKSTART
/usr/local/doc/lsof/00README
/usr/local/doc/lsof/00TEST
/usr/local/doc/lsof/00XCONFIG
/usr/local/doc/lsof/lsof.man
/usr/local/man <conflicting pathname not installed>
/usr/local/man/man8/lsof.8
[ verifying class <none> ]

Installation of <SMClsof> was successful
root@hexagon# bzip2 -d SFWsudo.bz2
root@hexagon# ln -s /usr/sfw /opt/sfw
root@hexagon# pkgadd -d ./SFWsudo

The following packages are available:
1 SFWsudo Sudo - superuser do
(sparc) 1.6.8.5,REV=2005.01.05.17.49

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

Processing package instance <SFWsudo> from </root/install/SFWsudo>

Sudo - superuser do(sparc) 1.6.8.5,REV=2005.01.05.17.49

...and so on...

Installation of <SFWsudo> was successful.
root@hexagon# chmod u+s /usr/sfw/bin/sudo

important - notice that the sudo executable was not setuid root, and we had to change this after installation, to make it work! after this, the installs for any other packages will be very similar - use the above processes as a guide, just remember to check where in the filesystem things get installed, and either create symlinks or allow it as required. once sudo has been installed, you need to authorise users to have access to the root user. use the visudo command as root, and setup the sudoers file. i added the following line, which gives everyone in the sysadmin group root access:

%sysadmin       ALL=(ALL)       ALL


since we have lsof installed now, we can check what was holding the other port (22273/tcp) open. in the nmap output it is listed as wnn6? but we can check what process is using it with lsof and find as follows:

root@hexagon# lsof | grep -i wnn
jserver_m 741 root 3u IPv4 0x600036e0100 0t0 TCP *:wnn6 (BOUND)
jserver_m 741 root 4u IPv6 0x6000377f940 0t0 TCP *:wnn6 (LISTEN)
root@hexagon# find / -name "jserver_m" -print
/usr/lib/locale/ja/wnn/jserver_m

and we can see that it is a program called jserver_m that seems to have something to do with the japanese locale input method. i don't live in japan, or speak japanese, so this can be safely turned off. checking with svcs shows that it is started by init and can be disabled as follows:

root@hexagon# svcs | grep -i wnn
legacy_run 20:50:28 lrc:/etc/rc2_d/S94Wnn6
root@hexagon# /etc/init.d/Wnn6 stop
root@hexagon# mv /etc/rc2.d/S94Wnn6 /etc/rc2.d/_S94Wnn6.DISABLED

hopefully this has given you an idea of how best to approach hardening a solaris 10 system. the one thing not covered here is patching, which i will describe in another post. depending on how tightly you want things locked down initially, you can either manually turn off certain services or you can use sun's provided toolkit, and edit the default settings. this gives you a lot of flexibility, but i now have a system i feel safe about connecting to my router and assigning an IP address...

13/03/2006

plasma flickring

at the weekend, my friend alex came round, and we toook some amazing pictures of one of those little plasma-ball toys that barry has in his front room. they were taken with alex's digital nikon slr, and at shutter speeds varying from 1/10 to 2 seconds. they really look beautiful, and with a tripod and some preparation they could probably even be improved...! the thumbnails below link to the photo-set on flickr:



11/03/2006

trees in a forest

this is a really nice photograph, taken by my friend rob. he's an amateur photographer, looking to make it professionally. he took this with a hasselblad medium format camera. it was shot on kodak film, and scanned with an imacon 949. adobe photoshop was used to adjust the gamma curves because the film used is hard to scan, although no other retouching or other editing was needed.

trees in a forest
trees in a forest - copyright © 2006 robert phillips


for more technical details, or if you would like to get a print made, or see his other work, email him directly..

niagara falls

i am currently running one of sun's new sun fire t2000 servers, as part of an evaluation and review programme. sun are allowing qualified individuals and companies to try the system for sixty (60) days before buying one. this can only be a good thing for sun, since it ought to get people who would not normally specify sun kit to have a look. as far as cost goes, the server retails at around usd 10K depending on configuration. this is actually pretty cheap for a system of this quality and power. think of it this way - how much would a 24-way PC system cost? and in a 2U form factor chassis as well?

the specification of my machine is listed as medium and has a niagara T1 processor. this is a six core ultra SPARC T1 cpu, each core of which runs at 1 GHz and has four 'coolthread' execution units, giving a total of twenty four (24) processors. the machine also has 8 gigabytes of ram and two 73 gigabyte serial attached SCSI (SAS) drives. the technology is known as coolthreads because the system only consumes seventy five watts (75W) at full load. this isn't the highest spec, either - it is possible to have t2000 configurations with eight T1 cores, running at 1.2 GHz, giving 32 coolthreads. note that there is no floating point processor in the T1, although the system does have a cryptographic accelerator built in.

so, when the box arrived yesterday, i unpacked it immediately...

the shipment consisted of: the server itself, a rack-mounting kit, two utp patch cords and two uk power cords. there is no real documentation shipped, just a small warranty booklet and a set of packing notes. it does, however, have a whole set of neat little diagrams on the top of the chassis explaining common maintenance tasks, like replacing fans or installing more ram modules. i downloaded the documentation from sun, and read the install guide first.

the sun fire t2000 'coolthreads' server


it turns out that on power being supplied initially, it will go into the lights-out management mode (ALOM) and stay there. this must be accessed via the serial management console, which is the only active port on the box as shipped.

to get into it i needed an RJ45 (sun) to DB9F (PC) null-modem cable. unfortunately, nothing of the kind came in the box. still, a trip to maplins and application of a soldering iron and a few hours later (yes, i'm that bad at soldering, and i had help!) a cable was ready. it turns out that this is what is commonly called a 'cisco console rollover cable' and they are almost always available on ebay. i enabled the network management port and booted into the open firmware ok prompt, and then into solaris. sun don't configure Solaris for you, although they do install it, however the configuration is as simple as setting IP address parameters and location details, so it didn't take long until i had a working, networked server. annd here is the proof:

adk@hexagon$ prtdiag
System Configuration: Sun Microsystems sun4v Sun Fire T200
System clock frequency: 200 MHz
Memory size: 8184 Megabytes

========================= CPUs =========================
CPU CPU
Location CPU Freq Implementation Mask
------------ ----- -------- ------------------- -----
MB/CMP0/P0 0 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P1 1 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P2 2 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P3 3 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P4 4 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P5 5 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P6 6 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P7 7 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P8 8 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P9 9 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P10 10 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P11 11 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P12 12 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P13 13 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P14 14 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P15 15 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P16 16 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P17 17 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P18 18 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P19 19 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P20 20 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P21 21 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P22 22 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P23 23 1000 MHz SUNW,UltraSPARC-T1


as you can see, i have 24 cpus ready to do whatever i want. i have been waiting for this technology ever since i first read about it in 2004 so i have some pretty good ideas about how to utilise it. although sun seem to be promoting this as an enterprise class web and web application server (which it will perform fine as.) but, i think that it would make an excellent network security appliance. i intend to run an array of security applications and services to see how well it copes. this would include network IDS and IPS sensors and management servers, which can take advantage of the virtualisation technology available in solaris 10. also, some kind of all-in-one firewall and dmz protection device with deep packet inspection and virtualised ingress and egress firewalls, using all four gigabit ethernet ports. it also has crypto acceleration, which is ideal for several other security tasks.

my first job is to secure and harden the stock solaris 10 install that it came with. i have to turn off all the default services, such as telnetd and rlogin, only then will i be able to start thinking about allowing hexagon onto the internet, and doing something useful. more on this as i run the tests and build the environments to test them...

04/03/2006

wake me up!

i'm notoriously bad at getting up, and since i pawned my last ipod (don't ask...) i don't have any way of waking up to a selection of music in the morning. i decided this wouldn't do at all, and i was getting tired of the awful ring-tone my phone used as its alarm noise. now, my macintosh has itunes, and a set of nice loud speakers. howevber, i'm running OS X 10.3.9, so no automater for me. i do have a working knowledge of applescript though, and itunes is chock-full of applescript-awareness, so i decided to write a little script to work as an alarm clock.

the script is really very simple. to use it, open up the script editor, which lives in the /Applications/AppleScript/ folder. enter the following text, exactly as shown:

-- iWake
--
-- slowly raise itunes volume to wake up.
-- call from batch processing every morning
--
-- author: andrew kennedy
-- created: 02 march 2006 09:54
--
-- copyright (c) 2006 nevada systems

property wake : 30 -- time in minutes to wake up in
property vol : 100 -- volume setting
property step : 1 -- delay in seconds between volume changes

on run
-- get current volume
tell application "iTunes"
set vol to sound volume
set sound volume to 0
end tell

-- set wake time in minutes
set step to (wake * 60) / vol

-- start itunes
tell application "iTunes"
play
end tell

-- slowly raise the volume
repeat with counter from 0 to vol by 1
delay step
tell application "iTunes"
set sound volume to counter
end tell
end repeat
end run


you can test this script out by choosing compile and then, making sure iTunes is running but paused, press run at the top of the script editor window. what should happen is that the itunes volume will be reset to zero, and then start playing, while slowly raising the volume back to the original level over the next ten minutes. assuming you see the volume drop and iTunes start, you can (rather than wait ten minutes) just quit the iWake application, but make sure it's not the script editor.

now, save the whole thing as an application somewhere useful. i chose to put mine in ~/bin/iWake.app which is in my path. you will need a way to run your alarm clock, at whatever time in the morning you want woken up. i use the Unix cron daemon, which is part of the BSD package installation on OS X. go to the terminal, and run the command crontab -e and you will be presented with a blank editor window, probably vi. now, add the following text (to the end of the file if there is anything there already) and save it.

##
# adk cron entries
# modified 2006/03/04 -5h00
##
# wake up with itunes in the morning at 09h00
00 09 * * 1-5 osascript /Path/to/your/saved/iWake
# and at 10h30 weekends
30 10 * * 0,6 osascript /Path/to/your/saved/iWake


make sure that you replace the path after osascript with wherever you saved the script. if you're not sure how to use vi, paste the text into another editor and modify it there, then copy the whole thing to the clipboard and just press the following keys in order G o [command]-V [escape] :wq [enter] when vi appears, and you should be told crontab: installing new crontab when finished. for help on changing the times and days look at the crontab(5) man page.

you now get woken up gently by your favourite music. which is good. as an exercise for the reader, i would suggest modifying the script to choose a particular playlist, since this version just resumes whatever was playing when itunes was paused. next time, a sleep timer that drops the volume...

01/03/2006

MAKE.MONEY.FAST

i'm a (pretty good?) web programmer by now, and i've amassed a bunch of skillz over my time served in the industry. i started working on perl cgi scripts in 1992 when nobody knew what the web was, let alone perl or cgi. i then moved on to java in 1995 when it arrived, and tried my hand at javascript in the first browsers that supported it. i remember creating my first site with frames and javascript rollovers back then, because the client wanted something modern and flashy. i coded a netscape server api library that accessed a database over odbc on a dec alpha running nt 3.51 when such things were cutting edge. you get the idea, i've been doing web applications for a long time now, over ten years anyway.

so, as you might have seen from the development environment posts, i'm also fluent in the latest java and java enterprise apis, and the associated libraries. things like struts, jsps, servlets, mysql/jdbc and so on. i'm even able to turn my hand to php when the need arises. what, though, can i do with this hard-won knowledge? i believe the official MBA term would be to monetize my skill set or something like that. oh, and i don't want to have to go to an office for 0900, wear a suit or interact with people on a daily basis.

the answer turns out to be freelance bit-work. i've been working from home on a web application for a friend's small business, and i thought there must be a lot of people in his situation. he wanted some custom software, but couldn't pay the tens of thousands of pounds for a full-scale j2ee solution, with oracle, weblogic, and all that kind of heavyweight server-based junk. i started looking at the rent-a-coder site to see what it was like, and found that there were plenty of likely candidates.

the other three sites that i'm registered on as a developer are: get a coder, get a freelancer and script-lance. so far, i have two projects active on rent-a-coder, and several projects that have reached the shortlist stage on get a coder. i'm not sure about the other two sites, but i'm bidding on them at the moment and will see what comes up. one problem i've noticed is that a lot of indian, chinese and eastern european developers and teams of developers use these sites. they seem to be able to put in extremely low prices, which is the benefit of offshore outsourcing, i guess, but makes it hard for me to be competitive and profitable.

anyway, i'm working on two projects right now, and the buyers seem really friendly and have been pretty clear about what they wanted, and accepted my advice about what was and wasn't possible. the sites encourage communication using their message boards/forums so that disputes and arbitration when a disagreement occurs about scope can be resolved by referring to what each party actually said. when a project starts, your IM alias is given out, and this makes simple back and forth chat easier, but i have been summarising any decisions on the site so there is a permanent record. one thing to watch out for is people trying to get their college assignments and homework done on the cheap. i worked for my degree (well, a little) and i have big problems with someone trying to submit work that they just paid someone else to do.

another type of project to avoid is the 'clone' request. this usually involves a (probably teenager) asking for a clone of amazon/ebay/myspace/insert-commercial-site-here and offering the princely sum of, say, fifty dollars. i wonder if they can even comprehend the amount of money that a company like amazon spends on their e-commerce web service? avoid! with regard to payment for real projects, the site will escrow the full bid amount from the buyer at the start. this means i am sure i'll get paid at the end (assuming i deliver an acceptable product...)

something i'd like to have clarified is the position on open source libraries. i believe that the GNU LGPL (lesser GNU public license) allows me to sell software that links to libraries with that license. also, since i provide source code for my app and unmodified binaries (which have freely downloadable source anyway) for libraries i use, i interpret the apache ASL (apache source license 2.0) as allowing me to distribute, say, jakarta commons httpclient with my application. i'd REALLY like to get this properly clarified.

the ebay sdk and api download seems to get away with distributing apache axis (the web services api, more on this and the ebay development platform some other time) and a whole load of jakarta commons libraries, so they must think it's legal, and in this case, i'm going to redistribute the ebay sdk anyway, so the licensing issues are theirs. it's a grey area though, and i need to be careful. i don't want richard stallman coming round to my house with a bunch of the FSF hired goons!

i'm really pleased with my discovery of rent-a-coder work, and i'm pretty sure it's a good way for me to make money doing something i enjoy. so far, admittedly, i haven't won any bids on the other sites so i'll just have to keep bidding, but at least i'm going to be productive. i'll update with some more information about my interactions with get a coder, get a freelance and script-lance when they happen, and also report on the outcome of my current projects when i'm finished.