This is an update on my blog entry "Gardening Around the Homeless" dated 10 April 2006. We live on the bank of the Guadalupe River in Willow Glen, California. In 2006, I started to create an informal cactus fence to deter homeless transients from passing through or camping on our river bank. I am even more motivated to continue this project by two big river bank fires recently caused by homeless campers just upstream of our property. I have planted both Echinopsis and Opuntia (prickly pear), plus some Yucca for height; they are all growing well.

Images Copyright 2009 by Katy Dickinson

Rack is a webserver interface for the Ruby open source programming environment.  Amanda Waite took the trouble of making this package available via the OpenSolaris packaging mechanism; ultimately, ruby-rack will be in the OpenSolaris "contrib" repository, but not until it gets a little testing and review, and some votes from the community, this functionality is now in the OpenSolaris "pending" repository.  I admit to great naivete about Ruby, so I'll refer you to this excellent explanation of what Rack does for Ruby developers.  (my summary of what I got from the explanation: Rack is a web framework for Ruby developers; in other words, if you like writing Ruby code and you want to write code to create a web-based application, Rack is a nice extension to Ruby to make doing this easy).

Anyway, been doing some testing of the package that Amanda submitted.  Here's what I did and what I observed:

First, I made sure I had access to the OpenSolaris Source Juicer "pending" repository.  As I've noted before, two steps:

1. type "pfexec pkg set-publisher -O http://jucr.opensolaris.org/pending jucr-pending"
2. type "pfexec pkg refresh"

After that, the next time you launch the Package Manager application, look on the right side of the application and you can choose "jucr-pending" from the pop-up menu.  Do that, and after a moment you'll see a list of all the packages in the "pending" repository.  You will find the package "ruby-rack" there.  Note that case matters; the package name is all lowercase.

So I did this and downloaded the package.  The package notes that it depends on the Ruby package.  The Package Manager pulled it in just fine.  How do I know?  Before installation, I could not type "ruby" and get anything back.  Afterward, it worked.

Next step:

$ cd /usr/ruby/1.8/lib/ruby/gems/1.8/gems/rack-1.0.1/example
$ rackup lobster.ru


This starts a web server on port 9292 with a little "lobster" program.  I launch the web browser and go to "http://localhost:9292" and I saw a simple web app that shows a crude "picture" of a lobster, and two things I can do: flip the lobster from right to left and back again, and show a crash dump of the Ruby Rack program.  I tried both of those things; they worked just fine.

After this, I killed the "rackup" program then tried it again with the other ".ru" file in that same directory, "protectedlobster.ru".  That gives an added feature of authenticating into the web app (password is "secret"; as far as I can tell, use any username you wish).  That worked, too: if I didn't provide the right password, nothing happened.  If I provided the right password, it worked fine.

So that all worked just fine.  The next set of tests was more in-depth, running a partial test suite.  For this set of steps, I had to install both the "SUNWgcc" and "SUNWgmake" packages, again with the Package Manager.  I did these steps:

1. su - (i.e., pretend you're root; without doing this, step 3 below complained that it couldn't write to /var/ruby/1.8/gem_home/bin)
   
2. Add /var/ruby/1.8/gem_home/bin to your $PATH
3. type CXX=/usr/sfw/bin/g++ gem install memcache-client ruby-openid camping mongrel thin test-spec --no-ri --no-rdoc
4. type "gem install rake"
   
5. type "rake test".

The output showed it compiling some stuff, then it said "Started" followed by a bunch of periods showing status, then "Finish in 3.960495 seconds."  Finally, a results line said "267 tests, 928 assertions, 0 failures, 0 errors".

That sounds like good news to me!

So folks: the Ruby Rack web framework is available via OpenSolaris.  Check it out and see if it works for you, Ruby developers.  Let us know how it goes, will ya?

Powered by ScribeFire.

One problem I'm wrestling in my day job at Web Engineering is: how do you know when a system you are building is ready?

When we build a new system, it goes through the following steps:

1. Jumpstart
   Installs the OS and sets up basic configuration, like hostname, domainname, network.
2. Puppet
   System specific configuration
3. Manual steps
   This includes things which are too system dependent to automate, like creating a separate zpool for application data on external storage

For me it has been enough to review the puppet logs to determine if the system has been correctly configured, but for my colleagues who aren't using puppet on a daily basis, it isn't. They have been asking "how do we know if a system is ready?", and I've realized that "review the puppet logs" isn't really a helpful answer for most people. What if you have forgotten to add a node definition for the system, and you get the default node configuration. Then puppet will tell you everything is configured correctly - which is partly true: the things puppet has been told to configure are configured, but what about the stuff I forgot to tell it about?

So I've been thinking about using the same approach as I use when I write code: Behavior Driven Development. I.e. you start by specifying the behavior of the program you are developing, after that you start you start to code. This has the benefit of easily letting you known when you are done. If your code pass all the behavior tests, then you can release it.

Translating this to Solaris installs isn't that hard, instead of describing program behavior you describe (operating) system behavior. You can use the same tools as you do for development, and I've been using cucumber for my Ruby on Rails projects, so it is what I picked for my initial testing. Cucumber uses natural language to describe the behavior you want, which makes it easy for non-programmers to understand what it is testing.

When you write the definitions, you should not use technical language, like: "ssh to the host weblogs and grep for an passwd(4) entry for the user martin in /etc/passwd" instead use something like "I should be able to ssh to weblogs, and log in as the user martin", which is the behavior you want. Cucumber then takes that definition and translates it into step-by-step instructions which can be validated.

This is how it can look when you run it:

martin@server$ cucumber
Feature: sendmail configure
  Systems should be able to send mail

  Scenario: should be able to send mail                  # features/weblogs.sfbay.sun.com/mail.feature:5
    When connecting to weblogs.sfbay.sun.com using ssh   # features/steps/ssh_steps.rb:12
    Then I want to send mail to "martin.englund@sun.com" # features/steps/mail_steps.rb:1

Feature: NIS client
  Systems on SWAN should be NIS clients

  Scenario: should be able to match entries in NIS    # features/weblogs.sfbay.sun.com/nis.feature:4
    When connecting to weblogs.sfbay.sun.com using ssh # features/steps/ssh_steps.rb:12
    Then I want to lookup "xuan" in the passwd table   # features/steps/nis_steps.rb:1
    And I want to lookup "onnv" in the hosts table     # features/steps/nis_steps.rb:1

  Scenario: should be able to make lookups through NIS # features/weblogs.sfbay.sun.com/nis.feature:9
    When connecting to weblogs.sfbay.sun.com using ssh # features/steps/ssh_steps.rb:12
    Then I want to lookup "xuan" through nsswitch.conf # features/steps/nis_steps.rb:5

Feature: SSH access
  SSH should be configured

  Scenario: ssh user access                            # features/weblogs.sfbay.sun.com/ssh.feature:4
    Given a user named "martin"                        # features/steps/ssh_steps.rb:3
    When connecting to weblogs.sfbay.sun.com using ssh # features/steps/ssh_steps.rb:12
    Then the connection should succeed                 # features/steps/ssh_steps.rb:28

  Scenario: no lingering default OpenSolaris user      # features/weblogs.sfbay.sun.com/ssh.feature:9
    Given a user named "jack" with password "jack"     # features/steps/ssh_steps.rb:7
    When connecting to weblogs.sfbay.sun.com using ssh # features/steps/ssh_steps.rb:12
    Then the connection should fail                    # features/steps/ssh_steps.rb:32

5 scenarios (5 passed)
13 steps (13 passed)

This makes it really easy to see if the behavior of the system is what you expect. All green means it is ready!

The stuff I am working on at the moment is to make the failures understandable by a non-programmer. For example when a scenario fails (and it succeeds to log in to a system where it should have failed), it looks like this:

  Scenario: no lingering default OpenSolaris user      # features/weblogs.sfbay.sun.com/ssh.feature:9
    Given a user named "jack" with password "jack"     # features/steps/ssh_steps.rb:7
    When connecting to weblogs.sfbay.sun.com using ssh # features/steps/ssh_steps.rb:12
    Then the connection should fail                    # features/steps/ssh_steps.rb:28
      expected not nil, got nil (Spec::Expectations::ExpectationNotMetError)
      ./features/steps/ssh_steps.rb:29:in `/^the connection should succeed$/'
      features/weblogs.sfbay.sun.com/ssh.feature:12:in `Then the connection should succeed'

Failing Scenarios:
cucumber features/weblogs.sfbay.sun.com/ssh.feature:9 # Scenario: no lingering default OpenSolaris user

5 scenarios (1 failed, 4 passed)
13 steps (1 failed, 12 passed)

It is not obvious that expected not nil, got nil means that it could log in when it shouldn't be able to, so I am working on some custom rspec matchers to generate better error messages.

Once I've gotten a bit beyond playing around with this, I will publish the source if someone is interested in it.

Developer Snapshot build OOo-Dev OOO320_m4 which installs as OOo-DEV 3.2.0 has been uploaded.

If you find severe issues within this build please file them to OpenOffice.org's bug tracking system IssueTracker.

Please use the following link:
http://download.openoffice.org/next

Packages are also available from extended mirror sites ( listed with an [E] ) from the ".../extended/developer/OOO320_m4" directory:
http://distribution.openoffice.org/mirrors/#extmirrors

Release Notes:
http://development.openoffice.org/releases/OOO320_m4_snapshot.html

MD5 checksums:
http://download.openoffice.org/next/md5sums/OOO320_m4_md5sums.txt

Did you know that OOo has its own YouTube channel? Check out the interesting and informative new videos available for your viewing and listening pleasure:

Clayton Cornell live in  "OpenOffice.org - How to Contribute -
Documentation Project"

Or even better...get on the fan page in Facebook and upload a video of yourself.

You can share your personal OOo story with the world and motivate people to join the ever-growing OOo community. To make a video, you only need a computer with a webcam and the latest adobe flash player installed. To record a video on the page wall, follow the steps below:

1. Go to the page (become a Fan).
2. Select "Add Video" from the Publisher bar.
3. Record a video.
4. Click "Post."

Liz

I have to say that it has been a very busy couple of weeks. That said, I am happy to say that there is a lot to show for everyone's effort however. We have been able to publish quite a lot of new and updated content, and I figured that it might be a good time to shine a spotlight on some of the more interesting items. Without further ado...

• Cloud Computing Security Overview (delivered at Cloud Expo West Bootcamp)
• Immutable Service Containers Technical Presentation (delivered at the OpenSolaris Developer Conference)
• Immutable Service Containers AMIs (delivered on Amazon EC2)
• Security Enhanced Drupal Stack AMI (delivered on Amazon EC2)
• Security Enhanced AMP Stack AMI (delivered on Amazon EC2)

Going forward, we are going to try and bring together all of the Cloud Computing security content on our brand new Sun.COM Cloud Security home page. Be sure to check it out regularly!

More is coming, don't miss it!

Technorati Tag: OpenSolaris security cloudcomputing virtualization

Crossbow paper wins best paper award at Usenix LISA09 and BOF schedule

We had submiited another paper at Usenix LISA 2009 conference at Baltimore, MD which is being held from Nov 3-5, 2009. The paper is title Crossbow Virtual Wire: Network in a Box. Yesterday we were informed that our paper won the Best Paper award for the conference. Woohoo!!

I met many people here at LISA that are already using Crossbow in very interesting ways. I got many requests to hold a BOF while we were here. So I hit our marketing VP for some beer budget (can't have a BOF without drinks) and we are now having a Crossbow and Solaris Networking BOF on Nov 4th, 2009 from 10.30 to 11.30pm in Dover AB conference room. The venue details can be found on usenix LISA site here. So people who are already at the conference on in the general area of Maryland, Virginia, DC, etc, please do come buy. It would be good to attach faces to name and we will have chilled beer. We will also be showing the Virtual Wire Builder kit to build your own virtual network (all available in open source form).

Once again, BOF details are

• Crossbow & Solaris Networking BOF at Usenix Lisa 2009
• Place: Marriott Waterfront Hotel, Baltimore. MD.
• Date: Nov 4th, 2009
• Time: 10.30-11.30pm
• Agenda: Virtual Wire Builder kit, Open discussion, Beer

Hope to see you there.

Today, I am very happy to announce the availability of a new Solaris 10 Security Deep Dive training. This version has been updated for Solaris 10 10/2009 (also known as Update 8). From a security perspective, there have only been a few updates since my last posted version, but it is always good to be current. Items added in this new version include: ZFS user and group quotas, ZFS pre-defined ACL sets, NTPv4, and nss_ldap shadowAccount support. In addition, there was a bit of cleanup throughout and a new example was added for Trusted Extensions.

As usual, I have made this content available in both OpenDocument Format (ODF) and PDF. If you are using Microsoft Office, you can use the Sun MS Office ODF Plugin to read the source document.

For those of you who have downloaded one of the previous versions, thank you! There have been nearly 8,000 downloads of this presentation so far! If you have not had a chance, I would encourage you to download and check out a copy today. It is really amazing how many new and updated security features and capabilities there are in Solaris 10. If you have been away from Solaris (even Solaris 10) for a while, I am sure you will be shocked with what you can do today! As always, feedback is greatly appreciated!

Take care!

Glenn

Technorati Tag: OpenSolaris Solaris security

This is a recipe how to export a VirtualBox desktop out of VDI 3 to a destination Solaris VirtualBox host. It is based on Dirk’s procedure and contains some modifications to make it work for me.

1. Tell the iSCSI initiator on the destination VitualBox host to accept static iSCSI connections:

iscsiadm modify discovery --static enable



2. Find out the IQN of the iSCSI target of the desktop to export. The easiest way is to look at the desktop as it is registered on the VirtualBox host. Here you can use the command:

VBoxManage list -l vms

It will show also the IQN and the host of the connected LUN. An IQN looks like this:

iqn.1986-03.com.sun:02:c856c247-you-do-not-have-to-read-this-9318dd9d6b48



3. Mount the LUN into your destination VirtualBox host:

iscsiadm add static-config <IQN>,<IP>

The IP is the IP of the storage server – it is not its host name.

4. List the new target

iscsiadm list target -S

The last line contains the important output: OS Device Name, e.g.:

/dev/rdsk/c2t600144F04AD2FA0C0000144FEDF91800d0s2



5. Make a raw copy of the content:

dd if=/dev/rdsk/c2t600144F04AD2FA0C0000144FEDF91800d0p0 of=/var/tmp/image.out

Note, replace the s2 at the end of the raw disk name with p0. Don’t ask why. And you will have a lot of time not to ask why because the copy operation takes quite some time.

6. Convert the raw image into a VDI file:

VBoxManage convertfromraw /var/tmp/image.out /var/tmp/image.vdi --format VDI --variant Standard

Dirk’s convertdd was not available on my Solaris machine, but VBoxManage convertfromraw does the same.

Last but not least it should be mentioned that all this is obsolete for VDI 3.1. We have added a function to export a VirtualBox desktop directly from the Sun VDI administration:

Manchester – Leeds – Camberley, Surrey – London – Coventry – Edinburgh
Sun's Desktop Virtualisation Roadshow is coming to the United Kingdom.

Overview – Agenda – Dates and Registration between now and Feb 2010.

[Photo: CC by Jim Linwood]

My friend Don Bowen, great champion of ID management and all around creative innovator, has seen his battle with cancer come to a close. He died on Halloween. I can't say that he 'lost' his battle because he was strong, faithful and funny down to the last &, since we all have to go at some point, I'll call his a victory. I wish we could keep him here with us for many more decades.

Here is a link to our podcast, Pimp My Privacy: http://wcdata.sun.com/webcast/download/podcast/IDM/pod10.mp3 from back in 2007.

Wherever you are Don, I am a faithful fan. Rest in peace my friend.

Put an accountant, a lawyer, an MBA and a software engineer together into a room... Sounds like the lead-in to a bad joke, but it's the exercise that the Java Store team has been living through for the past several months. At the PayPal conference today Eric Klein did an announcement and demo of the next phase in the Java Store's development. We've been working with PayPal on this for some time, using their new PayPal X platform. It always amazes me how complex it is to deal with all the details of global finance. And even so, the store today only handles US issues. But the framework is in place to go global as fast as the lawyers and accountants can work through the details — but it'll take a while. There's a new client application for shopping in the store, and a new warehouse site for developers to upload products.

Even with the current US-only restriction, that's about 65 million desktops for a target market. Please check it out, kick the tires, let us know what you think: we'd like to get it out of beta and do a real large scale consumer launch as soon as we can.

Here in the Sun Labs area of the Menlo Park Campus is a coffee bar bulletin board which has been accumulating comics for years. Some are cut or torn out of papers or magazines or comic-a-day calendars, others are printouts. Most are either from Dilbert, XKCD, or Doctor Fun. Since XKCD is licensed under a Creative Commons Attribution-NonCommercial 2.5 License, the original comics can be included in this blog. Old Dilbert cartoons are harder to search for and are very restricted in how they can be reproduced. Doctor Fun is no longer published but there is a good Dr.Fun's Cartoon Search page.

The most melancholy cartoon is by Sipress from the 3/23/2009 New Yorker, showing the head of a company speaking to a large group of employees gathered in his office: "We're still the same great company we've always been, only we've ceased to exist." One of the funniest is a chart comparing How the HR department reads your resume vs. How a programmer reads your resume. (I haven't been able to tell where this comes from, but I found copies all over the net.) My addition to this board was a page from The New Yorker (9/21/2009) with a story by Paul Simms called "Attention, People of Earth".

Below is a sample of what some very educated geeks think is funny.

Doctor Fun

• Hiram P. Doodle and some of his many patents
• The HP DittoJet

XKCD

The Board

Images Copyright 2009 by Katy Dickinson

Today, we released the hData technical specifications: hData Record Format and hData Packaging and Network Transport. This is the mail that went out to the mailing lists:

Today we are releasing the first public version of the hData specification for the record format and the packaging and network transport (REST API). They are available here:

http://www.projecthdata.org/documents.html

We will be making some changes to the documents in the next few days to add a simple meta data model and streamline certain elements. Once this is complete, we are planning on moving the specification to a wiki and open up the process of editing. Until this is done, we would like to ask you sending your comments to hdata-general@googlegroups.com

At this time we are also exploring how the hData specifications can be licensed in an open source friendly way. Possible options include an OASIS style non-assertion covenant – please contact us if you have suggestions.

So far, this covers the core data and exchange architecture, but we have started to work on a RESTful security architecture, as well. The scenario we are trying to solve is outline in a recent presentation at NIST's IT Security Automation Conference. In support of this I have come up with a meta data schema, which I will put into the v0.8 version of the hData Record Format specification. Hopefully, I can upload that new version some time next week.

We are very much looking for comments and suggestions. 

tags: hDataehrhealth carehl7hitsp

Here is yet another wonderful reason why booth #415 is hot at EDUCAUSE 2009 in Denver.

[Image taken from Project Wonderland v0.5 User Preview 2]

A special talk on Wonderland by Kevin Roebuck is on Thursday 2:20pm - 3:10pm (Korbel Ballroom 3B): Sun Microsystems, An EDUCAUSE Gold Partner - Project Wonderland and the Age of Immersive Education

Overview - Agenda - Register

BTW_ sorry, green hills were not available in the image stock library. But rain is almost guaranteed.

Web enabled database applications is one my favorite old pastime. I've built tools for this usecase. There are many ingredients that go into making a technology decision as you are building a site and the choice of database (assuming that you have that choice). For convenience, many folks use PHP & MySQL on the front end since they is part of the LAMP stack. Others choose JavaServer Faces since it is already part of the Java EE standard and provides a rich component set as well as the ability to easily bind to data sources. No matter what choice you make, one will have to deal with the performance considerations as they build their tiered application.

A good opportunity to tune your performance skills will be available Nov 5th during this webinar. Mark is an expert and you'll be able to learn directly from the source (author of the Connector/J driver).

The new Willow Glen Lions Club was one of many organizations providing volunteer crossing guards for the Trick-or-Treat Trail sponsored by the Willow Glen Business Association on Lincoln Avenue. Thousands of little kids walked the trail, collecting candy and treats from the local businesses. Since Halloween was on Saturday this year, children went to school in costume the day before. The Trick-or-Treat Trail was on Friday, timed so that kids could go right after school. There were many dogs in costume too because of the special contest for them.

On Halloween itself, John and I had dinner with some friends in Palo Alto and then made the rounds with their kids. One Palo Alto house had a very elaborate witch's cave, another had an Area 51 scene, complete with spacecraft on the roof, jeep on the lawn, and creepy alien experiments. We saw the house that dresses its concrete goose for all holidays and admired her witch's costume. Rumor had it that Steve Jobs' house had the most elaborate decorations but the kids were tired so we didn't go see.

Willow Glen Trick-or-Treat Trail

Palo Alto Halloween

Images Copyright 2009 by Katy Dickinson

Every few months, the women of St. Andrew's Episcopal Church (Saratoga, California) have gathered for Chick Flick Nite. Marian Abbott coordinates the event on behalf of the Episcopal Church Women (ECW). We started a year ago with "Calendar Girls", followed by "Miss Pettigrew Lives for a Day", then "Shall We Dance?". Last Friday, we dressed up for Halloween and watched "Young at Heart". We bring snacks and enjoying snickering and laughing out loud in the company of women.

Images Copyright 2009 by Katy Dickinson

Just in time for the OpenSolaris Developer Conference, we were able to publish new Immutable Service Containers images directly to the Amazon Web Services Elastic Compute Cloud (EC2) environment. Previously, I talked about creating ISCs using our security enhanced OpenSolaris 2009.06 AMIs. Today, I am happy to announce that we have taken the next logical step by making available AMIs that fully incorporate the ISC changes. If you want to try out this configuration, simply provision an Immutable Service Containers AMI on EC2. We have made AMIs available in both the U.S. (ami-48c32021) and European (ami-78567d0c) regions. As always, we would love to get your feedback on these images and what you would like to see next!

Take care!

Technorati Tag: OpenSolaris security cloudcomputing virtualization auditing hardening amazon aws ec2

Just wanted to let everyone know of a new Immutable Service Containers technical presentation (ODF, PDF) that has been posted. This version was delivered last week in Dresden, Germany at the OpenSolaris Developer Conference. This presentation has all of the latest and greatest information particularly on the OpenSolaris ISC Construction Kit. As always, I would love to hear your comments and feedback!

Take care!

Technorati Tag: OpenSolaris security cloudcomputing virtualization auditing hardening osdevcon

I don't have anything unique of my own to offer today, but I wanted to pass on a really nice piece of writing that I read this morning.

Jeff Bonwick writes in his blog today about a new feature in ZFS, called deduplication.  There's no way I can explain it better than he, so I'll just leave you to it.  It really lays out the problem of deduplication and ZFS's solution to it nicely.

Powered by ScribeFire.

The Build Environment Effort has done a lot of analysis of how our current build process works to find out if and how we can improve the experience of building OpenOffice.org.

One of the things we took a look at is scalability. Currently two-way and four-way machines are standard developer hardware, but this will likely change as it will become more common to have more cores and hardware will become cheaper.

Parallelization in the current build process

There are two ways to use concurrent processes in the current build process:

• Parallel build of source directories provided by build.pl
• Parallel build of targets in one source directory provided by dmake

Unfortunately, these two ways of parallelization are completely independent and have no way of communicating with each other. If one wants to make sure each core on a four-way system gets used when possible one has to use both kinds of parallelization:

build --all -P4 -- -P4

If one would not specify the first -P4, one would run on less than four cores if there are not more targets to build in parallel in one directory, because there is only one directory build at a time. If one would not specify the second -P4, one would run on less than four cores, because sometimes there are no four directories buildable because of dependencies.
However, when enough targets to build are available in both kinds of parallelization, there will be 16 processes running. On Linux, this "overload" alone does not severely slow down the build.

For a current four-way system parallelization is not too bad however:

• a -P4 -- -P4 build is only 16% slower than the quarter of a single process build
• a -P9 -- -P1 build is only 21% slower than the quarter of a single process build

But when you have 20 cores (with distcc or in the not too distant future) you would have a maximum of 400 processes running and that would slow down the build. Also, the build system has no control over the priorities of the 400 jobs and thus cannot put the ones with the most dependencies first. Thus, the build will be slower, because targets with no or few dependencies are "stealing" CPU-time from more important targets with more dependencies.

Here is a visualization of the number of dmakes running in a -P9 -- -P1 build:

Here is a visualization of the number of dmakes running in a -P4 -- -P4 build:

 Note that there can be 20 or more dmake processes starting and dying in one second and the diagram only used the last state change in one second. So if there are N-1 processes running for a -PN build, it is likely that build.pl was just spawning a process at the tick of the second.

Build Bottlenecks

To identify the bottlenecks in the build process one has to track the number of processes over the time of a build.

Here is a diagram showing the number of parallel dmakes in a -P9 -- -P1 build: P9P1-Timeline

It shows the number of dmakes running and the modules which are being build at that the given point in time. The bar representing a module starts at the point in time when it is "announced" i.e. when it is buildable, because all dependencies are there. The bar ends at the point in time when the module was delivered to the solver. Note the start of the bar does not per se mean that a process is working on the module: For example a lot of modules depend on svx and not every module will get a process right after svx has been delivered.
One thing easily identified by examining the diagram is a "critical path" -- a sequence of modules, where each module follows the dependency of itself that was delivered last:

(stlport ->) soltools -> xml2cmp -> sal -> salhelper -> registry ->
idlc -> udkapi -> offapi -> offuh -> cppu -> cppuhelper ->
jvmfwk -> stoc -> 18npool -> tools -> unotools -> sot -> vcl -> toolkit -> svtools ->
framework -> basic -> sfx2-> avmedia -> drawinglayer -> svx -> formula -> sc ->
postprocess -> packimages -> instsetoo_native

One can see how the build process "dries out" quite often along this path as modules are waiting for their dependencies to be delivered. These are the bottlenecks of the build. Stlport was not used in this build, but if it would have been used it would be another bottleneck.

Conclusion

Currently parallelization is not as bad as one might have expected for full builds on a regular developer workstation running Linux. However, the comparison of -P9 and -P4 builds shows the current build system has limitations on the scalability that will be more noticeable as systems with higher parallelization become more common. Next, we will present the same analysis for builds on the Windows platform, were builds are traditionally much slower.

EDUCAUSE 2009 is ready to start this week in Denver /Colorado. Do not miss to check out Sun Virtual Desktop Infrastructure – Sun VDI –  at booth #415 (floor plan).

See also Dirk’s posting on Sun VDI for the Education Market.

Picks from the conference schedule:

• Seminar 03T - Sun Microsystems
  Tuesday 8:00am - 2:30pm (Off-Site Tour)
  
  
• Virtual Desktops: 60 Percent Cheaper, but Are They Worth It?
  Gerard Flynn, Thomas Hoover
  Wednesday 3:50pm - 4:40pm (Korbel Ballroom 4A/B)
  
  
• Deploying and Managing Desktop Virtualization for University Students and Faculty
  Jeff Cunningham
  Wednesday 4:55pm - 6:10pm (Hall F, Table 65)
  
  
• "I'm Thin and Green": Reducing the Desktop Carbon Footprint While Offering Anywhere, Anytime Computing Services
  Richard Toeniskoetter
  Thursday 8:10am - 9:00am (Korbel Ballroom 1E/F)
  
  
• It Is About Time: Getting Our Values Around Copyright Right
  Lawrence Lessig
  Thursday 9:30am - 11:00am (Wells Fargo Theater)
  
  
• Sun Microsystems, An EDUCAUSE Gold Partner - Project Wonderland and the Age of Immersive Education
  Kevin Roebuck
  Thursday 2:20pm - 3:10pm (Korbel Ballroom 3B)

Developer Snapshot build OOo-Dev OOO320_m3 which installs as OOo-DEV 3.2.0 has been uploaded.

If you find severe issues within this build please file them to OpenOffice.org's bug tracking system IssueTracker.

Please use the following link:
http://download.openoffice.org/next

Release Notes:
http://development.openoffice.org/releases/OOO320_m3_snapshot.html

MD5 checksums:
http://download.openoffice.org/next/md5sums/OOO320_m3_md5sums.txt

Happy Z-Day everyone!

Breaking with tradition somewhat, I'm not sure there's going to be any fireworks photos here this year: we're down at my parents house, and are less likely to get the sort of sustained shelling that we normally experience in Raheny each year.

On the plus side, we had homemade pumpkin soup for lunch, so was at least able to get this shot. If there's any fireworks later on, I'll update this post - but otherwise, here's some Halloween cheer:

The day's been great so far - lovely birthday presents (a Merino base-layer and a copy of Neverwhere from the lovely missus, and DVDs of the first two Ice Age films from E (I think she had an ulterior motive there!) and a nice fleece from my folks)

I also popped out for a birthday run around Greystones this afternoon, only 10k but it was enough for me to realise I'm far from being back in running form: the recovery is going to last a few more weeks I think!

My folks are baby-sitting tonight, so myself and the missus get to go out for a grown-up dinner, which I'm really looking forward to. Happy Halloween!

Update: There were fireworks after all, here's a few shots: fantastic, the tradition continues!

I have recently been experimenting with Facebook Fan Pages. This is a Facebook web page not for an individual or a membership group but rather in support of a cause or organization. The instructions imply that these pages are often used for celebrities, bands or businesses. It seems to me to be a good way to provide pointers and basic information without too much structure.

I have created two fan pages:

• SEED Engineering Mentoring Program. This has 37 fans so far. I added links to the new Sun Labs technical report "Sun Mentoring: 1996-2009" and to Katysblog and welcome ideas of what else fits.


• Young at Heart, Children's Worship Service for St. Andrew’s Episcopal Church (Saratoga, California). This has 8 fans so far. Some of the photos I took for that page:
  

I am still working out how best to set up a Facebook Fan Page, playing with the options and reading through tutorials, like How to: Create a Facebook Fan Page and 5 Elements of a Successful Facebook Fan Page and Facebook Group vs Facebook Fan Page: What’s Better?. My biggest problem so far is that Facebook's Search is good for people but not so much for not-people (group, cause, business, organization names). The people I usually ask for advice on new tools say they have never created a fan page either. So, I am now the expert (scary thought)! Still working on it...

Images Copyright 2009 by Katy Dickinson

After we adopted our two cockatiels from Mickaboo Companion Bird Rescue, we started hearing about Andy's Pet Shop (1280 The Alameda, San Jose, CA 95126, 408-297-0840)... how wonderful it is, how they are a 100% Pet Rescue shop, and about their current financial problems. Andy's adopts out birds through Mickaboo. Their web site says: "...all the pets in the shop come from a shelter, a non-profit rescue group, or are surrendered for rehoming due to foreclosure, illness, etc."

A few days ago, my son Paul and I went to check out Andy's. It is indeed a delightful place for animal lovers. We bought bird food and had fun visiting the exotic birds, puppies, kittens, mice, rabbits, turtles, and other critters looking for a home. A few days later, we went back because Paul and I had talked so much about Andy's that my husband John wanted to see for himself. My favorite at Andy's is Mango, the toucan who has a long narrow forked tongue and big blue feet. If you go, be aware that the big macaws are loud and very chatty.

Pictures from Andy's:

My cat Tino and birds Simon & Garfunkel (all rescue animals):

Images Copyright 2009 by Katy Dickinson

I was clearing out my email box when I came across this little gem from the lovely Bruce Schneier. There something about that guy that I just like and I think I amuse him so that makes me happy too.

Check out his musings on the old fashioned notion of Security v. Privacy rather than private data secured appropriately to type place & time:

http://www.schneier.com/blog/archives/2008/01/security_vs_pri.html
Security vs. Privacy

If there's a debate that sums up post-9/11 politics, it's security versus
privacy. Which is more important? How much privacy are you willing to give
up for security? Can we even afford privacy in this age of insecurity?
Security versus privacy: It's the battle of the century, or at least its
first decade.

In a Jan. 21 New Yorker article, Director of National Intelligence Michael
McConnell discusses a proposed plan to monitor all -- that's right, all --
internet communications for security purposes, an idea so extreme that the
word "Orwellian" feels too mild.

The article (now online here) contains this passage:

In order for cyberspace to be policed, internet activity will have to be
closely monitored. Ed Giorgio, who is working with McConnell on the plan,
said that would mean giving the government the authority to examine the
content of any e-mail, file transfer or Web search. "Google has records
that could help in a cyber-investigation," he said. Giorgio warned me, "We
have a saying in this business: 'Privacy and security are a zero-sum
game.'"

I'm sure they have that saying in their business. And it's precisely why,
when people in their business are in charge of government, it becomes a
police state. If privacy and security really were a zero-sum game, we
would have seen mass immigration into the former East Germany and
modern-day China. While it's true that police states like those have less
street crime, no one argues that their citizens are fundamentally more
secure.

We've been told we have to trade off security and privacy so often -- in
debates on security versus privacy, writing contests, polls, reasoned
essays and political rhetoric -- that most of us don't even question the
fundamental dichotomy.

But it's a false one.

Security and privacy are not opposite ends of a seesaw; you don't have to
accept less of one to get more of the other. Think of a door lock, a
burglar alarm and a tall fence. Think of guns, anti-counterfeiting
measures on currency and that dumb liquid ban at airports. Security
affects privacy only when it's based on identity, and there are
limitations to that sort of approach.

Since 9/11, approximately three things have potentially improved airline
security: reinforcing the cockpit doors, passengers realizing they have to
fight back and -- possibly -- sky marshals. Everything else -- all the
security measures that affect privacy -- is just security theater and a
waste of effort.

Spooky thoughts to all for a Happy Halloween. Ms. Thang is Nancy Drew & Sweet Cheeks (cheekier than ever) is a very very cute dragon this year. They both hate coconut so I'm hoping for lots of Almond Joy this year.

Yet Another Happy Birthday Intertubes!! Today marks 40 years of the internet, although there's some debate as to the actual date. I consider myself a latecomer: I didn't get my first real internet email address until 1977, C410JG40@CMUA. I was "jag" on various Unix systems before then, but it wasn't until 1977 that the ARPAnet and email really took over my life. I soon realized that the only real-world friendships I kept up with were folks that I could send email to. I disappeared from my brother and sister's lives until they got email addresses 20 years later. Of course now it's gotten to the point where restaurants don't exist unless they're on OpenTable :-) I wrote the original Unix Emacs in 1978 and because of that by sometime in 1980 I had the unusual distinction of having login IDs on every non-military host on the ARPAnet (I kept track - it had become sport).

When I joined Sun in 1984 (yikes! Has it been that long?) one of the big attractions was Sun's position on networking: every machine had a network connection. At the time, that was considered pretty weird. I had known Bill and Andy for years. They had both tried to get me to join Sun at the beginning in 82, but I foolishly didn't. "The Network is the Computer" was a pretty odd tagline at the time, and it didn't make sense to most people, but it had geeky appeal. A lot could be done when you tied machines together: from harnessing the compute power of clusters of machines, accessing filesystems remotely via NFS, remote graphics access, and a whole lot more.

But the network had more than mere geek appeal for me. It felt important in a world-changing kind of way. This crystalized when I read Robert Axelrod's 1984 book The Evolution of Cooperation. This is a reasonably accessible game theory book that discusses experiments involving the Prisoners Dilemma. I won't repeat what you can find by reading the Wikipedia article (which I urge you to do; read the book too). But by the end of the book, there is a strong conclusion that as the frequency of interaction increases, the optimal strategy shifts from hostility to cooperation. This really appealed to my 60's peacenik leanings because it suggested that all you needed to do was to get people communicating, and inevitably peace would break out. It doesn't matter much the form the communication takes, all is good.

At that point in my life, the network went from a geeky toy to a moral good. I don't know how to express how thrilled I am at how it has all played out. From the effects of the network in keeping the news flowing during the 1991 Soviet coup d'état attempt, to FaceBook, Twitter, Blogging and all of todays social media.

These days I think that Sun should shorten its tagline from "The Network is the Computer" to simply "The Network Is".

My biggest disappointment with the internet is that it seems that the "killer app" that makes the economics of the Internet work is advertising...