|
|
Joey has proposed a new concept of “Continuously Usable Testing” for Debian [1], basically testing should be usable at all times and packages that aren’t usable should be dropped. But to properly achieve this goal we need continual testing of usability.
The Plan For SE Linux
To do this for SE Linux I’m setting up a Xen server which will have a number of different DomUs for testing a variety of server applications. The system has 1.5G of RAM and 160G of mirrored storage. An image of a typical server will take about 4G of disk space, so we could have something like 40 images online and ready for testing. I have already setup Squid on another system on the same LAN to cache Debian packages, so running “apt-get dist-upgrade” on a number of DomUs won’t take that long. With 256M for a typical server image I could have 5 images running at the same time. If the hardware isn’t enough then I can expand it, I hope to get some donations of DDR-266 or DDR-333 RAM (or maybe DDR-400) to upgrade the system to 4G of RAM, I can add more hard drives, and I could even install more servers.
I want to have testing be very usable for SE Linux throughout the development cycle so that I don’t have to rush things before release.
At this stage I’m not sure whether to track Unstable or Testing for this. I guess it might be best to track Testing most of the time and only track Unstable for daemons that are changing rapidly. It might get boring testing every version that comes through Unstable, but if people want to do this then I won’t stop them.
Setting up the Tests
What I need are interested people who want to install server configurations for testing. If you have some favorite combination of daemons that you want tested for SE Linux support (even if it’s daemons that have no current policy) then I can give you root access to a DomU to develop test cases. Ideally there would be automated tests used for most things for example testing a mail server by using swaks to deliver mail and a POP or IMAP client script to retrieve it. But some things can’t be tested properly without human intervention.
For the automated tests I want to script the creation of DomUs, upgrading the packages in the DomU, testing it, and then shutting down the DomU if it all works. If at any time the tests fail (or the upgrade fails) then it would wait for human intervention. That would be me fixing SE Linux problems and other people fixing the application problems. I think that discovering SE Linux issues will only be a part of this project.
For the manual tests I will grant access to create and destroy the DomUs in question to people who can run the tests.
I’m thinking of having a couple of DomUs running permanently for things which are test candidates but also useful for the project, such as a MediaWiki instance. It really depends on the interest of people who might use such things.
Also I’m thinking of setting up some Ubuntu DomUs too, I probably should join Ubuntu and get involved with SE Linux there.
Sharing the Images
I have a web server in Germany with almost unlimited bandwidth and storage. For every image that is created I want to upload a version to the server in Germany to allow anyone in the world to test it. There are lots of possible ways of using this for software development. For example if you had a patched version of Apache that you wanted to test then you could download every image that had Apache installed and test that they all work. That would be easier than configuring Apache in different ways and also possibly provide better coverage.
Also if someone can’t figure out how to configure a daemon correctly then downloading a Xen image of a working configuration could be helpful (if a little bandwidth intensive). Note that deploying such an image in production would be a really bad idea, among other things there are lots of places where passwords are stored and you wouldn’t want to risk missing one.
I also plan to share the scripts used in running the Dom0 and anything else that seems useful along the way.
What We Need
The main thing we need is volunteers to configure virtual machines with their favorite daemons. Note that I don’t plan to have only one daemon per DomU, if we can get multiple daemons running that don’t conflict (EG file server and mail server) or multiple daemons that can interact (EG database server and a mail server or anything else that can be a database client) running on the same system then that’s a good thing. So there will be some degree of interaction with other people.
I’m happy to accept contributions from people who aren’t interested in SE Linux. But SE Linux will run on all DomUs.
Finally I also need more RAM for a HP D530S, DU875PA (that’s a Celeron 2.4GHz). I’ll accept donations of complete systems too once my HP system gets full, preferably relatively low power systems as they will be housed in a location that’s not as well ventilated as I would like (cost and availability of IP addresses were the main criteria). A laptop with a broken screen would be great!
The system won’t go live until Monday, but I think that probably people won’t be ready to do much work with less than two days notice anyway.
Amazon is providing free EC2 access for new customers (who have never been customers before) for one year [1]. It is 750 hours per month (enough to run non-stop for an entire month) of access to a Linux micro instance which has 613M of RAM and the ability to burst to two ECUs of compute power. The main EC2 web page [2] describes an ECU as “the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor” and they also describe a single core of a modern CPU as having 3.5 ECUs. So a micro instance could burst to half the CPU power of a single core. The DomU that runs my blog (as well as some web sites for friends) has been averaging less than 1% use of a CPU core over the last few months, so the CPU capacity of a micro instance should be more than adequate for most things that run on the net.
The free offering only provides 15G of free data transmission and 15G of free data reception per month. For my blog server that would be more than adequate as it has sent 24.5G and received 14G over the last 75 days.
The Cost of Disk IO
The offer requires that you sign up with a credit card so if you use more than the free capacity then you have to start paying. It seems that the main issue in this regard is disk IO.
The only storage that is available for a micro instance is the Elastic Block Store (EBS) [3]. The main way that EC2 operates is that when you create a new virtual machine it copies the data from an existing image so you can easily create dozens or hundreds of virtual machines with local disk performance – and the data is removed when the instance is shut down. EBS is essentially SAN based storage, it’s persistent and operates like a regular disk.
The pricing for EBS is $0.10 per allocated GB per month plus $0.10 per million IOs. Unfortunately they don’t define what an IO is apart from mentioning that you can use IOSTAT to measure them. According to iostat the server running my blog is doing 0.99 tps, so that means in a 30 day month I would expect 30*24*3600*0.99 = 2.56M transactions. Iostat also tells me that my blog server has read 62075330 blocks and written 91683344 blocks over the last 75 days 16 hours of uptime, that means it would do about (62075330+91683344)/75.66*30 = 61M block transfers in a 30 day month. So if I was to run my blog server on EC2 I could be spending either $0.15 or $6.00 per month on disk IO depending on how they count it (or maybe something in between, something larger than a 512 byte block but smaller than a “transaction” as reported by iostat could be used). Given that the last time I checked the prices one could rent a DomU for less than $6 per month [4] the difference in possible ways of measuring IOs is very significant!
The MySQL server that is the backend to my blog (as well as a few other things) seems to be averaging about 3 writes per second (and no reads during operation because the databases are small). So it might be another 5 million IOs per month for the database.
It’s unfortunate that Amazon haven’t clearly specified what they mean when measuring IO for billing purposes. Some aspects of measurement such as whether the bills for bandwidth include Ethernet headers can be ignored as a 26 byte Ethernet header won’t make much difference to the bill when the average packet size is around 400 bytes or more (from ifconfig output it seems that my blog server sends packets of an average size of 459 bytes and receives packets of an average size of 1250 bytes). But the methods of measuring disk IO could give a factor of 20 difference in the bill.
Optimising for EC2
If I was going to put my blog on EC2 then I would start by configuring Apache to log to a fifo and then write a daemon that stores the log data and allows my home server to poll it and get the log data. As the filesystem is already mounted with noatime it seems that writing logs is the cause of all the disk writes so if they were stored in RAM (which shouldn’t be a problem with 4M of logs per day) then all those writes could be avoided. Another possible solution to this would be to make /var/log be a tmpfs and then rsync the files periodically to my home server. I don’t really need to have all the logs remain on the server I just need them to remain somewhere.
Amazon also offers 100,000 messages on their Simple Queue Service (SQS) for free [5]. The messages can be up to 8K in size and are stored for up to 4 days. So it seems possible to put Apache logs into SQS messages in bundles of less than 8K and then get them out later for transfer to a server outside EC2.
If I was able to get my disk writes to almost zero then there’s a good chance that I could get into the free zone for one year.
Conclusion
Would I use this service? If I was looking for new hosting for my blog then I would seriously consider it. EC2 is quite fast and well connected and depending on how they work out the billing for disk IO I could probably keep the cost close to zero.
EC2 is a different way of running things so you can’t just have a virtual server running and expect it to automatically restart if it goes down for any reason (a standard feature of virtual hosting companies). Amazon does have a range of tools for managing EC2 instances and they all seem to be available in the free trial. So after spending the time to learn those tools the result should be good.
I think that there are two groups of people who could benefit from using this. One is hobbyists, this is a great way to learn some skills related to high-end server stuff and EC2 experience should look good on a CV. The other is companies who want to use EC2 anyway and who will just save some money that they would otherwise pay. I’ve seen someone recommend the free offering from EC2 for a company that needed a small server, I think that isn’t a good option as a company that only wants a single small server will be better off paying something between $5 and $20 per month for a DomU from one of the virtual hosting providers.
After a year you have to pay regular prices. A micro instance costs $0.02 per hour which is $14.40 per month, SQS costs $0.10 per month for sending up to 1G of data in and at $0.01 per 10,000 SQS requests would costs $0.03 (the 4M of log data I generate per day would be 1000 requests to write and read it which would be 30,000 requests per month), the EBS for MySQL would cost $0.10 for 1G of storage and maybe $0.50 for IOs. That means $15.13 before counting bandwidth.
My blog server averages just under 10G of transmitted data per month, the first Gig is free so that would cost $0.15 for each subsequent Gig which is $1.35 per month. It receives just under 6G per month which at $0.10 per gig would be $0.60. So including data transfer it would be about $17.08 per month.
This is a lot more expensive than some of the cheaper virtual server offerings but admittedly the cheaper virtual offerings don’t have as much RAM. Also with a blog instance running on EC2 I could easily configure it so that I could create some big instances that use the same MySQL database if a lot of extra traffic suddenly started arriving. A micro instance running MySQL on it’s own could cope with a heap of load a lot more easily than the PHP code for my blog. So using bigger servers to run the PHP code while running MySQL on the same server would be a good option – particularly if the bigger servers use caching.
Finally if you want to run an EC2 instance for a year then you can get a reserved instance, you pay $54 per annum and the cost drops to $0.007 per hour instead of $0.02 per hour. Using a reserved instance for my blog would give a cost of $54+365*24*0.007+12*(0.10+0.03+0.10+0.50) or about $124.08 per annum. $10 per month isn’t too bad. So if I migrated my blog to EC2 then I would probably keep it there after the free period expired. The ability to expand rapidly when necessary is worth paying extra. Of course I am making some assumptions such as that the performance of a micro instance doesn’t totally suck – as Amazon don’t specify what bursting to 2ECU really means it could have some performance problems.
Note that all prices in this post are in US Dollars.
There have been some recent discussions about issues related to the treatment of women at Free Software conferences, I’ve written posts about Aspie Social Skills and Free Software [1] and Empathy, Autism, and Geeks [2] about this. But of course discussion continued on how Aspies supposedly cause problems that no-one seems to be noticing.
Lisa of Chaotic Idealism wrote an interesting post about the NT social bias [3]. In summary NTs seem to think that Autism Spectrum Disorders are only about socialisation, not realising that for many people on the Spectrum it’s sensory issues that are their main problem. Social problems are exacerbated by sensory issues and other causes of stress, so I think it’s worth considering ways in which conferences can be planned to be less stressful for people on the Autism Spectrum, people who have SPD [4] that isn’t associated with an ASD, and NTs who just get annoyed by loud noises etc.
What Autism Conferences Do
Autscape is one of only two conferences for people on the Autism Spectrum and the only one which clearly documents how they plan their conference [5]. The first noteworthy thing that they do is have badge colors to indicate what level of social interaction is desired by each delegate, I don’t think that this is relevant to Free Software conferences as people who don’t have sufficient social skills to suit at least a green badge probably won’t be attending. But I think that when attending a conference about Free Software or any other equally geeky topic (if there is an equally geeky topic) it’s worth keeping in mind the fact that there are probably a lot of people who would like to talk to you but lack the social skills to start a conversation.
| No initiation |
Red |
Please do not initiate any interaction with me. |
| Prior Permission |
Yellow |
Please do not initiate unless I have already given you permission to approach me on a yellow badge. |
| Please initiate |
Green |
I would like to socialise, but I have difficulty initiating. Please initiate with me. |
| Neutral |
White (or no badge) |
I am able to regulate my own interaction. |
The next thing that they document is a black circle badge which indicates that the wearer shouldn’t be photographed. Prior to reading that web site I wasn’t aware of this being an Autistic issue, I was only aware of it being an issue for women who don’t want zoomed-in pictures of themselves appearing on guys web sites (even pictures that aren’t up-skirt or down-blouse can be unwelcome). A conference policy that prohibited photographs that zoom in on one person without that person’s consent (or parental consent in the case of minors) would probably be a good idea.
Another thing about badges is that it’s a really good idea to have the delegate’s name on both sides of the badge if the badge is attached in a way that permits it to turn. People on the Autism Spectrum tend to have some difficulty in recognising people and in remembering names. I find it inconvenient when someone expects me to recognise them but has their badge turned around so I can’t see their name. Some people get really unhappy if they think that someone doesn’t recognise them.
Autscape has long breaks between activities and a leisure session each afternoon to allow delegates to recover from the stress of dealing with people. It seems to me that computer conferences in some cases could do with longer breaks between sessions. I find that a lot of the benefit of a conference is in what happens outside sessions and the standard practice of publishing videos of presentations makes personal meetings a more important part of the conference.
Autscape has designated quiet spaces. I think that for computer conferences which have hack-labs (which seems to be most Free Software conferences nowadays – even if they aren’t labelled as such) it would be good to have some lab areas designated as quiet zones. I think that it is a really good thing to meet people you’ve only known by email and then play some LAN based games against them and that this should be encouraged as part of a conference, but having that sort of thing separated from people who want to do some quiet coding is a really good idea. Whether people want to do quiet coding, read email, or just escape from the stress of a conference a quiet hack-lab would be a good place for it.
An issue that’s related to quiet spaces is the ability to escape from social situations. One of my pet hates is corporate meetings on boats, when the boat is in motion there is no escape. Corporate meetings that are only accessible by coach are also bad. Fortunately most conferences aren’t like that.
The Autscape web site states that they prohibit people from wearing perfume or aftershave to help people who are sensitive to smell. My observation of Free Software conferences is that encouraging everyone to have a shower every morning would be a good idea as there are stronger smells from unwashed people than from perfume.
One thing that’s interesting about the Autscape web site is that they have different color schemes available and have tested it in multiple web browsers – including Safari and Konqueror (which apparently don’t work so well). It’s interesting to note that they test with such a variety of browsers including free software ones – most corporations don’t do that.
Sensory Processing Issues
The main SPD issues related to conferences seem to be noise and light related.
For social events one difficulty that most people on the Spectrum seem to face is in listening to one person in a noisy crowded room. As well as that sudden noises and loud background noises can be very stressful. While it’s sometimes impossible to avoid crowds (which can be another problem) it is often possible to select venues that have less noise problems. A venue with carpet on the floor and soft walls (anything other than brick or concrete) will be a lot quieter than one with hard surfaces that reflect noise. It seems that a quiet venue will benefit NTs as well, there seems to be a strong correlation between the price of food at restaurants and the amount of sound absorbing material on the floor and walls – people who can afford a good dining experience seem to want it quiet.
In terms of visual issues the relevant problems seem to be related to sudden transitions and lecture halls that are extremely dark. The only thing that can be done by conference organisers is to seek to have the lights in the lecture halls as bright as possible without preventing the viewing of the projector screen, this is usually done anyway.
For social events the whole binge drinking at crowded bars thing doesn’t work too well due to noise, poor lighting, crowds, and the smell of vomit. But there’s no shortage of reasons to discourage binge drinking at conferences.
Food
Psychology Today has a good article about preferences for food and “picky eaters” [6]. Lots of people on the Autism Spectrum have similar issues. The thing to do when arranging a conference meal is to have things neat and without needless combinations. Think about making food look more like what you would expect to see in a Japanese restaurant and less like Paella. Also having some very plain food on offer is a good thing, I think that bread-rolls for dinner and ice-cream for desert makes a viable meal. But any dish with a word like “hash” or “mixed” in it’s name isn’t a good option. Finally some combinations are really bad, I always find rare steak and potatoes on the same plate to be rather disgusting – potato that’s blood-stained doesn’t appeal. The majority of conference meals satisfy these criteria.
Autscape provides options of eating outside the main dining hall for people who can’t tolerate the noise. For a Free Software conference it might be a better idea to provide seating outside the main area for people who are going to make noise. I don’t mind people who want to get really drunk at the conference dinner, but I would prefer them to be in a separate room. Also when assisting a drunk friend to leave the venue before they cause more problems it would be convenient if there was a good place to take them to. The one occasion when I had to strongly encourage a friend to leave a conference dinner to reduce his embarrassment the next day (and reduce the annoyance for everyone else) there was no good place to take him – so he just came back!
Conclusion
I don’t expect that anyone will make any significant changes to conference plans after reading this post. I have tried to focus on things that would benefit NTs as well, but there are practical issues that get in the way such as the cost and availability of venues that are large enough. But there are some smaller ideas that can be implemented with relative ease.
I hope that the people who are making claims about Autism and conference behavior will refer to this in future. If you think that there is a problem with the way people on the Spectrum act at conferences then the solution will more likely involve the suggestions I make here than anything else.
I’ve just been playing with icmptx, a system for tunneling IP over ICMP Echo which could be handy if I ever find myself blocked by firewalls. Unfortunately the documentation is lacking. Below is a sample configuration that works for me, all you have to do is to put the correct IP address in for SERVERIP in both scripts and it should work. I’m not sure what the ideal value for the MTU is, 65535 is the largest possible. For transmission it usually won’t make any difference as the occasions when I need such things will usually be download-only sessions and the ACK packets will be quite small. For receiving data the server has an MTU of 1500 on the Ethernet port so nothing bigger than that will come in. Presumably when downloading data the packets will be transmitted in two ICMP fragments.
One interesting feature of the program is that it doesn’t match requests and replies. I presume this is because any firewall that only allows one reply per echo request will probably ensure that the reply contents match the request contents, so they just assume that a firewall will let all ICMP echo/reply traffic through. The upside of this is that it should give lower round trip times than any tunneling system that polls for return data.
I’ve filed some Debian bug reports about it, bug #609413 is a request for it to set icmp_echo_ignore_all when it’s running and also emulate the regular PING functionality. Bug #609412 is a request for it to assign the IP address to the tun0 interface. Bug #609414 is a request for the server side of it to call daemon(0,0).
I won’t leave this running. Having to run a virtual server with the regular ICMP functionality disabled is too much effort for the small benefit that using ICMP tunneling may offer over DNS tunneling.
My configuration scripts (with the IP address removed) are below.
Configuration
Server
#!/bin/sh
set -e
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
icmptx -s SERVERIP &
sleep 0.5
ifconfig tun0 mtu 65535 10.10.10.1 netmask 255.255.255.0
Client
#!/bin/sh
set -e
killall icmptx || true
icmptx -c SERVERIP &
sleep 0.5
ifconfig tun0 mtu 65535 10.10.10.2 netmask 255.255.255.0
wait
Aaron Huey gave a disturbing TED talk titled “America’s native prisoners of war” [1]. He says “the last chapter in any successful genocide is the one in which the oppressor can remove their hands and say ‘my god, what are these people doing to themselves, they’re killing each other, they’re killing themselves’ while we watch them die“.
Peter Haas gave an interesting TED talk about how the poor engineering work in Haiti contributed to the significant death toll from the earthquake [2]. He advocates training for builders to prevent death and property damage from the next earthquake which is a lot cheaper than cleaning up the mess after buildings have fallen down.
Wired has an interesting article on Phylo, a new crowd-sourced science game where you can sequence DNA [3]. The article also has links to other crowd-sourced science games.
Brendan Scott gives a good summary of some of the most interesting news articles related to Wikileaks [4].
Petter Reinholdtsen published a detailed and informative letter that Peruvian Congressman Edgar Villanueva wrote to Microsoft on the topic of a Peruvian bill to compell the government to use free software [5]. This has a lot of great ideas for anyone who wants to lobby their government for free software related legislation.
Melissa McEwan wrote an informative blog post about why she doesn’t trust men [6]. I can’t do justice to this with a summary so just read it if you are male.
Diana Laufenberg gave an interesting and inspiring TED talk about ways of teaching children [7]. Her main point was about embracing failure, having children learn from their mistakes. I think that perhaps embracing failure is only going to work with an exceptional teacher such as Diana, and that the majority of teachers would probably fail if they tried to implement it. She does have some really interesting examples of how she teaches so it’s worth watching even if you don’t agree with the central point.
Choosing a Phone
I was considering renewing my Three contract and getting a HTC Desire HD [1]. What I need is a phone that is good for being a ssh client on 3G networks, has a good camera, and has all the fancy Google Apps.
In the comments Lon recommended a Norwegian review of phone cameras which gave the Sony Ericsson Xperia X10 a much better review than the HTC Desire HD [2] – the Xperia was the highest rating Android camera phone while the Nokia N8 was the best overall.
Also the Xperia is a lot cheaper, I can get it on a $29 monthly cap from Virgin as opposed to $44 per month from Three. So just on hardware and price the Xperia beats the Desire HD.
One of the advantages of the Xperia from Virgin being cheap is that my wife and I can use the same model of phone. This avoids having to solve two sets of phone related problems and also allows us to do things like swap batteries between the phones based on who can most conveniently charge their phone.
The Need for Root
But one problem with e Xperia is that the CyanogenMod images for rooted Android phones can’t be installed on an Xperia because the boot loader hasn’t yet been cracked [3]. I would like to run CyanogenMod so I can get wireless proxy support, and support for tunneling IP over DNS, ICMP, and OpenVPN.
The Three web site claims that they have 3G phone and net access in Bendigo, but on a recent holiday my phone said that it was “roaming” all the time and I couldn’t get net access. I ended up having to use McDonalds Wifi net access which had ports such as 22 blocked and thus forced me to use Iodine IP over DNS to get proper net access. To avoid having to talk my mother through rebooting servers in future I need to have a mobile ssh client that can use all possible protocols. I could carry my EeePC with me all the time, but sometimes it’s good to travel light.
OTOH, as I feel compelled to fiddle with all my computers it would probably give me a more reliable mobile experience if I was unable to mess with my phone.
Why Buying a Phone Outright Isn’t Viable
A $29 monthly plan is probably the cheapest plan that will do for anyone who uses a phone regularly, I have had a Three $29 plan for the last four years which allows up to $150 of calls to be made in a month and typically use about $60. So any plan which doesn’t have such a cap will have to be no more than half the price of Three on a per-minute basis to compete. If I’m going to pay $29 per month ($696 over a 24 month contract) then I can use a free phone. If I was to buy a phone then it would cost at least $500 for anything that I like and maybe a lot more.
Buying a phone independently of a contract would about double the cost of owning a phone. It’s really not a viable option.
Therefore I am compelled to buy a phone that is on offer from a Telco. Things like the Nokia N900 are nice devices but as the Telcos don’t offer them I can’t consider them.
No Discount if you Don’t get a Phone
The annoying thing is that the Telcos don’t offer a discount if you choose not to get a phone. Obviously buying the hardware costs them some money, so a $29 cap with a phone included should have a matching offer of something less than $29 if you choose not to get the phone from them. I currently have a $29 per month contract with Three, I can renew that for another two years at the same rate and get a half-decent phone for “free” or I can renew for two years on a $19 per month contract and get a low-end phone for “free” but I can’t get a price that is lower than $19 per month if I decide to keep my current phone.
If Three was to offer such a discount then I would consider buying a phone outright over the net and staying with them. But as it is they don’t provide good deals for buying a phone and give me an economic incentive to go to another provider. So I will probably use Virgin when my contract runs out in January.
Locked Phones
Many Telcos still sell locked phones on a contract. When that happens it’s really difficult to get a phone unlocked as the Telco employees usually aren’t very helpful. There are a variety of web sites claiming to generate unlock codes for phones, most seem to charge $10 or more for this service and the free ones have a very small range of phones, so getting the unlock code from the Telco seems to be the only option for a phone at the end of it’s contract period as it’s not worth enough to justify the $10 expense.
While some Telcos sell unlocked phones on plans the ones that lock their phones have a chilling effect on the industry. Most people don’t test whether their old phone can be used with a different provider they just throw it out – the phone stores conveniently provide bins for old phones that are apparently recycled for some good cause.
Conclusion
If you make serious use of mobile phones (EG being ready to fix errors reported by Nagios 24*7) then choosing a new phone and plan is one of the most difficult things there is to do. All the plans are quite complicated and every Telco offers a different set of phones. The Telco web sites are usually poorly done, most of them don’t have an option to search for Android phones or for phones with a certain minimum resolution – they usually don’t even state the resolution and use terms such as WQVGA which don’t even have a fixed meaning in pixels. When it comes to choosing a plan most Telcos don’t have a clear comparison of the different plans, writing your own spreadsheet comparing plan costs is a good idea.
The fact that Telcos such as Virgin and Three/Vodaphone allow free calls to other people using the same company makes it even more tricky. I have to discuss my phone plans with several relatives as there is a good incentive for everyone to use the same provider.
I think that we need government regulation on the way that phones are bundled. The market for phones that aren’t associated with Telco contracts has been destroyed by the anti-competitive behavior of the Telcos.
The Problem
My SE Linux Play Machine has been down for a couple of weeks. I’ve changed to a cheaper Internet access plan which also allows me to download a lot more data, but I don’t have a static IP address any more – and my ISP seems to change the IP a lot more often than I’ve experienced in the past (I’m used to having a non-static IP address not change for months rather than hours). So I needed to get Dynamic DNS working. Naturally I wasn’t going to use one of the free or commercial Dynamic DNS solutions, I prefer to do things myself. So my Play Machine had to remain offline until I fixed this.
The Solution
dyn IN NS ns.sws.net.au.
IN NS othello.dycom.com.au.
play IN CNAME play.dyn.coker.com.au.
The first thing I did was to create a separate zone file, I put the above records in my main zone file to make play.coker.com.au be a CNAME for play. and dyn.coker.com.au is a dynamic domain. I have SE Linux denying BIND the ability to write to the primary zone file for my domain to make it slightly more difficult for an attacker to insert fake DNS records (they could of course change the memory state of BIND to make it serve bogus data). The dynamic zone file is stored where BIND can write it – and therefore a BIND exploit could easily replace it (but such an attack is out of the scope of the Play Machine project so don’t get any ideas).
Another reason for separating the dynamic data is that BIND journals changes to a dynamic zone and therefore if you want to manually edit it you have to delete the journal, stop BIND, edit the file, and then restart BIND. One of the things that interests me is setting up dynamic DNS for some of my clients, as a constraint is that my client must be able to edit the zone file themself I have to keep the editing process for the main zone file relatively simple.
dnssec-keygen -a hmac-md5 -b 128 -n host foo-dyn.key
For newer versions of BIND use the following command instead:
tsig-keygen -a hmac-sha512 foo-dyn
I used the above command to create the key files. It created Kfoo-dyn.key.+X+Y.key and Kfoo-dyn.key.+X+Y.private where X and Y are replacements for numbers that might be secret.
key "foo" { algorithm hmac-md5; secret "XXXXXXXX"; };
zone "dyn.coker.com.au" {
type master;
file "/var/cache/bind/dyn.coker.com.au";
allow-update { key "foo"; };
allow-transfer { key ns; };
};
I added the above to the BIND configuration to create the dynamic zone and allow it to be updated by this key. The value which I replaced with XXXXXXX in this example came from Kfoo-dyn.key.+X+Y.key. I haven’t found any use for the .private file in this mode of operation. Please let me know if I missed something.
Finally I used the following shell script to take the IP address from the interface that is specified on the command-line and update the DNS with it. I chose a 120 second timeout because i will sometimes change IP address often and because the system doesn’t get enough hits for anyone to care about DNS caching.
#!/bin/bash
set -e
IP=$(ip addr list $1|sed -n -e "s/\/.*$//" -e "s/^.*inet //p")
nsupdate -y foo:XXXXXXXX << END
update delete play.dyn.coker.com.au A
update add play.dyn.coker.com.au 120 A $IP
send
END
Update
It is supposed to be possible to use the -k option to nsupdate to specify a file containing the key. Joey’s comment gives some information on how to get it working (it sounds like it’s buggy).
rhesa pointed out another way of doing it, so I’ve now got a script like the following in production which solves the security issue (as long as the script is mode 0700) and avoids using other files.
#!/bin/bash
set -e
IP=$(ip addr list $1|sed -n -e "s/\/.*$//" -e "s/^.*inet //p")
nsupdate << END
key foo XXXXXXXX
update delete play.dyn.coker.com.au A
update add play.dyn.coker.com.au 120 A $IP
send
END
Update
Added a reference to the tsig-keygen command for newer bind.
LWN has a recent article titled “The dark side of open source conferences” which concerns sexual assault at conferences [1].
There are a significant number of comments with attempts to derail the discussion in ways that can really only be interpreted as attacks on Autistic people. The claims seem to be that the problem is not violent sexual assault at conferences, but guys on the Autism Spectrum who hit on girls when they don’t want it. Naturally no supporting evidence was made for such claims. But that doesn’t stop the discussion which has a logical end-point of excluding people like me from conferences.
The Irony
I think it’s ironic that those who are making claims about what they call “empathy disorders” have failed to be Empathic by not realising the following things:
- Women who start a discussion about serious sexual assault probably aren’t going to be happy if someone starts talking about chat-up attempts. While unwanted chat-up attempts are unpleasant they are in a different category and mixing them seems to be diminishing the significance of violent attack.
- Most members of a minority group (in this case women in the Free Software community) probably don’t want discussions of how to help their group diverted by discussions that attack another minority group. What looks a lot like a “divide and conquer” attack against minority groups isn’t going to be appreciated by members of either group – and probably members of other minority groups who see what’s happening aren’t going to like it.
- There is no reason why people should require significant exposure to members of a minority group to treat them in a decent manner. The claim that we need more women at conferences so that men can get used to them and not treat them badly is ridiculous. Among the many stupid aspects of that idea is forgetting the fact that women comprise 52% of the population in first-world countries and we all deal with women every day. Women at IT conferences are not fundamentally different from women in the rest of society.
- When most people interpret your writing in a way other than what you intended it seems to be a reasonable assumption that you failed to explain things clearly. Telling everyone who disagrees to “get therapy” is unlikely to help convey your point. Telling people to “get therapy” is particularly likely to get a bad reaction if you are discussing something that actually involves dealing with psychologists.
- When there is an obvious resource on the Internet relating to a topic it’s a good idea to read it instead of just making stuff up. Failing to do so will be taken as an indication that you aren’t trying to be Empathic. The Wikipedia section on Autism Spectrum Disorders has a lot of useful information [2]. Please read it before making comments about Autism and Empathy.
- Having to be told how other people feel is not inherently a sign of a lack of Empathy. Asking people how they feel because you can’t work it out is a sign of Empathy as it indicates an acknowledgement that other people have different emotions and you probably don’t understand them all. The people who know that they can’t understand other people and listen when told are probably better than average when it comes to Empathy.
- Finally what people say about themselves and their own experiences should be taken seriously.
Some Final Points
Instead of talking about how some other people should be more Empathic it seems that a better idea would be to try and demonstrate Empathy. Set a positive example.
I did a Google search for “Empathy Disorder” and found this interesting article [3]. It’s about how Neuro-Typical people (people who aren’t on the Autism Spectrum) can learn to be more Empathic, it’s probably more relevant to the issue of Empathy in the free software community than discussions of Autism.
I think that the experience of a lot of people on the Autism Spectrum is similar to mine. It’s not that we can’t work things out it’s just that it takes a lot longer. For things that can’t be worked out in real time we have rules based on past experience. Naturally the rules include “don’t touch people” and “don’t try to chat up women at conferences“.
Here is a link to my previous post on this topic [4].
Update: I’ve clarified some of the writing and added an extra point about having to be told how others feel.
LWN has an article by Valerie Aurora titled “The dark side of open source conferences” [1] which is about sexual harassment and sexual assault at Free Software conferences. Apparently some conferences create such a bad environment that some people won’t attend, it’s a well researched article that everyone in the community should read.
The Autism Derailment
The comments have the usual mix of insight, foolishness, and derailment that you expect from such discussions. One derailment thread that annoyed me is the discussion about men on the Autism Spectrum started by Joe Buck [2]. Joe seems to believe that the 1% of males on the Autism Spectrum (and something greater than 1% but a lot less than 50% in the Free Software community) are a serious part of the problem because they supposedly hit on women who aren’t interested in them – in spite of the fact that the article in question is about women who are “being insulted, harassed, and groped at at open source conferences“. The article had no mention of men who try to chat up women – presumably this was a deliberate decision to focus on sexual assault and harassment rather than what Joe wanted to talk about.
In response Mackenzie made the following insightful point:
I don’t think any autistic person who is high-functioning enough to A) contribute to open source B) want to be at an event with so many people and C) carry on any sort of conversation is low-functioning enough not to understand “stop” or “no.” If you can understand “your patch has been rejected,” you can likely understand “don’t do that again.”
Understanding how Other People Feel
Bruce Perens claimed “What they [Aspies] don’t understand is how the other person in the situation feels“. Like many (possibly most) people Bruce doesn’t seem to get the fact that no-one can really understand how other people feel. The best logical analysis of this seems to be the Changing Emotions article on Less Wrong [3]. While Less Wrong deals with Male to Female conversion as the example (which may be relevant to the discussion about the treatment of women) the same logic also applies to smaller changes. Anyone who even thinks that if they would always be able understand how their identical twin felt (if they had one) probably hasn’t considered these issues much. As an aside, having a psychologist diagnose you as being on the Autism Spectrum and therefore by implication thinking differently to 99% of the population really makes you consider the ways in which other people might have different thought processes and experiences.
Every time we have a discussion about issues related to sexism in the Free Software community we get a lot of documented evidence that there are many people who are apparently neuro-typical (IE not Autistic) who don’t understand how other people think – in many cases they go so far as to tell other people what their emotional state should be.
What Really Happens
Nix said “However, in that situation our natural reflex is to *get out of there*, not to jump on women like some sort of slobbering caveman” which is a really good summary.
In more detail, I think that the vast majority of guys who are on the Autism Spectrum and who are able to do things like attend computer conferences (*) realise that chatting up a random girl that they meet is something that just isn’t going to work out. Generally people don’t attempt things that they expect to fail so I don’t think that Autistic guys are going to be hitting on girls at conferences.
(*) Having never met any Autistic people who aren’t capable of attending such conferences I can’t speak for them. I really doubt that the Low Functioning Autistic guys are as much of a problem as some people claim, but lack evidence. In any case the actions of people who don’t attend conferences aren’t relevant to a discussion about things that happen at conferences.
Update: It Keeps Going
Dion claims that the misogyny at conferences is due to socially inept people, he also casually switches between discussing people who misunderstand when someone is flirting and people who hire almost-naked booth-babes (two very different classes of action) [4]. Several people asked for supporting evidence, naturally none was provided.
In response njs posted a link to Marissa Lingen’s blog post “Don’t blame autism, dammit” [5]. Marissa points out that people who offend other people due to lacking social skills will tend to do so in times and places that are likely to get a bad reaction – if you don’t know that you are doing something wrong then there’s no reason to hide it. If someone offends a senior manager at a corporate event then it could be because they are on the Autism Spectrum (I’ve apparently done that). If someone offends junior people at a times and places where there are no witnesses but is always nice to managers and other powerful people then it’s not related to Autism.
One final note, I have little tolerance for anyone who claims to be an Aspie when they do something wrong. You are either on the Autism Spectrum all the time or none of it. Anyone who wants any sympathy for me for an occasion where they stuffed up due to being an Aspie can start by making a clear statement about where they are on the Autism Spectrum.
Update2: Yet More from Bruce Perens
Bruce wrote “IMO, the kind of men who go in to software engineering suffer a lack of healthy interaction with women who are their peers, and it may be that the high incidence of empathy disorders in our field is involved” (which seems to be part of the inspiration for Joe Buck later in that thread) and now claims “Nobody here was trying to connect Asperger’s or autism with the touching incidents or violent crime“.
Matthew Garrett responded to that with “If you weren’t trying to say that the high incidence of empathy disorders in our field was related to a lack of healthy interaction with women who are their peers, and that that has something to do with incidents of sexual harassment or assault at conferences, what were you trying to say? Because that sounds awfully like ‘We wouldn’t have so many problems if it weren’t for all the autists’“.
Bruce’s latest comment is “If you choose to read something that nasty into my writing, that’s your problem. Get therapy“.
Through this discussion I’ve been unsure of whether to interpret the statements by Bruce et al the way Matthew does or whether I should consider them as merely a desperate attempt to derail the discussion. I can’t imagine any possible way of interpreting such comments in connection with the discussion of sexual assault as anything other than either trivialising violent crimes against women (suggesting that they are no worse than asking out someone who’s not interested) or claiming that anyone who lacks social skills should be treated as a violent sexual predator. It’s just not reasonable to believe that every single person who wrote such comments referring to Autism was misunderstood and really meant something nice.
As a general rule I don’t think that it’s the responsibility of other people to try and find a non-offensive interpretation of something that one might say. I don’t think that all the people who strongly disagree with the most obvious and reasonable interpretations of Bruce’s comments should get therapy. I think that Bruce should explain what he means clearly.
|
|
