Monday, December 31, 2007

[en] when privacy concerns ... US doesn't differ from China

We all know how US sucks, specially when it comes to privacy (I wonder how much time will they be able to keep the hypocrisy of their freedom respect), and it's good to see it confirmed with actual metrics.

The bad news is that the planet if decaying altogether ... the good news is that my country is not so bad :-D (aguante, Argentina!).

From http://www.privacyinternational.org/ via
boingboing: Privacy State of The Planet:

Sunday, November 18, 2007

Using mutt for gmail via IMAP

You use mutt, you love it. You hate the user interface "latency" of every other MUA, and the fact that no other MUA has "got" how to handle mail threading as mutt does.
BUT also you, a true road warrior, want mail(box) availabilty and plenty of storage.
Well, recently gmail added IMAP support, with a very good support of the standard AND a well thought mapping between gmail labels and IMAP folders ( "virtual" folders).

The good news is that you can link your beloved mutt to gmail, use IMAP folders and also use SMTP TLS authentication via smtp.gmail.com

Here is a copy of my .mutt/muttrc (obviously must change "username" and other stuff):

## ~/.mutt/muttrc
set from=username@gmail.com
set realname="JuanJo seC"
set reverse_name=yes
set reverse_realname=no
set imap_user = 'username@gmail.com'
set spoolfile = imaps://imap.gmail.com:993/INBOX
#set sendmail="/usr/sbin/ssmtp -C$HOME/.mutt/ssmtp.conf"
set smtp_url="smtp://username@smtp.gmail.com:587/"
set folder = "imaps://imap.gmail.com:993"
#set record=+sent-mail-`date +%Y`
set record="+[Gmail]/Sent Mail"
set postponed="+[Gmail]/Drafts"
# previously do: mkdir -p ~/.mutt/cache/{headers,bodies}
set header_cache="~/.mutt/cache/headers"
set message_cachedir="~/.mutt/cache/bodies"
set certificate_file=~/.mutt/certificates
set move=no
set delete=yes
set edit_hdrs
set include
set reply_to
set abort_nosubject=no
alternates '(username|altusername)([-+].*)?@.*'
set hdr_format="%4C %Z %{%m/%d} %-15.15F (%4c) %s" # format of the index

hdr_order From: Date: User-Agent: X-Mailer To: Cc: Reply-To: Subject:
ignore *
unignore From: Date: User-Agent: X-Mailer To: Cc: Reply-To: Subject:
my_hdr Reply-To:

# setup gmail filters to apply the corresp. labels:
mailboxes ! =ml-lug-list =ml-lug-org =[Gmail]/Drafts "=[Gmail]/All Mail"

set editor="jed %s -l ~/.mutt/jed.mutt.sl"
set alias_file=~/.mutt/mail_aliases
source ~/.mutt/mail_aliases

send-hook . 'set realname="JuanJo seC"'
## hack to make $reverse_name and 'my_hdr From:' work ok (eg mlists)
send-hook . 'set from=username@gmail.com'
send-hook . 'unmy_hdr From:'
###
send-hook . 'set signature=~/.signature'

#send-hook lug-list 'set record=+sent-lug-list'
send-hook lug-.+@lugmen.org.ar 'my_hdr From: JuanJo seC <username+mlist@gmail.com>
subscribe lug-.+@lugmen.org.ar



Very cool to experiment folder switching in mutt using:
'c' ("Open Mailbox")
TAB (will show all IMAP folders)
TAB (again: will show only the 'mailboxes' mutt var)

And here is my jed rc:

% ~/.mutt/jed.mutt.sl
% emacs keybinding for jed:
() = evalfile("emacs");
% Find signature begin, position cursor there:
if (re_fsearch("^--")) {
call("previous_line_cmd");
} else {
% else search headers end
re_fsearch("^$");
call("next_line_cmd");
}
push_mark();


Yeahh... finally I can read mailing lists with an interface that doesn't suck! 8)
Enjoy!

Sunday, October 28, 2007

for next I-Monday :-P

Damn ... it gonna be a boring Monday with all these Steven Jobs'
bedpartern-wannabes bragging around with their blackbox OS.

Let's have some I-mmunization fun:




Enjoy :-D

Tuesday, October 02, 2007

encontré yerba mate en Suiza!

Mi alma de verdes regresó al cuerpo :-D
Seehhhh!! ... llamé a la embajada argentina @Suiza, y no podía creer que cuando les
pregunté por yerba en estos lares, además de una risa cómplice obtuve una url:
http://www.productosargentinos.ch/ donde efectivamente podré comprar yerba.

Compra online, remota, desde tu consola gráfica Linux doble LCD 24" übergeek ?
Nahhh... es una excelente excusa para darse una vueltita por Lucerna ;)

[ UPDATE - Mar/2011 ]
Aquí va un resumen de los lugares donde conseguir yerba mate en Zurich y cercanías
  • http://www.elmaiz.ch

    Josefstr. 23
    8005 Zürich
    TE: 044 440 5840
    Nota: Rosamonte y otras, dulce de leche!, en general un poco más baratos que el resto, cerca de la ZHB


  • http://www.sabor-tropical.ch

    Ackerstrasse 1
    8005 Zürich
    TE: 044 440 5455
    Nota: Rosamonte, cerca de la ZHB


  • http://www.mitierra.ch

    Seestrasse 195
    CH - 8712 Stäfa
    TE: 044 926 7060
    Nota: no he ido aún, tienen dulce de leche también.


  • http://www.productosargentinos.ch/

    Luzernerstrasse 105
    6014 Littau/Luzern
    TE: 041 250 8040
    Nota: en Lucerna, opción piola via Posta

  • 24h open store just by
    Langstrasse 193
    8005 Zürich
    Thanks Ben (bhk@) for the tip! :)

Friday, September 28, 2007

El hippismo - Detección y Procedimiento

Maeeestro Capusotto !! y no te digo si estás lejos como para no podeer sintonizarlo en el éter...


, éste es tan sólo uno de los tantos de Septiembre.
Prepará los pañuelos y/o pañales por que vas a morirte de risa =)

Tuesday, September 04, 2007

e-voto: porque no queremos ser menos, señores!

Sip ... no queremos ser menos e-stúpidos que en otras latitudes, como siempre, bombos y platillos ignorando plenamente todas las recomendaciones al contrario desde organismos independientes [1] y los incidentes concretos que han ocurrido. Entre los más interesantes está la decisión de California (EEUU) de invalidar todas las máquinas de e-voto [2] por razones de seguridad y falta de confianza.

Los chicos de Vía Libre se adelantaron y ya montaron http://www.votoelectronico.org.ar/ ( graaande x haber "mordido" ese nombre de dominio! ) donde hay análisis y referencias para entender más a fondo las implicancias, no sólo desde el dominio técnico, sino también de la ligereza con que se pretende tomar semejante decisión.

Por cierto, yo tuve la oportunidad de oler de cerca cómo se cuecen estas cosas en ámbitos políticos ... generalmente termina tratándose de "muchachos ... armemoo un proieto de ley de lo-que-sea como para mostrar que laburamo' " , a lo cual agrego: y se es fashion , meejoooor! :-P

[1] http://www.verifiedvotingfoundation.org/article.php?id=6426
[2] http://www.wired.com/politics/security/news/2004/04/63298 , notar la fecha (!)

Wednesday, August 29, 2007

tu apoyo para la ley de bosques ...

Greenpeace Argentina está haciendo una campaña para juntar 1MiF para entonces así presionar
al Senado para que se promulgue la Ley de Bosques (actualmente tiene media sanción).

Esta Ley, que ya tiene media sanción del Congreso Nacional, establece una moratoria de los desmontes hasta tanto las Provincias realicen un Ordenamiento Territorial de los bosques nativos para planificar de manera participativa su uso sustentable. El Senado está demorando su aprobación.

Ayudanos a salvar nuestros bosques.
Votá vos también por la Ley de Bosques


Más info , y link para apoyo++ : http://www.greenpeace.org.ar/cyberacciones/bosques.html

Gracias =)

Saturday, August 25, 2007

wait no more! ... IT Crowd S02E01 :-)

UPDATE: ya están los subtítulos en Español disponibles :-D http://www.opensubtitles.org/en/subtitles/3143490/the-it-crowd-es
, seeeeeeehhhh ...
--

(Noticia vieja, por cierto ... intenté publicarlo hace 3 días, pero mi blog había sido taggeado como SPAM for un infame robot , ironías del destino =)

A torrentear bits que se vino la segunda temporada de The It Crowd: http://www.mininova.org/tor/855151

Para mi sorpresa, he conocido geek-wannabes que no han visto la 1era temporada,
por su integridad moral (y por no abusar del espacio de publicación :-P ) no los
menciono aquí :-S

Enjoy ... a LOT!

PD: No, no he desaparecido ... tan sólo que esta condición de "expat" provoca mucha fiaca para postear :-D

Friday, June 29, 2007

iPhone: defective by design

El iPhone de Apple sólo puede ser usado con AT&T ... misma sh*t con distinto --muy estético y acabado-- olor, link .
El DRM apesta ... por más bonito que se vea :-P

Friday, June 08, 2007

Migrating XEN installation from fc5 to centos5

Scenario


  • Deployment: several XEN guests running Debian 3.1 (Sarge) over a Fedora Core 5 (fc5) host. Host & guests installed with distro-provided packages.
  • Goal: migrate host from fc5 to centos5 (held migration until centos5 got released)
  • Difficulty: a lot. :-S

UPDATE 11-Jun-2007: See 2.c: /dev/xvc0 instead of /dev/console in guest
UPDATE 13-Jun-2007: See 2.d: oneliner for easy fixed guest MAC generation

Migration

It was faaaaar... more complex than we originally thought.

1. XEN host stuff

1.a. Just one kernel-xen package

FC5 came with two kernel-xen flavor: kernel-xen0 for the Dom0 guest and kernel-xenU for the other unprivileged guests.
Centos5 (and FC6) comes with just one kernel-xen package, this is quite annoying at first (this "mix" of true hardware drivers and virt. guest ones), but it starts to make sense once you ride the wave :)
You can see it with ("front" ones are for the guests , "back" for the host):
host# rpm -ql kernel-xen | egrep /xen

1.b. XEN guest kernel doesn't have the virtual block driver

That is: the guest will plainly PANIC if used without an initrd, so now you do have to make an explicit initrd.guest.img (whatever name you'd like) and add a ramdisk= option to the xen guest config file.
That is:
host# mkinitrd --preload=xenblk --preload=xennet -f -v /boot/initrd-2.6.18-8.1.4.el5xen.guest.img 2.6.18-8.1.4.el5xen
host# vim /etc/xen/xm-guest1 ### add: ramdisk=/boot/initrd.guest.img ### see below
host# restorecon -v /boot/initrd*
The last line (restorecon ... ) is needed because xend is _correctly_ running confined by "targeted" SELinux, and mkinitrd doesn't relabel the initrd file under /boot to allow xend access.
BTW, we prefer to have a "visible" and stable guest file configuration, so we did
host# cd /boot
host# ln -sf initrd-2.6.18-8.1.4.el5xen.guest.img initrd-guest.img
host# ln -sf vmlinuz-2.6.18-8.1.4.el5xen vmlinuz-guest

1.c. [UPDATE] that nasty "4gb seg fixup, process ..." (@host)

From XenFAQ and elsewhere:
host# echo 'hwcap 0 nosegneg' > /etc/ld.so.conf.d/libc6-xen.conf

host# ldconfig -v

2. XEN guest stuff

2.a. udevd inside guests

Debian 3.1 Sarge is installed on our guest images.
Now with Centos5 XEN we do need udevd running inside guests (to correctly setup /dev), that is:
guest# apt-get install udev ### installs udev and hotplug packages

2.b. the return of the "4gb seg fixup" (guest)

That comes from the way Xen uses the CPU segmentation; for newer distros it may be solved with echo 'hwcap 0 nosegneg' > /etc/ld.so.conf.d/libc6-xen.conf , but Debian 3.1 doesn't come with this feature, so we had to:
guest# mv /lib/tls /lib/tls.DISABLED
"Offline'ing" TLS glibc implementation solved the problem, beware that you'll need to redo this everytime libc6 package is upgraded (trivially solved by a rcS script).

2.c. getty /dev/tty1 -> getty /dev/xvc0

UPDATE: /dev/console _seemed_ to work, but it lacked tty' normal signal handling such as Ctrl-C (?), putting /dev/xvc0 solved the problem.

For whatever reason (?), /dev/tty1 was working nicely as Xen guest console (xm console ), but now you should use /dev/xvc0.
That is:
guest# vim /etc/inittab ### check that following line is present:

x0:2345:respawn:/sbin/getty 38400 xvc0

guest# echo xvc0 >> /etc/securetty

2.d. [UPDATE] Debian 4.0 and network device naming

After upgrading guests from Debian 3.1 (Sarge) to 4.0 (Etch) a "nice touch" appeared: AFAICS Debian udev infrastructure tries to keep netdev naming "constant" based on device's MAC address (no, thanks |-[ ).
Given that Xen generates a non-constant MAC address each time it boots a guest, this makes each Debian 4.0 guest boot to have an increasing ethN device.

Two possible solutions:
  1. Fix MAC address in Xen guest vm config, you could use the following oneliner that uses the first 6 hexdigits from the md5 over the (unique) guestname. This 6 hexdigits are appended to the XenSource reserved MAC prefix 00:16:3E .

    guest# echo -n guestname.FQDN | md5sum | sed -r 's/(..)(..)(..).*/00:16:3E:\1:\2:\3/'

    ... or ...
  2. Just disable the correspondent udev rules by renaming:

    guest# mv /etc/udev/rules.d/{,.}z25_persistent-net.rules

... pheeuuu ... 'nuff written.

Wednesday, June 06, 2007

Por fin entendí porqué SVN siempre apestó para mí.

... entonces ya puedo redimir mi pecado de no haber aprendido nunca SVN habiendo escapado directamente de CVS a GIT ;-)

Linux Torvalds no sólo habla sobre GIT, sino también sobre conceptos de SCM distribuídos & alike.
Imperdible.

Thursday, May 17, 2007

Jugando con IPv6 (apto para todo IPv4-público ;)

Dale ... festejemos el día de Internet usando lo que es y será su pegamento futuro: IPv6.
Ingredientes: tan sólo 1 IP pública
Resultado: estemmm ... exactamente 1208925819614629174706176 (2^80 ;) direcciones IPv6, las cuales han estado ahí desde hace tiempo esperándote :-P
Para saborear más aún: end-to-end para las máquinas que quieras ... como en los buenos viejos tiempos, por ej. podrás hacer desde "afuera":
ssh -6 flamanteIPv6_de_esa_PC_que_no_tiene_IP_publica


El mecanismo se llama tunneling 6to4, está descripto por doquier, en particular yo escribí un mini artículo para el seminario de IPv6 que dimos en el 2005 en la UM.

Podés probar usando mi script: ipv6-setup6to4.sh , el cual sólo muestra los comandos necesarios (es decir: inofensivo :-), por ejemplo con una dir. IPv4= 65.1.2.3 da como salida:

bash$ ./ipv6-setup6to4.sh
IP4_ADDR=65.1.2.3
IP6TO4_PREF=2002:4101:203
#check you allow ipv6 encap: iptables -I INPUT -p 41 -d 65.1.2.3
ip tunnel add tun6to4 mode sit remote any local 65.1.2.3 ttl 64
ip addr flush dev tun6to4 2>/dev/null
ip link set dev tun6to4 up
ip addr add 2002:4101:203::1/16 dev tun6to4
ip route add ::/96 dev tun6to4
ip route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
#you may do something like: ip -6 addr add 2002:4101:203:0001::1/64 dev eth0

#NOTHING done, use me as: ./ipv6/ipv6-setup6to4.sh |sudo sh -x


Que lo disfrutes!

Juguemos en el bosque ... mientras los lobos no están :-S

Hoy 17 de mayo se festeja el día de "Internet" [1], veremos cuántos años más podremos hacerlo ... al menos con "la" Internet que conocemos y disfrutamos hoy.

Por si no lo sabías, los elefantes de siempre (media/content corps & alike) quieren "otra" Internet, más acorde a sus mecanismos feudales de poder [2].

Seguramente ya nos caerá el regalito a estas pampas, por ahora lo mejor que podemos hacer es tomar y hacer tomar conciencia.

Salud! y que sea por muuucho tiempo más ...

[1] http://www.itu.int/wisd/2007/index.html
[2] http://www.savetheinternet.com/

Tuesday, May 08, 2007

[en] From my recruiter: Job opportunities @Google

My name is Sripriya. I am part of the recruiting team for Google.com (SRE) Group.

We currently have positions available at Google that may be a good match for you. If you are open to exploring these opportunities further, please send an updated version of your resume in Word, HTML, or PDF to JuanJo's email with "Subject: job opportunity @Google: " as soon as possible

***We have multiple openings located in Dublin - Ireland and Zurich - Switzerland)***

All positions involve working in our infrastructure team, known as Google.com Engineering. Our Google.com engineers hold the beating heart of Google and are very well respected. They are responsible for keeping the google.com website up and running as well as building new automation infrastructure. We are seeking extraordinary Developers, UNIX (Linux) System Administrators, and Managers/Directors to add to our exciting team and growing organization.

If this prospect is of interest to you, please get in touch with me as I will like to share your resume with the hiring engineers to see if there is match. You may also know engineers with this skill set who are looking for fresh challenges; I will appreciate it if you will pass my contact information to them.

Please note that in addition to these positions, we also have openings as a Systems Deployment Engineer, Launch Coordination Engineer, and Engineering Project Manager.

For more information, go to:

Zurich positions:
http://www.google.ch/support/jobs/bin/topic.py?dep_id=1058&loc_id=1115

Dublin - Ireland positions:
http://www.google.ie/support/jobs/bin/topic.py?dep_id=1058&loc_id=1110

Thank you and hope to hear from you soon.

Thanks & Best Regards,
Sripriya
--
Sripriya Sampath
Technical Recruiter
Google Inc

Wednesday, May 02, 2007

[en] preparing yourself for the technical interview (cont'd)

Cool ... so you're already enjoying answering those tricky tech and puzzle questions from my previous post.

Time for more formal lectures, here is a list of helpful textbooks you should study before the technical interview (again, based on my profile, see my previous post).
  • Networking
    • Internet Core Protocols: The Definitive Guide
      E Hall - 2000 - O'Reilly & Associates.
      Great book on TCP/IP network and transport protocols, very comprehensive yet easy reading (BTW do trash the CD contents, just use wireshark )


  • POSIX & BSD sockets API
    • Our beloved APUE: Advanced Programming in the Unix Environment
      R. Stevens, S. Rago - 2004 - A. Wesley.

      From our great all-time teacher, Richard Stevens, impressive as all his books.


    • Unix Network Programming
      WR Stevens, B Fenner, AM Rudoff - 2004 - A. Wesley.

      THE reference book for IPC & network programming


    • POSIX.4: Programming for the Real World
      Bill 0. Gallmeister - 1995 - O'Reilly.

      Great book about multithreading POSIX API



  • Linux sysadmin and alike: there are actually a LOT of books, but nothing can compare with a good expertise ;), so ...
    • LPI Linux Certification in a Nutshell, 2nd Edition
      J. Dean, B. Gomes Pessanha ... - 2006 - O'Reilly.
      Nice book for autotesting your already learned sysadm knowledge & skills

  • Unix/Linux internals
    • Understanding the Linux Kernel, 3rd Edition
      D. P. Bovet, M. Cesati - 2005 - O'Reilly
      Too detailed, try to "grep" for concepts and graphs

'nuff written ... now enjoy the cool reading 8^)

Tuesday, May 01, 2007

[en] preparing yourself for the technical interview

So you've followed my suggestion, made your shinning resumè ... so the call from your future job recruiters may come in any moment.

Time to get() ready for the technical interview!

Here are some useful links I've collected while preparing my interviews, obviously considering my profile: networking, Linux/UN*X sysadm & trou, low level programming in C and shell scripting, kernel internals.

Enjoy!
I assure you will ... else ask the mirror if you could be called a true geek ;-)

Thursday, April 26, 2007

[en] your CV is useless

You (may) use to maintain a pretty precise Curriculum Vitae (CV) with every bit of your professional activities.
Bad news: it's useless (well, to be honest, it's perfect for filling paper files =)

At least this happened to me while applying for working at google.com , I needed to rush and write a "Resumè" , which is a sort of resumed-CV but focused on your profile, strengths, etc.

These are some useful links I've collected that helped me writing the "Resumè" (of course you could just search for "resume tips" and such, but there are plenty of results and much noise around):
  1. http://www.resume-resource.com/examples.html
  2. http://www.resume-resource.com/extec7.html
  3. http://www.alec.co.uk/how-to-write-a-resume/how-to-make-a-resume.htm
  4. http://www.how-to-write-a-resume.org/action_verbs.htm
  5. http://lifehacker.com/5866630/how-can-i-make-sure-my-resume-gets-past-resume-robots-and-into-a-humans-hand
Don't rush when forced, do it now (it happend to be of some fun ;)

BTW Here is my Resumè: https://sites.google.com/site/juanjosec/curriculum/Resume-JuanJoseCiarlante-en.2011oct12.pdf

[UPDATED 2010-05-27: new resume url]
[UPDATED 2011-10-12: updated my resume, add link#5. ]

Wednesday, April 25, 2007

Un cordobés @Mendoza ... hacia Google Zurich

Gracias a todos mis amigos por su buena onda ... no hay palabras para contar la emoción que siento :~)
--jjo




Sipp ... me voy a trabajar a Google Zurich, obbbbviamente familia included.

La historia es larga en anécdotas, pero vertiginosamente corta en tiempo: hace NADA MÁS que 2 meses y medio me llegó un mail @google.com invitándome a realizar el proceso de entrevistas técnicas para ver si calificaba.

Y así fue ... aprobé las entrevistas telefónicas --hardcore-- y una onsite en las oficinas de Google Zurich --que constó de varias entrevistas muy hardcore-- ... todo el proceso fascinante y muy desafiante.

Y bueh, acatamo' ... tratando de (no)entender cómo se dan las cosas en la vida, sino de just disfrutarlas =)



Thursday, April 12, 2007

Instalando Debian 4.0 a ver q'onda...

Standard disclaimer


Ésto no pretende ser un review ni nada que se le acerque, simplemente un "dump" de las cosas que me gustaron y no luego de probar una instalación de la flamante Debian-4.0. Please dont troll.

Metodología


Nah... meramente un toque virtual usando qemu:

$ sudo /sbin/modprobe kqemu
$ qemu-img create -f qcow2 debian4.qcow2.img 4G
$ qemu -cdrom /path/to/debian-40r0-i386-CD-1.iso -hda debian4.qcow2.img -boot d
(instalación...)
$ qemu -cdrom /path/to/debian-40r0-i386-CD-1.iso -hda debian4.qcow2.img -boot c
(booteo...)

Instalador


verso: "instalador gráfico": en momento de booteo es posible seleccionar el "instalador gráfico" tipeando installgui. No es un instalador gráfico, es meramente un gui-ficador de la interfaz de texto. Recomendación: usá el de modo texto, más rápido y no tiene menos funcionalidad (excepto seleccionar con el mouse las opciones :-P ).

groso: como siempre, el control full y la capacidad de tener el "estado" de instalador en cualquier momento, y poder ir y volver de cada paso.

groSísimo: la posibilidad de particionado clásico, LVM y LVM+cifrado.

flojo: es demasiado burocrático para particionar "a gusto" (del experto) comparado con otras distros (Fedora por ej.); _entiendo_ que la funcionalidad "modo texto" no permite mucho juego aquí, pero lo mismo creo que se podría achicar la cantidad de "Enter"s necesarios para hacerlo.

Primer booteo


groso: booteo limpito en modo texto (bien!)

groso: apenas unos 300Mb luego de instalado (!). Ok, sin entorno gráfico, ni de devel, etc; pero bien sabemos que Debian permite una GRAN versatilidad/disponibilidad en la instalación posterior de paquetes.

pateticamente-insoportable-as-always: la falta de los siguientes comandos por default:
  • less: sin comentarios :-P
  • ip (pkg iproute): agaaain, la única distro que conozco que no lo instala (!), pero eso sí ... tengo ipmaddr, iptunnel (cuaK?!)

Conclusión


Ninguna :-) --no era el objetivo--, probala vos mismo.

Thursday, April 05, 2007

Boing Boing: Stop-motion Space Invaders using human pixels

Probablemente para los más "nostálgicos" (aka dinosaurios):

Boing Boing: Stop-motion Space Invaders using human pixels

Impecablemente molidos del mate :)

roameando más libremente en otras plataformas

Seguro te ha pasado.

Sos tan adicto al software libre como yo, pero te has visto obligado a sentarte en un típico winpork de cyber ú hotel para leer mail y/o hacer algo de IM, o peor, echarle mano a un putty.exe para alguna emergencia (o meramente para leer mail con mutt ;).

Dado que internet exploder ES insoportablemente inusable y tanto éste como la plataforma es comprobadamente amigable al spyware y otros bichos, resulta imposible usarlos tal como vienen.

Solución (parcial): PortableApps : contiene, entre otros: PortableFirefox, PortableGaim y PortablePutty.

Instalé estos tres en mi pen-drive, arranqué PortableFirefox y le instalé mis extensiones preferidas: Mouse Gestures, AdBlockPlus y TabMix Plus --ésta última útil para almacenar correctamente la última sesión--.

Luego arranqué PortableFirefox (desde el pendrive, obviamente), entré a gmail (claro que el password no lo tipeé, sino que tipeé una cantidad de (human-non)random text en un "Nuevo archivo de Texto" tal que contuviera los caracteres de mi password, los cuales copié y pegué uno a uno); lo bueno de ésto es que el contexto de Firefox (cookies, etc) queda almacenado en el pen-drive, con lo cual la próxima vez que arranques, por ej gmail, no requerirá reingresar el password; asimismo quedarán los tabs, bookmarks, etc de la última sesión.

Algo similar hice con PortableGaim; y para PortablePutty usé el agente "pageant.exe" para cargar mi privatekey de ssh que llevo siempre en el pendrive (ésto anula un ataque de keylogging al logueo vía ssh porque no es replicable sin la privatekey).


Enjoy! ... más que recomendable para llevarlo encima (estos tres en total unos 80Mb).

Wednesday, March 28, 2007

Confirmado: uno vé @hotmail y piensa....

... lo mismo que esta empresa de recursos humanos al momento de contratar especialistas de Internet y afines:

Link: Catorze.blog - Blog Archive - El criterio Hotmail

Así que ya sabés: no pongas ese @hotmail en tu Currículum :-P

Sunday, March 04, 2007

[en] powerful arrays in bash

Doing some experiments with advanced bash array features. I created a bash implementation of insertion sort algorithm.

UPDATE: This example is already part of the great Advanced Shell Scripting Guide :)


Enjoy :-D




#!/bin/bash
# insertion-sort.bash.sh: Insertion sort implementation in bash
# Heavy use of bash array features: slicing, merging, etc
# URL: http://www.lugmen.org.ar/~jjo/jjotip/insertion-sort.bash.d/insertion-sort.bash.sh
#
# Author: JuanJo Ciarlante jjo \O/ irrigacion gov ar
# License: GPLv2
#
# Test with: ./insertion-sort.bash.sh -t
#

: ${DEBUG:=1} # debug, override with: DEBUG=1 ./scriptname ..

# Global array: "list"
typeset -a list
# Load whitespace separated numbers from just stdin 1st line
if [ "$1" = "-t" ];then
read -a list < <(od -An -w32 -t u2 /dev/urandom )
else
read -a list
fi
numelem=${#list[*]}

# Shows the list, marking the element whose index es $1 by surrounding it with
# the two chars passed as $2; whole line prefixed with $3
showlist() { echo "$3"${list[@]:0:$1} ${2:0:1}${list[$1]}${2:1:1} ${list[@]:$1+1}; }

# loop "pivot" from 2nd elem, to end of list
for((i=1;i<numelem;i++))do
((DEBUG))&&showlist i "[]" " "
# From current "pivot", back to 1st elem
for((j=i;j;j--))do
# search for the 1st elem less than current "pivot" ...
[[ "${list[j-1]}" -le "${list[i]}" ]] && break
done
((i==j)) && continue ## no insertion was needed for this element
# ... move list[i] (pivot) to the left of list[j]:
list=(${list[@]:0:j} ${list[i]} ${list[j]} ${list[@]:j+1:i-(j+1)} ${list[@]:i+1})
# {0,j-1} {i} {j} {j+1,i-1} {i+1,last}
((DEBUG))&amp;amp;amp;&showlist j "<>" "*"
done
echo $'Result:\n'${list[@]}

Friday, February 16, 2007

sistemas criticos funcionando con sistemas operativos de juguete (?)

Si sirve de consuelo ... ver que no solamente en estos lares abunda la mediocridad en quienes toman decisiones de IT.

"Quebec health officials are battling a fast-spreading virus that struck its entire computer network system late Tuesday." link

Lisp? nahh...

Friday, February 02, 2007

M'rd Donalds ... por qué lo amaré tanto ?

Si un día viendo tele sentís un deseo irresistible de transarte al "payasito" de M'rd Donalds quizás sea por algo como ésto (T=00:35).

Quién te dice ... por ahí terminás siendo un existoso manager, así que podés ir entrenando



Enjoy :-P

Wednesday, January 10, 2007

[en] Throughput tests WRTSL54GS v1.1 vs WRT54GS v3.0

Throughput tests WRTSL54GS v1.1 vs WRT54GS v3.0


The goal of this test is to measure and compare the NAT'ing/routing/switching behavior of these two WRT54G's [1] running OpenWRT Whiterussian RC6 [5]:




models/nCPUflash/RAMeth switch
WRTSL54GS v1.1 [2]CJK11xxxxxxxBroadcomm 4704rev9 266Mhz8/32MBinCPU
WRT54GS v3.0 [3]CGN5xxxxxxxBroadcomm 5352 200Mhz8/32MBBCM5325


IMPORTANT: nbd ( openwrt developer) pointed a problem with "entropy gathering which fills /dev/random from wifi" in WR rc6 and suggested me trying a newer build (09test); I'll try it an repost the results (specially the wifi ones)
--jjo; Jan 10, 2007.


Testbed, methodology



  • Topology

  •                        --------> iperf test connection------>
    WIFI-NATed [CLIENT]+)) wifi (( +[ WRT ]+=== wan ===+[SERVER] (iptables MASQUERADE'd)
    LAN-NATed [CLIENT]+=== lan ===+[ WRT ]+=== wan ===+[SERVER] (iptables MASQUERADE'd)
    LAN-routed [CLIENT]+=== lan ===+[ WRT ]+=== wan ===+[SERVER] (plain routing)
    LAN-switched [CLIENT]+=== lan ===+[ WRT ]+=== lan ===+[SERVER] (hardware switching)

    "lan": any LAN (1of4) port
    "wan": WAN port
    "wifi": 802.11g link at 54Mbps (aprox 2mts distance between antennas)
    iptables MASQUERADE'd: default whiterussian setup (masquerade both wifi,lan to wan)
    plain routing: accomplished with iptables full "flushing" + server route to client via WRT

  • Hardware

    • client: IBM Thinkpad T42, lan: e1000 (10/100/1000), wifi: ipw2200
    • server: generic PC sempron 2200+, lan: 8139too
    • routers: (stated above)


  • Software
    • client, server: iperf [4] (-c, -s) on linux-2.6, glibc-2.3+.
    • routers: OpenWRT WhiteRussian RC6 [5].



Results


Throughput values in megabits per second taken from iperf's output. Please note that measured rates by iperf correspond to _application_, ie: they don't consider protocol headers, etc.

CPU usage % shown by top for ksoft_IRQd from a ssh logged session, this "top" session was not considered for throughput values (separately taken) to avoid "measuring load influence": 100% CPU usage was aprox= 90% ksoft_IRQd + 8% dropbear + 2% top.





Throughput (CPU usage %)
modelWIFI-NATedLAN-NATedLAN-routedLAN-switched
WRTSL54GS23.5mbit/s (65%)47.5mbit/s (90%+)55.8mbit/s (90%+)93.7mbit/s (0%)
WRT54GS 10.5mbit/s (14%)34.2mbit/s (90%+)40.4mbit/s (90%+)93.8mbit/s (0%)


Analisys


WRTSL54GS


WIFI-NATed at 23.5 mbits (802.11g @54Mbps) with ~65% CPU usage denotes "reasonable" CPU availability for this 802.11g saturated link.

LAN-NATed at 47.5 mbits shows the CPU bottleneck when routing+MASQUERADING, considering that ip_conntrack table has just a few entries this is a VERY optimistic max.

LAN-routed at 55.8 mbits is pretty poor, I think that ip_conntrack processing is ALSO affecting this scenario (if loaded it gets called even for non-nated streams); it would be veryVERY useful to have ip_conntrack optionally loaded by openwrt (currently static).

LAN-switched at 93.8 mbits is expectable given that hardware only switching is involved.

WRT54GS


LAN-NATed and LAN-routed values give about 75% when compared to its newer cousin, 75% is roughly 200/266, respective CPU clocks [MHz] (this confirms CPU saturation).

WIFI-NATed at 10.5 mbits (dbl-confirmed 802.11g @54Mbps) is a bad smelling frog, I double checked openwrt setup... nothing strange found; about 1mo ago I was running RC5 getting ~20mbits+ rates (informal, from rsync/ftp rates), so it maybe something with RC6 wifi in this hardware, dunno(?).

As expected, LAN-switched gave same results.

Conclusions


Both WRT's seem reasonable for 802.11g @54Mbps even when NAT'ing traffic (common usage), obviously depending on traffic patterns, how many clients, etc ... given the constrained RAM (and CPU) for NAT+conntracking ... NOT tested here.


On the contrast, their CPU is not powerful enough to saturate _both_ (LAN+WAN) 100mbps links simultaneously, even when "only" routing (55mbit/s max on WRTSL54GS); this could be enhanced by having ip_conntrack optionally (not)loaded by openwrt.

Out of band disclaimer


Ok ... I know, you agree: blogger sucks for writing technical reports .. sheesshhhh :-P

References


[1]http://en.wikipedia.org/wiki/WRT54G
[2]http://wiki.openwrt.org/OpenWrtDocs/Hardware/Linksys/WRTSL54GS
[3]http://wiki.openwrt.org/OpenWrtDocs/Hardware/Linksys/WRT54GS
[4]Iperf bandwidth measurement tool: http://dast.nlanr.net/Projects/Iperf/
[5]http://downloads.openwrt.org/whiterussian/rc6/


This thread at openwrt forums talks about openwrt experiences on Linksys WRTSL54GS model, and was the starting point to encourage loading openwrt on WRTSL54GS v1.1 model.