Sean's blog

Everybody should question

Nobody should question

When I first came to Malaysia in 2005, I was eager to find out more about the country I was going to live in, the country my wife was born in and soon our children were  to be born in. We were staying with in-laws for the birth of our daughter; they had the New Straits Times (NST) delivered every day. I was thrilled to bits when I first opened the newspaper, the articles were hilarious! It was only after I read 2 or 3 editions that I realised the NST isn’t a satirical work.

The phrase “nobody should question” (or variations) seems to be a common theme in the articles I read in some media. My own view is that this is a very basic error in the mind of an individual living in a democratic society. Democracy is ‘rule by the people’, which is not just a once-every 5 years trip to the polling booth, followed instantly by a complete abdication of responsibility for whatever happens as a result of the election. ‘Rule by the people’ is a continuing responsibility on all members of a society to work for its improvement.

Why ask questions?

In order to improve, it’s important to identify what can be improved, what our expectations are (when it will be improved by and by how much it will improve), who should effect / contribute the improvements and possibly even why we think it the improvements are needed. Those factors are all questions: ‘what’, ‘when’, ‘how much’, ‘who’ and ‘why’. These are by no means an exhaustive list of questions – business people build careers on branded systems of ‘Improvement’, each with their own variations, but all using questioning as a starting point.

Don’t worry about looking stupid – that only happens when you ask the wrong question, but there’s every chance you’ll still get the right answer. I did that recently on Anil Netto’s excellent journalism site. There was a proposal for Nizar Jamaluddin (the controversially ousted Menteri Besar / Chief Minister) of the Perak State Government to contest a local seat in a by-election caused by the death of the previous minister. I am largely ignorant of the mechanics of Malaysian politics, so I asked why this was a good idea:

My question on anilnetto.com

And Anil replied! He’s my new online hero, just as Nizar is in real life (the ‘Barack Obama gag’, under pressure, was marvellous). My question was prompted by concern that Nizar occupying 2 seats would somehow undermine his own (recently diminished) majority. But as Anil points out, one seat  is at the state level, the other in parliament. But – waidaminnit – presumably these are full time jobs? How is he going to excel at two full time jobs, the way Pakatan Rakyat really need to excel, if they’re going to win the votes of the rakyat? I’ll ask this question here, just so nobody gets tired of my questions. Maybe there’s a good answer that everyone (but me) knows already. If you’re one of the people who know, let me know will you?

I know I said this blog would be about Free Open Source Software in politics, so I’m going to have to crowbar something in, as this article has been utterly irrelevant so far. This blog is made possible by WordPress, and I’m writing this article in a tab in the Firefox web browser, running on Xubuntu – a linux distribution. All free and legal! Oh and the picture above was captured by the Gimp – a powerful image editing program.

Posted in Bolehtics, Philosophy | No Comments »

Old parallel printer, new laptop. Linux + old PC to the rescue!

My brother-in-law had the worst Acer TravelMate laptop (a 528TE) in the world. It wasn’t a bad set of hardware, it was just that the plastic case had so completely degraded that he had to carry the laptop around in a cardboard box to keep all the pieces together. The Windows Me installation on it was so stuffed with malware it could barely run. I think I’d finally convinced him to buy a new laptop, when I decided to show him how well Xubuntu would run on his older laptop.

There seemed to be an issue with the BIOS, so I decided to flash it with a BIOS update long after I should have gone to bed. Confused by lack of sleep and a mysteriously long period of darkness on the monitor, I switched it off. That woke me up! I had of course completely ruined the BIOS. Since the case was in pieces, it was easy to see that the BIOS could only be replaced by soldering, so I apologised profusely and reminded him he’d decided to buy a new laptop anyway.

He opted for a Dell Vostro, their second-cheapest Core 2 Duo, with 2 GB of RAM and … nothing else matters really. I really liked the appearance of his Vostro, smaller and quite a bit lighter than my Inspiron 6400, it appears designed to my eye, as opposed to welded together from leftovers from the failed designs bin, like my Inspiron. But I would say I liked it, wouldn’t I, after destroying his old one?

His Vostro came with FreeDOS – I haven’t seen a desktop or laptop without Windows of some awful kind on the Singapore-based Dell site since he bought it. I installed Xubuntu 7.04 on it, and he was thrilled to bits. Until he’d spent a day at work and realised his old Canon Bubble Jet BJC-265SP had a parallel cable, and his new Vostro had no parallel port! I briefly considered getting in contact with a person I saw advertising a not-quite-so-broken TravelMate near KL, intending to do something Frankensteinian (a hot BIOS swap!) to the pair, but realised it would be easier to just keep apologising. Still, if you live near KL and you can’t get rid of that TravelMate any other way, I still have some funny projects I might be able to use them both for.

Then I remembered he had an old PC shoved under a desk – what a piece of treasure when we dusted it off! A Hewlett Packard Vectra VE Series 2 5/75 – a proper PC! That’s an original Pentium 75MHz, from about 1996. We thanked Hochtief for having cared enough to have employed his sister (my wife) a decent lifetime ago and having the foresight to spend the extra on buying indestructable PCs, and started it up. It tried to boot off a hard disk that sounded like an angle grinder, but the Windows for Workgroups on it had needed files missing. But it seemed to be a working piece of kit. It had a 10Mbit/s BNC/RJ45 ethernet adapter in it, and a parallel port, so it seemed like it could solve the new laptop / old printer issue.

You’re right, he could have bought a USB parallel adapter, but that would have been throwing good money after a printer that was probably near the end of its life anway, and when the printer dies, the USB parallel cable would be redundant. A quick search online turned up this fabulous page:

Network Print Server – by Nicholas Fong

The page is exactly what the Internet should be for. It claims to be a tutorial, and there is a lot of useful information on the page. But what it is is a join-the-dots DIY Network Print Server manual. There’s hardly any thinking required on the reader’s part, so clearly has Nicholas explained the steps. The Network Print Server is based on the long-ago defunct Linux Router Project.

The Vectra was creaking a bit, but with the case off served as a reminder why it’s a good idea not to shave the last few sen off the price of a new PC. The thought that had gone into the internal design of the Vectra would have put plenty of modern systems to shame (I admit, I do still buy the occasional mongrel of a system). With the power and data cables removed from the hard disk drive, the Vectra was much quieter. HP quotes the power consumption of that PC as about 20W with Windows 3.0 – I’ll try to remember to put it on the power meter sometime, and post the result. The Network Print Server boot disk is a single high density 3.5″ diskette, so it makes a bit of noise at startup and is dead quiet after that.

We set it up in my brother in law’s office with no monitor and no keyboard, and I forgot about it. It Just Worked(TM) – I tried turning it off and on a few times and different combinations of print jobs, and it worked flawlessly. I forgot about it after that. If it crossed my mind, I assumed it had burst into flames, or the last 3.5″ high density diskette in Malaysia had finally worn out. I asked my brother in law about it from time to time, and he was adamant that it was working. I thought he might be just saying that to make me feel better, and had quietly gone out to buy a USB / parallel adapter at the first opportunity.

About 18 months after we’d set up the Vectra as a Network Print Server, he came to visit us and brought his laptop with him. He’d obviously forgotten what I’d done to the previous one and said he wanted it upgraded. It wasn’t that anything wasn’t working, he’d met a girl he liked, and they’d spent a miserable afternoon IMing each other over lattes in Starbucks. She had a new laptop with Vista on it, and she’d said something sniffy about his XFCE desktop with the default window manager settings. I’m a GUI luddite myself, so I said I’d upgrade his laptop to Intrepid Ibex and he could try out some of the new GUI tweaks to see if it improved his love life. He’s very keen on the LED-style min/max/restore controls and transparent windows. He didn’t like the ‘floppy’ window effect, perhaps he thought it would send the wrong message while he’s still single.

My home network has a squid proxy cache on it, and me and my wife use Xubuntu on our desktops, so it only took a few minutes to update his. He was back the next day with the Vectra and the Canon printer, complaining that his laptop could no longer print. I’d broken his network config when I ‘upgraded’ his laptop, such that the ethernet port on his laptop wasn’t being assigned an Internet Address, so couldn’t communicate with the Network Printer Server. I didn’t know that at first, so added a monitor and keyboard to the Vectra – see the photo above. I’ve got to confess to being surprised to see it still working, solid as a rock.

My brother-in-law has an eye for a bargain, and won’t let anybody say a bad thing about the Vectra. It’s quite simply everything a computer should be: silently working without a fault, and hasn’t asked for a single ringgit in upkeep. OK, so it probably wouldn’t win him many admiring glances if he brought it into Starbucks with him, but there is always the chance a pretty girl will run up and say “I know this – this is a UNIX system!”, isn’t there?

If you’ve got some old kit lying about that you haven’t got round to throwing away because you think it has some utility left, but there doesn’t seem to be any way of extracting it, I heartily recommend comparing it to the requirements on Nichols Fong’s page. You might just find you had a perfect computer network propping up your desk all this time.

Posted in Breaktime, Broken, Fixed, Google, hardware | 4 Comments »

Sharing DiGi EDGE

It has only been 5 weeks or so since I cancelled TM’s Streamyx ADSL broadband service and started using DiGi’s cellular network, and I’m impressed. OK, ok, so TM could occasionally keep Streamyx working for 3 weeks at a time too. I promise I’ll report in 3 to 6 months’ time!

A quick performance update: DiGi gave us a very conservative ‘average’ download speed of 8KB/s. I’m currently upgrading the packages on our Slackware server from ftp.slackware-brasil.com.br (because Brazil is so close to Malaysia, obviously) and getting 25KB/s average for 4MB+ files. That must be fairly close to a maximum specification for download over EDGE, so I’m delighted. We had the 1Mbit/s Streamyx deal, which was 7 times faster for downloads from Brazil (and occasionally Taiwan), but was often almost or completely unusable for many other websites.

I finally got round to sorting out two things today: a local DNS proxy and shared access to DiGi Internet.

DNS Proxy

Our DiGi EDGE adapter is connected to a USB port on a server on our desk running Slackware. The server runs when any of us is working anyway, but is now also doing what the embedded system does inside a typical ADSL router – it is routing traffic from the LAN to which our PCs are connected, to the Internet via the DiGi EDGE adapter and PPP. In order to reduce the load on the DiGi connection from our PCs, I installed squid on the server and setup our browsers to access the web via the proxy cache.

Watching the squid logs, and using iptraf to check traffic over the ppp0 interface, I noticed that DNS queries were taking a long time – often several seconds for the round-trip. Slackware has a startup script called ‘/etc/rc.d/rc.dnsmasq’, so I had a quick read of the man page and changed its permissions so dnsmasq would be started whenever the server is running. dnsmasq is apparently a lightweight DNS forwarder, and it really does appear to do exactly what it says on the label – I’m impressed with it.

Perhaps I should have read the documentation more carefully, but on our server, the file /etc/resolv.conf now contains a line that says:
nameserver localhost
and the DiGi nameservers are in a file /etc/resolv.conf.digi, identified by the resolv-file option in dnsmasq’s configuration file. The PCs on our LAN all have the IP address of our (DiGi-connected) server in their resolv.conf as nameserver.

The effect of dnsmasq is most noticeable when browsing pages that have embedded resources from many different domains. From watching the dnsmasq debug output, it appears many Internet applications either don’t cache nameserver results or refresh them surprisingly often. When your ISP’s nameservers are as slow to respond as DiGi’s appear to be, that can result in a considerable slowdown in application performance.

Shared access to DiGi

The squid caching proxy is working just fine, but to get email, SSH and all those other applications working that require non-HTTP access, I configured the Slackware server to do IP forwarding with NAT (Network Address Translation). The IP forwarding part is easy – yet again, there’s a handy startup script:
/etc/rc.d/rc.ip_forward
which does very little! IP forwarding doesn’t work on its own – from my brief research, it causes network traffic from our LAN PCs to be copied to the Internet, but with their LAN IP address intact. You can see these packets going out, using iptraf, for example when pinging a website. The server can ping the website, and iptraf shows the ping is ‘from’ the ppp0 address to the website address. The ping from one of the LAN PCs is also sent out via ppp0, but iptraf shows the packet as coming from the PC’s LAN address.

The server must use ‘masquerading’ to solve this problem: it will appear to DiGi’s network that network requests are coming from the server with the EDGE adapter attached, rather than one of the LAN PCs. It took me an embarrassingly long time to find the appropriate settings to get masquerading working on our server, hence the blog article to preserve them for posterity. While checking my facts for this article, I notice that everything I needed to know is already recorded in:
/etc/rc.d/rc.modules-`uname -r`

Just in case you need this for reference, the rc.modules file suggests adding the following to rc.local:

# EXTERNAL -> external network interface
# INTERNAL -> internal network interface
EXTERNAL=eth0
INTERNAL=eth1
echo "Setting up NAT (Network Address Translation)..."
# by default, nothing is forwarded.
iptables -P FORWARD DROP
# Allow all connections OUT and only related ones IN
iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
# enable MASQUERADING
iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE

There are some useful notes in the rc.modules file about the effects of masquerading on different protocols, and a list of kernel modules iptables (the software that provides the masquerading facility) needs. Once the server is masquerading correctly, the LAN PCs should have their default gateway changed to the server’s LAN address. That’s it! A shared DiGi EDGE connection.

One final improvement to our setup was getting rid of the necessity to configure all our PCs to work with the squid proxy. Squid is running on the same server that is routing our LAN traffic to and from the Internet. It is possible to make squid a transparent proxy and intercept any requests from the LAN with the following changes:

In squid.conf, to configure squid to be a transparent proxy:

http_port $INTERNAL_IP:3128 transparent

And added to the iptables settings in /etc/rc.d/rc.local:

iptables -t nat -A PREROUTING -s INTERNAL_IP -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination INTERNAL_IP:3128

Once that is done, there’s no need for proxy settings on the local PCs. Any outgoing traffic to websites (as long as it’s to the default port 80) will be intercepted by the squid proxy. When we have visitors who use our home network, they too will be transparently using our squid proxy.

Posted in Broadband, Fixed | 1 Comment »

Goodbye Streamyx, hello DiGi EDGE

We popped into Port Dickson to buy a DiGi EDGE adapter in preparation for going all DiGi EDGE in a couple of weeks’ time. The local DiGi centre sold us a no-name USB EDGE adapter for RM399. That seems expensive to me, but I’m so fed up with Internet Access problems, I have even considered moving elsewhere in Malaysia to get more reliable access – MetroFon in KL, or its companion in Penang looked promising, but if I’m to move to solve telecomms problems, we may as well quit the country altogether.

EDGE is nominally five times slower than the 1Mbit/s Streamyx connection that we had, although we only ever enjoyed that transfer speed (180kB/s) from TM Net’s Speedometer and from the Xubuntu mirror in Brazil (WTF?), even the mirrors in Taiwan and Australia never maxed out our connection. On the other hand, loading pages from Google and BBC would frequently take two to three minutes over Streamyx, and we suffered frequent complete disconnections. Every time we were disconnected, we connected to the Internet using our old mobile phones via DiGi GPRS. And it always just worked, even if it was slow.

One of the things that really tipped us over the edge (!) in favour of DiGi was calling their support line to check the local access speed. The DiGi rep (I think his name was Azizi) told us the average speed we’d get from the local EDGE network, not its nominal bandwidth! The figure he gave us was an extremely conservative 8-9kB/s. I’ve been reliably getting 18-20kB/s from many sites since going to EDGE, so I’m delighted with the service. Getting an honest and informative response from a telecomms company is refreshing in the extreme, and DiGi (or maybe just Azizi!) is to be commended for their approach.

Back to the adapter. The DiGi centre staff told us it was locally made, but lsusb reports:

0471:1201 Philips Arima Bluetooth Device

So they obviously haven’t finished the product yet! There’s a bit more info from the -v switch:

iManufacturer           1 Wisue Technology
iProduct                2 EDGE Modem

And on plugging it into the Slackware box we use as our home server, it appears as /dev/ttyACM0 (a cable modem?). This all looked very promising, until we failed several times to connect to the EDGE network. We finally tracked down the problem to a ‘magic incantation’. We’re using pppd to establish a network connection, and had “ATD*99#” as our dialling string. Changing this to “ATD*99***1#” (don’t you hate magic incantations?) was all we needed to do to get reliable, fast-enough Internet access. The server is connected via the USB adapter to DiGi’s network, and runs the squid web cache. Our PCs all access the web via the server’s squid proxy, so we save some bandwidth on commonly-visited pages.

Of course, downloading Ubuntu packages is going to take a lot longer than it does over Streamyx (once you’ve found the magic country on the other side of the world that gives 100x faster downloads than local ones!). You can see the difference on some web pages – you can see large images gradually loading over a few seconds. But what our DiGi EDGE connection has yet to do is load half a webpage, and then nothing for a minute or two before loading the rest of the page, as commonly happened with Streamyx. Page for page, we’re getting much better response from DiGi’s ‘slower’ network than we did from Streamyx’s ‘faster’ one.

Posted in Broadband, Fixed | 10 Comments »

Ubuntu Intrepid Ibex

I broke the cardinal rule and updated to software that was only 1 day old. It seems I’ve been reasonably lucky and very little went wrong. I thought I’d better write some notes on what did go wrong just in case it happens to someone else and they lose a day trying to work out how to put them right.

ATI Big Desktop reversed

This would have been quite amusing if it had been the only problem. There isn’t much space on my workbench, so I put a 1280×1024 LCD panel behind and above my laptop’s 1280×800 panel, and extend my desktop up from the laptop. When the Ubuntu distribution upgrade had finished, the desktop was the wrong way round. I had to mouse up from the big panel to get to the bottom of the laptop panel. I tried editing xorg.conf and running aticonfig, and reverting to the pre-upgrade xorg.conf, but nothing seemed to fix the problem. In the end, I installed the ATI control panel with:

apt-get install fglrx-control

and that allowed me to set the correct desktop layout.

Distribution Upgrade didn’t use proxy

I’m not complaining about this one. We’ve just terminated our ADSL contract because it’s so unreliable, so we’ve only got ADSL until the notice period expires. If you’re a Streamyx user, I will soon no longer be sharing your pain.

On our home network we’ve got Streamyx ADSL on an ADSL router and a DiGi EDGE adapter on a server connected by ethernet to the same router. The server runs a squid web proxy to try to reduce the load on the nominally much slower EDGE adapter. We configure synaptic to use the web proxy for updates. It works a treat for updating Ubuntu on our PCs in the house, but the dist-upgrade didn’t seem to use the proxy settings in synaptic / update-manager at all. I’ll have to think of some other way of updating the other PCs in the house, I don’t want to repeat the 1GB+ download over EDGE!

File reporting .jar files (Java archive) as application/zip

Now this one really was annoying. I have a few Java projects that are bundled up as Java archives. I can just double-click on the .jar file in my file browser (ROX), and they would usually be launched with java -jar. After the 8.10 upgrade, the ‘file’ utility was reporting them as application/zip, so double-click was launching file-roller! I tried all sorts, even renaming all associated files and copying older versions from a PC at home running Hardy which reported the files’ type correctly. Nothing.

I’m embarrassed to say I don’t know which of the last two solutions I tried actually solved the problem. After trying to destroy any chached mime types by removing ~/.local and running the ‘update-mime’ utility, the problem went away. My Java archives are now correctly identified by file. If you have the same (or similar) problem, I’d appreciate a comment to say which one solved the problem for you.

General impressions of Intrepid Ibex

Apart from the problems above, things seem to be running very smoothly. I’m interested to see how Network Manager has changed – it has never really given me the impression of being ‘finished’ in the past. As I look at it now, I see it says my laptop is disconnected from any network. The wireless kill switch seems to be working as I’d expect: too bad I rarely move my laptop away from the wired network on my desk!

Posted in Broken, Fixed, software | No Comments »